September 2005 - Posts
You might have noticed WMSDE SQL Service Manager shows Not Connected in system tray. Wondering why it shows as Not Connected??!!
This is because you are running WMSDE on WSUS where there is no default instance & so SQL Service Manager cannot see it. This is normal behaviour.
MORE INFORMATION
Why does my SQL Server Service Manager say the database is stopped?
http://wsusinfo.onsitechsolutions.com/articles/018.htm
SYMPTOMS
You see the following error on WSUSAdmin Page;
Check your server configuration
=====================
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running.
Non-running services: SelfUpdate
And, the following event is logged;
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Update Services Service
Event ID: 506
User: N/A
Description:
The SelfUpdate Tree is not working. Clients may not be able to update to the latest WUA client software and communicate with the Windows Server Update Services (WSUS) Server.
RESOLUTION
Check Windows Server Update Services (WSUS): SelfUpdate Tree is not working on http://msmvps.com/athif/articles/67954.aspx
SYMPTOMS
You notice, the Office Updates as approved on Windows Server Update Services (WSUS) Server when installed by Automatic Update Client forces the logged in user to accept the EULA, End User License Agreement every time they open an Office application
CAUSE
This behavior occurs if your user account does not have permissions to modify the Microsoft Windows Registry.
RESOLUTION
Right-click the HKEY_LOCAL_MACHINE\Software\Microsoft\Office\11.0 subkey or the HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0, and then click Permissions.
Click Users (Computer_name\Users), and then click to select the Allow check box for the Full Control permission
SCENARIO 1:
Computer group accidentally deleted from WSUSAdmin Console??
RESOLUTION
Don’t panic, this is at least not the DR situation!! All you have to do is to re-create the COMPUTER GROUP in WSUSAdmin console with the same name. Be patient, till WUA completes the next detection cycle & the computers will re-populate again in the newly created group using Client Side Targeting. If you are not using CST, then you have to manually move the computers from "Unassigned Computers" to the newly created group.
SCENARIO 2:
Computer/PC accidentally deleted from the respective Computer group in WSUSAdmin Console??
RESOLUTION
The same logic applies here. It will re-register at the time of next detection cycle.
MORE INFORMATION
WSUS Clients Showing Unknown in Reports Status of Computers
http://msmvps.com/blogs/athif/archive/2005/09/06/65554.aspx
Quick Automatic Update Client Detection & Installation with Windows Server Updates Services:
http://msmvps.com/athif/archive/2005/06/29/56200.aspx
WSUS: Script to Force the Update Detection from Automatic Update Client for updates on WSUS Server:
http://support.microsoft.com/kb/555453
There are several places to find this file;
- It's available on every XP SP2 machine in the WINDOWS\INF folder.
- Additionally, you can find this file on the Windows Server Update Services (WSUS) server itself. Browse to the the %ProgramFiles%\Update Services\Selfupdate\au\x86 folder and locate the wucltui.cab file under your language folder (en=English). Open the wucltui.cab cabinet file to find the updated wuau.adm file.
- You can also download All Group Policy ADM Files directly from http://www.microsoft.com/downloads/details.aspx?FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b&displaylang=en
Windows Server Update Services Updates are needed to ensure computers can be updated correctly. If Windows Server Update Services (WSUS) updates are not approved, some updates may not be correctly detected by computers. Currently, this includes Windows Installer 3.1 and Background Intelligent Transfer 2.0 (MSI 3.1 & BITS 2.0)
So, this means Windows Server Update Services Updates are needed to ensure computers can be updated correctly. These updates (MSI 3.1 & BITS 2.0) are mandatory critical updates and they will be automatically downloaded by Automatic Update Client.
MORE INFORMATION
WSUS Mandatory Updates:
http://msmvps.com/athif/articles/66501.aspx
This post applies to September 2005 Synchronization;
On WSUSAdmin page, in the To Do List, You might see "1 new product and 0 new classifications were added in the last 30 days."
What is the new product & how to find that?
Normally, you can see if a new product or classification is added by looking under options, synchronization options, products & classifications in the UI. But, in this case, the UI does not show-up. This is strange!
According to Windows Server Update Services (WSUS) Team, “This is because a revision to the Office product family was published on or around 9/1. I’m not sure why it was revised, or what the revision was and it is certainly a bug that revisions to Products/Categories would trigger the “new products” notification on the WSUS home page.”
WSUS does not download the updates during the synchronization with MU.
On WSUSAdmin Page, in the area of download you see the following:
Synchronization Status
Last synchronization: 9/10/2005 6:56 PM
Last synchronization result: Success
Next synchronization: 9/10/2005 8:23 PM
Current status: Idle
Synchronize now Stop synchronizing
Status of Downloads
Updates needing files: 404
Downloading 0.00 MB of 1,130.95 MB
This is explained in WSUS-Articles section;
Windows Server Update Services does not download the updates during Synchronization with MicrosoftUpdate, MU;
http://msmvps.com/athif/articles/66365.aspx
Windows Genuine Advantage Notification update is not syncing down to my WSUS server. Does WSUS support Windows Genuine Advantage Validation Tool (WGA)?
Windows Genuine Advantage Notification update is not supported/provided by WSUS. The validation tool (WGA) is not yet distributed through WSUS and it is only available from the MU site (windowsupdate).
- WGA tool is triggered by the interactive session with WU/MU using Internet Explorer and it is only required when obtaining updates via Windows Update/Microsoft Update or Microsoft Download Center.
- Also, according to KB http://support.microsoft.com/default.aspx?scid=kb;en-us;905474, Windows Genuine Advantage Notifications will be deployed by using Automatic Updates.
MORE INFORMATION
Description of the Windows Genuine Advantage Notifications application
http://support.microsoft.com/default.aspx?scid=kb;en-us;905474
Is it possible to revoke Updates once they are downloaded by the Automatic Update Client?
Actually, it’s not possible to revoke updates once they are downloaded by the Automatic Update Client.
But, you can actually delete those from the temporary location where they reside while waiting to install the patches!!
This is explained in my previous blog entry on;
Where does an Automatic Update Client store patches while waiting to install the patches??
http://msmvps.com/athif/archive/2005/09/06/65553.aspx
UPDATE:
Check this thread on http://www.wsus.info/forums/index.php?showtopic=6434&st=0&p=25921&#entry25921 for more details. Let me know if it works for you.
How often Security Updates are released?
This is often asked in the WSUS Community (WSUS News Groups / Forums) and it deserves a blog entry.
Microsoft releases Critical Security Updates once in a month in second week, TUESDAY. So, Second Tuesday of every month is THE PATCH DAY. Unless otherwise, if it is critical, Microsoft can release the patch in mid of the patching schedule.
Most of you might have noticed, AUstate values aren't available anymore in WSUS. AUstate was very helpful for WOL Admins.
If you are in WOL network, then you might want to check this script which can update the AUState automatically (which you can run at shutdown) so the existing WOL process will still work:
More Information
http://www.wsus.info/forums/index.php?showtopic=6205
http://www.wsus.info/forums/index.php?showtopic=6205&view=findpost&p=25211
How do I change the WSUS Server to the Replica Mode??
This is asked very frequently in WSUS Community. At this moment it is not possible to change the WSUS Server to Replica Mode. Whilst installation, there is an option to select WSUS for replica and that's it. There is no UI or an option to configure the same after installation. If you really need this feature add it to WSUS WSUS Wiki Wish List on http://www.wsuswiki.com/WishList
With Software Update Services, Automatic Update Client stores patches in 'C:\WUTEMP' (disk with large space) or 'C:\ProgramFiles\WindowsUpdate\wuaudnld.tmp' while waiting to install the patches.
With Windows Server Update Services (WSUS), Automatic Update Client stores patches in 'C:\Windows\SoftwareDistribution\Download' while waiting to install the patches.
Windows 2000 Service Pack 4 does not show up in WSUSAdmin to approve for installation. Why??
Actually, it is still there but, the default filter view on update page, will only display Critical and Security Updates in the filtered view where as Windows 2000 Service Pack 4 is classified as "Update Rollups".
Also, you have to included "Update Rollups" in Synchronization Options - Add / Remove Classifications and select Update Rollups and perform sync with MU. Search again on Updates page
Now, on Updates Page, Select the criteria you want to use to filter the view, select 'All updates' under "Products and classifications", 'All updates' under "Approval", and set the "Synchronized" filter to 'Any time'. In the "Contains text" field, type "Windows 2000 service pack 4".
You should now see "Windows 2000 Service Pack 4 Network Install for IT Professionals" and it is classified as "Update Rollups". Go ahead and approve it :-)
Sometimes, after you approved some updates you will notice many of the PC's are reporting status as UNKNOWN.
This is a known issue if you just approve an update and then check the reports. After approving update, if the clients did not perform a detection cycle, you see a status of UNKNOWN. Yes, TIME is the factor here.
You can force update detection from the client and you will see the status no more remains Unknown.
MORE INFORMATION
Quick Automatic Update Client Detection & Installation with Windows Server Updates Services:
http://msmvps.com/athif/archive/2005/06/29/56200.aspx
WSUS: Script to Force the Update Detection from Automatic Update Client for updates on WSUS Server:
http://support.microsoft.com/kb/555453
When the updates are installed, the logged in user is prompted to "Restart Now" or "Restart Later." But, some times, you may notice, the "Restart Later" button is grayed out and the prompt won't go away unless the logged in users clicks the "Restart Now" button.
The Fact:
Users with Local Administrative rights i.e member of Local Administrators Group get the "Restart Later" option. For Normal users, "Restart Later" button is grayed out. They either have to restart then, or ignore the dialog until they can restart.
Previously, with Software Update Services, the logged in user was popped with a countdown timer of 5 minutes to restart the machine.
The solution:
If you want to give non-local admin the privilege to "Restart Later" option, you have to enable "Allow non-administrators to receive update notifications" setting from Group Policy or Registry for that matter.
This policy specifies whether logged-on non-administrative users will receive update notifications based on the configuration settings for Automatic Updates. If Automatic Updates is configured, by policy or locally, to notify the user either before downloading or only before installation, these notifications will be offered to any non-administrator who logs onto the computer.
The Procedure:
Allow Non-administrators to Receive Update Notifications from Group Policy:
1. In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
2. In the details pane, click Allow non-administrators to receive update notifications, and set the option.
3. Click OK.
ElevateNonAdmins: Allow Non-administrators to Receive Update Notifications from registry:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
1 = Enabled.
0 = Disabled.
With ElevateNonAdmins set to 1;
You are allowed to select "Restart Later" even as an ordinary user
You are allowed to use the AU icon in the system tray to start installations before scheduled installation time
As well as unselect updates that is scheduled to be installed on the computer.
So, How do you configure Automatic Update Client for Windows Server Update Services (WSUS) in a workgroup environment. Check a sample registry script on ;
WSUS: Script to Manually Configure Automatic Update Client (WUA) for WSUS in a workgroup environment
http://msmvps.com/blogs/athif/archive/2005/09/14/Manually_Configure_WUA.aspx
Did it help?
More Posts
Next page »