locked
WSUS on Server 2016 - Client Last Status Report stops working after 1st report. RRS feed

  • Question

  • Is there an issue where client reporting to the WSUS server breaks upon first Sync from WSUS server to Microsoft/WindowsUpdate? We've reinstalled our server and got most nodes to check in once, but weeks later, those have not updated, and some clients have never been able to report status. As I've read similar articles for past flavors of OS, I'm really looking for someone who's experience this on Server 2016 specifically, and resolved (without reoccurrence). I've been following 2012 R2 guidance as closely as possible to reach this point.

    DETAIL
    I took over admin of an existing WSUS deployment, running on Windows Server 2016. Keeping this post brief, using client-side targeting, my original work as to get our DC's to report to this WSUS. Once GPO and network ACL work was in place, all DC's started checking in and appearing in WSUS console. You could also confirm communication by looking at the WindowsUpdate.log on each DC. However, after a week, every DC had a "Last Status Report" status of "Not Yet Reported". I then noticed that existing nodes had all stopped syncing (before I ever worked with this environment). I gave things a few days, and when things looked the same, I tried most client-side/server-side steps found in technet (and other blogs). Ultimately, we ended completely uninstalling WSUS (leaving the download repository in place), deleting the WID database, and re-installing WSUS. After reinstall, almost all of the machines checked in with a last status report date/time (GREAT! :)) - but a few of them again came up "Not Yet Reported". I decided to wait and see on the latter. A few days later, same state, so on one or two of these I cleared client-side registry, and used wuauclt to reset / initiate report. A few days later, same state. I've also noticed that the servers that checked in, only did so once, as their last reported date is the date of the server reinstall. The only act if you will that I can correlate to the machines that have not checked in at all, is that they did not show up in the console until the initial WSUS sync to MS update servers started (or afterwards). All those that checked in before this, at least worked once. All requirements for WSUS on client/server side seem to be in place. I've confirmed network access is open, and have use SolarWinds utility to confirm things look good. I'm out of ideas, and need help :)

    Tuesday, February 21, 2017 9:12 PM

All replies

  • Hi Octavio-Admin,

    I checked in my lab, WSUS clients of Server 2016 could report to WSUS server correctly:

    1. Please check if the WSUS clients are enabled automatic update, please check related registry keys in HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU.

    2. On the WSUS server, please check if server 2016 has installed the latest rollup, if not, please install it:

    https://support.microsoft.com/en-us/help/4000825/windows-10-and-windows-server-2016-update-history

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 22, 2017 5:34 AM
  • Hi,

    Just to check if the above reply could be of help? If yes, you may mark useful reply as answer, if not, welcome to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 1, 2017 2:25 AM