locked
Windows Server 2016 not honoring WSUS GPO setting RRS feed

  • Question

  • Hello,

    We recently moved to a Windows 2016 WSUS server from 2012 R2 so we could effectively manage our 2016 deployments. Our Windows 2012 R2 and below clients are downloading and installing updates as in the past. However, our Windows 2016 clients are downloading the approved updates, but not installing them automatically. Our GPO specifies Option 5 - Allow local admin to choose setting. On the 2012 R2 and below servers, we specify the Automatic Maintenance window so we can stagger the restarts without using multiple OUs and GPOs. Since that option does not seem to be available in Windows Server 2016, we were assuming the updates would be installed automatically outside the specified active hours in the local update settings. However, the actual behavior is option 3 - (Default setting) Download the updates automatically and notify when they are ready to be installed. Has anyone experienced this and if so, found a workaround or possibly something we are missing?

    Thanks,

    Dale

    Saturday, May 13, 2017 9:58 AM

All replies

  • Hi Dale,
    Please check if only the updates are installed or if the computers are also rebooted.
    Based on my research, it seems that other people suffered the similar behavior.
    If it is just the reboot which is making trouble to clients, you could make the updates actually being installed and control the reboot, in order to do that, you can disable the "Reboot" task in the "UpdateOrchestrator" folder in scheduled tasks. So Windows doesn't "helpfully" re-enable it, go to C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator and remove all read/write permissions for the task.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Proposed as answer by Wendy Jiang Friday, May 19, 2017 10:58 AM
    Monday, May 15, 2017 8:10 AM
  • Hi Dale,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 19, 2017 10:58 AM
  • Hi Wendy,

    Thanks for the information. Just to bring you up to date, we now have a mix of 2016 servers where some have downloaded the updates and prompting for a reboot and some that are prompting to download the updates.  All our Windows 2012 R2 servers download the updates and reboot according to their respective local setting. Thank you for pointing me toward the UpdateOrchestrator. However, that appears to be run under the SYSTEM user account and not editable. I  will dig some more and report back with any findings.

    Thanks again,

    Dale 

    Thursday, May 25, 2017 6:50 PM
  • Hi Dale,
    Ok, appreciate for your any feedback and update, and if you have any questions later, please feel free to contact us.
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 29, 2017 2:24 AM