38 posts in this topic

Posted

Hello,

I can't seem to be able to run Windows Update on a Windows 7 client that is joined to a Windows Server 2003 domain controller. Ive checked what I think limits Windows Update from being ran on clients but I think all settings are OK.

What should I check to make sure updates arent being blocked? BTW, this is AFAIK for all the Windows 7 clients Ive tested joined to this domain.

Share this post


Link to post
Share on other sites

Posted

I would look to what your group policy settings are - this article should be a good start

http://technet.microsoft.com/en-us/library/cc775792%28v=ws.10%29.aspx

Windows Update, Automatic Updates, and Internet Communication

Normally in a corp setup machines are prevented from directly accessing windows update and the company uses SUS to maintain the updates they want to to deploy to machines. This for one reduces wan bandwidth usage because you don't have 100 machines all downloading directly from internet all their updates. You only have the 1 SUS server grabbing the updates and all the corp machines then just update over the local lan.

This also allows for control of what updates have been deployed in the environment, not all updates are needed in corp setup. Control of what updates are presented, and when allow for testing by the company before deployment, etc. Just in case some update might cause issues with applications used in the network.. Big example of this might be update to IE, where some application used by the company only works with version X, and not newer version Y of IE, etc.

Do you manage the Group Policy? I would prob just run gpresult to validate what group policy is being applied to the machine http://technet.microsoft.com/en-us/library/cc733160.aspx

Share this post


Link to post
Share on other sites

Posted

Services? Error messages? Group policy? Sorry for being short but details.

Share this post


Link to post
Share on other sites

Posted

Hello,

I would look to what your group policy settings are - this article should be a good start

http://technet.microsoft.com/en-us/library/cc775792(v=ws.10).aspx

Windows Update, Automatic Updates, and Internet Communication

Im going to take a look at that and see if there something I missed maybe.

Normally in a corp setup machines are prevented from directly accessing windows update and the company uses SUS to maintain the updates they want to to deploy to machines. This for one reduces wan bandwidth usage because you don't have 100 machines all downloading directly from internet all their updates. You only have the 1 SUS server grabbing the updates and all the corp machines then just update over the local lan.

For starters I thought SUS (or WSUS) was built into to WS....I see you can download WSUS as a standalone which I will...

Also I thought that WS 2003 SBS might not have SUS but I read it has "patching system" similar to SUS. I do read that WSUS is compatible and will problably install it today.

This also allows for control of what updates have been deployed in the environment, not all updates are needed in corp setup. Control of what updates are presented, and when allow for testing by the company before deployment, etc. Just in case some update might cause issues with applications used in the network.. Big example of this might be update to IE, where some application used by the company only works with version X, and not newer version Y of IE, etc.

Understood. We dont use any webapps AFAIK but I will keep that in mind.

Do you manage the Group Policy? I would prob just run gpresult to validate what group policy is being applied to the machine http://technet.microsoft.com/en-us/library/cc733160.aspx

I dont have a full 100% grasp on managing it and I didnt initially manage it (but from what I see there are almost no rules in place on clients) 

 

Services? Error messages? Group policy? Sorry for being short but details.

Sorry about that. That was my fault. Ill give you a screenshot of what error code appears when I try to update a Windows 7 client.

Thank you to both.

Share this post


Link to post
Share on other sites

Posted

Hello,

The error I get is 8024400e . I think it might be related to the domain controller....

The problem I believe is that I cannot start the WSUS database in SQL Server. I cant seem to find a logical error in the log files (just says it cant start)

I think a TV is in order (if someone doesnt mind) but havent tried ever installing TV in a Server OS.

Could someone help me?

Share this post


Link to post
Share on other sites

Posted

You can either disable the group policy or there should be a link to look online for updates after it fails.

Share this post


Link to post
Share on other sites

Posted

Hello,

 

From what Ive seen, all group policies are set to "Not configured" I enabled some of them related to Windows Update but still cannot get any updates. gpupdate on both client and server so it should work....

 

I think this is beyond my scope of knowledge sadly to get this to work.

Share this post


Link to post
Share on other sites

Posted

Rsop.msc

Find out what policy is pushing that out and disable it.

Share this post


Link to post
Share on other sites

Posted

Hello,

Rsop.msc

Find out what policy is pushing that out and disable it.

So this (rsop.msc) shows what policies have been configured/changed from default and are being pushed out?

Share this post


Link to post
Share on other sites

Posted

Yes sir

Share this post


Link to post
Share on other sites

Posted

Hello,

One of the things I see affecting Windows Update is inside a group policy having to do with Small Business Server.

Cant find it though; That command only allows me to view it, not edit it.

Share this post


Link to post
Share on other sites

Posted

Hello,

I see that a "Common configuration for Small Business Server Update Services" is wrong....Problem is I cant find where that is at.

Found it and now testing....lets see if that was it.

Share this post


Link to post
Share on other sites

Posted

Hello,

Yup :) That was it. It was configured there instead of in general for some reason. I set it to notify to download and install....just in case.

Hope I dont forget about this.

Share this post


Link to post
Share on other sites

Posted

Hello,

I really cant mark a best answer from what was posted but thank you.

Share this post


Link to post
Share on other sites

Posted

Now that you know what policy is effecting you, go to the server and fix it.

On the server, administrative tools, group policy management console. Set the Windows update options to not configured. If it is broken for you it is broken for the whole site.

Share this post


Link to post
Share on other sites

Posted

Hello,

Now that you know what policy is effecting you, go to the server and fix it.

On the server, administrative tools, group policy management console. Set the Windows update options to not configured. If it is broken for you it is broken for the whole site.

Yup, edited it so now users are notified and they can choose if they want to download and install.

Share this post


Link to post
Share on other sites

Posted

So your running SBS, not what you stated which is just 2k3 -- there is a BIG difference ;)

Share this post


Link to post
Share on other sites

Posted

Hello,

Yup, edited it so now users are notified and they can choose if they want to download and install.

 

Glad you got it sorted. But if I was in your place, I would review the updates and just push the installation out to all machines instead of letting users decide whether they want it or not. Most machines will remain un-patched as a lot of people are either too lazy or just don't know/care.

Share this post


Link to post
Share on other sites

Posted

he said the sql portion was fubar. needs to fix that before he can use wsus.

Also I don't like using wsus unless I am on site often. some patches don't push out and eventually you end up with a machine that is 60% patched.

Share this post


Link to post
Share on other sites

Posted

Hello,

So your running SBS, not what you stated which is just 2k3 -- there is a BIG difference ;)

I thought there were only SMALL differences sorry :p

 

 

Glad you got it sorted. But if I was in your place, I would review the updates and just push the installation out to all machines instead of letting users decide whether they want it or not. Most machines will remain un-patched as a lot of people are either too lazy or just don't know/care.

(I read that post in a Christian Bale as Batman voice)

All machines here are Windows 7 except 2. One I have to see if there would be problems with a updated version of IE and the other I dont care about. Some thankfully I can force updates, like you said :)

I want to trial this a bit then like you mentioned, Ill problably force all machines to update always.

Share this post


Link to post
Share on other sites

Posted

Hello,

I guess you didn't read the post where he said the sql portion was fubar. needs to fix that before he can use wsus.

Yup; I see no way how to fix that without anyone TVing.

I control MySQL and SQL Server but the problem is that Im not sure what the exact issue is.

Here is a small log but like I said, I feel I cannot fix this myself:

2014-01-10 08:53:34 Success MWUSSetup Validating pre-requisites...

2014-01-10 08:53:34 Error MWUSSetup WSUS is outdated. But this will not block setup (Error 0x00000000: The operation has completed correctly.)

2014-01-10 08:53:34 Error MWUSSetup Failed to determine if an higher version of WSUS is installed. Assuming it is not... (Error 0x80070002: The system cannot find the especified file.)

2014-01-10 08:53:53 Error MWUSSetup CSqlConnection::Open: Failed to open SQL connection to instance DCSERVER\WSUS (Error 0x80004005: Unspecified error)

2014-01-10 08:53:53 Error MWUSSetup CUpgradeDriver::PerformPreSetupActions: Failed to open connection to SQL instance %computername%\WSUS (Error 0x80004005: Unspecified error)

2014-01-10 08:53:53 Error MWUSSetup CSetupDriver::LaunchSetup: Failed to perform pre-setup actions (Error 0x80004005: Unspecified error)

2014-01-10 08:53:53 Error MWUSSetup CProgressManager::EnableCancel: GetDlgItem returning error (Error 0x80070578: The window identifier is not valid)

2014-01-10 12:41:11 Error MWUSSetup DoInstall: Wsus setup failed (Error 0x80004005: Unspecified error)

It doesnt say much but I imagine it cant find the database file....

Share this post


Link to post
Share on other sites

Posted

So what exact version of SBS are you running 2k3r2? I have not touched SBS in years - but wasn't the wsus that came with it v2, and wasn't there some special way to get version 3 installed on SBS?

Take a look at this whitepaper http://download.microsoft.com/download/e/5/7/e578cebc-0533-4baa-bbef-f9e3f36e1976/wsus3_small_business_server_2003_networks.doc

Share this post


Link to post
Share on other sites

Posted

Hello,

So what exact version of SBS are you running 2k3r2? I have not touched SBS in years - but wasn't the wsus that came with it v2, and wasn't there some special way to get version 3 installed on SBS?

post-25747-0-47491800-1389361358.png

Should be R2...

Share this post


Link to post
Share on other sites

Posted

doesn't look like R2 ;)

Like I said its been a few years - but if you open up server management -- I do recall the top right use would say R2 on it if it was R2.

But if you have update services, then yeah that is R2 -- the original sbs 2003 did not have wsus at all.

Share this post


Link to post
Share on other sites

Posted

Hello,

doesn't look like R2 ;)

post-25747-0-79702500-1389362127.png

Either Ive missed something or now this POS is making fun of me :laugh:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.