locked
Some of my servers don't restart every months even if a GPO is configured to autorestart RRS feed

  • Question

  • Hi everybody,

    I came here because a lot of time i found an answer in your forum. Now it's my turn to ask a question and try to resolve my problem.

    Here is him :

    I have a WSUS server in my company and i have a GPO which allow an autorestart every week if there is an update. But the problem is that i have a list of servers (W2K8 R2 or W2K12 or W2K16) which aren't restart automatically.

    The GPO is configured like this :

    - Allow automatic Updates immeidate installation : Enabled
    - Allow non-administrators to receive update notifications : Disabled
    - Always automatically restart at the scheduled time : Enabled - 15 minutes
    - Configure Automatic Updates : 4 - Auto download and schedule the install (Every Wednesday at 5:00AM) - Installing during maintenance Disabled
    - Enable client-side targeting : Enabled
    - No auto-restart with logged on users for scheduled automatic updates installations : Disabled
    - Reschedule Automatic Updates scheduled installations : Disabled
    - Specify intranet Micorsoft update service location : my wsus server
    - Turn on recommended updates via Automatic Updates : Disabled

    If i look the registry of a server, i can see that every keys are correctly configured. The server detect the update, but doesn't install it at scheduled time and doesn't restart anyway.

    Now girls and guys, i need your help to find where the problem come.

    Thanks for helping me.

    Bye.

    Monday, January 28, 2019 12:31 PM

All replies

  • Hi MatBams,
     

    I analyzed the GPO details you provided, the following two options should be the key to determining whether an update is required after the installation is complete:
     

    • Configure Automatic Updates
    • No auto-restart with logged on users for scheduled automatic updates installations
       

    Make sure that the above content is not abnormal, you also need to check whether the policies are applied properly on the client in question.
     

    On a client that is not restarted, check the Group Policy results in the following ways: 
     

    1. Press Windows + R and enter CMD in the Run.
       
    2. Input the following command: gpresult /h result.html
      This will generate a report called result.html with the content of the group policy applied for this client.
       
    3. Please check the configuration of Windows Components/Windows Update in this report.
       

    The above results should be consistent with your configuration on the server.
    If the settings do not meet your expectations, then another strategy may have interference. Adjust the order of the policies as appropriate. So, make sure the server uses the same operating system and links the same GPO to have the same performance.
     

    And the server on the Windows Server 2012 system has an error, which means it will not follow the auto-restart settings.
    This article discusses it and provides a fix: https://support.microsoft.com/en-us/help/2885694/allow-configuration-of-automatic-updates-in-windows-8-and-windows-serv
     

    Reply back with the results would be happy to help.
     

    Regards,
    Yic Lv

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 29, 2019 10:20 AM
  • Hi Yic,

    Yesterday, i've programmed my GPO to Auto Download and schedule the install for this morning. 

    The result is that certains servers are restarted and other don't.

    On one of them, I followed your instructions and i can see in the report this :

    Windows Components/Windows Update

    -          Allow Automatic Updates immediate installation | Enabled | GPO OK

    -          Allow non-administrators to receive update notifications | Disabled | GPO OK

    -          Always automatically restart at the scheduled time | Enabled | GPO OK

    • The restart timer will give users this much time to save their work (minutes): 30

    -          Configure Automatic Updates | Enabled | GPO OK

    • Configure automatic updating: 4 - Auto download and schedule the install
    • The following settings are only required and applicable if 4 is selected.
    • Install during automatic maintenance  
    • Scheduled install day:   4 - Every Wednesday
    • Scheduled install time: 06:00
    • Install updates for other Microsoft products      Disabled

    -          Enable client-side targeting        Enabled               GPO OK

    • Target group name for this computer    SERVEURS-PROD

    -          No auto-restart with logged on users for scheduled automatic updates installations Disabled GPO OK

    -          Reschedule Automatic Updates scheduled installations Disabled              GPO OK

    -          Specify intranet Microsoft update service location           Enabled               GPO OK

    • Set the intranet update service for detecting updates:  http://MYWSUSSERVER
    • Set the intranet statistics server:             http://MYWSUSSERVER
    • Set the alternate download server:       
    • (example: http://IntranetUpd01)
    • Download files with no Url in the metadata if alternate download server is set.


    I just have an error on the computer policy which is : 7016 Completed TCPIP Extension Processing in 15 miliseconds.

    <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-GroupPolicy' Guid='{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}'/><EventID>7016</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>2</Opcode><Keywords>0x4000000000000000</Keywords><TimeCreated SystemTime='2019-01-30T12:38:59.135420600Z'/><EventRecordID>571767</EventRecordID><Correlation ActivityID='{904408B2-3540-4DE7-AF14-6C456E640826}'/><Execution ProcessID='356' ThreadID='4828'/><Channel>Microsoft-Windows-GroupPolicy/Operational</Channel><Computer>MYSERVER.DOMAIN</Computer><Security UserID='S-1-5-18'/></System><EventData><Data Name='CSEElaspedTimeInMilliSeconds'>15</Data><Data Name='ErrorCode'>1062</Data><Data Name='CSEExtensionName'>TCPIP</Data><Data Name='CSEExtensionId'>{CDEAFC3D-948D-49DD-AB12-E578BA4AF7AA}</Data></EventData></Event>

    Thanks.

    PS : And there is something else too if i reprogram the GPO for next day, the server in trouble can be restart as if nothing had happened the day before.
    • Edited by MatBams Wednesday, January 30, 2019 2:45 PM One sentence more
    Wednesday, January 30, 2019 2:21 PM
  • Hi MatBams,

     
    I have reviewed your reply. First of all, I recommend checking the key values of the following registry on a machine that does not restart properly:  
     

    • HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
      AUOptions should be 4
      ScheduledInstallTime should specify the installation time
      AlwaysAutoRebootAtScheduledTime set to 1
      AlwaysAutoRebootAtScheduledTimeMinutes should specify number of minutes to wait before rebooting.
       

    This official document details the configuration of the device reboot after the update, which can be used for reference:
    https://docs.microsoft.com/en-us/windows/deployment/update/waas-restart#registry-keys-used-to-manage-restart 
     

    If these values are not problematic, whether there are other tasks on these servers that need to be executed during the reboot period you choose, thus preventing the restart triggered by Windows update.
     

    In addition, WSUS provides administrators with a way to control when patches get installed and PCs get rebooted. You can use groups in WSUS to set different approvals and different deadlines for different groups of machines.
     

    Although this is different from the method you originally proposed, but it can also be referenced.
    https://blogs.technet.microsoft.com/wsus/2013/06/10/managing-updates-with-deadlines-in-an-era-of-automatic-maintenance/
     

    Reply back with the results would be happy to help.
     

    Regards,
    Yic Lv

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 31, 2019 8:47 AM
  • Hi Yic,

    Here is the registry of one server :

    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    Class Name:        <NO CLASS>
    Last Write Time:   1/22/2019 - 4:40 PM
    Value 0
      Name:            UseWUServer
      Type:            REG_DWORD
      Data:            0x1

    Value 1
      Name:            AutoInstallMinorUpdates
      Type:            REG_DWORD
      Data:            0x1

    Value 2
      Name:            RescheduleWaitTimeEnabled
      Type:            REG_DWORD
      Data:            0

    Value 3
      Name:            NoAutoRebootWithLoggedOnUsers
      Type:            REG_DWORD
      Data:            0

    Value 4
      Name:            AlwaysAutoRebootAtScheduledTime
      Type:            REG_DWORD
      Data:            0x1

    Value 5
      Name:            AlwaysAutoRebootAtScheduledTimeMinutes
      Type:            REG_DWORD
      Data:            0x15

    Value 6
      Name:            IncludeRecommendedUpdates
      Type:            REG_DWORD
      Data:            0

    Value 7
      Name:            NoAutoUpdate
      Type:            REG_DWORD
      Data:            0

    Value 8
      Name:            AUOptions
      Type:            REG_DWORD
      Data:            0x4

    Value 9
      Name:            ScheduledInstallDay
      Type:            REG_DWORD
      Data:            0x4

    Value 10
      Name:            ScheduledInstallTime
      Type:            REG_DWORD
      Data:            0x5

    Maybe, the "AlwaysAutoRebootAtScheduledTimeMinutes" key occasions a restart before updates installation ? W2K16 often takes longuer than 15 minutes to complete update installation.

    I look your links and this is already ok. I use groups in WSUS to restart a group of server before an another.

    Thank you so much for your help.

    MatBams

    Thursday, January 31, 2019 12:47 PM
  • Hi,

    Sames problems this month.

    Some servers restart automatically and others don't. I don't know why this is it.

    Thursday, February 21, 2019 10:49 AM