Wsus not updating status report
Hello, The complete content of this article is only visible for registered users and it is free! Registration is free and done within 30 seconds and gives you instant access to all text, screenshots and Power Shell scripts (if any).While verifying Windows patches were up to date on a few Windows 7 clients, WSUS showed one PC needed some updates with approval: "install" but status: "not installed." Running Windows Update check on the PC was not showing any updates available from the WSUS.
Our domain is now reporting client status but on every client I get "Install the latest update to keep your system secure" message with a box to "check for updates".
I migrated our WSUS 3.0 SP2 to a new server over the weekend.
I updated the settings in the domain GPO to point to the new server, »v_srv30. I also migrated our help desk system to the same server. What I didn't realize was that WSUS still used port 80 for communications even with 8530 set up (at least according to what I've read) for reporting client status.
TECHNOLOGY SERVICES Security maintains a relatively extensive list of GPOs that you can use on your OUs in order to simplify the process of using the TECHNOLOGY SERVICES WSUS server.
To link one of these policies and install the products on the machines in an OU that you control: The current GPOs provided by CITES Security are (in both the UIUC and UOFI domains): DEPT_Use CITESWSUSServer_3AMUpdate_Security DEPT_Use CITESWSUSServer_9AMUpdate_Security DEPT_Use CITESWSUSServer_5PMUpdate_Security DEPT_Set WSUSGroup-Upgrades_Security DEPT_Set WSUSGroup-All Service Packs_Security DEPT_Set WSUSGroup-All Updates_Security DEPT_Set WSUSGroup-App Service Packs_Security DEPT_Set WSUSGroup-Baseline_Security DEPT_Set WSUSGroup-OSService Packs_Security Based on the data from the Weekly WSUS Approvals section of the CITES Security Brief between February of 2011 and February of 2012, here are some numbers about the frequency of reboots in each of these groups to help you decide which group is right for your machine: Weeks that had no updates at all: 12 Weeks with no updates requiring a reboot: 11 Now breaking it down by each of our client-side targeting groups (remember that All Service Packs is a superset of OS and Application Service Packs, and that All Updates includes that and a few more): Weeks where the OS Service Packs group had a reboot-eligible update: 9 Weeks where the Applications Service Packs group had a reboot-eligible update: 26 Weeks where the All Service Packs group had a reboot-eligible update: 28 Weeks where the All Updates group had a reboot-eligible update: 29 Based on these numbers, we can estimate that a machine in the OS Service Packs group will reboot due to the updates approximately once every 6 weeks, while members of the other groups will reboot about once every other week due to the updates (although again these numbers are high).I have recently set up two new servers on our domain, labelled CADCS001 and CADCS001.These servers are intended to be almost identical aside from the hostname and have been set up to be as similar as possible.We have Windows Server Update Services (WSUS) set up in our domain environment. We run into an issue every once in a where Windows Update will lose/forget the setting and go out get updates online overnight.