WSUS
With thanks to the 50 staff from across the University for attending please see below the links to the videos and PowerPoints of the day!
Direct link to Playlist – https://www.youtube.com/watch?list=PLRxbdlgJzwyjAf820T0u4GpP0E01a9LEX&v=u-GVJ_0VuRM
Slides as PowerPoint
1 Intro (4.3 MiB, 1,565 hits)
2 MDT (85.2 MiB, 1,944 hits)
3 PowerShell (27.5 MiB, 1,679 hits)
4 PRTG Network Monitor (47.5 MiB, 1,753 hits)
5 OpenVAS (32.9 MiB, 1,584 hits)
6 WSUS and Chocolatey (60.3 MiB, 1,797 hits)
7 NPS and VLANs (10.7 MiB, 2,669 hits)
Slides as PDF
1 Intro (2.0 MiB, 1,688 hits)
2 MDT (2.2 MiB, 2,049 hits)
3 PowerShell (1.8 MiB, 2,159 hits)
4 PRTG Network Monitor (3.2 MiB, 1,610 hits)
5 OpenVAS (2.3 MiB, 1,749 hits)
6 WSUS and Chocolatey (2.9 MiB, 1,971 hits)
7 NPS and VLANs (1.4 MiB, 2,130 hits)
Stay tuned over the coming days for the scripts that are mentioned through the video which will be linked to from this post.
After recently deploying a Windows Server 2012 R2 WSUS server (afraid we couldn’t wait much longer for 2016 (which is now out by the way!)) we started seeing Error 8024400E on our clients and servers (from 2008R2/Windows 7 to Server 2012 R2/Windows 10).
As it transpires Microsoft published KB3159706 for the WSUS server which adds some new features to be able to manage Windows 10 updates and thus requires some manual post installation steps which can be found at this link here – https://support.microsoft.com/en-gb/kb/3159706.
The steps only took a few minutes to go through so it was a pretty easy fix in the end.
A silly gotcha more than anything else…. after recently updating my WSUS server to use SSL (to allow publishing through the firewall) I noticed my clients that were deployed with MDT (Microsoft Deployment Toolkit) were not installing updates as part of the Task Sequence; indeed the message log at the end indicated that the updates could not be downloaded as there was no connectivity to the WSUS server.
Lone behold I had updated the path to be https:// (against http://) in the Group Policies that pointed the clients at the WSUS server but not in the Deployment Share properties in MDT. So let the lesson be learnt… be sure to make the URL change in MDT as well as in Group Policy.
This time its the turn of Windows Update (powered by WSUS on Server 2008 R2) error 80244022 (sometimes seen as 8024402c).
Had this error on my own Admin PC a few days ago while trying to run monthly updates, there is very little information about this error message out there however the main cause seems to be linked to the client PC being unable to communicate with the server due to invalid proxy setting.
One thing to remember is that Windows Update (on your clients) communicates with the WSUS server over HTTP (or HTTPS if you have it setup like this) and so needs to be able to communicate with it over HTTP – because of this Windows Update must know to not use a proxy server to talk to your internal WSUS server.
If you are having this error on multiple PCs and you have only just setup WSUS I would suggest that you check your network wide proxy settings (proxy.pac or wpad.dat) making sure that an exception is made for your WSUS server.
The same applies if you are configuring your proxy using group policy just make sure an exception is made for your WSUS server.
If you are having this error on a single PC then the two places to check are
- Internet Explorer Proxy Settings (if locally defined)
- Under system wide proxy settings (netsh winhttp)
Internet Explorer Proxy Settings
To check these settings (click for screen shot) go to Start > Control Panel > Internet Options > Connections > LAN Settings if you have use a proxy server ticked make sure under Advanced settings and Exceptions you have your WSUS server listed.
System Wide Proxy Settings
It is possible to set a proxy server other than the one used in IE for some applications. In my case this was the problem as I had set the proxy up but without any exceptions and so Windows Update could not talk to the WSUS server.
You can check if this is the same for you by running the command netsh winhttp show proxy from the command prompt.
If you do have a proxy setting in here you can remove it by running netsh winhttp reset proxy.
To find out more about this command (and also how to include a bypass proxy list) just run netsh winhttp set proxy /?
A few days ago some of our Windows 7 clients were having a Windows Update error, the specific message was
Windows could not search for new updates
An error occurred while checking for new updates for your computer.
Error(s) found:
Code 800B0001 Windows Update encountered an unknown error.
The funny thing was the clients could still get updates from Microsoft Update however anything from our Windows Server Update Services (WSUS) Server would result in this error message.
As it turns out Microsoft had updated the Windows Update client on Windows 7 and that an update (the number is KB2720211) was required on the WSUS server to allow the clients to continue to update.
Simple solution is to approve this update in WSUS and apply it to your servers, a bit of a pain is that this update requires a reboot of the server but hey its that or no updates for your clients!
For a nice walk through see the screenshots below
Update – For Windows Server 2012
A further update has been released to allow WSUS 3.0 SP2 to provide updates for Windows Server 2012 – details can be found at KB2938066.
Has this page helped you? Was it worth the cost of a Coffee? If so click here to donate £1.80 to the myworldofit.net coffee fund via PayPal.