Clients not seeing all updates from WSUS

[McDave]

My Windows 7 clients are exhibiting strange behaviour. When connected to the WSUS server they detect and report fine but don't see any additions for drivers and some updates missing.

VM image of windows has been updated via wsus with everything that would apply, sysprep, captured and deployed. I checked regedit hkeylm>software>Microsoft>windows>currentversion>windowsupdate and after being imaged this folder is empty. Keys get generated after first connect to wsus.

So clients report to wsus fine, but no updates are found. If I connect the client to internet update servers they find drivers and a few other security updates. Rolling back the image and trying via wsus again no updates found. I confirmed that all updates are downloaded, approved for install and exist in wsus and that clients are in groups where all updates apply.

Does anyone know of any reason for this strange occurance.

[notta]

Do the machines show that they need the updates in the WSUS console? What does the WindowsUpdate.log show? If it is showing they need the updates and they're not being downloaded I would stop the AU service and delete the contents of the Software Distribution folder and then restart the service and force a detectnow.

[LawrenceGarvin]

Before deleting anything on the client side... there are additional diagnostics to perform.

@Notta is correct in his advice to determine whether there are updates shown as needed in the console, and to inspect the WindowsUpdate.log, to see if the WUAgent sees any updates as available, but errs in the premature recommendation to delete the SoftwareDistribution folder.

In the majority of cases, deleting the SoftwareDistribution folder will do absolutely nothing of value!

1. If there are updates reported as needed in the console but the client logfile says no updates are available, this is likely a valid and accurate indication. Until the WSUS server downloads the files for the approved updates, the updates are not available to the client for download/installation. Note: This presumes that the updates are approved for the correct group(s) and that the client is listed in the correct group(s); if the client cannot see the approvals, then the updates are not available either.

2. If the logfile shows updates detected, but the downloads are failing, this is almost always a server-side issue (usually missing files on the server), but we would need to know exactly why the downloads are failing in order to identify the correct remediation.

Drivers are notoriously problematic and should be treated as a completely separate issue. When all other issues are resolved, then we can intelligently evaluate issues with Drivers. In most cases, the failure of a driver to detect as needed is an accurate assessment. Not all drivers are available via WSUS, and quite often they're a revision or two behind what's already available from the vendor. Sometimes the installed hardware isn't actually the right HardwareID for the driver, even though the product has the same commercial marketing name.

[McDave]

*LawrenceGarvin replied while I did just mine apeared after. Shall go though your notes and respond again. :)

They do not show any updates required in the in WSUS management console. I checked the list of approved updates and ones present though internet are downloaded on WSUS.

Tried removing the said folder with no success. Windowsupdate log has no errors and as we speak just installed some other updates fine still no drivers.

[McDave]

Seems as the issue with not all updates being installed was because my colleague had not downloaded updates in the last week so that initially describes why the internet was displaying more critical updates.

Looked at the clients wsus report and it currently says no updates required. Looked at windows update log again the following messages were reported during the last check as well as the usual messages.

• Need to reset accelerated install required state.(next line says reset)
  
• AU (automatic update) not configured yet (checked settings and all boxes ticked)
  
• Found 0 cached features updates
  

[notta]

Well Lawrence is a god when it comes to WSUS. If he says jumping off a bridge will fix the issue then get to jumping :)

For clarity, when I said delete the Software Distribution folder I actually meant delete the contents of the Software Distribution\Download folder. This has helped me quite often dealing with troublesome updates.

[McDave]

Well since nothing seemed to work I abandoned getting driver updates from wsus and plan to rebuild the wsus server without drivers.

After experimenting with dpinst and considering there will only be about 10 types of client this seems like a simpler way. Also can then get drivers from venders too.

Thank you both for the help :)