WSUS Deployment & Configuration- Issues





After deployment of the WSUS server in the network, we used to face two problems:

1. The client PC/Server is not getting registered into WSUS.
2.Event after registration, update agent has not been installed, hence no update received from WSUS.

1.a. Check Group Policy properly. Note that the policy is applied to Computer OU. Run GPResult /R command from Command prompt Administrative mode. Remember to mention port number – 8530 (http://W2012-WSUS:8530, W2012-WSUS – Hostname of WSUS Server) when you configure GPO.
                                     Pix-01: GPO Settings for WSUS Clients

                                  Pix-02: Intranet Microsoft Update Service location

1.b. Run wuauclt.exe /detectnow - register the client directly into WSUS’s respective container.
After successful registration, clients would visible in the WSUS console. You can also check further from the client’s registry.
                             Pix-03: Client registration at WSUS



HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate
           Pix-04: Change in the registry after successful GPO deployment

       This is the end of WSUS client enrollment or registration.

Now Update Agent need to install on clients to get the update from WSUS server. Here a few problems may arise. One of the problems is Windows Server 2012 itself, having a bug - Windows 2012 not reported to WSUS. Probably it is fixed after WSUS 3.0 SP2(Windows 2008 R2). Keep your mouse on a yellow triangle sign, just before the name of WSUS clients, updates you on some important info – whether the client is reported to WSUS, i.e. Update Agent is installed on the client or not. If all OK, approve the updates & install from client end (as per the Windows Update setting configuration in GPO).

If NOT:

2.a. Check C:\Windows\SoftwareDistribution\ReportingEvents log (from WSUS client)– whether it is showing [AGENT_DETECTION_FAILED] error. Also, check the log from WSUS Server end – C:\Windows\Windowsupdate.txt.
                  I. One of the reasons behind this error is port number not mention in GPO. Correct it (http://W2012-WSUS:8530).
                II.Stop Windows Update Service (wuauserv) at the client.
              III.Rename the SoftwareDistribution folder.
              IV. Start Windows Update Service, it will create the SoftwareDistribution folder again.
    If update agent is installed successfully, check ReportingEvents log,it will show          [AGENT_DETECTION_FINISHED].
 Pix-05: Update Agent Log from WSUS Client

2.b. Otherwise you need to check further, why update agent is not installing at clients. Maybe reset update components at the client side. For ref. check the URL: https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components

   Successful WSUS installation & patch deployment shows as below:
   Pix-06: Successful WSUS Configuration & Patch Deployment

Note:
1.   Configure the WSUS with required “Products” & “Classifications”. Otherwise unnecessary updates will be downloaded & make the WSUS database size high. It cost both your hardware resource & server performance.
2.   After downloading the updates from the internet & creating the WSUS database, it takes time to notify that client for available updates. Base on server performance & internet bandwidth, time may vary from 20mins to 1 hr.
3.   Always check the “Download Status” at WSUS console after approving the updates, it shows the downloading updates status.
4.   Day by day WSUS database size increased, it slows down the server operation, so ensure its hardware configuration very high from the very beginning.
5.   Try to install KB2803748 & KB3095113 manually on Windows 2012 WSUS after deploying WSUS.

 TagWSUS, Windows Server 2012, Patch Deployment

Popular posts from this blog

Google Chrome Bookmark & Homepage through GPO

Image
Goals: We need to create a GPO for Google Chrome Bookmarks & home page/landing page. Under the bookmarks, few URLs would be there. It will be easy for users to access these url/site. Also by home page – most useful/frequently open site can be set, so that when user open Google chrome, the page will be displayed first. Gyan: All policy setting for Group Policy Management Console are not readily available. Sometime to manipulate group policy settings for higher version OS (i.e. Screensaver for Windows 10) or third party application (i.e. Google Chrome),we need to download group policy setting supported files – admx (policy settings) along with adml (language suppot). Both files are stored into central storage repository, known as “ Central Store ”. For higher Windows it is “ PolicyDefinitions” – automaticall created when a DC built under C:\Windows\ Process: Incorporate Chrome GPO templates:         1.       To manage Chrome settings through Group Policies, you
Read more

DNS Server IP Address change in Client Systems through Group Policy

Image
  Scenario: Recently our network team, restructure IP segments & it is recommended to change the IP address of our DNS server. It is an AD integrated DNS server & around 1000 desktops & laptops are in the network – all have static IP addresses. We need to change the DNS IP for all the systems. Procedure: We can change the DNS IP through Group Policy with the help of a simple *.bat file. We will apply the GPO in Startup as Computer base policy. But here tricky part is, we need run the batch file in "Run as Administrator" mode. Most of the Computer-based Startup GPO is not run in normal mode. The batch file as below, suppose it name DNSIP_Change.bat   :   Replace your DNS Server “ set dnsserver=X.X.X.X ” @echo off set dnsserver=10.10.10.31 set dnsserver2=10.10.10.30 for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (   if %%i EQU Enabled (   rem echo change "%%l" : %dnsserver%   netsh interface
Read more

File Server Migration: Windows Server 2008R2 to Windows Server 2019

Image
  Scenario:   We have a File Server on Windows Server 2008R2 . The File Server has several departmental shares & it is accessed by the department user only. But among them few have RW (Read & Write) permission, rest have only R (Read) permission. Also every dept. share have disk quota & every authorized user has their shared folder mapped as a network drive in their Windows Explorer. In my environment, I have implemented the procedure for 15 different departmental share folders accessing different departments consist of 10-30 users each dept & each shared folder volume is 100 GB to 500GB. Challenges: 1 .       Migrated Share Folders must have the same level of permission as on W2008 Server. 2.        Several Disk quota templates need to export to new W2019 to minimized the effort.   Users should be transparent to this migration & their access to the shared folder must be flowless – that meant users
Read more