locked
Clients suddenly not indicating they require certain updates RRS feed

  • Question

  • Hi, I have a WSUS 3.0 server which has been working for years. We have a combination of clients from a couple Vista up to various builds of Windows 10. Until recently it was an upstream server, with a single downstream server communicating with it, but that connection has been removed fairly recently - that's the only change I can think of that may be relevant.

    I've only just noticed that a number of updates that I would expect would be required are sat with a Needed Count of 0.  This includes the 2017-10 and 2017-11 monthly updates.  However, other updates are reporting as required (Office 2016 for example).  A chunk of our clients are still on build 1511, so I just assumed the updates stopped with the support expiry and didn't look into it, but I've got a new WSUS 4 that i'm testing that does have build 1511 clients that are requesting the 2017-11 updates.

    Any ideas why my clients have suddenly decided to report as not needing updates that quite obviously are needed?

    Thursday, December 7, 2017 1:42 PM

All replies

  • Hello,

    As far as I know, administrators of WSUS 3.0 SP2 (including SBS 2011) and unpatched WSUS 4.0 will be able to deploy Windows 10 updates, but not feature upgrades. 


    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    • Edited by Yan Li_ Monday, December 11, 2017 9:50 AM
    Friday, December 8, 2017 2:28 AM
  • Hi Yan Li,

    Thanks for your reply.  I'm aware of the issue with Windows upgrades not working on WSUS 3 - this is why I've built the WSUS 4 and am currently testing it.

    However, my problem is not with upgrades, but is that the monthly Windows updates (that have already been working on WSUS 3) have suddenly stopped being recognised as needed by any build of Windows 10.  Other updates are being reported as needed though.  2017-09 was the last one to work.  2017-10 and 2017-11 are both reporting as unneeded by all clients.

    Friday, December 8, 2017 10:17 AM
  • It's very possible that there's a problem with the database and it needs maintenance. My script deals with all the required maintenance for WSUS and makes your life easy as you don't have to worry about doing any of it. As such, my script usually fixes non-reporting issues. As a bonus, it optimizes your database and makes WSUS much faster.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Saturday, December 9, 2017 5:03 AM
  • Hi Adam, 

    I didn't think it would be long before you posted!  I'm actually already running your script on our new server.  I just wanted a quick way to sort the old one, if there was an obvious quick fix, while i'm still testing the new one but i'll have a look at running it on the old one and see what happens.

    Thanks

    Monday, December 11, 2017 3:07 PM