Unexpected Automatic Windows Server Updates Despite GPO and WSUS Configurations
Hello everyone, I am experiencing a disruptive issue across a number of our Windows servers (ranging from Server 2012 to Server 2022). Despite a carefully managed WSUS implementation and GPO enforcement for Windows Updates, we have been facing an issue where several updates are getting automatically installed on these servers. The problem is, these updates are not ones we have explicitly approved, nor are they manually triggered for download/installation. The automatic reboots following these installations are causing significant service disruptions. Furthermore, the behavior seems to be somewhat random, which makes it even more challenging to root cause. Here is a summary of the GPO and WSUS configurations, and what I have verified so far: The GPO for Windows Updates is configured to '4 - Auto download and schedule the install'. The RSOP confirmed that there are no conflicting GPOs. WSUS is functioning correctly and the automatic approval of updates has been disabled. Dual Scan is not a factor as it's not relevant to the Windows Server versions we're using. It has been confirmed that the updates in question are indeed WSUS updates, but they haven’t been approved by us. The issue does not pertain to pre-downloaded update files or Service Stack Updates (SSUs). Given the above points, I am having a hard time figuring out why these updates are being installed and causing unplanned reboots. I would really appreciate it if anyone who has encountered a similar issue or anyone with insights could shed some light on this. Thank you in advance for your assistance! Best
WSUS Clients 'not reported', unknown updates '4'
Hi Everyone, I am using the following powershell script to provide end of WSUS reporting capabilities https://www.experts-exchange.com/articles/27419/How-to-send-automatically-an-e-mail-with-a-report-of-computers-status-inside-WSUS-server.html Yet I note two VMs in the report (one is the WSUS server) returning "Not reported Yet", Unknown '4' WSUS Server is running Windows Server 2012 Standard The other is running Windows Server 2016 Datacenter (and says update history "no updates have been installed yet") which is incorrect. I'm assuming this is because we renamed the C:\windows\SoftwareDistribution after stopping bits,crypto,windows update services then restarting. # Status Server IP Address Last Contact Total Pend reboot Install Ready Pending DL Failed Unknown 110 Not reported yet Server IP, 7 06/15/2021 08:40:49 4 0 0 0 0 4 42 Not reported yet Server IP 06/15/2021 11:16:57 4 0 0 0 0 4 Has anyone come across this behavior and know how to resolve? Thanks.Windows Server 2016 does not install updates at scheduled time
We have an OU for servers that we don't mind if they install Windows Updates and reboot nightly. For some reason, the Server 2016 servers in that OU do not automatically install updates at the time scheduled by the GPO. The settings on the servers appear to be applied correctly, and it does detect that there are updates available... it just doesn't install them at the scheduled time. Settings from relevant Windows Update GPO: WU settings on the server: WU Restart Options on the Server: WU Policy Registry settings on the server: Any suggestions as to why this may be?
error 0x80070661
Hello. We have 114 virtual machines with windows 2008 r2, all with the first year license active. In March we activated the second year license on all 2008R2 servers. They all update through WSUS but there are 4 servers with an active second-year ESU license that do not update. The error is the same in all four. The error is 0x80070661. All other 2008R2 servers update successfully. I have uninstalled and reinstalled the ESU 2nd year license but the problem persists. I do not see what the problem is. Thank youWsus on server 2012 R2 deploy extended patches for windows 7
I have a 2012 R2 server with WSUS configuration. The wsus version is 6.3.900.... I want to know if the wsus can deploy the extended patches for windows 7 system ? If windows 7 esu licence se has been purchased for the workstations. If yes. How will wsus detect the extended patches and how will it scan which system has the licence key installed on it ?
