I have very little time to implement WSUS in our environment. (This may affect my job)
32 servers (all business and service critical) + around 5000 computers (geographically separated but in same domain [forest & tree] on different VLANS though).
There are 5 GP currently active. I didn't create any of them, nor do I have the time to go over them right now. I am highly skeptical of having 5 GP's, however there is a "domain administrator" so that’s his problem - i've enabled options that i require in the default GP for all machines. I've enforced the options to do download and install without user intervention (or consent) but this isn’t doing me any good. It’s been 2 days and yet very few machines have even reported 100 % status. All machines are accounted for in the WSUS but NO STATUS UPDATES. WSUS has downloaded what updates I’ve approved. I have 0 updates pending (I’ve approved and declined as per requirement and I’ve gone over this multiple times not to skip any update or cause a superseding update conflict). STILL NO GOOD! Machines just aren't updating status or taking updates.
I know the information I’ve provided isn’t enough hence kindly ask for whatever information that you require to help me in this problem.
I'm am sort of desperate since like I said "this will affect my job" (especially since April 1st is like dooms day to me boss - even after I told him what could happen at the most!).
I'm going over the microsoft guide as i write this (on a sunday). If there is any suggestion please let me know. Just worried.
Last edited by ByTeWrangler; March 29th, 2009 at 08:48 AM.
Hope this helps.. It was around 1.6 MB log.. I've stripped it to recent 100 pages.. Its still a lot more then needed.. but i've uploaded just in case..
Looks like a permission issue. Some things to check:
1. Check the permissions for URLScanTool to allow *.exe requests, and then restarts Internet Information Services (IIS) or restart the SUS server.
Details here... http://support.microsoft.com/default...&Product=iis50
Add the following setting in the urlscan.ini: [Allow Extensions] .exe And remove ".exe" it from... [Deny Extensions] -- [Allow Verbs] GET HEAD POST OPTIONS
2. Make sure the Default Website permission are set to ANONYMOUS ACCESS.
3. Make sure the file systems that contain the SUS content/files are read/executable by the local user that is used for anonymous access (e.g. IUSR, IWAM)
5. Automatic Updates uses Background Intelligent Service (BITS), to download the patches. There's a BITS admin tool on the winxp cd. Bitsadmin /list /allusers /verbose
details here http://msdn.microsoft.com/en-us/library/aa362812.aspx
6. Make sure your DNS server has host entries for your SUS server or better yet, use the IP address in the configuration.
7. Make sure the client time is sync'd with server time.
If that doesnt resolve it, you might also look in the event viewer of a client to see more errors. There is also a client diag tool (link in my prev post) that will provide more details/insight.
Last edited by Cheap Scotch Ron; March 30th, 2009 at 12:50 AM.
Reason: fixed urls