none
GPO not apply. RRS feed

  • Question


  • Hi,

    In the beginning we have all servers (AD and member) were windows 2008 r2. We have created WSUS group policy on Windows 2008r2 DC. We also have Windows 2008 r2 as WSUS server. After some time, we had added Windows 2012 in our server environment as additional DC and member servers. WSUS GPO applied to all Windows 2008 r2 and Windows 2012 server and windows update from WSUS server. Now we have added Windows 2016 servers as additional DC and member server. WSUS GPO are not applying on Windows 2016 servers. how to troubleshoot this. I want all Windows 2016 servers to update via WSUS server, Do I need to create different GPO for Windows 2016 servers? If yes, then How?

    I need immediate help as I need to finish this project within two days.

    Thanks.

    Saturday, April 20, 2019 10:44 PM

All replies

  • Hi,
      

    Thank you for posting here.
      

    As far as I know, WSUS 3.2 can only provide minimal support for Windows 10 / Server 2016. You need to upgrade WSUS 4.0 or newer to fully support Windows 10 / Server 2016. (Reference article: "Windows Server Update Services 3.0 SP2 Support")
      

    Technically, it can provide minimal Windows 10 update support (ie, sync And distribute security updates).
      

    Regards,
    Yic

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 22, 2019 2:53 AM
  • WSUS on Server 2008 runs by default on port 80/443

    WSUS on Server 2012+ runs by default on port 8530/8531.

    Make sure your GPOs are setup properly. Try to download the WSUS iuident CAB file from the client machine.

    http://server.domain.local:8530/selfupdate/iuident.cab
    https://server.domain.local:8531/selfupdate/iuident.cab

    and then try to browse to:

    http://server.domain.local:8530/ClientWebService/client.asmx
    https://server.domain.local:8531/ClientWebService/client.asmx

    If you can download it and browse to it, that's the port/url to use in your GPO. If you can't, check firewall settings and port settings.

    Another thing to make sure of is that the proper Products and Classifications are selected in WSUS.

    A great resource to look at would be my 8 part blog series on How to Setup, Manage, and Maintain WSUS.

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/

    Know that 2016/Windows 10 can ONLY work with WSUS on Server 2008 for security and cumulative updates. It cannot do feature upgrades - you would need a WSUS Server on Server 2012+ (and you have 2016, so you can migrate to that if you'd like). To migrate, https://www.ajtek.ca/wsus/how-to-migrate-or-upgrade-wsus/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Monday, April 29, 2019 2:05 AM