locked
Server 2008 R2 and WSUS RRS feed

  • Question

  • We have been using WSUS for several years now and have all the servers set to notify when new updates are available but let us decide when to download the updates and when to install them. This has worked very well for us. Now we are building our fist set of Windows 2008 R2 64 bit standard servers and we are having a problem. The server checks into the WSUS server and the icon in the system tray that alerts that new updates are available does show up for the updates that I have approved. However, when you double click on "new update available" icon instead of giving you the screen to download the updates it takes you to the Windows Update screen. I have verified that it is set to "Check for updates but let me choose whether to download and install them". I am using WSUS 3.0 SP2 and the servers are running 2008 R2 64 bit Standard edition.

    Thanks
    • Edited by Feklar Monday, November 16, 2009 9:14 PM more info
    Monday, November 16, 2009 8:34 PM

Answers

  • I figured it out. When I would go to the Windows Update screen there was nothing else there except the message that some of the settings were being controlled by the administrator. There was no option to see the list of patches or to start downloading them and the check for updates option was greyed out. The problem turned out to be a policy issue. We have the user policy to allow Automatic Updates turned off because we did not want users trying to update their PCs. When you log onto Server 2003 that policy doesn't cause any problems but it does for 2008. When I turned that policy setting off the check for updates button was no longer greyed out and it gave me the option to review patches and to download and install them. Thanks for your help.
    • Marked as answer by Feklar Wednesday, November 18, 2009 3:29 PM
    Wednesday, November 18, 2009 2:58 PM

All replies

  • The server checks into the WSUS server and the icon in the system tray that alerts that new updates are available does show up for the updates that I have approved. However, when you double click on "new update available" icon instead of giving you the screen to download the updates it takes you to the Windows Update screen. I have verified that it is set to "Check for updates but let me choose whether to download and install them". I am using WSUS 3.0 SP2 and the servers are running 2008 R2 64 bit Standard edition.
    I would be skeptical that the R2 server is actually configured to update from the *WSUS* server -- this behavior is indicative that the server is still using "Automatic Updates" and microsoft.com as it's update source.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Tuesday, November 17, 2009 3:32 AM
  • Hi,

    Could you please run "regedit" to open registry editor, go to

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate

    Make sure the data of WUServer and WUStatusServer is the url of your WSUS server with the port number
    Tuesday, November 17, 2009 9:52 AM
  • The server checks into the WSUS server and the icon in the system tray that alerts that new updates are available does show up for the updates that I have approved. However, when you double click on "new update available" icon instead of giving you the screen to download the updates it takes you to the Windows Update screen. I have verified that it is set to "Check for updates but let me choose whether to download and install them". I am using WSUS 3.0 SP2 and the servers are running 2008 R2 64 bit Standard edition.
    I would be skeptical that the R2 server is actually configured to update from the *WSUS* server -- this behavior is indicative that the server is still using "Automatic Updates" and microsoft.com as it's update source.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com

    Here is the windowsupdate.log file. As you can see it is not looking at Microsoft for the updates but our WSUS server using the standard 8530 port.

    40 590 AU #############
    2009-11-17 07:57:36:418  940 590 AU ## START ##  AU: Search for updates
    2009-11-17 07:57:36:418  940 590 AU #########
    2009-11-17 07:57:36:418  940 590 AU <<## SUBMITTED ## AU: Search for updates [CallId = {2120A886-9868-43EA-945A-7DAB4E40E55F}]
    2009-11-17 07:57:36:418  940 db4 Agent *************
    2009-11-17 07:57:36:418  940 db4 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2009-11-17 07:57:36:418  940 db4 Agent *********
    2009-11-17 07:57:36:418  940 db4 Agent   * Online = Yes; Ignore download priority = No
    2009-11-17 07:57:36:418  940 db4 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2009-11-17 07:57:36:418  940 db4 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2009-11-17 07:57:36:418  940 db4 Agent   * Search Scope = {Machine}
    2009-11-17 07:57:36:434  940 db4 Setup Checking for agent SelfUpdate
    2009-11-17 07:57:36:434  940 db4 Setup Client version: Core: 7.4.7600.226  Aux: 7.4.7600.226
    2009-11-17 07:57:36:434  940 db4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
    2009-11-17 07:57:36:434  940 db4 Misc  Microsoft signed: Yes
    2009-11-17 07:57:36:449  940 db4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
    2009-11-17 07:57:36:449  940 db4 Misc  Microsoft signed: Yes
    2009-11-17 07:57:36:449  940 db4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
    2009-11-17 07:57:36:465  940 db4 Misc  Microsoft signed: Yes
    2009-11-17 07:57:36:465  940 db4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
    2009-11-17 07:57:36:465  940 db4 Misc  Microsoft signed: Yes
    2009-11-17 07:57:36:512  940 db4 Setup Determining whether a new setup handler needs to be downloaded
    2009-11-17 07:57:36:512  940 db4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe:
    2009-11-17 07:57:36:512  940 db4 Misc  Microsoft signed: Yes
    2009-11-17 07:57:36:512  940 db4 Setup SelfUpdate handler update NOT required: Current version: 7.4.7600.226, required version: 7.4.7600.226
    2009-11-17 07:57:36:512  940 db4 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.4.7600.226"
    2009-11-17 07:57:36:949  940 db4 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.4.7600.226" is already installed.
    2009-11-17 07:57:36:949  940 db4 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.4.7600.226"
    2009-11-17 07:57:36:964  940 db4 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.4.7600.226" is already installed.
    2009-11-17 07:57:36:964  940 db4 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.4.7600.226"
    2009-11-17 07:57:36:995  940 db4 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.4.7600.226" is already installed.
    2009-11-17 07:57:36:995  940 db4 Setup SelfUpdate check completed.  SelfUpdate is NOT required.
    2009-11-17 07:57:37:198  940 db4 PT +++++++++++  PT: Synchronizing server updates  +++++++++++
    2009-11-17 07:57:37:198  940 db4 PT   + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://WSUS:8530/ClientWebService/client.asmx
    2009-11-17 07:57:37:713  940 db4 Agent   * Added update {095A4A18-C44B-458F-9526-EBFFFD9B6FE2}.102 to search result
    2009-11-17 07:57:37:713  940 db4 Agent   * Added update {EECD0508-2FE2-4298-8A2B-7A61E139EE24}.101 to search result
    2009-11-17 07:57:37:713  940 db4 Agent   * Added update {99DCE205-CE79-4832-B451-5C53B9884226}.101 to search result
    2009-11-17 07:57:37:713  940 db4 Agent   * Added update {DF1869DD-8D9B-4976-BFC9-DF691163EEC7}.101 to search result
    2009-11-17 07:57:37:713  940 db4 Agent   * Added update {CC766409-DEC9-4895-90E8-E9B108FE03D4}.105 to search result
    2009-11-17 07:57:37:713  940 db4 Agent   * Found 5 updates and 43 categories in search; evaluated appl. rules of 242 out of 289 deployed entities
    2009-11-17 07:57:37:729  940 db4 Agent *********
    2009-11-17 07:57:37:729  940 db4 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2009-11-17 07:57:37:729  940 db4 Agent *************
    2009-11-17 07:57:37:729  940 bc0 AU >>##  RESUMED  ## AU: Search for updates [CallId = {2120A886-9868-43EA-945A-7DAB4E40E55F}]
    2009-11-17 07:57:37:729  940 bc0 AU   # 5 updates detected
    2009-11-17 07:57:37:729  940 bc0 AU #########
    2009-11-17 07:57:37:729  940 bc0 AU ##  END  ##  AU: Search for updates [CallId = {2120A886-9868-43EA-945A-7DAB4E40E55F}]
    2009-11-17 07:57:37:729  940 bc0 AU #############
    2009-11-17 07:57:37:729  940 bc0 AU Successfully wrote event for AU health state:0
    2009-11-17 07:57:37:729  940 bc0 AU Featured notifications is disabled.
    2009-11-17 07:57:37:729  940 bc0 AU AU setting next detection timeout to 2009-11-17 13:56:54
    2009-11-17 07:57:37:729  940 bc0 AU Successfully wrote event for AU health state:0
    2009-11-17 07:57:37:729  940 bc0 AU Successfully wrote event for AU health state:0
    2009-11-17 07:57:37:729  940 db4 Report REPORT EVENT: {628AC993-C3D5-4A7E-BC81-F382C34DD916} 2009-11-17 07:57:37:729-0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 5 updates.
    2009-11-17 07:57:37:729  940 db4 Report REPORT EVENT: {1EDC4182-E52A-4168-8C1A-A92BE4AB19B6} 2009-11-17 07:57:37:729-0500 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
    2009-11-17 07:57:37:729  940 db4 Report CWERReporter finishing event handling. (00000000)
    2009-11-17 08:08:08:847  940 db4 PT WARNING: Cached cookie has expired or new PID is available
    2009-11-17 08:08:08:847  940 db4 PT Initializing simple targeting cookie, clientId = a0d1d37a-d7e5-4c64-bdf9-d08ad2dfe56d, target group = , DNS name = DOmain.123.456
    2009-11-17 08:08:08:847  940 db4 PT   Server URL = http://WSUS:8530/SimpleAuthWebService/SimpleAuth.asmx
    2009-11-17 08:08:11:515  940 db4 Report Uploading 2 events using cached cookie, reporting URL = http://WSUS:8530/ReportingWebService/ReportingWebService.asmx
    2009-11-17 08:08:11:515  940 db4 Report Reporter successfully uploaded 2 events.
    Tuesday, November 17, 2009 1:43 PM
  • Both the WUServer and WUStatusServer keys are set to HTTP://WSUS:8530. I have also seen other reporting this exact problem at http://www.wsus.info/ under the client support section.
    • Edited by Feklar Tuesday, November 17, 2009 2:12 PM other info
    Tuesday, November 17, 2009 1:44 PM
  • Both the WUServer and WUStatusServer keys are set to HTTP://WSUS:8530. I have also seen other reporting this exact problem at http://www.wsus.info/ under the client support section.

    Please email me screencaps or vidcaps of exactly what you are doing and what is being produced.

    My email address is in my MVP Profile (see link in sig).
    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Tuesday, November 17, 2009 4:27 PM
  • The only thing that is happening is when you double click on the "New Updates are available" icon in the system tray it opens up the Windows Update Screen. It is the same screen that you get if you were to open up Control Panel and then went to Windows Update and thats it.


    I also downloaded the WSUS Client Diagnostic tools, here are the results.
    WSUS Client Diagnostics Tool

    Checking Machine State
            Checking for admin rights to run tool . . . . . . . . . PASS
            Automatic Updates Service is running. . . . . . . . . . PASS
            Background Intelligent Transfer Service is running. . . PASS
            Wuaueng.dll version 7.4.7600.226. . . . . . . . . . . . PASS
                    This version is WSUS 2.0

    Checking AU Settings
            AU Option is 2 : Notify Prior to Download . . . . . . . PASS
                    Option is from Control Panel

    Checking Proxy Configuration
            Checking for winhttp local machine Proxy settings . . . PASS
                    Winhttp local machine access type
                            <Direct Connection>
                    Winhttp local machine Proxy. . . . . . . . . .  NONE
                    Winhttp local machine ProxyBypass. . . . . . .  NONE
            Checking User IE Proxy settings . . . . . . . . . . . . PASS
                    User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                    User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                    User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                    User IE AutoDetect
                    AutoDetect in use

    Checking Connection to WSUS/SUS Server
                    WUServer = http://WSUS:8530
                    WUStatusServer = http://WSUS:8530
            UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
            Connection to server. . . . . . . . . . . . . . . . . . PASS
            SelfUpdate folder is present. . . . . . . . . . . . . . PASS

    • Edited by Feklar Tuesday, November 17, 2009 6:59 PM More Info
    Tuesday, November 17, 2009 6:42 PM
  • The only thing that is happening is when you double click on the "New Updates are available" icon in the system tray it opens up the Windows Update Screen. It is the same screen that you get if you were to open up Control Panel and then went to Windows Update and thats it.
    Hmmmm.... <sigh>..... :)

    Have you ever updated a Vista, Windows 7, or Windows Server 2008 system before?

    The functionality of the User Interface was radically redesigned for Vista.

    I believe what you are describing is expected behavior.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Wednesday, November 18, 2009 12:24 AM
  • I figured it out. When I would go to the Windows Update screen there was nothing else there except the message that some of the settings were being controlled by the administrator. There was no option to see the list of patches or to start downloading them and the check for updates option was greyed out. The problem turned out to be a policy issue. We have the user policy to allow Automatic Updates turned off because we did not want users trying to update their PCs. When you log onto Server 2003 that policy doesn't cause any problems but it does for 2008. When I turned that policy setting off the check for updates button was no longer greyed out and it gave me the option to review patches and to download and install them. Thanks for your help.
    • Marked as answer by Feklar Wednesday, November 18, 2009 3:29 PM
    Wednesday, November 18, 2009 2:58 PM
  • I figured it out. When I would go to the Windows Update screen there was nothing else there except the message that some of the settings were being controlled by the administrator. There was no option to see the list of patches or to start downloading them and the check for updates option was greyed out. The problem turned out to be a policy issue. We have the user policy to allow Automatic Updates turned off because we did not want users trying to update their PCs. When you log onto Server 2003 that policy doesn't cause any problems but it does for 2008. When I turned that policy setting off the check for updates button was no longer greyed out and it gave me the option to review patches and to download and install them. Thanks for your help.

    Glad you found the cause of the issue.

    Note to other readers, somewhat at "Feklar's" expense.

    When describing problems, *exact* syntax and *exact* descriptions go a very long way to expediting the situation.

    Had "Feklar" stated in the original post the exact description of the problem, which was: 
         "The Check for Updates link is greyed out on a Window Server 2008 system"

    rather than the vague description of
    However, when you double click on "new update available" icon instead of giving you the screen to download the updates it takes you to the Windows Update screen.
    which implies that "Check for Updates" was actually successfully clicked -- how else would one get to the WU website?

    It's likely one or more of us would have immediately suggested the existence of this policy setting -- possibly as much as 24 hours earlier than it was figured out -- given that we've seen this exact issue at least a couple times a month for the past five years -- all the way back to Windows 2000 SP3 workstations in January, 2005.

    My learning point here is that this is a *written* forum, and there is no support for graphical images. The written description you give to a problem statement or a question means everything to those of us trying to understand your issue and help resolve it. We can only go on what you tell us, and how you tell us, and if the description is vague, or uses inexact terminology, we're likely to spend what little time we have to devote to the question pondering what you're trying to say, rather than actually answering the question with a known resolution to a known problem.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Thursday, November 19, 2009 12:50 AM