who know how to setup the sus server with GPO

[oxcando]

who know how to setup the sus server with Group Policy?

I created the container in AD as a sustest. In a sustest's properties, there's a Group policy. Added the Group Policy Object Links, then click the Edit button to edit the policy. Finally, I set the Configure Automatic Updates Properties under Computer configuration>Administrative Templates>Windows Components>Windows Update. I selected "4 - Auto download and Schedule the install" with scheduled date and install time. Finally, I put my workstation object to sustest container and check my machine.

Nothing happen on my machine.

Anyone know what i am missing?

[cluberti]

1. In your Windows Update container in Group Policy, make sure you have the following set:

a. Configure Automatic Updates: Enabled

- Configure automatic updating: 4 - Auto download and schedule the install

b. Scheduled install day: 0 - Every day

- Scheduled install time: 03:00 (3AM)

c. Specify intranet Microsoft update service location: Enabled

- make sure both boxes have the correct FQDN locations for your WSUS server

- for example, http://server.mydomain.com

- using netbios names can be problematic

d. Automatic Updates detection frequency: Enabled

- Check for updates at the following interval (hours): 1

- Allow non-administrators to receive update notifications: Enabled

Set other policy values as you see fit.

2. If you've got multiple DC's, make sure that the policy has finished replicating or force a replication using the AD Sites and Services mmc snapin.

3. Make sure you've updated your group policy on the computer in question (gpupdate /force), and restarted just to be safe.

4. On the computer in question, enter the following commands from a command prompt:

net stop "automatic updates"

net stop "background intelligent transfer service"

del %windir%\windowsupdate.log

del "%windir%\windows update.log"

net start "background intelligent transfer service"

net start "automatic updates"

5. Wait 15 minutes, and check your %windir%\Windowsupdate.log file to check the status of your client connecting to the WSUS server.

Once you're sure it's working, you can tweak the values to set the time, auto-install, etc. to better match your environment's needs. Good luck.

Edited November 22, 2005 by cluberti

[oxcando]

Hi cluberti,

Thanks a lot. It's very clear. I will follow your step and test it one by one. Many thanks.

One more question:

If I put the SUS server as the following,

Specify intranet Microsoft update service location: Enabled

- make sure both boxes have the correct FQDN locations for your WSUS server

- for example, http://server.mydomain.com

How can I know my SUS server that provides this service properly. Please advise.

[cluberti]

If you've installed WSUS, it provides both the update and statistics server components. SUS 1.0 didn't provide the statistics components, but you can still put the FQDN in both boxes with either server - things will work fine either way.

Just put your WSUS's fully qualified domain name (FQDN) in both boxes, and you'll be fine.

Edited November 23, 2005 by cluberti

[oxcando]

unfortunely, I get the error message in WindowsUpdate.log on my XP as the following,

2005-11-24 05:08:42 996 538 PT WARNING: ReportEventBatch failure, error = 0x8024401B, soap client error = 10, soap error code = 0, HTTP status code = 407

2005-11-24 05:08:42 996 538 Report WARNING: Reporter failed to upload events with hr = 8024401b.

any idea?

[cluberti]

That specific error can occur if you have IE configured to use a proxy - if so, either remove the proxy or add an exception to your WPAD or proxy config to allow the update service to connect directly to your WSUS server.

[oxcando]

Hi,

I need your help again.

i guess you are correct. However, I configured the proxy to proxycfg -d. Then, I waited more than 24 hours,

there was nothing happened on the xp pc - No update. The WindowsUpdate log is shown as the following,

No more logging and no update on my PC. I need your help. Many Many thanks.

2005-11-25 17:07:21 992 444 Service *********

2005-11-25 17:07:21 992 444 Service ** END ** Service: Service exit [Exit code = 0x240001]

2005-11-25 17:07:21 992 444 Service *************

2005-11-25 17:07:26 992 ffc Misc =========== Logging initialized (build: 5.8.0.2469, tz: +0800) ===========

2005-11-25 17:07:26 992 ffc Misc = Process: C:\WINDOWS\System32\svchost.exe

2005-11-25 17:07:26 992 ffc Misc = Module: C:\WINDOWS\System32\wuaueng.dll

2005-11-25 17:07:26 992 ffc Service *************

2005-11-25 17:07:26 992 ffc Service ** START ** Service: Service startup

2005-11-25 17:07:26 992 ffc Service *********

2005-11-25 17:07:26 992 ffc Agent * WU client version 5.8.0.2469

2005-11-25 17:07:26 992 ffc Agent * SusClientId = '590327e1-a05f-4ad6-9eee-cd0b56a66fe1'

2005-11-25 17:07:26 992 ffc Agent * Base directory: C:\WINDOWS\SoftwareDistribution

2005-11-25 17:07:26 992 ffc Agent * Access type: No proxy

2005-11-25 17:07:26 992 ffc Agent * Network state: Connected

2005-11-25 17:08:11 992 ffc Agent *********** Agent: Initializing Windows Update Agent ***********

2005-11-25 17:08:11 992 ffc Agent *********** Agent: Initializing global settings cache ***********

2005-11-25 17:08:11 992 ffc Agent * WSUS server: http://10.52.5.61

2005-11-25 17:08:11 992 ffc Agent * WSUS status server: http://10.52.5.61

2005-11-25 17:08:11 992 ffc Agent * Target group: (Unassigned Computers)

2005-11-25 17:08:11 992 ffc Agent * Windows Update access disabled: No

2005-11-25 17:08:12 992 ffc DnldMgr Download manager restoring 0 downloads

2005-11-25 17:08:12 992 ffc AU ########### AU: Initializing Automatic Updates ###########

2005-11-25 17:08:12 992 ffc AU AU setting next detection timeout to 2005-11-25 09:08:12

2005-11-25 17:08:12 992 ffc AU # WSUS server: http://10.52.5.61

2005-11-25 17:08:12 992 ffc AU # Detection frequency: 22

2005-11-25 17:08:12 992 ffc AU # Approval type: Scheduled (Policy)

2005-11-25 17:08:12 992 ffc AU # Scheduled install day/time: Every day at 16:00

2005-11-25 17:08:12 992 ffc AU # Auto-install minor updates: Yes (User preference)

2005-11-25 17:08:12 992 ffc AU # Launching old AU client

2005-11-25 17:10:43 992 ffc Service *********

2005-11-25 17:10:43 992 ffc Service ** END ** Service: Service exit [Exit code = 0x240001]

2005-11-25 17:10:43 992 ffc Service *************

2005-11-25 17:10:49 992 ee8 Misc =========== Logging initialized (build: 5.8.0.2469, tz: +0800) ===========

2005-11-25 17:10:49 992 ee8 Misc = Process: C:\WINDOWS\System32\svchost.exe

2005-11-25 17:10:49 992 ee8 Misc = Module: C:\WINDOWS\System32\wuaueng.dll

2005-11-25 17:10:49 992 ee8 Service *************

2005-11-25 17:10:49 992 ee8 Service ** START ** Service: Service startup

2005-11-25 17:10:49 992 ee8 Service *********

2005-11-25 17:10:49 992 ee8 Agent * WU client version 5.8.0.2469

2005-11-25 17:10:49 992 ee8 Agent * SusClientId = '590327e1-a05f-4ad6-9eee-cd0b56a66fe1'

2005-11-25 17:10:49 992 ee8 Agent * Base directory: C:\WINDOWS\SoftwareDistribution

2005-11-25 17:10:49 992 ee8 Agent * Access type: No proxy

2005-11-25 17:10:49 992 ee8 Agent * Network state: Connected

2005-11-25 17:11:34 992 ee8 Agent *********** Agent: Initializing Windows Update Agent ***********

2005-11-25 17:11:34 992 ee8 Agent *********** Agent: Initializing global settings cache ***********

2005-11-25 17:11:34 992 ee8 Agent * WSUS server: http://10.52.5.61

2005-11-25 17:11:34 992 ee8 Agent * WSUS status server: http://10.52.5.61

2005-11-25 17:11:34 992 ee8 Agent * Target group: (Unassigned Computers)

2005-11-25 17:11:34 992 ee8 Agent * Windows Update access disabled: No

2005-11-25 17:11:34 992 ee8 DnldMgr Download manager restoring 0 downloads

2005-11-25 17:11:34 992 ee8 AU ########### AU: Initializing Automatic Updates ###########

2005-11-25 17:11:34 992 ee8 AU AU setting next detection timeout to 2005-11-25 09:11:34

2005-11-25 17:11:34 992 ee8 AU # WSUS server: http://10.52.5.61

2005-11-25 17:11:34 992 ee8 AU # Detection frequency: 22

2005-11-25 17:11:34 992 ee8 AU # Approval type: Scheduled (Policy)

2005-11-25 17:11:34 992 ee8 AU # Scheduled install day/time: Every day at 18:00

2005-11-25 17:11:34 992 ee8 AU # Auto-install minor updates: Yes (User preference)

2005-11-25 17:11:34 992 ee8 AU # Launching old AU client

[cluberti]

From what I see, it connected fine but detected no new downloads - do you have updates (that the client would not have) approved for installation on your WSUS server? It also appears that your detection time is set to 22 hours - have you set it to 1 hour yet? I'd start by checking your WSUS server, and approving new updates, and also changing the detection time to 1 hour (at least for testing - you can reduce it later if you don't want the network traffic that'll induce).

[oxcando]

I did approve the update for installaion on wsus server. How can I set the detection time to 1 hours. I can't find this setting in susadmin?

[oxcando]

I found the detection time. It's in GPO setting and I set it to 1 hour. Let's test it again.

[oxcando]

I still not set the detection time from 22 to 1. where and how can i set this to 1 hour?

[oxcando]

no update on m pc, even i choose some patches in sus server. Please help. thanks

[oxcando]

The last status of the sus update as the following, still failed "Report failed to upload". Does anyone know how to fix it?

2005-12-01 18:25:06 988 9bc Service ** START ** Service: Service startup

2005-12-01 18:25:06 988 9bc Service *********

2005-12-01 18:25:06 988 9bc Agent * WU client version 5.8.0.2469

2005-12-01 18:25:06 988 9bc Agent * SusClientId = '590327e1-a05f-4ad6-9eee-cd0b56a66fe1'

2005-12-01 18:25:06 988 9bc Agent * Base directory: C:\WINDOWS\SoftwareDistribution

2005-12-01 18:25:06 988 9bc Agent * Access type: No proxy

2005-12-01 18:25:06 988 9bc Agent * Network state: Connected

2005-12-01 18:25:52 988 9bc Report WARNING: Failed to query for service properties: 80248014

2005-12-01 18:25:52 988 9bc Agent *********** Agent: Initializing Windows Update Agent ***********

2005-12-01 18:25:52 988 9bc Agent *********** Agent: Initializing global settings cache ***********

2005-12-01 18:25:52 988 9bc Agent * WSUS server: http://10.52.5.61

2005-12-01 18:25:52 988 9bc Agent * WSUS status server: http://10.52.5.61

2005-12-01 18:25:52 988 9bc Agent * Target group: (Unassigned Computers)

2005-12-01 18:25:52 988 9bc Agent * Windows Update access disabled: No

2005-12-01 18:25:52 988 9bc DnldMgr Download manager restoring 0 downloads

2005-12-01 18:25:52 988 9bc AU ########### AU: Initializing Automatic Updates ###########

2005-12-01 18:25:52 988 9bc AU AU setting next detection timeout to 2005-12-01 10:25:52

2005-12-01 18:25:52 988 9bc AU # WSUS server: http://10.52.5.61

2005-12-01 18:25:52 988 9bc AU # Detection frequency: 22

2005-12-01 18:25:52 988 9bc AU # Approval type: Scheduled (Policy)

2005-12-01 18:25:52 988 9bc AU # Scheduled install day/time: Every day at 18:00

2005-12-01 18:25:52 988 9bc AU # Auto-install minor updates: Yes (User preference)

2005-12-01 18:25:52 988 9bc AU # Launching old AU client

2005-12-01 18:25:52 988 3f0 Report WARNING: Reporter failed to upload events with hr = 80248014.

2005-12-01 18:25:52 988 3f0 Report WARNING: Reporter failed to upload events with hr = 80248014.