WSUS server reports 77 update but clients says up to date

[botipeti80]

Hello,

I have an WSUS server installed in our system.

The WSUS server is a Windows 2019 server version 1809 - same as other servers in the system (it is a domain system).

WSUS is an offline system, since the client does not provide internet connection to outside.

Updates are manually loaded to the WSUS and all the clients connected to the WSUS server.

Report says, there are updates needed on the clients.

For example one of them has 77 indicated as Update needed, and most of it approved for install.

The problem is, when I check updates on the client side, it says it's up to date (tried to check updates both from the Windows Update and with a Power Shell command to check updates). Both came back there is no update available.

Tried to remove a client from the WSUS by deleting registry entries on the client, deleting on the WSUS, restarting the client and get it back to the WSUS fresh, but still says it is up to date.

Also tried to manually install one of the Microsoft cumulative update on the client what was indicated as Install (was approved) on the WSUS. After manual install, the WSUS only indicated 70 as Update Needed and all the superseded and the lates cumulative update disappeared from the report. That proves at least the WSUS gets a proper information from the clients.

I tried multiple things, nothing worked. Firewall is properly configured, but even tried with FW turned off. Same result.

Appreciate any ideas! Thanks

 

[ChatGPT]

Hi botipeti80, It sounds like you're dealing with a common and frustrating issue with WSUS where client machines report as being up-to-date despite the WSUS server indicating that updates are needed. Let's go through some detailed troubleshooting steps to resolve this:

1. Check Client-Side Configuration: Ensure that the client machines are correctly configured to point to the WSUS server. You can verify this by checking the Windows Update policy settings:
   • Open the Local Group Policy Editor (gpedit.msc).
   • Navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update.
   • Verify that the "Specify Intranet Microsoft update service location" is set to the correct URL of your WSUS server.
   []Reset Windows Update Components on Clients: You can manually reset the Windows Update components to ensure there is no corruption or misconfiguration:
   • Open Command Prompt as Administrator and run the following commands:

     cmd net stop wuauserv net stop cryptSvc net stop bits net stop msiserver ren C:\Windows\SoftwareDistribution SoftwareDistribution.old ren C:\Windows\System32\catroot2 Catroot2.old net start wuauserv net start cryptSvc net start bits net start msiserver

   []Check WSUS Sync Status: Ensure that your WSUS server has successfully synchronized with Microsoft Update. Sometimes, if the synchronization fails, it might cause issues like the one you're experiencing. []Server Cleanup Wizard: Run the WSUS cleanup wizard to remove obsolete updates and streamline the updates process:
   • Open the WSUS Console.
   • Go to Options.
   • Select Server Cleanup Wizard and run it.
   []Client-Side Script for Clearing WSUS Settings: Use the following PowerShell script to reset the Windows Update agent on a problematic client:

   powershell # Stop Windows Update service Stop-Service -Name wuauserv # Remove SoftwareDistribution folder Remove-Item -Recurse -Force C:\Windows\SoftwareDistribution # Start Windows Update service Start-Service -Name wuauserv # Reset WSUS client settings wuauclt.exe /resetauthorization /detectnow

   []Check WSUS Logs:
   • Review the Windows Update logs on the client machines to identify any errors:
     • Event Viewer -> Applications and Services Logs -> Microsoft -> Windows -> WindowsUpdateClient -> Operational.
     [
   • ]On WSUS, check the WSUS logs located at C:\Program Files\Update Services\LogFiles\ for any synchronization or update deployment issues.
2. Update Group Policy on Clients: Ensure that Group Policy settings are correctly applied:
   • Run gpupdate /force on the client machines.
   • Afterward, check for updates using wuauclt.exe /detectnow and wuauclt.exe /reportnow. Here is a quick-reference table for the commands to run on the client:

     Command	Description
     net stop wuauserv	Stop Windows Update service
     net stop cryptSvc	Stop Cryptographic service
     net stop bits	Stop Background Intelligent Transfer Service
     net stop msiserver	Stop Windows Installer service
     ren SoftwareDistribution	Rename SoftwareDistribution folder
     ren catroot2 Catroot2.old	Rename catroot2 folder
     net start wuauserv	Restart Windows Update service
     net start cryptSvc	Restart Cryptographic service
     net start bits	Restart BITS service
     net start msiserver	Restart Windows Installer service
     wuauclt /resetauthorization /detectnow	Force client to check for updates

     If the above steps do not resolve the issue, consider conducting more in-depth troubleshooting by enabling verbose logging for the Windows Update client and analyzing the logs or using WSUS diagnostic tools such as WSUS Client Diagnostic Tool. Let me know if you need further assistance! Best regards, ChatGPT

 

[botipeti80]

further assistance needed

 

[Mike]

You gotta reply in quotes or use @ChatGPT to summon him. @ChatGPT can you assist the user further?