1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WSUS screwed up?

Discussion in 'Software' started by newkoba, Feb 26, 2009.

  1. newkoba

    newkoba Byte Poster

    144
    2
    24
    Has anyone ever done a force update in WSUS? I did one like a month and a half ago and according to our field techs since that time some of the patches that I approve in the normal fashion act like they've been forced. Normally it isn't an issue, but today it is acting like the .net 3.5 hot fix that came out on Tuesday is being forced and the problem with that is it is forcing a reboot. At the moment plenty of people are slightly perturbed.

    Thanks
     
    Certifications: Security + and CEH
    WIP: CWNA and CWSP
  2. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    What do the reports on the individual machines in WSUS state have they updated and when?
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. newkoba

    newkoba Byte Poster

    144
    2
    24
    yeah they're updating and rebooting, it is the rebooting part that is the problem because it is forcing them to do so. the box for postpone is grayed out and so is the "X" to close the dialog box.
     
    Certifications: Security + and CEH
    WIP: CWNA and CWSP
  4. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Not sure about your specific GPO settings you have in place, but check the following out:

    No Auto-restart for Scheduled Automatic Update Installation Options
    This policy specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically.

    If the status is set to Enabled, Automatic Updates will not restart a computer automatically during a scheduled installation if a user is logged on to the computer. Instead, Automatic Updates will notify the user to restart the computer in order to complete the installation.

    Be aware that Automatic Updates will not be able to detect future updates until the restart occurs.

    If the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation.

    This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the Configure Automatic Updates policy is disabled, this policy has no effect.

    To inhibit auto-restart for scheduled Automatic Update installation options
    In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.

    In the details pane, click No auto-restart for scheduled Automatic Update installation options, and set the option.

    Click OK.

    Taken from technet
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. newkoba

    newkoba Byte Poster

    144
    2
    24
    the gpo has it set to not reboot if a user is logged in and the delay is the default 5 minutes. all the typical items are right it really just seems like a glitch in wsus to where it makes some updates have the deadline forced. man is it frustrating me.
     
    Certifications: Security + and CEH
    WIP: CWNA and CWSP
  6. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    By your comments, I'm assuming that you did'nt force the updates to have a deadline.

    Is there any common occourences, e.g. workstations in the same OU, same update etc?
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  7. newkoba

    newkoba Byte Poster

    144
    2
    24
    no, i only force updates when they're major security related such as the conficker patch. it is doing it in all of our domains (50+) so it has me puzzled at the moment. i did some googleing and only found people commenting on how to force, which really wasn't what i was looking for, but i do appreciate the dialog to help trouble shoot.

    thanks
     
    Certifications: Security + and CEH
    WIP: CWNA and CWSP
  8. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Not sure mate, I would proceed down the lines of trying to replicate the issue and trying to determine if one patch is causing this.

    Let us know what you find out.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  9. newkoba

    newkoba Byte Poster

    144
    2
    24
    yeah, yesterday i only pushed the one .net 3.5 hotfix and it is sucking wind for me today with all these issues. we'll figure it out... maybe :rolleyes:
     
    Certifications: Security + and CEH
    WIP: CWNA and CWSP

Share This Page

Loading...