Constant WSUS issues (Connection Errors)
-
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
I have not been able to see any of my computers show up.
If everything is set up correctly, it could take a while for computers to show up in WSUS, and show their update statuses.
Sometimes they show up fast, sometimes they take a day. But if it's set up correctly, they WILL eventually show up.
I set this up before a few weeks ago with a different server and I had computers show up and at that time I didn't even configure group policy or anything.. I will keep waiting though.
Whenever you apply computer group policy, or change a computers AD group membership (add/remove), you'll need to reboot the computer. Computer changes take effect during boot, user changes at login.
There's always
klist -li 0x3e7 purge, but that's not 100% reliable, I've found. -
Does my SW guide have the common WSUS CLI commands on there? I forget.
-
@tim_g said in Constant WSUS issues (Connection Errors):
Does my SW guide have the common WSUS CLI commands on there? I forget.
Yes, it does.
-
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
I have not been able to see any of my computers show up.
If everything is set up correctly, it could take a while for computers to show up in WSUS, and show their update statuses.
Sometimes they show up fast, sometimes they take a day. But if it's set up correctly, they WILL eventually show up.
I set this up before a few weeks ago with a different server and I had computers show up and at that time I didn't even configure group policy or anything.. I will keep waiting though.
Whenever you apply computer group policy, or change a computers AD group membership (add/remove), you'll need to reboot the computer. Computer changes take effect during boot, user changes at login.
I usually just run cmd as admin and run gpupdate /force, which usually works. I also check with gpresult /h. That being said, I did reboot things in an attempt to get them working this time.. still no dice.
-
ok so now I have 2 Windows 10 computers that showed up, out of the 7 I added to the test group. They show up under All Computers but not the Workstations group which I've added them to.. not sure why
-
@dave247 said in Constant WSUS issues (Connection Errors):
ok so now I have 2 Windows 10 computers that showed up, out of the 7 I added to the test group. They show up under All Computers but not the Workstations group which I've added them to.. not sure why
I believe the issue is with the security filtering on your GPOs, I do groups assignments by Computer OU instead.
-
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
ok so now I have 2 Windows 10 computers that showed up, out of the 7 I added to the test group. They show up under All Computers but not the Workstations group which I've added them to.. not sure why
I believe the issue is with the security filtering on your GPOs, I do groups assignments by Computer OU instead.
oh.. well that's the way I had it at first and it seemed to work (kinda). I was just following Tim_G's guide on SpiceWorks
-
Did you specify the WSUS group in the group policys?
-
@tim_g said in Constant WSUS issues (Connection Errors):
Did you specify the WSUS group in the group policys?
Yes, via the "Enable client side targeting" option
-
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
ok so now I have 2 Windows 10 computers that showed up, out of the 7 I added to the test group. They show up under All Computers but not the Workstations group which I've added them to.. not sure why
I believe the issue is with the security filtering on your GPOs, I do groups assignments by Computer OU instead.
So when you say you go group assignments by OU, do you mean that you aren't using the client side targeting at all, and therefore do not have your computers in any sort of AD group associated with WSUS? You just add the WSUS GPO to the OU you want it to apply to and computers just show up in the WSUS list and you can update them from there?
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
ok so now I have 2 Windows 10 computers that showed up, out of the 7 I added to the test group. They show up under All Computers but not the Workstations group which I've added them to.. not sure why
I believe the issue is with the security filtering on your GPOs, I do groups assignments by Computer OU instead.
So when you say you go group assignments by OU, do you mean that you aren't using the client side targeting at all, and therefore do not have your computers in any sort of AD group associated with WSUS? You just add the WSUS GPO to the OU you want it to apply to and computers just show up in the WSUS list and you can update them from there?
Correct
-
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
-
@momurda said in Constant WSUS issues (Connection Errors):
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
Damn, that sounds like a much better approach. That way I don't have to add the extra step of adding all my computers to an additional AD group. So is this just a matter of not configuring the "Enable client-side" targeting option? I'm only asking because it seems like it's taking WSUS a long time before computers show up. It took like 2 days before 3 out of 7 systems showed up under the All Computers group..
-
@dave247 said in Constant WSUS issues (Connection Errors):
@momurda said in Constant WSUS issues (Connection Errors):
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
Damn, that sounds like a much better approach. That way I don't have to add the extra step of adding all my computers to an additional AD group. So is this just a matter of not configuring the "Enable client-side" targeting option? I'm only asking because it seems like it's taking WSUS a long time before computers show up. It took like 2 days before 3 out of 7 systems showed up under the All Computers group..
Group assigments take faster to apply than OUs.
-
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@momurda said in Constant WSUS issues (Connection Errors):
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
Damn, that sounds like a much better approach. That way I don't have to add the extra step of adding all my computers to an additional AD group. So is this just a matter of not configuring the "Enable client-side" targeting option? I'm only asking because it seems like it's taking WSUS a long time before computers show up. It took like 2 days before 3 out of 7 systems showed up under the All Computers group..
Group assigments take faster to apply than OUs.
oh I see.. like a lot faster? Like instantly? I'm totally new to WSUS...
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@momurda said in Constant WSUS issues (Connection Errors):
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
Damn, that sounds like a much better approach. That way I don't have to add the extra step of adding all my computers to an additional AD group. So is this just a matter of not configuring the "Enable client-side" targeting option? I'm only asking because it seems like it's taking WSUS a long time before computers show up. It took like 2 days before 3 out of 7 systems showed up under the All Computers group..
Group assigments take faster to apply than OUs.
oh I see.. like a lot faster? Like instantly? I'm totally new to WSUS...
Like 5 to 10 minutes.
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@momurda said in Constant WSUS issues (Connection Errors):
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
Damn, that sounds like a much better approach. That way I don't have to add the extra step of adding all my computers to an additional AD group. So is this just a matter of not configuring the "Enable client-side" targeting option? I'm only asking because it seems like it's taking WSUS a long time before computers show up. It took like 2 days before 3 out of 7 systems showed up under the All Computers group..
Group assigments take faster to apply than OUs.
oh I see.. like a lot faster? Like instantly? I'm totally new to WSUS...
Normally whatever the normal time that your PCs refresh their GPO's.. I think the default is around 15 mins.
-
@dashrender said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@momurda said in Constant WSUS issues (Connection Errors):
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
Damn, that sounds like a much better approach. That way I don't have to add the extra step of adding all my computers to an additional AD group. So is this just a matter of not configuring the "Enable client-side" targeting option? I'm only asking because it seems like it's taking WSUS a long time before computers show up. It took like 2 days before 3 out of 7 systems showed up under the All Computers group..
Group assigments take faster to apply than OUs.
oh I see.. like a lot faster? Like instantly? I'm totally new to WSUS...
Normally whatever the normal time that your PCs refresh their GPO's.. I think the default is around 15 mins.
ah. Well I usually never wait, lol. Just remote in and run gpupdate /force or even run it on the OU through GPMC
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dashrender said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@momurda said in Constant WSUS issues (Connection Errors):
@dave247 Yes. I apply an 'wsus' gpo to my Workstations OU. This gets all computers in the OU to show up in wsus. In wsus i make groups(local to wsus application) for grouping computers by OS.
Damn, that sounds like a much better approach. That way I don't have to add the extra step of adding all my computers to an additional AD group. So is this just a matter of not configuring the "Enable client-side" targeting option? I'm only asking because it seems like it's taking WSUS a long time before computers show up. It took like 2 days before 3 out of 7 systems showed up under the All Computers group..
Group assigments take faster to apply than OUs.
oh I see.. like a lot faster? Like instantly? I'm totally new to WSUS...
Normally whatever the normal time that your PCs refresh their GPO's.. I think the default is around 15 mins.
ah. Well I usually never wait, lol. Just remote in and run gpupdate /force or even run it on the OU through GPMC
Then it should be within a few mins (under 5) before they show up in WSUS.
-
Make sure under Delegation tab, you have Authenticated Users with Read Permissions for your Policy. Especially if you removed it from the Security Filtering.
