Results 1 to 10 of 10

Thread: WSUS problems.

  1. #1

    Unhappy WSUS problems.

    I have very little time to implement WSUS in our environment. (This may affect my job)

    32 servers (all business and service critical) + around 5000 computers (geographically separated but in same domain [forest & tree] on different VLANS though).

    There are 5 GP currently active. I didn't create any of them, nor do I have the time to go over them right now. I am highly skeptical of having 5 GP's, however there is a "domain administrator" so that’s his problem - i've enabled options that i require in the default GP for all machines. I've enforced the options to do download and install without user intervention (or consent) but this isn’t doing me any good. It’s been 2 days and yet very few machines have even reported 100 % status. All machines are accounted for in the WSUS but NO STATUS UPDATES. WSUS has downloaded what updates I’ve approved. I have 0 updates pending (I’ve approved and declined as per requirement and I’ve gone over this multiple times not to skip any update or cause a superseding update conflict). STILL NO GOOD! Machines just aren't updating status or taking updates.

    I know the information I’ve provided isn’t enough hence kindly ask for whatever information that you require to help me in this problem.

    I'm am sort of desperate since like I said "this will affect my job" (especially since April 1st is like dooms day to me boss - even after I told him what could happen at the most!).

    I'm going over the microsoft guide as i write this (on a sunday). If there is any suggestion please let me know. Just worried.
    Last edited by ByTeWrangler; March 29th, 2009 at 08:48 AM.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Here is an update. Going over few of the diagnostic's steps I've found that

    http://wsusservername
    http://wsusservername:80
    https://wsusservername
    http://wsusservernam/selfupdate/
    http://wsusservernam/selfupdate/wuident.cab

    ALL GIVE A 404 NOT FOUND error ..

    I'm still going over the entire diagnostic's.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #3
    Can we get this to the home page.. maybe ill get a response ..
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #4
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Have you tried using the MS WSUS diag tools (server & client)?

    http://technet.microsoft.com/en-us/wsus/bb466192.aspx
    In God We Trust....Everything else we backup.

  5. #5
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    post the windowsupdate.log here

    check the permissions on the root virtual directory
    In God We Trust....Everything else we backup.

  6. #6
    Hope this helps.. It was around 1.6 MB log.. I've stripped it to recent 100 pages.. Its still a lot more then needed.. but i've uploaded just in case..

    Thanks !
    Attached Files Attached Files
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  7. #7
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Looks like a permission issue. Some things to check:

    1. Check the permissions for URLScanTool to allow *.exe requests, and then restarts Internet Information Services (IIS) or restart the SUS server.
    Details here... http://support.microsoft.com/default...&Product=iis50

    Add the following setting in the urlscan.ini:
[Allow Extensions]
.exe
And remove ".exe" it from...
[Deny Extensions]
--
[Allow Verbs]
GET
HEAD
POST
OPTIONS

    2. Make sure the Default Website permission are set to ANONYMOUS ACCESS.

    3. Make sure the file systems that contain the SUS content/files are read/executable by the local user that is used for anonymous access (e.g. IUSR, IWAM)

    4. SUS uses the WinHttpSettings. There is a command line tool (proxycfg.exe) to set it properly.
    Details here http://msdn.microsoft.com/en-us/libr...69(VS.85).aspx

    5. Automatic Updates uses Background Intelligent Service (BITS), to download the patches. There's a BITS admin tool on the winxp cd. Bitsadmin /list /allusers /verbose
    details here http://msdn.microsoft.com/en-us/library/aa362812.aspx

    6. Make sure your DNS server has host entries for your SUS server or better yet, use the IP address in the configuration.

    7. Make sure the client time is sync'd with server time.


    8. Also, check "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" and
    DELETE "ODFFileURL REG_SZ http://v4.windowsupdate.microsoft.com/odf/wuodf.xml" registry value. Reboot.

    If that doesnt resolve it, you might also look in the event viewer of a client to see more errors. There is also a client diag tool (link in my prev post) that will provide more details/insight.
    Last edited by Cheap Scotch Ron; March 30th, 2009 at 12:50 AM. Reason: fixed urls
    In God We Trust....Everything else we backup.

  8. #8
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    BW, How did you make out?
    In God We Trust....Everything else we backup.

  9. #9
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Quote Originally Posted by ByTeWrangler View Post
    Can we get this to the home page.. maybe ill get a response ..
    Sorry it took this long to move it Bytewrangler..

    General Computer Discussions is shown on the front page so you should get a lil more activity now.

  10. #10
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    One other thing. If you're using SSL, you might want to check the server certificates.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Similar Threads

  1. Windows 2000 Tips
    By Nokia in forum Tips and Tricks
    Replies: 0
    Last Post: June 12th, 2004, 05:13 PM
  2. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  3. Classic Social Engineering Attacks
    By Striek in forum The Security Tutorials Forum
    Replies: 10
    Last Post: December 16th, 2003, 09:30 PM
  4. Solving Common Problems with Norton Antivirus 8 Corporate
    By CS4Life in forum The Security Tutorials Forum
    Replies: 2
    Last Post: June 26th, 2003, 12:02 PM
  5. Millennium Problems
    By tampabay420 in forum Cosmos
    Replies: 1
    Last Post: January 23rd, 2003, 08:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •