Windows Update shenanigans (WSUS)

Shambler

Supreme [H]ardness
Joined
Aug 17, 2005
Messages
6,419
A handful of servers return 0 updates available after a scan.
These servers are in an OU/Sec Group targeted by WSUS policy. (When to download etc)

All 2008 R2. All but a few are working great. The problem machines haven't installed updates since May. No errors are reported in the Windows Update log.

I've done the following: Re-approved updates specific to that WSUS Group (based on OU/Sec group).
Double checked download/install settings. (Same as the other machines).
Restarted WindowsUpdate service. Waited an hour or so and checked the logs. No change.

Stopped Windows Update service, renamed SoftwareDistrib folder, restarted service. Waited an hour or so and checked the logs. No change.

My next step will be to move the machine or block that WSUS policy and point it to MS. See if it recognizes that it needs updates.

Any other ideas?
 
Also note: I've done the re-auth and detect now switches. No difference. :(
 
on the clients... gpupdate /force

Win7 doesn't like to listen to GPO all the time.
 
I ran into the same thing you did in my home lab and I had to apply a hotfix to correct it. Can't pull it out of my ass right now for you, but it is worth some research.
 
Can you just open up windows update and select the option to check for updates from Microsoft?

That is a lot easier than removing the GPO just to test.

The TCP/IP stack could also be messed up. If you reset it, you will have to reset any static IP settings you have though.
 
I would check the clients registry and make sure your WSUS server is actually set
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

Also you can delete the computer from WSUS and see if it generates a new object the first time you hit "check for updates".

Make sure your clients have the correct dns settings and can see your WSUS server (a good test is to use WSUS servers IP and just change the registry entry I mentioned).
 
If you've started to move around and rename WSUS folders, the server is hosed. It can be repaired but it's a complex process.

WSUS is so trivial to set up when I have issues I just rebuild the server. For some reason WSUS on 2008R2 seems to work better than 2012R2 /shrug

But make sure the clients are OK by checking for updates, then choosing the "Check online" option underneath the warning about updates managed by your administrator.
 
Back
Top