Configuring Server to update from Localhost

Please pardon my ignorance. I'm a Unix guy. I'm not a Windows hater, just a little frustrated.
I'm working with a disconnected network scenario. The export server has been synchronized and the WSUSContent and metadata have been transferred to the Import Server (Server 2012 Standard).
The question now is how do you get the Import Server to update from itself?
The WSUS Configuration in 2012 only has the option to point to another upstream server. Do I simply point it to itself? It can't be that easy.
Next question is, how do I get Server 2012 to initiate an update?

WSUS is the server-side aspect, WUAgent is the client-side aspect.
Your (disconnected) WSUS, and the WSUS configuration of it, relates only to it's role as a WSUS server.
The machine (as does every other Windows machine) also has WUAgent (the WU client component) which needs to be configured, and, can be configured to be served by itself.
Treat this aspect of the WSUS server, just as you would all of the other clients that will be served by this host.
i.e., on the WSUS server machine, configure the relevant WUServer registry settings (manually, or via admin template/GPO)
How does WS2012 initiate updating? It's the same as for every other Windows machine (either client or server OS editions):
configure the registry settings (you can use the GUI to set the updating behaviour, but there is no GUI method for setting the WSUS server name to be managed-by).
You can also use console commands such as: wuauclt /detectnow
You can check the resultant activity of WUAgent by examining c:\windows\windowsupdate.log
(example of windowsupdate.log from my Win8.1 pc, after initiating the detection)
2014-02-26 07:11:11:127 420 1508 AU Triggering AU detection through DetectNow API
2014-02-26 07:11:11:127 420 1508 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
2014-02-26 07:11:11:127 420 1508 AU Triggering Online detection (non-interactive)
2014-02-26 07:11:11:127 420 1948 AU #############
2014-02-26 07:11:11:127 420 1948 AU ## START ## AU: Search for updates
etc
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Similar Messages

Obtain drivers from MS-Server and updates from WSUS

Hi,
is there a possibility to obtain drivers from the MS Server and the "other" updates from the WSUS-Server?
We have workstations with Win7 and XP and pluged in devices (USB) should obtain the drivers (if available) automatically from MS-Server.
Obtaining drivers through WSUS is not an option.
The Group Policy "Computer Configuration\...\Windows Update" is set to obtain updates from "intranet Microsoft update service location".
Should there be no possibility to distinguish between driver and update obtaining locations,
then is it possible to set WSUS as primary obtaining location and as secondary the MS-Serve?
Greets,
Emmanuel

Like I mentioned before I tried to use this:
http://technet.microsoft.com/en-us/library/cc753091.aspx
1. Try:
Step1:
I uninstalled the device and deleted the driver of my testing device. (local)
Step2:
I have created a new GP on Server 2003R2x86 (AD/DC) and linked it in the OU where my test-PC is located.
.../ComputerConfiguration/Administrative Templates/System/InternetCommunicationManagement/Internet Communication Settings/TurnOffWindowsUpdateDeviceDriverSearching-->disabled
Step3:
I restarted the test PC with a logonscript: "gpupdate /force"
Result:
It didn't work.
2.Try:
Same procedure, but instead of creating the policy on the '03 Server, I created the policy with RSAT for W7.
Result:
It didn't work.
Now I have a new question:
Isn't the above mentioned policy for this?:
http://windows.microsoft.com/en-us/windows7/automatically-get-recommended-drivers-and-updates-for-your-hardware
I ask, because this is exactly the setting that has to be changed so that everything works the way I want.
(at least for the Win7 PCs. I don't care much about the XP-PCs because they will be replaced in the near future)
Well one option is to change this setting manually on every PC, but this would be a huge PITA.
Can this be done in a policy or with a script (registry?)?

WSUS SERVER TAKING UPDATES FROM DIFFERENT DOMAIN

Dear Concern
We have oberved from the logs that WSUS server is taking updates from the sites which is Non-Microsoft .
Few updates ar being feteched from the Akamai platform kindly confirm if the microsoft is providing updates from Akamai cloud.
This is security concern for us .
Regards

Hello,
The TechNet Sandbox forum is designed for users to try out the new forums functionality. Please be respectful of others, and do not expect replies to questions asked here.
As it's off-topic here, I am moving the question to the
Where is the forum for... forum.
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book:
Windows PowerShell 2.0 Bible
My E-mail: -join ('6F6C646B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

Exchange Server 2013 Update from to CU3 to CU8 stuck, Exchange completely down

Hello,
We tried to update a Exchange 2013 server to CU8 because we needed support from Microsoft (certificate revoked, so OWA not working anymore) and they could only help us after updating to CU8 first. The problem is that the update got stuck and now Exchange
is not working at all anymore. Since it is a production enviroment and there is mail in all outboxes we do not want to turn back to a snapshot but solve the problem and continue the update. Any help is welcome because all mail is down now :-(
The error we received at the Exchange Server is:
C:\Users\administrator.DOMAINNAME\Downloads\Exchange-cu8>setup.exe /m:upgrade /In
stallWindowsComponents /IAcceptExchangeServerLicenseTerms
Welcome to Microsoft Exchange Server 2013 Cumulative Update 8 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for
installation.
Languages
Mailbox role: Transport service
Client Access role: Front End Transport service
Mailbox role: Client Access service
Mailbox role: Unified Messaging service
Mailbox role: Mailbox service
Management tools
Client Access role: Client Access Front End service
Performing Microsoft Exchange Server Prerequisite Check
Configuring Prerequisites COMPLETED
Prerequisite Analysis COMPLETED
Configuring Microsoft Exchange Server
Preparing Setup
COMPLETED
Stopping Services COMPLETED
Language Files COMPLETED
Removing Exchange Files COMPLETED
Preparing Files
COMPLETED
Copying Exchange Files COMPLETED
Language Files COMPLETED
Restoring Services COMPLETED
Language Configuration COMPLETED
Mailbox role: Transport service FAILED
The following error was generated when "$error.Clear();
$connectors = Get-ReceiveConnector -Server $RoleFqdnOrName;
foreach($connector in $connectors) { if($connector.MaxLocalHopCount -g
t 1) { Set-ReceiveConnector -Identity $connector.Identity -MaxLocalHopCount 5 }
" was run: "Microsoft.Exchange.Management.SystemConfigurationTasks.Recei
veConnectorRoleConflictException: The values that you specified for the Bindings
and RemoteIPRanges parameters conflict with the settings on Receive connector "
SERVER-EXCHANGE\Externe POP3 mailboxen". Receive connectors assigned to differen
t Transport roles on a single server must listen on unique local IP address & po
rt bindings.
bij Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exceptio
n, ErrorCategory errorCategory, Object target, String helpUrl)
bij Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exceptio
n, ErrorCategory category, Object target)
bij Microsoft.Exchange.Management.SystemConfigurationTasks.SetReceiveConnecto
r.InternalValidate()
bij Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
bij Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String fu
ncName, Action func, Boolean terminatePipelineIfFailed)".
The following error was generated when "$error.Clear();
$connectors = Get-ReceiveConnector -Server $RoleFqdnOrName;
foreach($connector in $connectors) { if($connector.MaxLocalHopCount -g
t 1) { Set-ReceiveConnector -Identity $connector.Identity -MaxLocalHopCount 5 }
" was run: "Microsoft.Exchange.Management.SystemConfigurationTasks.Recei
veConnectorRoleConflictException: The values that you specified for the Bindings
and RemoteIPRanges parameters conflict with the settings on Receive connector "
SERVER-EXCHANGE\Default Frontend SERVER-EXCHANGE". Receive connectors assigned t
o different Transport roles on a single server must listen on unique local IP ad
dress & port bindings.
bij Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exceptio
n, ErrorCategory errorCategory, Object target, String helpUrl)
bij Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exceptio
n, ErrorCategory category, Object target)
bij Microsoft.Exchange.Management.SystemConfigurationTasks.SetReceiveConnecto
r.InternalValidate()
bij Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
bij Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String fu
ncName, Action func, Boolean terminatePipelineIfFailed)".
The Exchange Server setup operation didn't complete. More details can be found
in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Hello Gadget,
Please find the solution as follows
This error is concern about WMSVC certificate which was deleted, we could refer to the following steps:
1- Go to IIS Manager and select server certificate,
2- Select “Create Self-Signed Certificate”,
3- For Server 2012 in the Friendly Name Field type: WMSVC and select the personal (certificate Store),
4- Now go to ” Management Service”,
5- From SSL Certificate choose the newly create “WMSVC” Self-Signed Certificate,
6- Apply,
7- Now start service of “Web Management service”.
https://social.technet.microsoft.com/Forums/office/en-US/eac00dc2-6e43-45ae-939c-aad82a144908/cu8-install-fails?forum=exchangesvrgeneral
Exchange Queries

Server tries to download updates from MS instead of configured WSUS server

Hey all,
I got some strange behaviour of a server that I try to update with our WSUS server. Both the client and the WSUS server are Win2k12, not R2. A policy is applied on all servers in which the WSUS server is set. Actually, the update procedure and the policy
works on all servers but this one.
I am able to find and select updates for the target server on my WSUS server and the server is able to find the server. When I try "Install now" on the target server, nothing happens. According to the log the server is communicating with the WSUS
server, but is not downloading the updates from it, instead it tries to download them from MS itself what is not possible. I inserted my proxy user and then it worked so I nailed it down.
How can I reset all the configuration or where is the registry key that leads to the download source?
Thanks in advance and kind regards,
Azreth

The registry keys for the update source are controlled by the group policy, so configuring the policy and making sure it is applying correctly will automatically configure the appropriate registry keys. However, the keys specific to windows updates
are located here:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
WUServer
Reg_SZ
HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). This policy is paired with WUStatusServer, and both keys must be set to the same value to be
valid.
WUStatusServer
Reg_SZ
The HTTP(S) URL of the server to which reporting information is sent for client computers that use the WSUS server that is configured by the WUServer key. This policy is paired with WUServer,
and both keys must be set to the same value to be valid.
The full list of related keys can be found here: http://technet.microsoft.com/en-us/library/dd939844(v=ws.10).aspx

How do you configure a client to update from the server

I found the information on how to point clients to a software update server but the problem I have is the URL.
The example is http://su.example.com:8088/index.sucatalog
I don't have a URL as far as I know and if I did, is the default port 8088 or where can I change or check that?
And where is a list of the catalog file for the specific versions of OS X?
Basically I have 8 Macs all running Yosemite except for one running 10.8.5. Instead of all the machines hitting the internet for updates, I'd like just my server to down the updates and then all clients update from the server.
If there is better instructions on how to do this, please point the way.
TIA
Chris

John Lockwood wrote:
This does mean you need to buy a DNS load balancer to do this. The Mac itself cannot.
FWIW, OS X Server is capable of performing round-robin access with the inbound traffic using multiple IP addresses for a single host name. The addresses are each of the software update servers in your server pool.
This'll toss errors for some translations when one of the servers is down — you can tweak the definition if one of the servers is going to be offline for a while — but some of the updates will get through.
Set the DNS TTL fairly short — probably somewhere between a few minutes and an hour — to allow the DNS translations to be changed fairly quickly, if your software update servers are prone to outages.

Policy to allow ISA Server to recieve DAT updates from Mcafee

Hi All,
Everyday EPO server has to download the latest dat file from Mcafee website.
In the ISA server, We have a (allow) policy configured to FTP and HTTP protocls to the URL set which has Mcafee links which directed from source of that EPO server and destination as LocalHost(ISA). But still update is failing..
When we raise call with Mcafee they say that ISA is blocking it..
Can someone help here please
Regards, Mohan R Sr. Administrator - Server Support

HI,
have a look into the ISA Server realtime logging to see which protocols and/or URLs gets blocked from ISA Server until you try to download the latest dat files with EPO from the McAfee website. Here is a list of ports:
https://kc.mcafee.com/corporate/index?page=content&id=KB66797
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

DirectAccess Server 2012 Configuration cannot be retrieved from domain controller

Hi everyone,
We are using DirectAccess over Server 2012. There is just one server, no load balancing.
Everything works fine, all clients can connect successfully and operations status page shows all in green. Nevertheless on the dashboard page in the configuration status section it say “Configuration for server [servername] cannot be retrieved
from the domain controller.”
I found a few hints what could cause this problem:
In my case, the RAConfigTask, a scheduled task, was not enabled on the affected WS2012 server (DA entry point in a multisite deployment). After just enabling it, the errors has gone."
http://blog.gocloud-security.ch/2013/01/11/ws2012-directaccess-and-the-configuration-for-server-server-name-retrieved-from-the-domain-controller-cannot-be-applied-error/
Group Policy was filtering out my DA server from the GPO object for some reason. To fix, I opened up Group Policy Management on the domain controller and made sure that my DA server was a part of the group."http://www.joedissmeyer.com/2012/12/more-issues-and-solutions-for.html
Server has no connectivity to the domain in order to update the policies. Run “gpupdate /force” on the server to force policy update. GPO replication might be required in order to retrieve the updated configuration.
This could be because there is no writable domain controller in the Active Directory site of the Remote Access server. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/56fedb17-1274-4e1a-b2d0-fea809f0bc45
I checked everything. Task is enabled and completed successfully, GPO is not filtered out, run gpupdate without any errors, could connect to domain controller, no errors on domain controller, domain controller is writable.
So, I have no idea what could cause this error. Any ideas or hints?
Thanks
Regards
Sebastian

i have the exact same problem i figured out that there was a problem with the logon as a service
secpol.msc --> Local Policies --> User Rights Assignement, Logon as a service i have NT Service\All Services
i can acces the group policy via the cpnsole just fine i have not connectivity issues what so ever.
i decided to open a call with microsoft, their suggestion .... we dont know reinstall so i did and here we are same problem and no solution. it is getting frustrating...

CLIENT UNABLE TO UPDATE from WSUS SERVER

Dear all
we have a WSUS server installed on windows server 2012, the clients is no longer able to download updates, getting error WindowsUpdate_80072EE2" "WindowsUpdate_dt000"
here is the client log file
2014-02-17 18:20:13:346 1024 f98 Misc WARNING: Send failed with hr = 80072ee2.
2014-02-17 18:20:13:346 1024 f98 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)>
Bypass List used : <(null)> Auth Schemes used : <>
2014-02-17 18:20:13:346 1024 f98 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://rwf-1:8530/selfupdate/wuident.cab>.
error 0x80072ee2
2014-02-17 18:20:13:346 1024 f98 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed.
error 0x80072ee2
2014-02-17 18:20:13:346 1024 f98 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-02-17 18:20:13:346 1024 f98 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-02-17 18:20:13:358 1024 f98 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2014-02-17 18:20:13:363 1024 f98 Misc Microsoft signed: Yes
2014-02-17 18:20:13:365 1024 f98 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2014-02-17 18:20:13:371 1024 f98 Misc Microsoft signed: Yes
2014-02-17 18:20:13:379 1024 f98 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2014-02-17 18:20:13:385 1024 f98 Misc Microsoft signed: Yes
2014-02-17 18:20:13:400 1024 f98 Setup Determining whether a new setup handler needs to be downloaded
2014-02-17 18:20:13:400 1024 f98 Setup SelfUpdate handler is not found. It will be downloaded
2014-02-17 18:20:13:400 1024 f98 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256"
2014-02-17 18:20:13:403 1024 f98 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.256"
is already installed.
2014-02-17 18:20:13:403 1024 f98 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256"
2014-02-17 18:20:13:414 1024 f98 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256"
is already installed.
2014-02-17 18:20:13:414 1024 f98 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256"
2014-02-17 18:20:13:432 1024 f98 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.256"
is already installed.
2014-02-17 18:20:13:432 1024 f98 Setup SelfUpdate check completed. SelfUpdate is NOT required.
2014-02-17 18:20:13:723 1024 f98 PT +++++++++++ PT: Synchronizing
server updates +++++++++++
2014-02-17 18:20:13:723 1024 f98 PT  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL
= http://rwf-1:8530/ClientWebService/client.asmx
2014-02-17 18:20:13:858 1024 f98 PT WARNING: Cached cookie has expired or new PID is available
2014-02-17 18:20:13:858 1024 f98 PT Initializing simple targeting cookie, clientId = 5c40eee5-ae54-4cbd-8758-a694a59ade20,
target group = ROLMAN, DNS name = it.rolmanworld.com
2014-02-17 18:20:13:858 1024 f98 PT  Server URL = http://rwf-1:8530/SimpleAuthWebService/SimpleAuth.asmx
2014-02-17 18:21:14:006 1024 f98 Misc WARNING: Send failed with hr = 80072ee2.
2014-02-17 18:21:14:006 1024 f98 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)>
Bypass List used : <(null)> Auth Schemes used : <>
2014-02-17 18:21:14:006 1024 f98 PT  + Last proxy send request failed with hr = 0x80072EE2, HTTP status
code = 0
2014-02-17 18:21:14:006 1024 f98 PT  + Caller provided credentials = No
2014-02-17 18:21:14:006 1024 f98 PT  + Impersonate flags = 0
2014-02-17 18:21:14:006 1024 f98 PT  + Possible authorization schemes used =
2014-02-17 18:21:14:006 1024 f98 PT WARNING: GetCookie failure, error = 0x80072EE2, soap client error = 5, soap
error code = 0, HTTP status code = 200
2014-02-17 18:21:14:006 1024 f98 PT WARNING: PTError: 0x80072ee2
2014-02-17 18:21:14:006 1024 f98 PT WARNING: GetCookie_WithRecovery failed : 0x80072ee2
2014-02-17 18:21:14:006 1024 f98 PT WARNING: RefreshCookie failed: 0x80072ee2
2014-02-17 18:21:14:006 1024 f98 PT WARNING: RefreshPTState failed: 0x80072ee2
2014-02-17 18:21:14:006 1024 f98 PT WARNING: Sync of Updates: 0x80072ee2
2014-02-17 18:21:14:006 1024 f98 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
2014-02-17 18:21:14:006 1024 f98 Agent  * WARNING: Failed to synchronize, error = 0x80072EE2
2014-02-17 18:21:14:009 1024 f98 Agent  * WARNING: Exit code = 0x80072EE2
2014-02-17 18:21:14:009 1024 f98 Agent *********
2014-02-17 18:21:14:009 1024 f98 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-02-17 18:21:14:009 1024 f98 Agent *************
2014-02-17 18:21:14:009 1024 f98 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
2014-02-17 18:21:14:024 1024 d9c AU >>## RESUMED ## AU: Search for updates [CallId = {B6B4993C-E64D-41EE-BB3B-4C0259522B34}]
2014-02-17 18:21:14:024 1024 d9c AU  # WARNING: Search callback failed, result = 0x80072EE2
2014-02-17 18:21:14:024 1024 d9c AU  # WARNING: Failed to find updates with error code 80072EE2
2014-02-17 18:21:14:024 1024 d9c AU #########
2014-02-17 18:21:14:024 1024 d9c AU ## END ## AU: Search for updates [CallId = {B6B4993C-E64D-41EE-BB3B-4C0259522B34}]
2014-02-17 18:21:14:024 1024 d9c AU #############
2014-02-17 18:21:14:024 1024 d9c AU Successfully wrote event for AU health state:0
2014-02-17 18:21:14:024 1024 d9c AU AU setting next detection timeout to 2014-02-17 19:21:14
2014-02-17 18:21:14:024 1024 d9c AU Successfully wrote event for AU health state:0
2014-02-17 18:21:14:025 1024 d9c AU Successfully wrote event for AU health state:0
2014-02-17 18:21:19:010 1024 f98 Report REPORT EVENT: {37C49AAA-0782-441A-85BD-BC86F384B332}2014-02-17 18:21:14:009+0400 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2AutomaticUpdates Failure Software
Synchronization Windows Update Client failed to detect with error 0x80072ee2.
2014-02-17 18:21:19:060 1024 f98 Report CWERReporter::HandleEvents - WER report upload completed with status
0x8
2014-02-17 18:21:19:060 1024 f98 Report WER Report sent: 7.6.7600.256 0x80072ee2 00000000-0000-0000-0000-000000000000
Scan 101 Managed
2014-02-17 18:21:19:060 1024 f98 Report CWERReporter finishing event handling. (00000000)
I've tried all the ways, restarting the services, file permissions, and many other
PLEASE HELP
thank you

thank you for your reply,
I tried so many ways but couldn't solve it, then I removed the WSUS rule, and re-install it
then after installing the rule i'm getting error when configuring the WSUS ERROR : http://i.imgur.com/eqm9ViT.png
Post install is starting
Fatal Error: Failed to start and configure the WSUS service
and here is the log file
2014-02-20 08:37:47 Postinstall started
2014-02-20 08:37:47 Detected role services: Api, UI, WidDatabase, Services
2014-02-20 08:37:47 Start: LoadSettingsFromParameters
2014-02-20 08:37:47 Content local is: True
2014-02-20 08:37:47 Content directory is: E:\WSUS
2014-02-20 08:37:47 SQL instname is:
2014-02-20 08:37:47 End: LoadSettingsFromParameters
2014-02-20 08:37:47 Start: Run
2014-02-20 08:37:47 Configuring content directory...
2014-02-20 08:37:47 Configuring groups...
2014-02-20 08:37:48 Starting group configuration for WSUS Administrators...
2014-02-20 08:37:48 Found group in regsitry, attempting to use it...
2014-02-20 08:37:48 Searching for existing group...
2014-02-20 08:37:48 Existing group was found
2014-02-20 08:37:48 Writing group to registry...
2014-02-20 08:37:48 Finished group creation
2014-02-20 08:37:48 Starting group configuration for WSUS Reporters...
2014-02-20 08:37:48 Found group in regsitry, attempting to use it...
2014-02-20 08:37:48 Searching for existing group...
2014-02-20 08:37:48 Existing group was found
2014-02-20 08:37:48 Writing group to registry...
2014-02-20 08:37:48 Finished group creation
2014-02-20 08:37:48 Configuring permissions...
2014-02-20 08:37:48 Fetching content directory...
2014-02-20 08:37:48 Fetching ContentDir from registry store
2014-02-20 08:37:48 Value is E:\WSUS
2014-02-20 08:37:48 Fetching group SIDs...
2014-02-20 08:37:48 Fetching WsusAdministratorsSid from registry store
2014-02-20 08:37:48 Value is S-1-5-21-495251104-1553465597-2720485832-1634
2014-02-20 08:37:48 Fetching WsusReportersSid from registry store
2014-02-20 08:37:48 Value is S-1-5-21-495251104-1553465597-2720485832-1635
2014-02-20 08:37:48 Creating group principals...
2014-02-20 08:37:49 Granting directory permissions...
2014-02-20 08:37:49 Granting permissions on content directory...
2014-02-20 08:37:49 Granting registry permissions...
2014-02-20 08:37:49 Granting registry permissions...
2014-02-20 08:37:49 Granting registry permissions...
2014-02-20 08:37:49 Configuring shares...
2014-02-20 08:37:49 Configuring network shares...
2014-02-20 08:37:49 Fetching content directory...
2014-02-20 08:37:49 Fetching ContentDir from registry store
2014-02-20 08:37:49 Value is E:\WSUS
2014-02-20 08:37:49 Fetching WSUS admin SID...
2014-02-20 08:37:49 Fetching WsusAdministratorsSid from registry store
2014-02-20 08:37:49 Value is S-1-5-21-495251104-1553465597-2720485832-1634
2014-02-20 08:37:49 Content directory is local, creating content shares...
2014-02-20 08:37:49 Creating share "UpdateServicesPackages" with path "E:\WSUS\UpdateServicesPackages" and description "A network share to be used by client systems for collecting all software packages (usually applications) published on this WSUS system."
2014-02-20 08:37:49 Deleting existing share...
2014-02-20 08:37:49 Creating share...
2014-02-20 08:37:49 Share successfully created
2014-02-20 08:37:49 Creating share "WsusContent" with path "E:\WSUS\WsusContent" and description "A network share to be used by Local Publishing to place published content on this WSUS system."
2014-02-20 08:37:49 Deleting existing share...
2014-02-20 08:37:49 Creating share...
2014-02-20 08:37:49 Share successfully created
2014-02-20 08:37:49 Creating share "WSUSTemp" with path "C:\Program Files\Update Services\LogFiles\WSUSTemp" and description "A network share used by Local Publishing from a Remote WSUS Console Instance."
2014-02-20 08:37:49 Deleting existing share...
2014-02-20 08:37:50 Creating share...
2014-02-20 08:37:50 Share successfully created
2014-02-20 08:37:50 Finished creating content shares
2014-02-20 08:37:50 Configuring WID database...
2014-02-20 08:37:50 Configuring the database...
2014-02-20 08:37:50 Establishing DB connection...
2014-02-20 08:37:50 Checking to see if database exists...
2014-02-20 08:37:50 Database exists
2014-02-20 08:37:50 Switching database to single user mode...
2014-02-20 08:37:53 Loading install type query...
2014-02-20 08:37:53 DECLARE @currentScriptVersion int
DECLARE @currentDBVersion int
IF NOT EXISTS(SELECT * FROM sys.databases WHERE name='SUSDB')
BEGIN
SELECT 1
END
ELSE
BEGIN
SET @currentScriptVersion = (9200 + 16384)
SET @currentDBVersion = (SELECT SchemaVersion FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
IF @currentDBVersion < 926
BEGIN
SELECT 3
END
ELSE IF @currentDBVersion < @currentScriptVersion
BEGIN
SELECT 2
END
ELSE IF @currentDBVersion = @currentScriptVersion
BEGIN
SELECT 0
END
ELSE
BEGIN
SELECT 4
END
END
2014-02-20 08:37:53 Install type is: Reinstall
2014-02-20 08:37:53 Creating logins...
2014-02-20 08:37:53 Fetching account info for S-1-5-20
2014-02-20 08:37:53 Found principal
2014-02-20 08:37:53 Found account
2014-02-20 08:37:53 Got binary SID
2014-02-20 08:37:53 Fetching WsusAdministratorsSid from registry store
2014-02-20 08:37:53 Value is S-1-5-21-495251104-1553465597-2720485832-1634
2014-02-20 08:37:53 Fetching account info for S-1-5-21-495251104-1553465597-2720485832-1634
2014-02-20 08:37:53 Fetching account info for S-1-5-21-495251104-1553465597-2720485832-1634
2014-02-20 08:37:53 Found principal
2014-02-20 08:37:53 Found account
2014-02-20 08:37:53 Got binary SID
2014-02-20 08:37:53 Setting content location...
2014-02-20 08:37:53 Fetching ContentDir from registry store
2014-02-20 08:37:53 Value is E:\WSUS
2014-02-20 08:37:53 Swtching DB to multi-user mode......
2014-02-20 08:37:56 Finished setting multi-user mode
2014-02-20 08:37:56 Writing DB settings to registry...
2014-02-20 08:37:56 Marking PostInstall done for UpdateServices-WidDatabase in the registry...
2014-02-20 08:37:56 Configuring IIS...
2014-02-20 08:37:56 Start: ConfigureWebsite
2014-02-20 08:37:56 Configuring website on port 8530
2014-02-20 08:38:48 2014-02-20 08:38:10 Info IISCustomAction Performing Setup Action, Command /Install
2014-02-20 08:38:46 Info IISCustomAction Command /Install Succeeded
2014-02-20 08:38:48 End: ConfigureWebsite
2014-02-20 08:38:48 Configuring performance counters...
2014-02-20 08:38:48 Configuring Stats.NET perf counter...
2014-02-20 08:38:48 Configuring reporting perf counter...
2014-02-20 08:38:48 Configuring client webservice perf counter...
2014-02-20 08:38:48 Configuring server sync webservice perf counter...
2014-02-20 08:38:48 Configuring API remoting perf counter...
2014-02-20 08:38:48 Bringing services online...
2014-02-20 08:38:48 Checking initialization status...
2014-02-20 08:38:48 StartServer starting...
2014-02-20 08:38:48 Generating encryption key to write to the registry...
2014-02-20 08:38:48 Generating encryption key to write to the database...
2014-02-20 08:38:48 Generating encryption key succeeded...
2014-02-20 08:38:48 Setting WSUSService to autostart...
2014-02-20 08:38:48 WSUSService is set to autostart.
2014-02-20 08:38:48 Starting WSUSService...
2014-02-20 08:38:48 Failed to start WsusService. Exception: System.InvalidOperationException: Cannot start service WSUSService on computer '.'. ---> System.ComponentModel.Win32Exception: An instance of the service is already running
--- End of inner exception stack trace ---
at System.ServiceProcess.ServiceController.Start(String[] args)
at Microsoft.UpdateServices.Setup.StartServer.StartServer.StartAndConfigureService()
2014-02-20 08:38:48 Importing default detectoids.
2014-02-20 08:38:48 Importing CriticalUpdates.xml...
2014-02-20 08:38:49 Importing Drivers.xml...
2014-02-20 08:38:49 Importing FeaturePacks.xml...
2014-02-20 08:38:49 Importing MicrosoftCorporation.xml...
2014-02-20 08:38:49 Importing SecurityUpdates.xml...
2014-02-20 08:38:49 Importing ServicePacks.xml...
2014-02-20 08:38:49 Importing Tools.xml...
2014-02-20 08:38:49 Importing UpdateRollups.xml...
2014-02-20 08:38:49 Importing Updates.xml...
2014-02-20 08:38:49 Importing Windows.xml...
2014-02-20 08:38:49 Importing Windows2000family.xml...
2014-02-20 08:38:49 Importing WindowsServer2003DatacenterEdition.xml...
2014-02-20 08:38:50 Importing WindowsServer2003Family.xml...
2014-02-20 08:38:50 Importing WindowsXPfamily.xml...
2014-02-20 08:38:50 Importing LocalPublisher.xml...
2014-02-20 08:38:50 Importing LocallyPublishedPackages.xml...
2014-02-20 08:38:50 Importing Applications.xml...
2014-02-20 08:38:50 Importing Exchange.xml...
2014-02-20 08:38:50 Importing Office.xml...
2014-02-20 08:38:50 Importing SQL.xml...
2014-02-20 08:38:50 Importing Exchange2000Server.xml...
2014-02-20 08:38:50 Importing ExchangeServer2003.xml...
2014-02-20 08:38:50 Importing OfficeXP.xml...
2014-02-20 08:38:50 Importing Office2003.xml...
2014-02-20 08:38:50 Importing SQLServer.xml...
2014-02-20 08:38:50 Importing WindowsXP64BitEditionVersion2003.xml...
2014-02-20 08:38:50 Importing DefinitionUpdateSusXml.xml...
2014-02-20 08:38:50 Importing ClientServicingApiDetectoid.xml...
2014-02-20 08:38:50 Importing default detectoids succeeded.
2014-02-20 08:38:52 FixSubscriptionCategories failed. Exception: System.Net.WebException: The request failed with HTTP status 400: Bad Request.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.Internal.ApiRemoting.GetServerVersion()
at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.GetServerVersion()
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.CreateUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer..ctor(Boolean bypassApiRemoting)
at Microsoft.UpdateServices.Setup.StartServer.StartServer.FixSubscriptionCategories()
2014-02-20 08:38:52 StartServer encountered errors. Exception=The request failed with HTTP status 400: Bad Request.
2014-02-20 08:38:52 Microsoft.UpdateServices.Administration.CommandException: Failed to start and configure the WSUS service
at Microsoft.UpdateServices.Administration.PostInstall.Run()
at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
PLEASE HELP
BEST REGARDS

Server behind TMG to grab updates from WSUS server

Hey Guys,
The last topic I created about grab superseeded updates from WSUS, is what this is stil about cause I can't accept this installing updates manually as a answer. So I went ahead an did even more research on this.
To keep it simple I went ahead and adjusted the Local Group Policy / Computer Conf / Admin Templates / Windows Comp / Windows Update / Specify an intranet Microsoft update server (http://172.16.3.3:8530)
Allowed a Rule through TMG to allow by directional traffic of TCP 8530 between the server lan (172.16.8.x <-> 172.16.3.3)
When I click check for updates its good I can see the established connection using netstat on port 8530.
As soon as I click download updates, it tries to grab from internet based Servers... i can see the SYN_SENT right away and I can see the blocked http traffic on the TMG.
So I went ahead and set the GPO setting and removed the port allocation behind it (http://172.16.3.3) Doing a netstat after clicking check for updates showed connection attempt to 172.16.3.3 via http, So I added the protocol to the allow rule between the
servers, and sure enough it changed to established, and I see the allow through the TMG. However this now gives an error when i click on check for updates...
There has to be a way for me to get this dang server to get updates from our WSUS server on the other side of the TMG firewall.. but how?! what am I doing wrong?!
*NOTE* with the port specified in the local GPO of 8530, I can access http://wsus/selfupdate/wuident.cab perfectly fine. I ran wuauclt /detectnow and no errors reported in the WindowsUpdate.log file
*NOTE* The Wsus server is setup to cache all update to a local dir, attempted to see the files in there but all contained random string .cab files, wish they would just contain just the KBnumber and the msu files for easier verification of updates available
in the cache.

The last topic I created about grab superseeded updates from WSUS, is what this is stil
A LINK to that post would be most helpful as I am absolutely clueless about what this post is about.
Allowed a Rule through TMG to allow by directional traffic of TCP 8530 between the server lan (172.16.8.x <-> 172.16.3.3)
The correct implementation for TMG is to create a Web Publishing Rule for the WSUS Server and ALLOW passthru of the client identity.
When I click check for updates its good I can see the established connection using netstat on port 8530.
As soon as I click download updates, it tries to grab from internet based Servers... i can see the SYN_SENT right away and I can see the blocked http traffic on the TMG.
So I went ahead and set the GPO setting and removed the port allocation behind it (http://172.16.3.3) Doing a netstat after clicking check for updates showed connection attempt to 172.16.3.3 via http, So I added the protocol to the allow rule between the
servers, and sure enough it changed to established, and I see the allow through the TMG. However this now gives an error when i click on check for updates...
I see that you've specified a PRIVATE IP Address as the target of the WSUS server (172.16.3.3), so the first set of questions revolves around why there's a TMG server involved in the first place, where this "WSUS Client" is located with respect to the
TMG interfaces, and where the WSUS Server is located with respect to the TMG interfaces. Maybe all of this is in the original post... wherever that might be. I'm going to assume that you're *routing* traffic through the TMG from one private network to another
private network, most likely from the DMZ to the WSUS server in the Internal LAN. (Just an educated guess.)
The second set of questions... is 172.16.3.3 the IP Address of the WSUS Server on the Internal LAN, or is that the address of the DMZ Interface on the TMG. Configured correctly, it should be the former.
Third set of questions.... always a question I ask because it invariably sheds amazing insights into other network issues.... Why are you configuring the policy with an IP Address, rather than the hostname of the WSUS server?
There has to be a way for me to get this dang server to get updates from our WSUS server on the other side of the TMG firewall.. but how?!
Properly configure a Web Publishing Rule. It's that simple. I have a WSUS server "published" to the DMZ so I can patch my DMZ servers and it works perfectly.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Can I set an OU to have 2 GPO's one to pull updates from local server and another from replica server

I'm looking for a solution where I don't change our current AD groups, (avoid using a local group and a field group), also trying to avoid using a server in a DMZ to handle field people (will need to buy a new server).
At the end i'm looking to use a replica server to push updates from the internet to the field group (or OU with a GPO pointing to such replica server) and use the local server to host the updates locally and push to the office people.
Probably this is the question that needs to be answered, can an OU group have 2 different GPO's pointing to 2 different WSUS servers (local and replica) (local updates vs updates from internet) and if an user of such group is in the office they get updates
from the local server and if he is in the field get the updates from the replica server? I know GPO's can have precedence set to the OU, but do they work like a trigger or something that tells them to go to the next GPO.
Thanks in advance

can an OU group have 2 different GPO's pointing to 2 different WSUS servers (local and replica) (local updates vs updates from internet)
No.
and if an user of such group is in the office they get updates from the local server and if he is in the field get the updates from the replica server?
There are two ways to achieve this. Typically we talk about this scenario when the mobile systems are going to use AU/WU to get Security Updates. Taking advantage of the fact that GROUP policy cannot refresh on a machine which is not "in the office", you
define a Registry Script to run in the user's STARTUP folder, which will set the registry values to configure that client to use the alternate source.
But, in the case where you have an Internet-facing WSUS server in the DMZ, and a Corporate-facing WSUS server on the LAN, you use the SAME URL, but use DNS to direct the client to the correct IP Address. When the client is on the LAN, the LAN DNS gives the
IP Address of the Corporate server; when the client is on the Internet, the Internet DNS gives the IP Address of the DMZ server.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Point a client to get software updates from the local OS X Server

I have an OS X Server that's serving only clients as a File Share device that I would like to use for Software Updates. There are three Mac Clients and a bunch of iOS clients. How do I use Software updates from the Server? I read the instructions on configuration but have the following questions:
Where do I find the correct port and catalog file name?
The instruction specify a port of 8088 and a catalog of 'index.sucatalog" in the example. Is this always the case?
I can write to the .plist specified but cannot read from it (get an error). I can see that the file has been written and the data is correct. What's wrong?

Apple's Software Update Server only provides updates for Apple Mac software. It does not provide updates for Mac Applications via the AppStore nor does it provide any updates for iOS devices.
Apple's Caching Server works differently. When a Mac or iOS device on your network requests an update from either the Mac AppStore or the iOS AppStore this will then be 'cached' on the server so that next time a device requests the same update it is available locally.
The URL for a local Software Update Server would be of the form
http://server.domain.com:8088/index.sucatalog
This would be written on a client Mac as follows
sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://server.domain.com:8088/index.sucatalog
It would be read on a client Mac as follows
defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL
Note: Older versions of OS X had a version of the defaults command which did not like you including the file extension of the plist file so in the past the following would fail.
defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist CatalogURL

Windows Server 2012R2 fails to get update from WSUS with error code 80072ee6

Hi all,
I've deployed WSUS role on a Windows Server 2012R2 machine. WSUS listen on port 8530. Now I'm trying a test server (this machine runs WIndows Server 2012R2 too). I've configured a GPO but when I try to check for updates I get the errore in the subject.
I've checked windowsupdate.log and theese are the settings of the client:
AIR Mode is disabled
2014-02-05 12:59:00:357
776 fe0
AU # Policy Driven Provider: http://MyWSUS.MyDomain.local:8530
2014-02-05 12:59:00:357
776 fe0
AU # Detection frequency: 22
2014-02-05 12:59:00:357
776 fe0
AU # Target group: CSM Servers
2014-02-05 12:59:00:357
776 fe0
AU # Approval type: Pre-install notify (Policy)
2014-02-05 12:59:00:357
776 fe0
AU # Auto-install minor updates: No (User preference)
2014-02-05 12:59:00:357
776 fe0
AU # Will interact with non-admins (Non-admins are elevated (User preference))
I confirm that from the test server I can telnet to my wsus server on TCP port 8530

Hi,
This issue occurs if the URL under the Group Policy setting 'Specify intranet Microsoft update service location' is invalid.
You receive a "80072EE6" error code when you download an update from Windows Server Update Services in Windows 7-based or Windows Server 2008 R2-based
computer
http://support.microsoft.com/kb/2724184
Make sure that the URL is correct and the name can be resolved.
Hope this helps.

Microsoft Security Essentials not taking definition updates from WSUS Server.

Hi Experts,
I have a WSUS server installed on network on which MSE definition updates are installed, but the MSE on the client computer is not getting updates from it.
When I click the update button it gives me error "Virus and spyware definitions couldn't be updated".
The error code i am getting is 0x80244018. The definition updates couldn't be installed please try again later.
I also have TMG on my network as a default gateway, I want to update MSE from WSUS not from microsoft update.
Do I have to change rules....??? or any suggesstions that how MSE can be automatically updated from WSUS, the WSUS setting is saved into a GROUP Policy and applied....
Please advice......

The error code i am getting is 0x80244018.
This is an HTTP 403 error, which is generally (but not always) indicative of a proxy server interfering with the download. Assuming this is happening when the client is trying to get Definition Updates from Microsoft during the daily scan, this error will
likely go away once you properly set up WSUS to provide the definition updates.
I want to update MSE from WSUS not from microsoft update.
To do this, you need the following:
The Definition Updates classification must be configured for synchronization.
An Automatic Approval rule that approves the Definition Updates classification for the appropriate target group(s) must be configured and enabled.
The policy setting Allow Automatic Updates immediate installation must be ENABLED.
Your WSUS server should be configured to synchronize multiple times per day (at least 2).
Your clients should be configured with a shorter Detection Frequency (8 hours is ideal).
With the above configured, the clients will check the WSUS server 3x-4x per day, find the latest available Definition Update, download it and install it immediately.
Note, however, that if the client fails to download and install Definition Updates, MSE will continue to do a check, and attempt to update the Definition Updates during the daily scan. If your TMG blocks the client's Internet access, then they
will continue to log HTTP 403 errors when this definition update attempt is executed. (This is why you configure multiple syncs and scans per day -- so the client *never* has to go to Microsoft to get the current definition updates.)
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Clients not getting Combo updates from server

I will try to explain the problem with my limited English knowledge.
My software update server works. The clients already update from it.
My server has downloaded and enabled the incremental AND combo 10.7.4 updates.
My clients have 10.7.3 and they can get the incremental update to 10.7.4.
When i choose to serve only the combo update from my server (by deselecting the incremental update) the clients think their software is up to date.
For some reason i am certain if my clients hade ≤10.7.2 OS everything would work fine.
Any solution?

I was able to solve it in the end. I had an ACL on Core Switch blocking traffic from AP to/fro WLAN/WLSM Switch. The initial traffic goes through the AP's and access switch (authentication and broadcast) to WLAN/WLSM switch through Core, thereby blocking layer 3 traffic and not layer 2 (authentication).
You might need to check your radio on your client (a = 5. Ghz or b/g = 2.4Ghz) to see that it corresponds to what is configured on the AP.

Configuring Server to update from Localhost

Similar Messages

Maybe you are looking for