New WSUS server optimization

Hi,
I have an opportunity to deploy a new WSUS 3.0 SP2 ( 2008 R2 server) from scratch.
I enabled the Sync / classifications and Product list that i need to patch.
(XP , Win 7 , Server 2003 , Server 2008 and server 2008 R2 -- Security , critical and updates)
Language English
Now this got me around 6392 Updates that i see as Unapproved and status Any View.
I need to keep the stuff clean from the offset 
1.So what should i approve for install
2.What should i decline 
3.When should i run server cleanup wizard
Any strategy 

1.So what should i approve for install
That really depends on the current patch state of the clients of this WSUS server. For starters, you should not approve any updates that are not already reported by clients as NEEDED. Second, you should not approve any superseded updates. Beyond that, however,
there may still be additional updates that you should approve.
2.What should i decline
When you get to the point that superseded updates are reported as 100% Installed/Not Applicable, then you should decline those updates. In addition, you can also decline anything you'll absolutely never need, such as Itanium updates. Also, if you're synchronizing
Windows Server 2008 and Windows Server 2008, you're getting both x86 and x64 updates. You may or may not need updates for any one of those four platforms.
3.When should i run server cleanup wizard
At least once a month, but only if performed in conjunction with other required administrative procedures.
Any strategy
Removing unneeded update approvals
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Similar Messages

  • New WSUS server same name

    I setup a new WSUS server and then changed name of old one to something else and then renamed new one what the old one was. None of the clients are connecting to new WSUS server even though the GPO should be pointing to correct name. Is there something else
    I have to do in order for PCs to sync now?

    Hi Jason,
    Agree with Daniel.
    Besides, do you install the WSUS on Windows Server 2012 R2? If yes, have you change the port in the GPO? WSUS server has changed the default port in Windows Server 2012R2.
    On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS
    On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS
    Best Regards.
    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Why won't my clients register with my new WSUS server??

    Hi All,Been running WSUS 3.0 SP2 on Server 2008 for a good few years now (originally moved away from it running on Server 2003 when I first started in my current role), and a couple of days back, I finally got round to throwing up a new 2012 VM with the WSUS role installed...When I moved clients from the 2003 WSUS to the 2008 instance, literally all I did was change the intranet location in the GPO I had created for WSUS to point to the 2008 server, and voila! Clients started reporting in within a few hours!This time, it's been 2 days now, and even though I've changed the GPO, and verified that it has updated on the clients by using GPResult, none of them have contacted the new WSUS server yet...I've tried running wuauclt with the /detectnow and /reportnow switches, and nothing.How exasperating!
    This topic first appeared in the Spiceworks Community

    Hi All,Been running WSUS 3.0 SP2 on Server 2008 for a good few years now (originally moved away from it running on Server 2003 when I first started in my current role), and a couple of days back, I finally got round to throwing up a new 2012 VM with the WSUS role installed...When I moved clients from the 2003 WSUS to the 2008 instance, literally all I did was change the intranet location in the GPO I had created for WSUS to point to the 2008 server, and voila! Clients started reporting in within a few hours!This time, it's been 2 days now, and even though I've changed the GPO, and verified that it has updated on the clients by using GPResult, none of them have contacted the new WSUS server yet...I've tried running wuauclt with the /detectnow and /reportnow switches, and nothing.How exasperating!
    This topic first appeared in the Spiceworks Community

  • Export Approuved Update from old server WSUS to the new WSUS server

    Hello,
    I want to export all update approuved from one old WSUS server  to one  new WSUS server
    Can you help me please ?
    Best Regard

    Hi,
    >>I want to export all update approuved from one old WSUS server  to one  new WSUS server ?
    There are three steps to exporting and then importing updates:
    Make sure that the options for express installation files and update languages on the exporting server are compatible with the settings on the importing server. This ensures that you collect the updates you intend to distribute.
    Copy updates from the file system of the export server to the file system of the import server.
    Export update metadata from the database on the export server, and import it into the database on the import server. The last section explains how to import exported updates to a replica server
    Here is the official solution:
    https://technet.microsoft.com/en-us/library/cc720486(v=ws.10).aspx
    Best Regards.
    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Testing updates with a new WSUS server

    We recently created a new WSUS server and added a test target group consisting of 6 test PCs. My question is if I approve updates tonight to just the target group, will I be able to push out those same updates to our staff PCs next Thursday? (We typically
    approve updates on the 4th Thursday of the month for a 3:00am Friday install via our WSUS GPO.) Or will the staff PCs miss out on this month's updates due to the test push? I.e.: is it "one and done" with the approved updates.
    Thanks
    Hank Vare

    A couple of thoughts to share....
    First, with respect to your approvals. This is exactly why target groups exist. So if today (Thursday) you approve updates for the target group, then the computers in that target group will get these updates sometime over the next 24-48 hours (depending
    on a lot of variables that affect the process from the time of approval to the time of installation). When you're ready to deploy them to more systems, you just ADD the approvals for the extra target group(s) that contain the additional systems.
    Second... approving updates on Thursday for a 3am Friday installation is a procedure likely doomed to some percentage of failure. In fact, if you've already been doing this I'm surprised it hasn't already happened. So let's dive into some of those "variables"
    I mentioned in the first paragraph and better understand the risks.
    When you approve the updates, they have to be downloaded from Microsoft. That takes some amount of time.
    AFTER the updates are downloaded from Microsoft, the client has to "check in" with the WSUS Server to see if there are any new/available updates to download. That "check in" could occur at anytime up to 22 hours AFTER the updates have
    been downloaded (which, right here, already blows the 3am target).
    When the client has discovered available update to download, then it actually has to download them AND the download has to complete before 3am Friday, or those updates will not be scheduled for installation at your weekly event.
    NOW.. having said that, introducing a TEST GROUP may actually mitigate some of that risk -- unless your test group is also scheduled to install updates ONLY on Friday at 3am, in which case, some of your test group might not get any updates at all.
    As a general rule, your initial approval of an update should be at least 48 hours in advance of the time in which you want the clients to actually install the updates. This gives the WSUS server several hours to download the updates, it accounts for the
    up-to-22-hours that may lapse before the client discovers the updates as available, and it gives the client several hours to download the updates from the WSUS server, so they are on the local machine prior to the scheduled installation time.
    Additionally, if there are downstream/replica servers involved in the environment, you'll need to add another 48 hours for each level of replication -- because replica servers get updates exactly like clients do.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Clients not updating from new WSUS server

    I had 2 DCs in place running 2008 and 2003. The 2003 server was also running WSUS. It has been replaced with a 2012 R2 Essentials server which is now the FSMO holder and I installed WSUS on it using the standard options like I always do. Administration
    runs on 8530.
    I updated the GPOs with the new server's name. All clients can ping the WSUS server by name. All clients are reporting to the server and updates have been approved days ago. However none of the clients, including the server itself, are seeing any new updates
    available even though the WSUS console shows they are reporting.
    I've searched the registry of the 2008 DC for references to the old WSUS server and none were found. I looked in the registry key where you would find the value put there from the GPO and it correctly shows the current WSUS server.
    I looked in the windowsupdate log on the 2008 DC and I don't see any errors. So I'm stumped as to why the clients can at least see the WSUS server and report to it but they aren't seeing the approved updates. Any ideas?
    Jonathan

    Hi Jonathan,
    Have you checked if the update is downloaded successfully? The update will not be available until it has been downloaded on the WSUS server.
    Best Regards.
    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Yes the updates have all downloaded as verified in the WSUS console. So the updates are there, the clients are reporting in and showing what updates they need, but what is not happening is that final connection so you see the little "pending updates"
    icon in the system tray. I've done wuauclt /detectnow many times (used to doing this with other sites I manage) and had WU check for updates but it always shows none available.
    Jonathan

  • New WSUS server not showing computers correctly.

    Hi All,
    I've recently migrated WSUS servers and everything has come intact apart from the grouping. The groups have come over but all the computers are showing under 'Unassigned Computers'.
    I've manually removed and added a number of computers but it doesn't show any computers.
    Thanks

    Hi,
    I've only just taken over setting up of WSUS from my colleagues and he's setup computer groups in WSUS and adds the computers to the groups via Active Directory Users and Computers.
    The WSUS GPO only sets
    Allow non-administrators to recieve update notifications
    Allow signed updates from an intranet Microsoft update service location
    Configure Automatic updates (Configure automatic updating, Scheduled install day, scheduled install time)
    Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
    Specify intranet Microsoft update services location (Set the intranet service for detecting updates, set the intranet statistics server)
    Turn on recommended updates via Automatic Updates
    Turn on Software Notifications.
    Not sure how much help that is!
    Well, that is your issue then, if you are using client side targeting with the WSUS Server you will need to place the WSUS Group in the Group Policy. Here is a good technet article to get you started.
    http://technet.microsoft.com/en-us/library/cc708574(WS.10).aspx
    Hope this helps.

  • Migrate WSUS server from 2003x86 to 2008x64, new hardware, use same name and IP address?

    Searching through the WSUS forums and reading the TechNET migration documentation, I have bits and pieces of information to make this a smooth transition...I think. I have a plan in mind but
    would like the communities input on what I am thinking before moving forward and having it blowup in my face :). <o:p></o:p>
    I have the following currently:<o:p></o:p>
    A single WSUS 3.0 SP2 server, running on Server Win2003x86, using the default WID (susdb.mdf) on the same server. I have SQL 2005 Express installed on this server as well for other services
    but this has no bearing on the WID correct?<o:p></o:p>
    What I would like to do:<o:p></o:p>
    I have a new server (a much better one) that I would like to move WSUS on to, that will be running Server Win2008x64 (I have to setup first). <o:p></o:p>
    Steps that I would like to follow:<o:p></o:p>
    1. I will go through and setup this new server with all M$ updates etc... under a new name (ex. wsusnew) and DHCP acquired IP address and then power it down. <o:p></o:p>
    2. Get on my current WSUS server and backup all current WSUS settings, groups, DB etc... to a network location for temporary storage. Then power it down.<o:p></o:p>
    3. Delete the current WSUS server computer object in AD, DNS entry I will leave because my intension is to give the same IP address to the new WSUS server.<o:p></o:p>
    4. Start the new server, static assign the IP address from the old WSUS server to this new server and then change the name of (wsusnew) to the old servers name, which should be ok sense I deleted
    the AD object in step 3.<o:p></o:p>
    5. After the obvious restart, the new server will have the same name and IP address as the old server. <o:p></o:p>
    6. Now that the new server is up (with same settings name/IP as old server), I will then go through and install the WSUS role on the server and restore my WSUS information.<o:p></o:p>
    Questions:<o:p></o:p>
    1. Step 2 above, is it possible to do this, without making replica servers? I kept reading about this as I was researching doing this, I would rather just copy the DB and folders and simply
    put them in-place on the new server.<o:p></o:p>
    2. Step 6 above, restoring of the data, what is the proper way to do this in the scenarioI described? <o:p></o:p>
    Thank you to anyone who can provide me some information.
    Jeff

    Thank you for the reply, I will follow and let you know. Proabably be next week sometime before I'm able to try though. So look for a reponse then. Thank you again.
    Jeff
    OR...
    You can use the much more simple, much more reliable, and much more proven method of:
    Install new server as a replica of the old.
    Replicate.
    Configure new server as upstream server.
    Point clients to new server.
    Turn off old server after all clients have redirected to the new server.
    For everybody that has tried the backup/restore the database procedure described above, they have encounted complications of one form or another.
    WSUS has a built-in and fully supported comprehensive replication capbility. use it! :-)
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

  • Best way to replace WSUS Server that isn't working?

    Hi, this is a followup (aka admission of defeat) to the post linked below.  Our SCCM installation was done in a hurry by one of my Coworkers about two months ago, and there are a few areas which are incomplete.   One of them happens
    to be software updates.   I have spent a great deal of time trying to troubleshoot why our clients aren't updating, and am realizing that my time might be better spent just replacing the WSUS server.
    Our setup:  All servers are hosted on Hyper-v.  SCCM 2012R2 is on server 2012R2.  The sql server runs on sql server 2012, on seperate 2012R2 machine.  WSUS is currently set up on a 2012 R2 machine, but it isn't working.  The WSUS
    server is configured to use the same SQL server instance as the SCCM server.
    If I take the step of replacing the WSUS machine, what would the best path be? Should I:
    Remove the software update point site system role as as described at the end of this document,
    http://technet.microsoft.com/en-us/library/gg712312.aspx    then just turn off the current wsus server?
    If so, do I need to worry about the SQL server, or can I just go about configuring a new WSUS server and adding it back in to SCCM?
    If anyone can point me to their favorite list of step by step instructions for getting software updates working with SCCM, I'd appreciate it.
    Thanks,
    Kevin
    My post from yesterday:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/b07516e4-757e-4ba8-889f-a33374a2c370/updates-not-applying-scan-failed-with-error-0x80072efd?forum=configmanagersecurity

    Yes, Thank you!  I did reinstall WSUS on a new server, which turned out not to be the root of my problem (Although, confirming that it was done properly was worth the time). 
    After reinstalling WSUS, I was still getting the error:
    Group policy settings were overwritten by a higher authority (Domain Controller) to: Server and Policy NOT CONFIGURED WUAHandler 4/9/2014 5:43:01 PM 3344 (0x0D10)
    After a bit more searching, I found someone suggesting setting the "Allow signed updates" group policy to not configured, in addition to  the "Specify intranet Microsoft Update Service Location".
    I also read that the SCCM client will take care of most update settings, so I also set "Configure Automatic Updates", and "Turn on recommended updates via automatic updates" to Not Configured, and my Endpoint Protection began updating nicely.
    Thanks for pointing me to Gerry's site, it's a great resource!
    Thanks also for helping.
    Kevin

  • Upstream WSUS Server and Sync

    Hello,
    Environment : 1. Server 2008 R2 Main Upstream server, hosts update content locally, SQL DB on another system. 
    2.  2 - Server 2008 R2 downstream servers, host update and sql content locally.
    We had our Main Upstream WSUS server crash after applying KB2734608-x64 on a Server 2008 R2 box. Our database resides on a different SQL server on the same domain. When we tried to launch the WSUS interface the mmc console
    it would crash. ( MMC has detected an error in a snap in and will unload it. was the error). Looked at the logs and it seems like it could not connect to the database. Anyways after trying many fixes, i decided to re-install WSUS until it got to the point
    where it would not allow me to re-install got errors in the log of " InstallWsus: MWUS installation failed ( error 0x80070643: fatal error during installation with other ones like CInstallDriver and CSetupDriver:.....blah blah). I was messing with the
    back end database and accidentally deleted it, so i had to restore the latest  backup from a month ago ( we typically back on a weekly basis with incrementals, but our backups where failing and we didn't know of this because of a complicated situation
    with our client..anyways). My question is once i get the WSUS connected backup what can i expect from the downstream servers in terms of Synchronization? I am assuming initially we will have re approve all updates on the upstream server, before the downstream
    server successfully sync? I know i have to recycle the WSUS application pool and reset the update content, anything else? Also any advice on installing that patch? We initially tried to install it because some clients were not reporting into the console properly.
    ( I know we are on a downward spiral here, any help is appreciated. Will probably end up rebuilding the VM from scratch re-installing WSUS ) 
    Server 2008 - MCITP, Server 2012 - MCSA

    Because you had previously attempted the installation of KB2734608 on the WSUS server, it's likely that the database schema has already been modified, making it impossible to connect a downlevel WSUS server to that database. It's unfortunate that you uninstalled
    WSUS (probably not necessary and notably complicates the situation), but c'est la vie.
    Of course, apparently all that is also irrelevant since you also trashed the back-end database and restored it, so now that database does not have the schema mods imposed by KB2734608.
    So, once you get this new WSUS server installed to the restored database, the downstream servers (where I presume you have not yet installed KB2734608 since this update must be installed from the top down) will just keep on truckin'. The only updates you'll
    need to approve are the ones that were approved since the last database backup (which hopefully was after you approved this month's Patch Tuesday updates, otherwise you'll likely have a fair amount of work to be done).
    Successful synchronization is not a function of the state of the approvals on the upstream server, but if there are any updates NotApproved on the upstream server that were previously approved, a replica server will lose those approvals and client systems
    won't get the update until it is (re)approved, the replica resynchronized, and the client performs another detection to (re)find that (new) approval.
    I don't know where the "recycle the app pool and reset the update content" stuff is coming from. You're installing a new front-end WSUS server onto an existing database that's already functional. No other actions are required.
    As regards successfully installing KB2734608, I suggest thoroughly reading the KB article for starters... TWICE!
    First requirement of successfulling installing this update is having a healthy
    WSUS server. Not sure why your particular installation failed (installation failures of KB2734608 are pretty rare, as opposed to those encountered by KB2720211), but they're almost always related to existing dysfunctions within the WSUS server.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • What is my WSUS server doing?!

    Hi All,Rolled out a new WSUS server last week, and I've been running around trying to get all my clients fully updated...I've changed my WSUS reporting frequency from 22hrs to 2hrs via GPO, and this has taken effect, so I can see a clearer picture in the interim, whilst I get everything updated. However, I notice that, for instance, our single remaining XP machine reports to WSUS that it still has 26 updates outstanding... Now, I have installed all updates that have come from WSUS on this machine, and I have forced it to reportnow and detectnow, and I have read the WindowsUpdate.log, which tells me that it successfully connects to WSUS, and finds no updates available. I have also taken the XP machine to Windows Update manually and downloaded ALL available updates (there were 3, not 26!) and it has since reported into WSUS,,,Yet it...
    This topic first appeared in the Spiceworks Community

    Migrating your database to a new datacenter can be a high-risk and time-consuming process. A database contains state, and can be much harder to migrate as compared to web servers, queues or cache servers.In this blog post, we will give you some tips on how to migrate your data from one service provider to another. The process is somewhat similar to our previous post on how to upgrade MySQL, but there are a couple of important differences.
    This is the seventh installment in the Become a MySQL DBA blog series. Our previous posts in the DBA series include Database Upgrades, Replication Topology Changes, Schema Changes, High Availability, Backup & Restore, Monitoring & Trending.MySQL Replication or Galera?Switching to another service provider (e.g., moving from AWS to Rackspace or from colocated servers to cloud) very often means one would...

  • Change wsus server on client

    Hi, I have several clients that point through GPO to wsusserver1.
    Now I deployed wsusserver2 and modified GPO in order to point to this one, but in wsusserver2 console, in computer list, I cannot see my clients. They are still handled by wsusserver1. How can I say "wsusserver1, don't manage my clients anymore, let
    do it by wsuserver2"? What happens if I delete the client from wsuserver1?
    (Obviously I verified that the new policy has been received by the clients).
    Thank you

    Hi, the gpupdate works correctly, I am working also on other policies and when I run gpupdate and gpresult I can see new policies applied correctly. But it seems that clients are still managed by the old server, also if on the old server the "last
    status report" is not a recent date, while other clients that have never been registered on the old server (only in the new one) has a "last status report" updated to today on the new wsus server.
    Sounds to me like you did not properly implement the GPO.
    Based on this description, your GPO for the downstream server is not being applied.
    Did you create a *NEW* GPO.. or did you edit the GPO that already applied to these systems?
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • New WSUS on Server 2012 - problem with win8 clients

    Hi,
    Two weeks ago we created a new Server 2012 and installed the WSUS role from scratch on it.  Its version number is:  6.2.9200.16384.  It replaced a Server 2008 WSUS server.  After some time all the win7 clients updated and reported as
    they did on the old and replaced server.
    However all our win8 clients refuse to update against this server.  They show correctly up in WSUS server console each with 107 needed updates day after day.  We have rebooted them and done numerous wuauclt /resetauthorization /detectnow and wuauclt
    /detectnow /reportnow, but to no avail.
    I paste in some lines from a win8 client winupdate log at the end of this message if someone can figure out what I have to do to get these clients update as they did against the old wsus server.  Thanks for help on this issue.
    regards Tor
    2014-02-03    08:33:38:008     920    153c    Agent    *************
    2014-02-03    08:33:38:008     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:38:008     920    153c    Agent    *********
    2014-02-03    08:33:38:008     920    153c    Agent      * Online = Yes; Ignore download priority = No
    2014-02-03    08:33:38:008     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:38:008     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:38:008     920    153c    Agent      * Search Scope = {Machine & All Users}
    2014-02-03    08:33:38:008     920    153c    Agent      * Caller SID for Applicability: S-1-5-18
    2014-02-03    08:33:38:008     920    153c    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
    2014-02-03    08:33:38:008     920    1990    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
    2014-02-03    08:33:38:008     920    1990    AU      # 0 updates detected
    2014-02-03    08:33:38:008     920    1990    AU    #########
    2014-02-03    08:33:38:008     920    1990    AU    ##  END  ##  AU: Search for updates  [CallId = {ABC7E77F-635F-4192-9B92-CBF9B1CB8AB0} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
    2014-02-03    08:33:38:008     920    1990    AU    #############
    2014-02-03    08:33:38:023     920    153c    Misc     Microsoft signed: Yes
    2014-02-03    08:33:38:023     920    153c    Misc     Infrastructure signed: Yes
    2014-02-03    08:33:38:023     920    153c    EP    Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL: "http://fe1.ws.microsoft.com/w8/2/redir/storeauth.cab"
    2014-02-03    08:33:38:023     920    153c    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\117CAB2D-82B1-4B5A-A08C-4D62DBEE7782\wuredir.cab:
    2014-02-03    08:33:38:039     920    153c    Misc     Microsoft signed: Yes
    2014-02-03    08:33:38:039     920    153c    Misc     Infrastructure signed: Yes
    2014-02-03    08:33:38:039     920    153c    EP    Got 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 redir Client/Server URL: "https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx"
    2014-02-03    08:33:38:055     920    153c    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2014-02-03    08:33:38:055     920    153c    PT      + ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}, Server URL = https://fe2.ws.microsoft.com/v6/ClientWebService/client.asmx
    2014-02-03    08:33:38:055     920    153c    Agent    Reading cached app categories using lifetime 604800 seconds
    2014-02-03    08:33:38:055     920    153c    Agent    Read 0 cached app categories
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {E7FF661C-6A03-4387-A1EE-1D723B52EF60}.3 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:211     920    153c    Agent      * Found 13 updates and 31 categories in search; evaluated appl. rules of 69 out of 94 deployed entities
    2014-02-03    08:33:39:211     920    153c    Agent    *********
    2014-02-03    08:33:39:211     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:211     920    153c    Agent    *************
    2014-02-03    08:33:39:211     920    1a64    Report    REPORT EVENT: {0786C161-F6DC-4842-85D6-9506124654AD}    2014-02-03 08:33:38:008+0100    1  
     147 [AGENT_DETECTION_FINISHED]    101    {00000000-0000-0000-0000-000000000000}    0    0    Windows Update Command Line    Success    Software Synchronization  
     Windows Update Client successfully detected 0 updates.
    2014-02-03    08:33:39:211     920    1a64    Report    REPORT EVENT: {1E5D9728-220F-44A3-8BCC-ADE69687531D}    2014-02-03 08:33:38:008+0100    1  
     156 [AGENT_STATUS_30]    101    {00000000-0000-0000-0000-000000000000}    0    0    Windows Update Command Line    Success    Pre-Deployment Check  
     Reporting client status.
    2014-02-03    08:33:39:211     920    1a64    Report    REPORT EVENT: {57BAB7D0-685B-4D73-BDF7-82AFCE8675B0}    2014-02-03 08:33:39:211+0100    1  
     147 [AGENT_DETECTION_FINISHED]    101    {00000000-0000-0000-0000-000000000000}    0    0    Windows Update Command Line    Success    Software Synchronization  
     Windows Update Client successfully detected 13 updates.
    2014-02-03    08:33:39:211     920    1a64    Report    CWERReporter finishing event handling. (00000000)
    2014-02-03    08:33:39:227     920    153c    Agent    *************
    2014-02-03    08:33:39:227     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:227     920    153c    Agent    *********
    2014-02-03    08:33:39:227     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:227     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:227     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:227     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:227     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1155
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {A9A0E183-0667-46D6-84E4-17CEBCEE5A22}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:258     920    153c    Agent      * Found 11 updates and 29 categories in search; evaluated appl. rules of 58 out of 94 deployed entities
    2014-02-03    08:33:39:258     920    153c    Agent    *********
    2014-02-03    08:33:39:258     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:258     920    153c    Agent    *************
    2014-02-03    08:33:39:258     920    153c    Agent    *************
    2014-02-03    08:33:39:258     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:258     920    153c    Agent    *********
    2014-02-03    08:33:39:258     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:258     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:258     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:258     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:258     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-2212025170-3189117132-1219651784-500
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:305     920    153c    Agent      * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
    2014-02-03    08:33:39:305     920    153c    Agent    *********
    2014-02-03    08:33:39:305     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:305     920    153c    Agent    *************
    2014-02-03    08:33:39:305     920    153c    Agent    *************
    2014-02-03    08:33:39:305     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:305     920    153c    Agent    *********
    2014-02-03    08:33:39:305     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:305     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:305     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:305     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:305     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1323
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:352     920    153c    Agent      * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
    2014-02-03    08:33:39:352     920    153c    Agent    *********
    2014-02-03    08:33:39:352     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:352     920    153c    Agent    *************
    2014-02-03    08:33:39:352     920    153c    Agent    *************
    2014-02-03    08:33:39:352     920    153c    Agent    ** START **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:352     920    153c    Agent    *********
    2014-02-03    08:33:39:352     920    153c    Agent      * Online = No; Ignore download priority = No
    2014-02-03    08:33:39:352     920    153c    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation'
    or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2014-02-03    08:33:39:352     920    153c    Agent      * ServiceID = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} Third party service
    2014-02-03    08:33:39:352     920    153c    Agent      * Search Scope = {Current User}
    2014-02-03    08:33:39:352     920    153c    Agent      * Caller SID for Applicability: S-1-5-21-4260610346-2664610402-3334891387-1282
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {E8B477DF-479E-4BCA-B8F8-2D987A509009}.2 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {BB85CCA0-88DC-4DA7-8E81-B7F7E5E73B81}.100 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {18DEF1D9-4513-467E-9D7E-E1772855BB9E}.100 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {971D9BE4-5145-4DB5-962C-CEE2EE3A2842}.3 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {CCB380C9-29F5-4305-96DD-86DE2D00438B}.2 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {455BDD67-9ED0-4DE7-94F1-3480EA942414}.12 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {ADFBFCE0-FFD4-4826-B9CF-50AE8182E3C5}.2 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {BFA8C8B8-EEF7-4A82-A36C-8F760F792430}.3 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {3F05DE38-92BC-44B6-B06B-5217E5CF12CA}.1 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {36BEF0D5-80ED-4942-8457-6F9C88546E06}.1 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Added update {A292CD86-AB4E-4388-8C7B-CFB392EDE6AC}.1 to search result
    2014-02-03    08:33:39:383     920    153c    Agent      * Found 11 updates and 30 categories in search; evaluated appl. rules of 60 out of 94 deployed entities
    2014-02-03    08:33:39:383     920    153c    Agent    *********
    2014-02-03    08:33:39:383     920    153c    Agent    **  END  **  Agent: Finding updates [CallerId = Windows Update Command Line]
    2014-02-03    08:33:39:383     920    153c    Agent    *************
    2014-02-03    08:33:39:383     920    1990    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
    2014-02-03    08:33:39:383     920    1990    AU      # 12 updates detected
    2014-02-03    08:33:39:383     920    1990    AU    #########
    2014-02-03    08:33:39:383     920    1990    AU    ##  END  ##  AU: Search for updates  [CallId = {66AF0139-896D-4607-8660-B66D2B58EA26} ServiceId = {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}]
    2014-02-03    08:33:39:383     920    1990    AU    #############
    2014-02-03    08:33:39:383     920    1990    AU    All AU searches complete.
    2014-02-03    08:33:39:383     920    1990    AU    AU setting next detection timeout to 2014-02-03 10:18:51
    2014-02-03    08:33:44:211     920    1a64    Report    CWERReporter finishing event handling. (00000000)
    2014-02-03    08:41:39:472     920    1a64    EP    Got WSUS Client/Server URL: "http://elias:8530/ClientWebService/client.asmx"
    2014-02-03    08:41:39:472     920    1a64    PT    WARNING: Cached cookie has expired or new PID is available
    2014-02-03    08:41:39:472     920    1a64    EP    Got WSUS SimpleTargeting URL: "http://elias:8530"
    2014-02-03    08:41:39:472     920    1a64    PT    Initializing simple targeting cookie, clientId = c5e26849-287b-4b96-ba5d-1489d6fad2f2, target group = , DNS name = dt-ikt-tor.framnes.lan
    2014-02-03    08:41:39:472     920    1a64    PT      Server URL = http://elias:8530/SimpleAuthWebService/SimpleAuth.asmx
    2014-02-03    08:41:39:519     920    1a64    EP    Got WSUS Reporting URL: "http://elias:8530/ReportingWebService/ReportingWebService.asmx"
    2014-02-03    08:41:39:519     920    1a64    Report    Uploading 2 events using cached cookie, reporting URL = http://elias:8530/ReportingWebService/ReportingWebService.asmx
    2014-02-03    08:41:39:566     920    1a64    Report    Reporter successfully uploaded 2 events.
    2014-02-03    08:42:13:212     920    178c    Report    WARNING: CSerializationHelper:: InitSerialize failed : 0x80070002
    2014-02-03    08:43:40:450     920    178c    AU    ###########  AU: Uninitializing Automatic Updates  ###########
    2014-02-03    08:43:40:450     920    178c    WuTask    Uninit WU Task Manager
    2014-02-03    08:43:40:513     920    178c    Service    *********
    2014-02-03    08:43:40:513     920    178c    Service    **  END  **  Service: Service exit [Exit code = 0x240001]
    2014-02-03    08:43:40:513     920    178c    Service    *************

    Today I opened Control Panel / Windows Updates and first did a check for new updates (from the WSUS server).  Nothing was found and it reported Windows is Updated.   Then I clicked the link Check for updates from Microsoft via internet, and
    it found around 24 updates.
    This is confirmation of the point that I made in the previous post. The updates are *NEEDED* by this system, but the updates were not *AVAILABLE* from the assigned WSUS Server. You were able to get them from Windows Update, but that does not fix your continuing
    issue with the WSUS Server.
    but it still reported the original 108 Needed updates.
    Exactly. As previously noted, the client is functioning perfectly. The problem is NOT with the client; the problem is with the WSUS Server. The updates that this client needed were not AVAILABLE to be downloaded from the WSUS server.
    Why this is the case requires further investigation on your part, but is either because the updates are not properly approved, or the update FILES are not yet downloaded from Microsoft to the WSUS server.
    It appears that the wsus server doesn't get any information back from the client despite that it displays new Last contact and Last Status report timestamps.
    This conclusion is incorrect. The WSUS Server got every bit of information available from the client -- you've confirmed this by the number of updates reported as "Needed" by the Windows Update Agent to the WSUS Server.
    I assumed that the log would display if the updates were downloaded or not.
    It will log when the updates are actually downloaded. If there's no log entries for updates being downloaded, then they're not being downloaded. If the logfile says "Found 0 updates", then that means exactly what it says: It couldn't find any approved/available
    updates to download.
    In your case it "Found 11 updates", but now it will be impossible to diagnose that fault, because you went and got them from Windows Update.
    All Win8 versions are checked in the WSUS server's Product list so the updates should at least have been downloaded to the server.
    This is why understanding the infrastructure is so critical. Your conclusion is invalid based on the premise given, and you may be using improper terminology which only confuses the rest of us as well.
    First, selecting updates for synchronization only gets the update metadata (i.e. the detection logic) downloaded to the WSUS database.
    The Second Step in this process is to Approve those updates for one or more WSUS Target Groups that contain the appropriate client systems. Following the approval of an update, the WSUS Server downloads the INSTALLATION FILE for that update.
    Once the WUAgent sees an approved update and the installation file is available, then the WUAgent will download the file and schedule the update for installation.
    Most of the post I read about my problem is about upgrading a 2008 WSUS server to support Win8 / Server 12 clients.  When I try to run this update on my Server 12 WSUS it refuses to run (probably because it is for Server 2008).
    Yeah.. totally different issue in those posts than what you're describing here.
    What should I do to try to track down the problem?
    Well.... now that it's 11 days since the logfile was posted, and you've already updated that system, we'll first need to find another system exhibiting the same issue.
    Then I'll need to ask a number of questions to properly understand the environment, as well as what you have or have not done.
    Then, from there, we can attempt to figure out why your Windows 8 client apparently sees some updates as approved/available but is still not downloading them. We do not yet have sufficient information to even speculate on a possible cause -- there are several.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Migrating a WSUS server to a newer OS with many downstream servers

    So here is my situation at my company. Our primary, upstream WSUS server is running Server 2003. It has about 20 downstream WSUS servers, running various versions of Microsoft Server (2003, 2008, 2008 R2 and 2012). 
    My 1st question:
    Is it fine to have the upstream WSUS server OS newer than the downstream WSUS server? I've heard a downstream server's OS doesnt matter, but I wasn't sure about the upstream server. 
    2nd question:
    No matter the answer to question 1, this server will need to be upgraded before July 2015. Can anyone tell me the best way to migrate an upstream WSUS server to a new server? Luckily it's a VM, so it will be fairly to easy to try and rollback if necessary,
    but I want to see if anybody else has tried it. We also have about 15 computer groups that I want to keep. 
    Thanks, Kyle 

    My 1st question:
    Is it fine to have the upstream WSUS server OS newer than the downstream WSUS server?
    The upstream server OS should be newer than the downstream server OS. In fact, strictly speaking, an upstream WSUS v3.2 server with a downstream WSUS v6.x server is an unsupported configuration, although it WILL work just fine provided that KB2734608
    is installed on the WSUS v3.2 server.
    I've heard a downstream server's OS doesnt matter
    It doesn't, if all WSUS servers are running v3.2 and at the same patch level.
    2nd question:
    No matter the answer to question 1, this server will need to be upgraded before July 2015. Can anyone tell me the best way to migrate an upstream WSUS server to a new server?
    Yes, the *best* way to do that, which is discussed in this forum at least a few dozen times over the past several years, is to install a NEW server as a replica of the existing upstream server and replicate the upstream server to the new server. Then, reconfigure
    the new server as the upstream server, verify the Product Category and Update Classifications selections are correct, and sync with Microsoft. Once you've confirmed the new server is functioning correctly, point the clients and downstream servers to it. Once
    all downstream servers and clients have successfully connected to the new server, retire the old one.
    I want to see if anybody else has tried it.
    Only a few thousand over the past half-dozen years. :-)
    We also have about 15 computer groups that I want to keep.
    The computer groups will be automatically replicated (just like they are with any other replica server). If you're using Client-Side Targeting, the clients will automatically rejoin in their assigned groups. If you're using Server-Side Targeting, they'll
    rejoin in "Unassigned Computers" and you'll have to reassign them. If you have too many computers to manually reassign (one would then ask why you're not using Client-Side Targeting), there's a
    free tool at PatchZone.org that will export/import the client computers from the original upstream server to the new upstream server.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Misplaced wsus-content folder on new replica server

    Hi,
    I have setup a new replica server.
    The procedure is place the exported content (WsusContent) on the new replica server.
    For some reason I misplaced the content folder directly under D:\ and not under D:\WSUS.
    I also already imported the database with wsus util command.
    On the wsus master the replica server is already visible and I have pressed synchronize on the replica server.
    Can I still move the WsusContent  folder from D:\ to D:\WSUS\WsusContent?
    Shall I first remove the D:\WSUS\WsusContent or
    just overwrite?
    Are these thing possible or how would you do it?
    Thanks a lot,
    Kr,
    Joeri

    Hi Lawrence,
    Currently al my info about the current running replica is under D:\WSUS
    D:\WSUS
    UpdateServiceDb files 2,83 GB
    UpdateServicesPacakages 0 kb
    WsusContent 117 MB.
    This means the existing data in my system is 117 MB. 
    The exported content is under
    D:\
    UpdateServiceDbFiles (not used)
    UpdateServicesPackages (not used)
    WsusContent 145 GB (not used)
    What I read about is that wsusutil is to move existing data in WSUS that's my 117 MB to another location.
    That's not what i want to do .. i want to move the 145 GB to the 117 MB folder -> D:\WsusContent to -> D:\WSUS\WsusContent .
    Can you tell me how to do that?
    A copy paste of the data will not work ? What do you think?
    Joeri

Maybe you are looking for