locked
How to download/install updates on a system that WSUS thinks is already patched? RRS feed

  • Question

  • I have a server that I built (2012 R2) and connected to my WSUS server.  It successfully patched and everything worked (from a WSUS perspective).  However, I ended up having to rebuild the server from scratch just a few days later (due to another issue).  I used the same name/ip address for the re-built system.  I deleted the computer out of WSUS and let it re-detect it, but it still thinks it's already patched (I'm assuming from the info. it stored in the database from the initial version of this server.)  I've tried deleting the keys in HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate to have it generate a new GUID to connect with, but that doesn't seem to work either.  Is there a simple way to get the WSUS server to "believe" that this system isn't patched and still needs all the patches that it previously installed to the "other" version of my server?
    Wednesday, June 24, 2015 12:04 PM

Answers

  • if you purged out the entry for that server from the wsus console and it came back on its own into the console, initiate a manual scan for updates from the server and shortly after WSUS should reflect the proper information

    now if all that of that doesn't work after 24h...you may need to purge it from the database which could be messy

    • Marked as answer by bct103 Wednesday, June 24, 2015 5:17 PM
    Wednesday, June 24, 2015 12:55 PM

All replies

  • if you purged out the entry for that server from the wsus console and it came back on its own into the console, initiate a manual scan for updates from the server and shortly after WSUS should reflect the proper information

    now if all that of that doesn't work after 24h...you may need to purge it from the database which could be messy

    • Marked as answer by bct103 Wednesday, June 24, 2015 5:17 PM
    Wednesday, June 24, 2015 12:55 PM
  • Thanks ... I don't know if I just hadn't waited long enough, or if forcing it to re-scan did the trick.  Either way, looks like it's pulling updates now.
    Wednesday, June 24, 2015 5:17 PM
  • yeah it should report in automatically at least every 24h by default, you can use GPOs to reduce that interval down to see more up to date or frequent reports if you really want to
    Wednesday, June 24, 2015 7:07 PM