Home
.. About WSUS Wiki

RSS

WSUS
.. WSUS FAQ
.. WSUS on SBS
.. WSUS Troubleshooting
.. WSUS News Groups
.. Known WSUS Issues
.. WSUS Links
.. WSUS Wish List

WSUS Documents
.. WSUS Deployment Guide
.. WSUS Installation Guide
.. WSUS Release Notes
.. WSUS Best Practice

SUS
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues

Wiki Community

 .. Wiki Contributors
.. I Love WSUS
.. WSUS Wiki Diary
.. Wiki Statistics
.. To Do Page

Miscellaneous Stuff
.. Other Resources
.. Do You Know?

Site Meter

Terms of Use
Trademarks

Privacy Statement

 

WSUS Server FAQ

Q. Can I change the Host Header name for the WSUS server's site?

A. Yes, but in order for the built in Windows Axcvbuthentication to work correctly, a few changes must be made:

  • The Service Principal Name for the server must be modified to include the host header name.  More information can be found at the Microsoft Knowledge Base article number Q294382, available here.
  • The Host Header name must be added to the client's list of Intranet Sites.  The easiest way to do this is throught the Internet Explorer Maintenance functionality of Group Policy.

Q. Is there a way to view and approve ONLY superseded updates?

A. Go to update page, the most left column in update page, there is a column giving additional info of the updates (the icon is I). Sort update from this column, find the icon for superseded updates, select updates with this icon, then you can approve only superseded updates.

NOTE: Look at the warning message in the detailed info for superseded updates. You don't want to DECLINE the superseded updates until you are sure the superseded updates are not needed by your computer any longer.

Q. What are the updates supported by WSUS?

A.When initially released, WSUS will support updating Windows XP Professional, Windows 2000, Windows Server 2003, Microsoft Office XP, Office 2003, Microsoft SQL Server 2000, Microsoft SQL Server 2000 Desktop Engine (MSDE) 2000, and Microsoft Exchange Server 2003. Support for updating other Microsoft products will be enabled on an ongoing basis without requiring an upgrade or redeployment of the existing Update Services infrastructure.

Q. Is it possible to Un-Install Approved Updates?

A. Update Services adds the ability to uninstall updates for applicable patches. It also allows groups of systems to be targeted for uninstalls and deployment.

Q. In WSUS when an update shows up as "not removable" does that mean that it cannot be "un-installed" as well?

A. When an update shows up as Not Removable, it means that you cannot change the approval type on the WSUS server to 'Remove' to effect the uninstall of the update on the clients. The clients might still be able to uninstall the update from 'Add Remove Programs'.

Q. What is stored in WSUS Database?

A. The WSUS database stores the following types of information:
• WSUS server configuration information
• Metadata that describes what each update is useful for
• Information about client computers, updates, and client interaction with updates

Q. Can I use single database for multiple WSUS Servers?

A. WSUS does not support multiple WSUS databases on a single computer running SQL Server. If there are multiple WSUS servers in your environment, you must have multiple WSUS databases.

Q. Can I use SQL Authentication for WSUS Database?

A. NO, that's not supported. You have to use Windows Authentication only.

Q. Does XP SP2 supports un-installation through the "Remove" approval in WSUS?

A. You have to see what the metadata content in the WSUS Admin Console says. More on Un Install XP SP 2 thru WUS

Q. Why has synchronization failed?

A. The most likely reason is that you have not specified a proxy server name. Under "Options" tab, you should configure the details of the proxy server WSUS should.

Q. What ports do I need to open in my firewall to let WSUS out?

A. WSUS uses HTTP/HTTPS so you need to enable Port 80 (and 443) at your firewall.

Q. Can WSUS be installed on Small Business Server (SBS)?

A. Yes. WSUS setup will automatically detect that you are running it on a SBS server and it will limit your choice of installing WUS on port 80. On a SBS server setup will always install WUS on port 8530. Therefore it will not conflict with sharepoint or companyweb. See WSUS on SBSfor more SBS related issues and solutions.

Q. Can a child WSUS server in a hierarchy get all the approvals from its parent server located at the main office but download the updates directly from the Windows Update site?

A. No. However the Import Export can be used to import content into WSUS server in the branch office. Using this method the slow WAN link between main and branch office will not be strained by downloading giga bytes of updates.

Q. I installed WSUS on port 8530, now I cant get my clients to talk my new WSUS server. Why?

A. If your client computers are running the older version of the AU client. While the later versions of the AU client can see connect to the server on any port, older clients only support port 80. Thus, you need to install the selfupdate onto port 80 on your server. To do this, you should run %ProgramFiles%Microsoft Windows Update Services/Setup/InstallSelfupdateOnPort80.vbs  The directory may also be in %programfiles%\update services\setup if running a fresh install of wsus sp1

Q. I can't seem to install on the default (port 80) site, that option is grayed out in the WSUS installer UI. Why?

A.WSUS installer installs on port 8530 if you try to install:

  • Side by side with a SUS 1.0 server.
  • On SBS and
  • On a Sharepoint server.

Q. Why don't the Cloned or Imaged PCs don't register with WSUS server?

A. This can happen if the machines share the same ClientID. You can work around this by deleting the following registry keys and reboot the clients. Machines that are syspreped will automatically get a new ClientID when they are first booted.

HKLM\Software\Microsoft\Windows\CurrentVersion\Windowsupdate
Delete the following entries, if present:
AccountDomainSID
SusClientID
PingID

You can also create a simple script to delete those values AU_Clean_SID.cmd. Before you cloned the OS image, you might consider to use SysPrep -reseal to make sure the SIDs would be generated. That should have fixed the problem.  Note that Sysprep version 1.1 will not clear the registry keys mentioned above.  Version 2.0 or later with the -reseal option will be required.

Q. Can WSUS use an SSL certificate?

A. WSUS Beta can not operate with over a secure channel. However final release version of WSUS will be able to communicate with other WSUS servers using SSL encrypted channel. Automatic Update clients will also be able talk to WUS servers using SSL. For more information see Patch Management Over SSL

Q. How can one tell which version of the WSUS server they are running?

A. WSUS server version will be displayed on the bottom of WSUS home page (WSUSAdmin):

  • WSUS 3 RTM Build 3.0.6000.374
  • WSUS 2 SP1 Build 2.0.0.2620
  • WSUS 2 RTM Build 2.0.0.2472
  • WSUS 2 RC Build 2.0.0.2340

Q. I have added a group to the automatic approval for install list in options, but the install list still shows detect only for all of these updates?

A. The automatic approval rules only apply to new updates that come in, so the updates you've already synchronized need to be manually approved for installation.

Q. How to change server role from slave to master or master to slave after WSUS installation?

A. from slave to master:

rem restore values after exec spEnableReplica stored procedure
rem *******
osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB UPDATE dbo.tbConfigurationA SET SyncToMU = '1' UPDATE dbo.tbConfigurationB SET AutoRefreshDeployments = '1' UPDATE dbo.tbConfigurationC SET ReplicaMode = '0' UPDATE dbo.tbConfigurationC SET AutoDeployMandatory = '1' UPDATE dbo.tbAutoDeploymentRule SET Enabled = '0'"

rem
rem add removed values in tables

osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB Insert into dbo.tbTargetGroupInAutoDeploymentRule(AutoDeploymentRuleID, TargetGroupID) values (1, 'A0A08746-4DBE-4a37-9ADF-9E7652C0B421')"
osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB Insert into dbo.tbTargetGroupInAutoDeploymentRule(AutoDeploymentRuleID, TargetGroupID) values (2, 'A0A08746-4DBE-4a37-9ADF-9E7652C0B421')"
osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (1, 1)"
osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (1, 5)"
osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (2, 1)"
osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (2, 5)"

from master to slave:

osql.exe -S %computername%\wsus -E -b -n -Q "USE SUSDB exec dbo.spEnableReplica 'UpstreamServer', 80"

Last Modified 3/18/09 8:14 AM

Hide Tools

Site
Changes
Index
Search

User
Log In
Register