Upstream WSUS Server and Sync

Similar Messages

• Disconnect WSUS server and Process of Approving Updates via Metadata.

  Hi Folks:
  I have recently setup 2 WSUS servers.   The first one has connectivity to the Internet and of course has access to Microsoft updates.   The second WSUS server is part of a disconnected network.   Both WSUS servers are supporting client workstations
  of various operating system versions.   The connected WSUS server is fairly easy, from a management viewpoint.   I simply check to see what updates are "Needed" and I approve them for download.   However, the disconnected WSUS server
  is the one that I need some advice on.   I want to have a fairly simply procedure for the disconnected WSUS server, but here is the procedure that I think would work:
  Transfer metadata and updates via disc from the connected WSUS server to the disconnected WSUS server (using documented export/import procedure).
  Check to see what is "Needed" updates on the disconnected WSUS server, once the WSUS server has had a chance to absorb all the imported metadata and updates.   This means that the disconnected WSUS server has determined from it's supported
  client workstations, what updates are required.
  Generate a list of those "Needed" updates in some form, so that I can now approve those updates on the CONNECTED WSUS server for download.  
  Once those updates have been downloaded to the connected WSUS server, transfer the updates and metadata again to the disconnected WSUS server.   Approve those updates, so that they can now be sent out to the client workstations on the disconnected
  network.
  If that is my procedure (can someone like Lawrence Garvin), please let me know, if that sounds correct.   I'm concerned about the double export/import of the metadata and updates.
  Also, I'm wondering if it would be better to have separate connected WSUS server for supporting the disconnected WSUS to keep things straight.
  For example:
  One connected WSUS servers supporting the set of client workstations, that are on the connect WSUS server's network.
  One disconnected WSUS server supporting the set of client workstations that are on the disconnected WSUS server's network.
  One more connected WSUS server, that would be used to download and transfer metadata and updates to the disconnect WSUS server.   The advantage in keeping this separate, is that you would never confuse approved updates between the connected network
  client workstations and the disconnected network client workstations.  Especially, if they have different versions of software, that require updating.  
  Any input would be appreciated.

  You will likely also want to configure your WSUS server to "Download express installation files." under the "Update Files and Languages," setting on your options.
  I will unequivocally disagree with this statement, for several reasons:
  First, there's nothing that needs to be deployed that would use Express Installation Files anyway. Express Installation Files were designed to facilitate the deployment of Very Large Updates (read: SERVICE PACKS) across slow-speed links by significantly
  reducing the size of the binary that must be downloaded by the CLIENT. There are NO service packs in the catalog that won't already be installed on any client system.
  Second, in exchange for that ability of clients to download less, it significantly increased the size of the binary that must be downloaded by the SERVER from Microsoft. Express Installation Files will cause hundreds of gigabytes of extra binaries to be
  downloaded, which will need to be transferred to the disconnected server. None of which will actually ever be used.
  Third, most disconnected networks do not include WAN links, so the primary purpose of Express Installation File is contra-indicated by the very scenario being discussed.
  Otherwise by default you might get just an installer downloaded onto the WSUS server and clients might still need internet access to download the actual package contents.
  It would seem that you do not correctly understand Express Installation Files.
  There is an in-depth explanation of Express Installation Files in the WSUS Deployment Guide. For additional information see
  https://technet.microsoft.com/en-us/library/dd939908(v=ws.10).aspx#express
  I also would not recommend a internet facing WSUS server just to provide updates to the disconnected WSUS server as that will also need to download a full copy of the content to that server when it is likely already downloaded onto your internet
  / production WSUS server anyway.
  Seemingly you are also not actually familiar with the documented guidance for how to manage disconnected networks. An Internet-facing (connected) WSUS server is *exactly* how this is done.
  You may also find this part of the Deployment Guide to be useful reading:
  Configure a Disconnected Network to Receive Updates
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Downstream wsus server 3.2 not rollup to upstream wsus server 6.2 !!!

  Hi,
  We have recently upgraded upstream server  to 6.2 (server 2012) but  downstream server is on  3.2 (2008R2). The synchronization works well in downstream server,downstream server gets updates from upstream server and all the clients in downstream
  server gets updates as well.  
  Problem is downstream server status in upstream server console says " not rolled up yet", through downstream server gets all updates from upstream server. Because of this, we are not getting reports from downstream server through upstream server.
  The mode of downstream server also says" autonomous" which does not make sense as we have set up downstream server as replica.  
  we have followed up all instruction from Microsoft to upgrade upstream server.  I am getting only one error below in the downstream server software distribution log . There is no error reported in upstream server IIS log.
  UTC Error Wsusservice.3 Rollupagetn.wakeupworkierthereadproc Rollup failed. Error = The request failed with HTTP status 401 :unauthorized.  at microsfot.updateservices.internal.reporting.rollup.rollupagetn.wakeupworkerthreadproc() 
  I have checked all IIS config  in both servers,  Anonymous Access
  for the "WSUS Administration" virtual server has been enable. 
  Is that a version mismatch causing a problem? 

  Hi Lawrence,
  Thanks for reply. I have already been to you your other post and already checked kb2734608, it's installed on the downstream server. The downstream WSUS version shows up 3.2.7600.256.
  Both server getting a time from NTP servers, only 40 seconds time difference on downstream server which shouldn't be a big deal, I guess.
  There is only one error below in the downstream server software distribution log .
  UTC Error Wsusservice.3 Rollupagetn.wakeupworkerthereadproc Rollup failed. Error = The request failed with HTTP status 401 :unauthorized.  at microsfot.updateservices.internal.reporting.rollup.rollupagent.wakeupworkerthreadproc() 
   The only error getting in event log for upstream server for port 8530 when I check wsus health.
   Because port 8530 is blocked on downstream server and  only port 80 and 443 is open up. I can see in the log that it's upstream server communicating with downstream server through port 80 successfully. No problem with this. 
  Problem is downstream server status in upstream server console says " not rolled up yet", through downstream
  server gets all updates from upstream server. Because of this, we are not getting reports from downstream server through upstream server. The mode of downstream server also says" autonomous" which does not make sense as we have set up downstream server as
  replica.  

• WSUS server and Microsoft Online Catalog Inconsistency

  Hello, after a full sync, my WSUS server is showing the update for system center endpoint protection 2012 client 4.6.305.0 (KB2998627) and a few others, but I cannot find this update in Microsoft's online catalog for updates, is there a reason to that? (http://catalog.update.microsoft.com/v7/site/home.aspx).
  How do I check for consistencies?

  Hello, after a full sync, my WSUS server is showing the update for system center endpoint protection 2012 client 4.6.305.0 (KB2998627) and a few others, but I cannot find this update in Microsoft's online catalog for updates, is there a reason to that?
  Not everything is published in all sources, and this update is not documented in KB894199 so there's no way to really know.
  How do I check for consistencies?
  What exactly do you mean by this? What "consistencies" are you wanting to check for?
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Switching WSUS server and Windows 8.1/Server2008/Server2012 clients won't connect, Windows 7/Server2003 is fine

  I need to split the load of my WSUS on to another site because the amount of computers is straining the internet connection in the amount of uploads performed.
  However I'm having an issue at the second WSUS where only Windows 7 and Server 2003 clients will update...
  Windows 8.1 and Server 2008 and Server2012 won't update giving the following error codes: 8024400A and 80072EE2
  The WSUS is a Server 2012 with Local Update Publisher 1.1 installed. It works fine locally at the site but not across our WAN. 
  The clients appear in the WSUS console but fail to check for updates.
  I've tried it with the firewall turned off...  
  Both WSUS servers are using Microsoft SCEP 2012.
  Has anyone out there experienced this? Or have any suggestions to fix?
  Cheers.

  Hi there,
  I spoke too soon, I think I got one Windows 8 client to update yesterday by fluke. Now today it won't. 
  There's not much different between the W7 and W8 systems they both use the same antivirus. Same software but updated on W8. 
  Here is the windows update.log:
  2014-06-05 10:44:14:561
  976 954
  Misc ===========  Logging initialized (build: 7.9.9600.17093, tz: +1000)  ===========
  2014-06-05 10:44:14:639
  976 954
  Misc  = Process: C:\Windows\system32\svchost.exe
  2014-06-05 10:44:14:639
  976 954
  Misc  = Module: c:\windows\system32\wuaueng.dll
  2014-06-05 10:44:14:561
  976 954
  Service *************
  2014-06-05 10:44:14:639
  976 954
  Service ** START **  Service: Service startup
  2014-06-05 10:44:14:639
  976 954
  Service *********
  2014-06-05 10:44:15:311
  976 954
  IdleTmr Non-AoAc machine.  Aoac operations will be ignored.
  2014-06-05 10:44:15:311
  976 954
  Agent  * WU client version 7.9.9600.17093
  2014-06-05 10:44:15:326
  976 954
  Agent WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
  2014-06-05 10:44:15:326
  976 954
  Agent  * Base directory: C:\Windows\SoftwareDistribution
  2014-06-05 10:44:15:326
  976 954
  Agent  * Access type: No proxy
  2014-06-05 10:44:15:326
  976 954
  Service UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
  2014-06-05 10:44:15:326
  976 954
  Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
  2014-06-05 10:44:15:326
  976 954
  Agent  * Network state: Connected
  2014-06-05 10:44:15:326
  976 954
  Service UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
  2014-06-05 10:44:15:326
  976 954
  Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
  2014-06-05 10:44:16:123
  976 954
  Agent ***********  Agent: Initializing global settings cache  ***********
  2014-06-05 10:44:16:123
  976 954
  Agent  * Endpoint Provider: 00000000-0000-0000-0000-000000000000
  2014-06-05 10:44:16:123
  976 954
  Agent  * WSUS server: http://10.155.194.59:8530
  2014-06-05 10:44:16:123
  976 954
  Agent  * WSUS status server: http://10.155.194.59:8530
  2014-06-05 10:44:16:123
  976 954
  Agent  * Target group: Test Group
  2014-06-05 10:44:16:123
  976 954
  Agent  * Windows Update access disabled: No
  2014-06-05 10:44:16:170
  976 954
  WuTask WuTaskManager delay initialize completed successfully..
  2014-06-05 10:44:16:170
  976 954
  AU    Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-06-05 00:24:13, not idle-only, not network-only
  2014-06-05 10:44:16:170
  976 954
  AU    Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2014-06-05 05:36:25, not idle-only, not network-only
  2014-06-05 10:44:16:170
  976 954
  AU    Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2014-06-05 05:36:25, not idle-only, not network-only
  2014-06-05 10:44:16:170
  976 954
  Report CWERReporter::Init succeeded
  2014-06-05 10:44:16:170
  976 954
  Agent ***********  Agent: Initializing Windows Update Agent  ***********
  2014-06-05 10:44:16:170
  976 954
  DnldMgr Download manager restoring 0 downloads
  2014-06-05 10:44:16:170
  976 954
  AU ###########  AU: Initializing Automatic Updates  ###########
  2014-06-05 10:44:16:170
  976 954
  AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
  2014-06-05 10:44:16:170
  976 954
  AU AIR Mode is disabled
  2014-06-05 10:44:16:170
  976 954
  AU  # Policy Driven Provider: http://10.155.194.59:8530
  2014-06-05 10:44:16:170
  976 954
  AU  # Detection frequency: 22
  2014-06-05 10:44:16:170
  976 954
  AU  # Target group: Test Group
  2014-06-05 10:44:16:170
  976 954
  AU  # Approval type: Scheduled (Policy)
  2014-06-05 10:44:16:170
  976 954
  AU  # Auto-install minor updates: Yes (Policy)
  2014-06-05 10:44:16:170
  976 954
  AU  # ServiceTypeDefault: Service 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 Approval type: (Scheduled)
  2014-06-05 10:44:16:170
  976 954
  AU  # Will interact with non-admins (Non-admins are elevated (Policy))
  2014-06-05 10:44:16:186
  976 954
  AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80070032
  2014-06-05 10:44:16:186
  976 954
  AU AU finished delayed initialization
  2014-06-05 10:44:16:202
  976 954
  AU Adding timer: 
  2014-06-05 10:44:16:202
  976 954
  AU    Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-06-05 03:47:12, not idle-only, not network-only
  2014-06-05 10:44:16:217
  976 99c
  DnldMgr Asking handlers to reconcile their sandboxes
  2014-06-05 10:45:17:562
  976 954
  AU ReAttemptDownloadsAsUserIfNecessary, No calls in download progress.
  2014-06-05 10:45:31:453
  976 778
  IdleTmr Incremented idle timer priority operation counter to 1
  2014-06-05 10:45:34:562
  976 778
  AU Triggering AU detection through DetectNow API
  2014-06-05 10:45:34:562
  976 778
  AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
  2014-06-05 10:45:34:562
  976 778
  AU Triggering Online detection (interactive)
  2014-06-05 10:45:34:562
  976 778
  AU Adding timer: 
  2014-06-05 10:45:34:562
  976 778
  AU    Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2014-06-05 00:45:34, not idle-only, not network-only
  2014-06-05 10:45:34:609
  976 954
  AU #############
  2014-06-05 10:45:34:609
  976 954
  AU ## START ##  AU: Search for updates
  2014-06-05 10:45:34:609
  976 954
  AU #########
  2014-06-05 10:45:34:609
  976 954
  AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Scheduled} added to AU services list
  2014-06-05 10:45:34:609
  976 954
  IdleTmr WU operation (CSearchCall::Init ID 1) started; operation # 15; does use network; is not at background priority
  2014-06-05 10:45:34:609
  976 954
  IdleTmr Incremented idle timer priority operation counter to 2
  2014-06-05 10:45:34:797
  976 954
  Report ***********  Report: Initializing static reporting data  ***********
  2014-06-05 10:45:34:797
  976 954
  Report  * OS Version = 6.3.9600.0.0.65792
  2014-06-05 10:45:34:797
  976 954
  Report  * OS Product Type = 0x00000004
  2014-06-05 10:45:34:813
  976 954
  Report  * Computer Brand = Microsoft Corporation
  2014-06-05 10:45:34:813
  976 954
  Report  * Computer Model = Virtual Machine
  2014-06-05 10:45:34:813
  976 954
  Report  * Platform Role = 1
  2014-06-05 10:45:34:813
  976 954
  Report  * AlwaysOn/AlwaysConnected (AOAC) = 0
  2014-06-05 10:45:34:813
  976 954
  Report  * Bios Revision = 090004 
  2014-06-05 10:45:34:813
  976 954
  Report  * Bios Name = BIOS Date: 03/19/09 22:51:32  Ver: 09.00.04
  2014-06-05 10:45:34:813
  976 954
  Report  * Bios Release Date = 2009-03-19T00:00:00
  2014-06-05 10:45:34:813
  976 954
  Report  * Bios Sku Number unavailable.
  2014-06-05 10:45:34:813
  976 954
  Report  * Bios Vendor = American Megatrends Inc.
  2014-06-05 10:45:34:813
  976 954
  Report  * Bios Family unavailable.
  2014-06-05 10:45:34:828
  976 954
  Report  * Bios Major Release unavailable.
  2014-06-05 10:45:34:828
  976 954
  Report  * Bios Minor Release unavailable.
  2014-06-05 10:45:34:828
  976 954
  Report  * Locale ID = 3081
  2014-06-05 10:45:35:578
  976 954
  Agent *** START ***  Queueing Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 1]
  2014-06-05 10:45:35:609
  976 954
  AU <<## SUBMITTED ## AU: Search for updates  [CallId = {CDA6DEA2-9874-4DB5-AAA7-9A05D933C012} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
  2014-06-05 10:45:35:609
  976 fc4
  Agent ***  END  ***  Queueing Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 1]
  2014-06-05 10:45:35:609
  976 fc4
  Agent *************
  2014-06-05 10:45:35:609
  976 fc4
  Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 1]
  2014-06-05 10:45:35:609
  976 fc4
  Agent *********
  2014-06-05 10:45:35:609
  976 fc4
  Agent  * Online = Yes; Ignore download priority = No
  2014-06-05 10:45:35:609
  976 fc4
  Agent  * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0
  and DeploymentAction='Uninstallation' and RebootRequired=1"
  2014-06-05 10:45:35:609
  976 fc4
  Agent  * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
  2014-06-05 10:45:35:609
  976 fc4
  Agent  * Search Scope = {Machine & All Users}
  2014-06-05 10:45:35:609
  976 fc4
  Agent  * Caller SID for Applicability: S-1-5-21-1323361640-3159480285-1943353560-1532
  2014-06-05 10:45:35:609
  976 fc4
  Agent  * RegisterService is set
  2014-06-05 10:45:35:625
  976 fc4
  EP Got WSUS Client/Server URL: "http://10.155.194.59:8530/ClientWebService/client.asmx"
  2014-06-05 10:45:35:641
  976 fc4
  Setup Checking for agent SelfUpdate
  2014-06-05 10:45:35:641
  976 fc4
  Setup Client version: Core: 7.9.9600.17093  Aux: 7.9.9600.17093
  2014-06-05 10:45:35:641
  976 fc4
  EP Got WSUS SelfUpdate URL: "http://10.155.194.59:8530/selfupdate"
  2014-06-05 10:45:35:672
  976 fc4
  Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
  2014-06-05 10:45:35:734
  976 fc4
  Misc Microsoft signed: NA
  2014-06-05 10:45:35:734
  976 fc4
  Misc Infrastructure signed: Yes
  2014-06-05 10:45:35:734
  976 fc4
  Misc WARNING: Cab does not contain correct inner CAB file.
  2014-06-05 10:45:35:734
  976 fc4
  Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
  2014-06-05 10:45:35:734
  976 fc4
  Misc Microsoft signed: NA
  2014-06-05 10:45:35:750
  976 fc4
  Misc Infrastructure signed: Yes
  2014-06-05 10:45:35:766
  976 fc4
  Setup Skipping SelfUpdate check based on the /SKIP directive in wuident
  2014-06-05 10:45:35:766
  976 fc4
  Setup SelfUpdate check completed.  SelfUpdate is NOT required.
  2014-06-05 10:45:35:907
  976 fc4
  PT +++++++++++  PT: Synchronizing server updates  +++++++++++
  --continued--

• WSUS server and client configuration issues

  I just inherited WSUS from my predecessor (it was turned off because of a full disk) so I’m still learning how to use it. Turning it back on I changed where updates should come from, they were stored locally and now I’m pulling them down off of the Microsoft
  Update location. What I’m seeing is that I have a bunch of computers that WSUS “sees” but are showing “Failed or Needed” status. Unless I visit each machine and manually do the updates this status does not change. Additionally I have some client computers
  (Windows 7) that are not showing up as managed by WSUS. If I reading this right I’m running version Update Services 6.2.9200.16384 on Management Console 3.0 Version 6.2 (build 9200) on Windows Server 2012.
  How can I force WSUS to automatically update the “Failed and Needed” devices?
  How can I get those clients that are not being managed by WSUS to be managed?
  Some of the things that I have done so far on the server and clients are:
  Create a GPO (see attached for WSUS)
  wuauclt
  /detectnow
  wuauclt /reportnow
  wuauclt.exe /detectnow
  gpupdate /force after
  modifying the GPO
  I even ran the SolarWinds WSUS diagnostic (as a non-administrator) and got this as the output:
  # Solarwinds® Diagnostic Tool for the WSUS Agent # 1/23/2015
  Machine state
    User rights:  User does not have administrative rights (Administrator rights are not available)
    Update service status:  Running
    Background Intelligent Transfer service status:   
  Running
    OS Version:  Windows 8.1 Pro
    Windows update agent version:   7.9.9600.17489 (WU Agent is OK)
  Windows Update Agent configuration settings
    Automatic Update:    Enabled
    Options:  Automatically download and notify of installation
    Use WSUS Server: Not found (There is no such key)
    Windows Update Server:  Not found (There is no such key)
    Windows Update Status Server:  Not found (There is no such key)
    WSUS URLs are identical:  Values are empty
  WSUS Server Connectivity -- Connectivity check is impossible
  So, my questions are:
  What tool do I use to configure the client machine?
  How do I get WSUS to update my clients?
  Thanks
  Sam

  Steven,
  I'm pretty sure that this is not the right forum to discuss this in but just so we can close this case.
  On my computer I ran the command gpupdate /force I
  then rebooted my computer to make sure that the group policy would be updated. The first screen shot is from my domain controller and the second is from my computer. As you can see the Domain Controller has the correct settings but the local machine doesn't.
  Other parts of the DC GPO settings have worked so I'm somewhat comfortable that it is being propagated properly.

• Migrate WSUS server from 2003x86 to 2008x64, new hardware, use same name and IP address?

  Searching through the WSUS forums and reading the TechNET migration documentation, I have bits and pieces of information to make this a smooth transition...I think. I have a plan in mind but
  would like the communities input on what I am thinking before moving forward and having it blowup in my face :). <o:p></o:p>
  I have the following currently:<o:p></o:p>
  A single WSUS 3.0 SP2 server, running on Server Win2003x86, using the default WID (susdb.mdf) on the same server. I have SQL 2005 Express installed on this server as well for other services
  but this has no bearing on the WID correct?<o:p></o:p>
  What I would like to do:<o:p></o:p>
  I have a new server (a much better one) that I would like to move WSUS on to, that will be running Server Win2008x64 (I have to setup first). <o:p></o:p>
  Steps that I would like to follow:<o:p></o:p>
  1. I will go through and setup this new server with all M$ updates etc... under a new name (ex. wsusnew) and DHCP acquired IP address and then power it down. <o:p></o:p>
  2. Get on my current WSUS server and backup all current WSUS settings, groups, DB etc... to a network location for temporary storage. Then power it down.<o:p></o:p>
  3. Delete the current WSUS server computer object in AD, DNS entry I will leave because my intension is to give the same IP address to the new WSUS server.<o:p></o:p>
  4. Start the new server, static assign the IP address from the old WSUS server to this new server and then change the name of (wsusnew) to the old servers name, which should be ok sense I deleted
  the AD object in step 3.<o:p></o:p>
  5. After the obvious restart, the new server will have the same name and IP address as the old server. <o:p></o:p>
  6. Now that the new server is up (with same settings name/IP as old server), I will then go through and install the WSUS role on the server and restore my WSUS information.<o:p></o:p>
  Questions:<o:p></o:p>
  1. Step 2 above, is it possible to do this, without making replica servers? I kept reading about this as I was researching doing this, I would rather just copy the DB and folders and simply
  put them in-place on the new server.<o:p></o:p>
  2. Step 6 above, restoring of the data, what is the proper way to do this in the scenarioI described? <o:p></o:p>
  Thank you to anyone who can provide me some information.
  Jeff

  Thank you for the reply, I will follow and let you know. Proabably be next week sometime before I'm able to try though. So look for a reponse then. Thank you again.
  Jeff
  OR...
  You can use the much more simple, much more reliable, and much more proven method of:
  Install new server as a replica of the old.
  Replicate.
  Configure new server as upstream server.
  Point clients to new server.
  Turn off old server after all clients have redirected to the new server.
  For everybody that has tried the backup/restore the database procedure described above, they have encounted complications of one form or another.
  WSUS has a built-in and fully supported comprehensive replication capbility. use it! :-)
  Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
  Microsoft MVP - Software Distribution (2005-2012)
  My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

• User home folder on ML and sync with Server - Disable User

  Hi all, I've got a problem about user authentication and home directory sync since I've updated my clients to Mountain Lion...
  (excuse me for my bad english)
  I've got some macs, many with 10.8 (updated with archive and install, not directly updated from old version), that are binded to a Mac Mini Server with 10.8 Server (in the first days I've on it 10.6.8 server, after this problem I tried the server update but with no good news); users authenticates on server, and syncs their home directories with it at login, logout and every 15 minutes...
  Now the problem: every morning, when users came back to work, they can't login because their accounts are disabled in Open Directory (only every account that has logged the day before): I resolve this manually enabling all accounts in workgroup manager (the checkbox "user can access account" is unchecked).
  I have no idea about the reason...
  I've got this ONLY with 10.8 clients, if users work only on 10.6 or 10.7 clients, accounts are always enabled!

  Many of your questions will be answered in the 'File Services Manual':
  http://images.apple.com/server/macosx/docs/FileServices_Adminv10.5.pdf
  and the correct use of permissions and ACLs.

• WSUS Server has hotfixes installed to upgrade Update Services and it's still showing old version

  I have a Windows 2008 R2 WSUS server and when I go to help and About Update Service it is showing Version 3.2.7600.226.  I have installed KB2720211 Version 3.2.7600.251 and KB2734608 Version 3.2.7600.256, they both show up under Installed Updates. 
  Is there somewhere else that would show a different Version number or am I missing something?
  Thanks

  Am 27.03.2015 schrieb ingy0309:
  I have a Windows 2008 R2 WSUS server and when I go to help and About Update Service it is showing Version 3.2.7600.226.  I have installed KB2720211 Version 3.2.7600.251 and KB2734608 Version 3.2.7600.256, they both show up under Installed Updates. 
  Is there somewhere else that would show a different Version number or am I missing something?
  In Help Menu you have the wrong informations. Pls look at this Image:
  http://www.wsus.de/images/wsus-version.png
  Maybe you have to install more Updates for coming up to Version .274:
  WSUS 3.0 (SP2):     Build 3.2.7600.226
  WSUS 3.0 (SP2) + KB2720211:     Build 3.2.7600.251
  WSUS 3.0 (SP2) + KB2734608:     Build 3.2.7600.256
  WSUS 3.0 (SP2) + KB2828185:     Build 3.2.7600.262
  WSUS 3.0 (SP2) + KB2938066:     Build 3.2.7600.274
  Servus
  Winfried
  Gruppenrichtlinien
  HowTos zum WSUS Package Publisher
  WSUS Package Publisher
  HowTos zum Local Update Publisher
  NNTP-Bridge für MS-Foren

• WSUS - Server 2012 R2 - Export and Import

  Greetings,
  I have a Server 2012 R2 system with the WSUS role installed.  This server resides on a disconnected network so we must bring updates from an online WSUS server.  I have experience performing successful exports and imports in the past with Server 2008
  R2 and WSUS 3.0 SP2 (with KB2828185).  However, I have yet to get a successful import on Server 2012 R2.  The issue I am experiencing comes after what appears to be a successful import.  All of the updates show up in the catalog, but none of
  the approvals are there.  I approve the relevant updates and the number of updates needing files on the status screen increase, but they never verify the content.  The individual updates are stuck indefinitely waiting for content with no errors to
  be found anywhere.  Both servers have identical OS and WSUS configuration.  Here is my procedure.
  Source Server
   - Approve/Decline relevant updates
   - Wait for download to finish
   - Run Server Cleanup Wizard
   - Backup WSUSContent directory using 7-Zip to break into DVD size files
   - wsusutil.exe export export.xml.gz export.log   (I've tried export.cab and export.gz, neither produces a different result)
   - Copy and extract all content to disconnected server.
   - Import metadata with "wsusutil.exe import export.xml.gz import.log"
  As I said, I get no related error messages in any event log, SoftwareDistribution.log, WindowsUpdate.log, Change.log.
  When I've done this in the past with WSUS 3.2, the status dashboard would show all the approved updates that require content and that number would quickly decrease as the system would validate the files in the WSUSContent directory.  This is occurring
  on both my test server and my live server.  I'm confident that I have missed something, but I need help.  Anything that anyone can offer would be appreciated.

  Hi Wayne,
  Before we export and import updates, we should confirm that the settings for express installation files and update languages on the WSUS export server match the settings on the WSUS import server. If these settings do not match, updates will not
  be correctly applied.
  >> I approve the relevant updates and the number of updates needing files on the status screen increase, but they never verify the content. 
  Please try to run wsusutil reset.
  If issue persists, please check if the WSUS content folder has the proper configuration.
  Besides, could you please restart the export WSUS server and export/import again?
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Migrating a WSUS server to a newer OS with many downstream servers

  So here is my situation at my company. Our primary, upstream WSUS server is running Server 2003. It has about 20 downstream WSUS servers, running various versions of Microsoft Server (2003, 2008, 2008 R2 and 2012). 
  My 1st question:
  Is it fine to have the upstream WSUS server OS newer than the downstream WSUS server? I've heard a downstream server's OS doesnt matter, but I wasn't sure about the upstream server. 
  2nd question:
  No matter the answer to question 1, this server will need to be upgraded before July 2015. Can anyone tell me the best way to migrate an upstream WSUS server to a new server? Luckily it's a VM, so it will be fairly to easy to try and rollback if necessary,
  but I want to see if anybody else has tried it. We also have about 15 computer groups that I want to keep. 
  Thanks, Kyle 

  My 1st question:
  Is it fine to have the upstream WSUS server OS newer than the downstream WSUS server?
  The upstream server OS should be newer than the downstream server OS. In fact, strictly speaking, an upstream WSUS v3.2 server with a downstream WSUS v6.x server is an unsupported configuration, although it WILL work just fine provided that KB2734608
  is installed on the WSUS v3.2 server.
  I've heard a downstream server's OS doesnt matter
  It doesn't, if all WSUS servers are running v3.2 and at the same patch level.
  2nd question:
  No matter the answer to question 1, this server will need to be upgraded before July 2015. Can anyone tell me the best way to migrate an upstream WSUS server to a new server?
  Yes, the *best* way to do that, which is discussed in this forum at least a few dozen times over the past several years, is to install a NEW server as a replica of the existing upstream server and replicate the upstream server to the new server. Then, reconfigure
  the new server as the upstream server, verify the Product Category and Update Classifications selections are correct, and sync with Microsoft. Once you've confirmed the new server is functioning correctly, point the clients and downstream servers to it. Once
  all downstream servers and clients have successfully connected to the new server, retire the old one.
  I want to see if anybody else has tried it.
  Only a few thousand over the past half-dozen years. :-)
  We also have about 15 computer groups that I want to keep.
  The computer groups will be automatically replicated (just like they are with any other replica server). If you're using Client-Side Targeting, the clients will automatically rejoin in their assigned groups. If you're using Server-Side Targeting, they'll
  rejoin in "Unassigned Computers" and you'll have to reassign them. If you have too many computers to manually reassign (one would then ask why you're not using Client-Side Targeting), there's a
  free tool at PatchZone.org that will export/import the client computers from the original upstream server to the new upstream server.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Windows 2012 WSUS Downsteam server to Windows 2008 WSUS server

  Hi
  we have installed windows 2008 Upstream server to Windows 2012 WSUS server and now they are able to sync the updates and but some updates are not able to download so what could be the issue.
  whether this design is supported please confirm.

  we have installed windows 2008 Upstream server to Windows 2012 WSUS server and now they are able to sync the updates and but some updates are not able to download so what could be the issue.
  Have you installed KB2734608 on the upstream server?
  whether this design is supported please confirm.
  It is *NOT* supported.. but it *WILL* work if KB2734608 is installed on the WSUS v3 server.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Clients cannot update from WSUS server - error 8024400E

  Alright, so I'm troubleshooting our WSUS server and seem to be stuck. I am running WSUS 3.2.7600.226 on Server 2003.  The client I have been using for testing is Windows 7 x64, but we have this issue on all clients (XP, 7 x86, and 7 x64).  I started
  with an error of 800B0001 and after googling installed KB2720211 to fix it. Now I am getting error 8024400E on clients when I attempt to update. I followed a technet walkthrough and verified that my WSUS settings are all correct (at least regarding iis,
  registry, gpo settings, and file system permissions). I am able to download CAB files from the WSUS server by going to the proper address in a browser. Here is a snippet from my WindowsUpdate log on my client:
  2013-12-20 10:27:29:784 972 23ac AU #############
  2013-12-20 10:27:29:784 972 23ac AU ## START ## AU: Search for updates
  2013-12-20 10:27:29:784 972 23ac AU #########
  2013-12-20 10:27:29:785 972 23ac AU <<## SUBMITTED ## AU: Search for updates [CallId = {749E5CD5-F4DE-48FC-A691-3610EF622CE3}]
  2013-12-20 10:27:29:785 972 2bcc Agent *************
  2013-12-20 10:27:29:785 972 2bcc Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
  2013-12-20 10:27:29:785 972 2bcc Agent *********
  2013-12-20 10:27:29:785 972 2bcc Agent * Online = Yes; Ignore download priority = No
  2013-12-20 10:27:29:785 972 2bcc Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation'
  and RebootRequired=1"
  2013-12-20 10:27:29:785 972 2bcc Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
  2013-12-20 10:27:29:785 972 2bcc Agent * Search Scope = {Machine}
  2013-12-20 10:27:29:785 972 2bcc Setup Checking for agent SelfUpdate
  2013-12-20 10:27:29:785 972 2bcc Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
  2013-12-20 10:27:29:785 972 2bcc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
  2013-12-20 10:27:29:789 972 2bcc Misc Microsoft signed: Yes
  2013-12-20 10:27:29:794 972 2bcc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
  2013-12-20 10:27:29:797 972 2bcc Misc Microsoft signed: Yes
  2013-12-20 10:27:29:799 972 2bcc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
  2013-12-20 10:27:29:803 972 2bcc Misc Microsoft signed: Yes
  2013-12-20 10:27:29:808 972 2bcc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
  2013-12-20 10:27:29:812 972 2bcc Misc Microsoft signed: Yes
  2013-12-20 10:27:29:821 972 2bcc Setup Determining whether a new setup handler needs to be downloaded
  2013-12-20 10:27:29:821 972 2bcc Setup SelfUpdate handler is not found. It will be downloaded
  2013-12-20 10:27:29:821 972 2bcc Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
  2013-12-20 10:27:29:823 972 2bcc Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2013-12-20 10:27:29:823 972 2bcc Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
  2013-12-20 10:27:29:835 972 2bcc Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2013-12-20 10:27:29:835 972 2bcc Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
  2013-12-20 10:27:29:852 972 2bcc Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
  2013-12-20 10:27:29:852 972 2bcc Setup SelfUpdate check completed. SelfUpdate is NOT required.
  2013-12-20 10:27:29:884 972 2bcc PT +++++++++++ PT: Synchronizing server updates +++++++++++
  2013-12-20 10:27:29:884 972 2bcc PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsusservername/ClientWebService/client.asmx
  2013-12-20 10:27:29:896 972 2bcc PT WARNING: Cached cookie has expired or new PID is available
  2013-12-20 10:27:29:896 972 2bcc PT Initializing simple targeting cookie, clientId = 488f3922-1a4e-4921-b015-25957eeb6500, target group = http://wsusservername, DNS name = mycomputer.domain.local
  2013-12-20 10:27:29:896 972 2bcc PT Server URL = http://wsusservername/SimpleAuthWebService/SimpleAuth.asmx
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: GetAuthorizationCookie failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: SOAP Fault: 0x000190
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: faultstring:Fault occurred
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: ErrorCode:InternalServerError(5)
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: Message:(null)
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/SimpleAuthWebService/GetAuthorizationCookie";
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: ID:9d989bf6-04e3-44a9-8ffd-f20bb997b3f0
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: Failed to initialize Simple Targeting Cookie: 0x8024400e
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: PopulateAuthCookies failed: 0x8024400e
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: RefreshCookie failed: 0x8024400e
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: RefreshPTState failed: 0x8024400e
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: Sync of Updates: 0x8024400e
  2013-12-20 10:27:29:902 972 2bcc PT WARNING: SyncServerUpdatesInternal failed: 0x8024400e
  2013-12-20 10:27:29:902 972 2bcc Agent * WARNING: Failed to synchronize, error = 0x8024400E
  2013-12-20 10:27:29:902 972 2bcc Agent * WARNING: Exit code = 0x8024400E
  2013-12-20 10:27:29:902 972 2bcc Agent *********
  2013-12-20 10:27:29:902 972 2bcc Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
  2013-12-20 10:27:29:902 972 2bcc Agent *************
  2013-12-20 10:27:29:902 972 2bcc Agent WARNING: WU client failed Searching for update with error 0x8024400e
  2013-12-20 10:27:29:902 972 1bc8 AU >>## RESUMED ## AU: Search for updates [CallId = {749E5CD5-F4DE-48FC-A691-3610EF622CE3}]
  2013-12-20 10:27:29:902 972 1bc8 AU # WARNING: Search callback failed, result = 0x8024400E
  2013-12-20 10:27:29:902 972 1bc8 AU # WARNING: Failed to find updates with error code 8024400E
  2013-12-20 10:27:29:902 972 1bc8 AU #########
  2013-12-20 10:27:29:902 972 1bc8 AU ## END ## AU: Search for updates [CallId = {749E5CD5-F4DE-48FC-A691-3610EF622CE3}]
  2013-12-20 10:27:29:902 972 1bc8 AU #############
  2013-12-20 10:27:29:903 972 1bc8 AU Successfully wrote event for AU health state:0
  2013-12-20 10:27:29:903 972 1bc8 AU AU setting next detection timeout to 2013-12-20 21:27:29
  2013-12-20 10:27:29:903 972 1bc8 AU Setting AU scheduled install time to 2013-12-21 10:00:00
  2013-12-20 10:27:29:903 972 1bc8 AU Successfully wrote event for AU health state:0
  2013-12-20 10:27:29:904 972 1bc8 AU Successfully wrote event for AU health state:0
  2013-12-20 10:27:34:498 972 2bcc Report REPORT EVENT: {2519DC64-E7F9-499B-A2F8-B58DA4A0C08A} 2013-12-20 10:27:29:902-0600 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400e AutomaticUpdates Failure Software Synchronization Windows Update Client failed
  to detect with error 0x8024400e.
  2013-12-20 10:27:34:502 972 2bcc Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
  2013-12-20 10:27:34:502 972 2bcc Report WER Report sent: 7.6.7600.256 0x8024400e 00000000-0000-0000-0000-000000000000 Scan 101 Managed
  2013-12-20 10:27:34:502 972 2bcc Report CWERReporter finishing event handling. (00000000)
  I focused in on "GetAuthorizationCookie failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200" and did some googling which all points at Microsoft Office 2003 SP1 update as being the culprit, and I followed
  the instructions on a technet site to disable the update and am still getting the same error. I'm stumped at this point, and I thought I would post here in the hope that someone can help me before I end up just wiping it out and reinstalling (which I'm worried
  won't even solve it).

  I focused in on "GetAuthorizationCookie failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200" and did some googling which all points at Microsoft Office 2003 SP1 update as being the culprit, and I followed
  the instructions on a technet site to disable the update and am still getting the same error.
  While you're definitely on the right track, the Office2003SP1 update really has not been an issue since WSUS Service Pack 2 was released in October 2009 (and really, the Office2003SP1 update that was the cause of this was replaced long before that even,
  so you probably don't even have the defective update on your server).
  However, the error is generally associated with the presence of defective update(s) on the WSUS server, so the first thing to do is address any potential issues caused by a failed install of KB2720211.
  If the error still persists after verifying that all other aspects of the server are fully operational, review the list of not-Declined updates on your WSUS server and make sure that:
  All Expired updates are Declined (and then run the Server Cleanup Wizard and let it delete the expired updates).
  All approvals for older revisions have been removed (and then run the Server Cleanup Wizard and let it delete the older revisions).
  All approvals for superseded updates have been removed. (And then, when they report as 100% Not Applicable, decline them, and then run the Server Cleanup Wizard so that it can delete the files associated with those updates).
  Once all of the potentially problematic updates have been removed from the view of the Windows Update Agent, and if this error then persists, we can evaluate it from a more focused perspective.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• WSUS server no longer works/clients not receiving updates after replacing domain controller

  I first logged into the WSUS server and found that I couldn't launch the console, event log was full of errors about different web services not working.  I ran
  wsusutil.exe usecustomwebsite true
  which appeared to correct that problem, but the WSUS server and all workstations report the following error code when checking for updates: 
  80072F76
  Client WindowsUpdate log is full of the following:
  2014-10-29 23:36:22:935  832 f48 Misc WARNING: WinHttp: WinHttpQueryHeaders(WINHTTP_QUERY_LAST_MODIFIED) failed. error 0x80072f76
  2014-10-29 23:36:22:935  832 f48 Misc WARNING: GetServerFileTime failed. error 0x80072f76
  The upstream server and another downstream server are working fine.  It is only this one WSUS server and clients on this segment of the network where a new domain controller was put in place last week.
  Thoughts?

  Hi,
  What's the port used by your WSUS server?
  Usecustomwebsite will change the port number used by the WSUS Web services from 80 to 8530 or vice versa.
  If you set this value to true, WSUS Setup will use port 8530 for its Default Web site. If you set it to
  false, WSUS will use port 80.
  If it doesn't work, please post the entire windowsupdate.log here. It may give some hints.
  Best Regards.
  Steven Lee
  TechNet Community Support

• New WSUS server same name

  I setup a new WSUS server and then changed name of old one to something else and then renamed new one what the old one was. None of the clients are connecting to new WSUS server even though the GPO should be pointing to correct name. Is there something else
  I have to do in order for PCs to sync now?

  Hi Jason,
  Agree with Daniel.
  Besides, do you install the WSUS on Windows Server 2012 R2? If yes, have you change the port in the GPO? WSUS server has changed the default port in Windows Server 2012R2.
  On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS
  On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]