Can't Windows Update a Windows 7 client connected to a Windows Server 2003 domain


Recommended Posts

Hello,

I can't seem to be able to run Windows Update on a Windows 7 client that is joined to a Windows Server 2003 domain controller. Ive checked what I think limits Windows Update from being ran on clients but I think all settings are OK.

What should I check to make sure updates arent being blocked? BTW, this is AFAIK for all the Windows 7 clients Ive tested joined to this domain.

Link to comment
Share on other sites

I would look to what your group policy settings are - this article should be a good start

http://technet.microsoft.com/en-us/library/cc775792%28v=ws.10%29.aspx

Windows Update, Automatic Updates, and Internet Communication

Normally in a corp setup machines are prevented from directly accessing windows update and the company uses SUS to maintain the updates they want to to deploy to machines. This for one reduces wan bandwidth usage because you don't have 100 machines all downloading directly from internet all their updates. You only have the 1 SUS server grabbing the updates and all the corp machines then just update over the local lan.

This also allows for control of what updates have been deployed in the environment, not all updates are needed in corp setup. Control of what updates are presented, and when allow for testing by the company before deployment, etc. Just in case some update might cause issues with applications used in the network.. Big example of this might be update to IE, where some application used by the company only works with version X, and not newer version Y of IE, etc.

Do you manage the Group Policy? I would prob just run gpresult to validate what group policy is being applied to the machine http://technet.microsoft.com/en-us/library/cc733160.aspx

Link to comment
Share on other sites

Hello,

I would look to what your group policy settings are - this article should be a good start

http://technet.microsoft.com/en-us/library/cc775792(v=ws.10).aspx

Windows Update, Automatic Updates, and Internet Communication

Im going to take a look at that and see if there something I missed maybe.

Normally in a corp setup machines are prevented from directly accessing windows update and the company uses SUS to maintain the updates they want to to deploy to machines. This for one reduces wan bandwidth usage because you don't have 100 machines all downloading directly from internet all their updates. You only have the 1 SUS server grabbing the updates and all the corp machines then just update over the local lan.

For starters I thought SUS (or WSUS) was built into to WS....I see you can download WSUS as a standalone which I will...

Also I thought that WS 2003 SBS might not have SUS but I read it has "patching system" similar to SUS. I do read that WSUS is compatible and will problably install it today.

This also allows for control of what updates have been deployed in the environment, not all updates are needed in corp setup. Control of what updates are presented, and when allow for testing by the company before deployment, etc. Just in case some update might cause issues with applications used in the network.. Big example of this might be update to IE, where some application used by the company only works with version X, and not newer version Y of IE, etc.

Understood. We dont use any webapps AFAIK but I will keep that in mind.

Do you manage the Group Policy? I would prob just run gpresult to validate what group policy is being applied to the machine http://technet.microsoft.com/en-us/library/cc733160.aspx

I dont have a full 100% grasp on managing it and I didnt initially manage it (but from what I see there are almost no rules in place on clients) 

 

Services? Error messages? Group policy? Sorry for being short but details.

Sorry about that. That was my fault. Ill give you a screenshot of what error code appears when I try to update a Windows 7 client.

Thank you to both.

Link to comment
Share on other sites

Hello,

The error I get is 8024400e . I think it might be related to the domain controller....

The problem I believe is that I cannot start the WSUS database in SQL Server. I cant seem to find a logical error in the log files (just says it cant start)

I think a TV is in order (if someone doesnt mind) but havent tried ever installing TV in a Server OS.

Could someone help me?

Link to comment
Share on other sites

Hello,

 

From what Ive seen, all group policies are set to "Not configured" I enabled some of them related to Windows Update but still cannot get any updates. gpupdate on both client and server so it should work....

 

I think this is beyond my scope of knowledge sadly to get this to work.

Link to comment
Share on other sites

Hello,

Rsop.msc

Find out what policy is pushing that out and disable it.

So this (rsop.msc) shows what policies have been configured/changed from default and are being pushed out?
Link to comment
Share on other sites

Hello,

One of the things I see affecting Windows Update is inside a group policy having to do with Small Business Server.

Cant find it though; That command only allows me to view it, not edit it.

Link to comment
Share on other sites

Hello,

I see that a "Common configuration for Small Business Server Update Services" is wrong....Problem is I cant find where that is at.

Found it and now testing....lets see if that was it.

Link to comment
Share on other sites

Hello,

Yup :) That was it. It was configured there instead of in general for some reason. I set it to notify to download and install....just in case.

Hope I dont forget about this.

Link to comment
Share on other sites

Now that you know what policy is effecting you, go to the server and fix it.

On the server, administrative tools, group policy management console. Set the Windows update options to not configured. If it is broken for you it is broken for the whole site.

Link to comment
Share on other sites

Hello,

Now that you know what policy is effecting you, go to the server and fix it.

On the server, administrative tools, group policy management console. Set the Windows update options to not configured. If it is broken for you it is broken for the whole site.

Yup, edited it so now users are notified and they can choose if they want to download and install.
Link to comment
Share on other sites

Hello,

Yup, edited it so now users are notified and they can choose if they want to download and install.

 

Glad you got it sorted. But if I was in your place, I would review the updates and just push the installation out to all machines instead of letting users decide whether they want it or not. Most machines will remain un-patched as a lot of people are either too lazy or just don't know/care.

Link to comment
Share on other sites

he said the sql portion was fubar. needs to fix that before he can use wsus.

Also I don't like using wsus unless I am on site often. some patches don't push out and eventually you end up with a machine that is 60% patched.

Link to comment
Share on other sites

Hello,

So your running SBS, not what you stated which is just 2k3 -- there is a BIG difference ;)

I thought there were only SMALL differences sorry :p

 

 

Glad you got it sorted. But if I was in your place, I would review the updates and just push the installation out to all machines instead of letting users decide whether they want it or not. Most machines will remain un-patched as a lot of people are either too lazy or just don't know/care.

(I read that post in a Christian Bale as Batman voice)

All machines here are Windows 7 except 2. One I have to see if there would be problems with a updated version of IE and the other I dont care about. Some thankfully I can force updates, like you said :)

I want to trial this a bit then like you mentioned, Ill problably force all machines to update always.

Link to comment
Share on other sites

Hello,

I guess you didn't read the post where he said the sql portion was fubar. needs to fix that before he can use wsus.

Yup; I see no way how to fix that without anyone TVing.

I control MySQL and SQL Server but the problem is that Im not sure what the exact issue is.

Here is a small log but like I said, I feel I cannot fix this myself:

2014-01-10 08:53:34 Success MWUSSetup Validating pre-requisites...

2014-01-10 08:53:34 Error MWUSSetup WSUS is outdated. But this will not block setup (Error 0x00000000: The operation has completed correctly.)

2014-01-10 08:53:34 Error MWUSSetup Failed to determine if an higher version of WSUS is installed. Assuming it is not... (Error 0x80070002: The system cannot find the especified file.)

2014-01-10 08:53:53 Error MWUSSetup CSqlConnection::Open: Failed to open SQL connection to instance DCSERVER\WSUS (Error 0x80004005: Unspecified error)

2014-01-10 08:53:53 Error MWUSSetup CUpgradeDriver::PerformPreSetupActions: Failed to open connection to SQL instance %computername%\WSUS (Error 0x80004005: Unspecified error)

2014-01-10 08:53:53 Error MWUSSetup CSetupDriver::LaunchSetup: Failed to perform pre-setup actions (Error 0x80004005: Unspecified error)

2014-01-10 08:53:53 Error MWUSSetup CProgressManager::EnableCancel: GetDlgItem returning error (Error 0x80070578: The window identifier is not valid)

2014-01-10 12:41:11 Error MWUSSetup DoInstall: Wsus setup failed (Error 0x80004005: Unspecified error)

It doesnt say much but I imagine it cant find the database file....

Link to comment
Share on other sites

So what exact version of SBS are you running 2k3r2? I have not touched SBS in years - but wasn't the wsus that came with it v2, and wasn't there some special way to get version 3 installed on SBS?

Take a look at this whitepaper http://download.microsoft.com/download/e/5/7/e578cebc-0533-4baa-bbef-f9e3f36e1976/wsus3_small_business_server_2003_networks.doc

Link to comment
Share on other sites

Hello,

So what exact version of SBS are you running 2k3r2? I have not touched SBS in years - but wasn't the wsus that came with it v2, and wasn't there some special way to get version 3 installed on SBS?

post-25747-0-47491800-1389361358.png

Should be R2...

Link to comment
Share on other sites

doesn't look like R2 ;)

Like I said its been a few years - but if you open up server management -- I do recall the top right use would say R2 on it if it was R2.

But if you have update services, then yeah that is R2 -- the original sbs 2003 did not have wsus at all.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.