locked
updates show as approved and downloaded or not installed for several DAYS, why?? RRS feed

  • Question

  • Have a new Win2k12 WSUS server, and have added three Win2k8 R2 SP1 servers to the proper OU and WSUS computer group for testing.

    Servers appear properly, they 'know' what updates they need.

    For several days now, the approved updates show as 'downloaded' or 'not installed.'

    I just now ran wuauclt /resetauthorization /detectnow on the three servers...does this take effect immediately??

    Anything else I can do vis-a-vist getting the approved updates to install??

    Detection is set to the default 22 hours...so I will wait to at least now tomorrow afternoon.

    Also, some updates that appear in the 'manual' non-WSUS MS updates don't appear in WSUS updates, why??

    Thank you, Tom


    • Edited by tlyczko2 Tuesday, April 15, 2014 5:26 PM
    Tuesday, April 15, 2014 5:25 PM

Answers

  • Regarding the servers per se, I again reviewed the applicable GPO so I could answer your question.

    I saw to my horror that 'Configure Automatic Updates' was set to #3 - Auto download and notify for install.

    This must be the default or I mis-read it or something...

    I missed this earlier upon creating the GPO...apparently #3 is the default, I now realize that I can have my domain controllers' GPO at #3 so I can update those separately and manually in case of patching issues. Or continue to always update the domain controllers separately and manually.

    I changed this to #4 - Auto download and install.

    Schedule is 0 - Every day and Scheduled install time is 0300 hours.

    I'm giving it this weekend before proceeding further with your advice in case simply changing the setting fixes this initial issue. I'll try to remember to update this thread next Monday.

    Presently I auto-approve critical updates, security updates, updates, and update rollups. I plan to manually approve other updates.

    Thank you for your patient assistance, Tom

    • Proposed as answer by antwesor Friday, April 18, 2014 2:14 PM
    • Marked as answer by Daniel JiSun Tuesday, April 22, 2014 6:48 AM
    Friday, April 18, 2014 12:38 PM

All replies

  • I just now ran wuauclt /resetauthorization /detectnow on the three servers...does this take effect immediately??

    Yes, but only to the extent that there's any new work to be done. Based on the statements previous to this question it looks like all of the work is done.

    Anything else I can do vis-a-vist getting the approved updates to install??

    So... like... how did you configure these *SERVERS* to install the updates?

    Also, some updates that appear in the 'manual' non-WSUS MS updates don't appear in WSUS updates, why??

    I'm not understanding this question, can you clarify please?

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, April 15, 2014 8:45 PM
  • Hello,

    Thank you for replying...

    I think I had already run gpupdate /force on two of the servers, the other two I did it just now.

    The servers are all in the proper AD and WSUS groups too.

    Hopefully by tomorrow something will have happened.

    Regarding the 'manual' question, I discovered later there were more approvals to do.

    Thank you, Tom

    Tuesday, April 15, 2014 8:51 PM
  • 16-some hours later -- no change. :)

    If you tell me 'check the logs' please tell me which log on which server and what to look for -- WindowsUpdate.log is quite voluminous -- and if I should look for errors, what error numbers on which server.

    I can't figure out if this is a client issue or a WSUS issue or what -- this software is excessively cryptic and NON-user-friendly.

    Thank you, Tom

    Wednesday, April 16, 2014 1:00 PM
  • 16-some hours later -- no change. :)

    Okay.. let's pick up with the still unanswered fundamental question... How did you configure the systems to INSTALL the updates? Automatically? At what time? What day(s)? Or did you configure them to require an administrator to install them (an expected configuration option for a SERVER)?

    Aside from first answering those questions, which may tell us all we actually need to know...

    If the answer is "Scheduled"... then please do the following:

    1. Pick one system.
    2. Record the System Time.
    3. Reboot the system.
    4. Open a Command Prompt and run wuauclt /resetauthorization /detectnow.
    5. Wait 30 minutes.
    6. Post ALL of the entries from the C:\Windows\WindowsUpdate.log file into the body of a reply to this message, starting at the time recorded in Step #2.

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, April 17, 2014 8:49 PM
  • Regarding the servers per se, I again reviewed the applicable GPO so I could answer your question.

    I saw to my horror that 'Configure Automatic Updates' was set to #3 - Auto download and notify for install.

    This must be the default or I mis-read it or something...

    I missed this earlier upon creating the GPO...apparently #3 is the default, I now realize that I can have my domain controllers' GPO at #3 so I can update those separately and manually in case of patching issues. Or continue to always update the domain controllers separately and manually.

    I changed this to #4 - Auto download and install.

    Schedule is 0 - Every day and Scheduled install time is 0300 hours.

    I'm giving it this weekend before proceeding further with your advice in case simply changing the setting fixes this initial issue. I'll try to remember to update this thread next Monday.

    Presently I auto-approve critical updates, security updates, updates, and update rollups. I plan to manually approve other updates.

    Thank you for your patient assistance, Tom

    • Proposed as answer by antwesor Friday, April 18, 2014 2:14 PM
    • Marked as answer by Daniel JiSun Tuesday, April 22, 2014 6:48 AM
    Friday, April 18, 2014 12:38 PM
  • I saw to my horror that 'Configure Automatic Updates' was set to #3 - Auto download and notify for install.

    This must be the default or I mis-read it or something...

    It's not the default (the default is AUOption '4' with a 3am installation), and it was the most likely cause for the observed behavior.

    Glad you found it. :-)


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, April 18, 2014 6:25 PM
  • Hello,

    What is the current situation? Any update?

    Monday, April 21, 2014 3:42 AM