When you
consider the issues of WSUS there are multiple thing to refer. These two parts
are mainly the communication of WSUS server
and communication of client computers. Let
us consider the parts one by one.
Communication of WSUS server
1. When you have an issue with WSUS it is really necessary to make
sure that WSUS server is working correctly, then only the clients will get the
updates properly. In order to make sure that the WSUS is working correctly we
have the in built MS utility called as 'wsusutil'
which will help you to manage the server using command line. Since we need to
make sure that WSUS is working correctly we can check the health of WSUS and
make sure that it is working as expected.
a) Open command prompt and
redirect to the below directory using the command 'cd C:\Program Files\Update Services\Tools'
b) Now type the command 'wsusutil.exe checkhealth' and ENTER. It will
take few seconds to complete and once it is completed open the application
event viewer and make sure that it has generated 'Event id 10000, source: Windows server update' which indicates
that WSUS is working correctly. Search for any error messages in the Microsoft
Knowledge Base for more troubleshooting information or post a comment on this
article.
Note: You may fail to perform
check health by the error message update service is not running. In this case
open 'services.msc' from 'run' and make sure that the service 'update service' is running and startup type as
'automatic'. If you would like to more
details about using 'wsusutil' follow the
below link to get it.
2. If the initial step is success you can continue with remaining
steps. WSUS server and its details are specified through GPO hence it is really
necessary to make sure that there are no GPO errors reported in server. Review
the application and system logs to make sure that there are no Active directory
or GPO related errors. If you found anything resolve the same and continue with
the investigation.
3. Check whether the server can reach the WSUS client by pingWSUSClient
and make sure that the client is listed under 'Computers'
in WSUS server console.
If you are unable to ping the clients make sure that the firewall or
proxy servers does not prevent the communication. And make use of the 'telnet' command to trace the route.
Communication of client computers
When we consider the WSUS clients there are multiple thing , perform
the below steps to confirm the clients have got proper details of WSUS.
1. Make sure that there are no AD and GPO related errors in your
domain controllers and affected clients(Check through System and application
logs of event viewer). It is really necessary to do this since the clients are
pulling the WSUS server details through group policy and any errors related to
this may not allow those to get correct details.
2. Run a rsop and make sure that under Microsoft update service WSUS
settings are defined properly.
Open Run-> Type 'rsop.msc' and ENTER. It will generate the group
policy result which indicates the policies that are applied to this computer.
Expand Computer configurations->Administrative tools->Windows components and locate the policy 'specify intranet Microsoft update service location' is pointed to WSUS server.
That is the WSUS server will be specified as 'http://WSUSservername:8530 '. If the
settings are incorrect make the necessary changes in server GPO and make sure
that it receives in clients.
3. If the clients are receiving GPO correctly those details will be
listed in registry as well. Make sure the server details are present on the
registry as well.
Open run command and type 'reg query
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' which should
return the value with your server details and looks like this:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
WUServer REG_SZ http://WSUSServerName
WUStatusServer
REG_SZ http://WSUSServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
Note: You will have the above
output only if your clients are configured to get updates from WSUS server.
Else you can manually locate the registry directory and view the
information are correct.
Open registry editor and locate 'HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate'
and see the WSUS server details are correct.
4. Verify that clients can reach the WSUS server by performing the
below steps:
Open the web browser and type' http://<WSUSServerName>/iuident.cab'
if the results prompt you for downloading a file named as 'iuident.cab' you can safely cancel it and it
shows the client is able to communicate with WSUS server and there is no
connectivity issue. If the webpage fails to respond and does not ask for the
file to download it indicates that may be a communication issue, name resolution
or WSUS server is not configured properly. One of the useful link in this
situation is(self update issues)
5. Determine the last time that the clients has updated. This can be
done in two ways either through report of WSUS
administration console or from the
registry values present in clients. It is more convenient to use the
second option if you have the direct access to affected clients.
a) If you want to get the details using report viewer follow these
steps:
Open the Update Services console on the WSUS server. Click the
Reports icon and then click Computer Detailed Status. Browse the computers to
find the problematic computer and examine the updates that have been
successfully installed, as well as those that have not yet been installed.
b) To get the details directly from the client computer open the
registry editor and locate the directory,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results now each folders determine the status of WSUS updates
like 'Detect' shows the last time the
client detected on server and checked for updates. 'Download' will show the last date and time the updates installed
and 'Install' says the last date and time
that it has successfully installed the updates.
6. Download and install the
windows update troubleshooter which can fix most of the common issues.
7. When clients are not receiving the updates, determine whether its
because of a problem that is affected the entire functionalities of Windows
updates on clients or because of WSUS. So manually locate the 'Windows Updates' and click on 'Check for updates' to make sure that it is
reporting that there are updates to install. If it is listed as there are
updates pending to install do not initiate to install because by these steps we
are checking whether there is any cryptographic service provider errors or a
file Windows Update requires (named catalog store) is corrupted.
If there are error reported for this follow the below links to find
the solution for some of the error codes.
8. All the client windows updates action details are stored locally
named as 'WindowsUpdate.log'. Verify
these logs and check whether there is any issue reported in logs. Follow these
methods to get the latest logs.
The below link will help you to read the windows logs: http://support.microsoft.com/kb/902093
For server 2003\XP the - C:\winnt\WindowsUpdate.log
For 2008\Windows 7- C:\windows\WindowsUpdate.log
Else on Run command you can
simply type 'WindowsUpdate.log' to open it.
9. Allow the affected client to reestablish the connection once
again with WSUS . In order to achieve that, locate the affected client in the
'Computers' list of WSUS console and
delete it(Right click->Delete). Now on affected client open command prompt
and type 'wuauclt /detectnow' wait for 30
minutes and check the logs that is available in client. Check the windows
update logs from the time of doing these steps and see whether it reported any
errors.
Search for any error messages in the Microsoft Knowledge Base for
more troubleshooting information.
10. I have seen in may cases deleting and regenerating the SUS client ID on
affected clients will provide a solution for update errors.
On the affected client open command prompt and type the below
commands,
net stop wuauserv
REG DELETE
"HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v
SusClientId /f
REG DELETE
"HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v
SusClientIdValidation /f
net start wuauserv
The first and last command will stop and start the Windows update
service on this computer. The other two will delete the SUS client ID. Now wait
for another 15 minutes and observe the status.
11. There are many WSUS troubleshooting tools available through MS.
Please follow the below link to get those and check whether it help you to
resolve the issue.
Very helpful, thumbs up
ReplyDeleteServer Labs: Troubleshoot Wsus Clients And Server >>>>> Download Now
Delete>>>>> Download Full
Server Labs: Troubleshoot Wsus Clients And Server >>>>> Download LINK
>>>>> Download Now
Server Labs: Troubleshoot Wsus Clients And Server >>>>> Download Full
>>>>> Download LINK ve
Really myself to say something about it.You’re doing a great job.Keep it up
ReplyDeleteCall center software solutions in Nigeria
Inbound Outbound Call Center Solutions
IP-PBX Solutions
Thanks for sharing valuable blog.
ReplyDeleteServiceNow Training in Ameerpet
ServiceNow Training
Server Labs: Troubleshoot Wsus Clients And Server >>>>> Download Now
ReplyDelete>>>>> Download Full
Server Labs: Troubleshoot Wsus Clients And Server >>>>> Download LINK
>>>>> Download Now
Server Labs: Troubleshoot Wsus Clients And Server >>>>> Download Full
>>>>> Download LINK
This is a fantastic article that provides a fresh perspective on the industry. I also have something worth sharing about USA Dedicated Server
ReplyDelete