Problemi con gli aggiornamenti automatici o windows update

Al seguente link ho trovato una guida davvero ben fatta che riporto integralmente in seguito.
http://wsus.editme.com/TroubleshootingClientSetup

Troubleshooting Client Setup

In some cases, AU clients do not show up in WSUS Administration console, and thus never receive updates from WSUS. There are several reasons why this can happen.

The first thing to establish is the settings that the client is using. To do this, run the following command:

Reg query “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /s

Ensure server and port number shown in the output exist and are correct. Typos in these settings can be the cause of your problem.

Next check whether WSUS is installed on Default Website. If client policies point to the default web site for updating, check that WUS is also installed in Default Website. If you have installed WUS on a different port run the script %Program Files%\MicrosoftWindowsUpdate\Services\”SetupInstallSelfupdateOnPort80.vbs.

Also, use the clientdiag tool from the RC (download this from the WSUS Beta Site) to see what other errors there might be.

If other computers are checking in fine but you have one or more that aren’t, check a couple relevant text logs for clues. There’s the main windows update log at %systemroot%\WindowsUpdate.log (WindowsUpdate all one word) and another log covering individual component updates at %systemroot%\SoftwareDistribution\ReportingEvents.log I found a handy page that has a list of error messages with some plain english messages. You’ll want to check that out at http://perso.wanadoo.fr/doc.jm/WU5-ERR.htm

I had one computer not checking in and found errors like this in the ReportingEvents.log:

Windows failed to install the following update with error 0x800703e3: Automatic Updates.

and in WindowsUpdate.log I saw:

start delayed initialization of WU client
Loading inf file D:\WINDOWS\SoftwareDistribution\SelfUpdate\wusetup.inf
.
.
.
Required Version for binary D:\WINDOWS\system32\cdm.dll is: 5,8,0,2339
Binary: D:\WINDOWS\system32\cdm.dll: Target version: 5.5.3790.2182 Required: 5.8.0.2339
Required Version for binary D:\WINDOWS\system32\iuengine.dll is: 5,8,0,2339
Binary: D:\WINDOWS\system32\iuengine.dll: Target version: 5.4.3790.2182 Required: 5.8.0.2339
.
.
.
WU client failed Searching for update with error 0x8024001b
ISusInternal API CClientCallRecorder::DisconnectCall succeeds
Starting File operations for section cdm
InstallUpdatedBinaries failed with error 0x800703e3

A quick visit to the beta v6 windowsupdate site updated the WU client and everything just started working from my local WSUS after that. You can force the client to restart the AU process by doing:

pskill wuauclt [or use task manager; I’m unsure if this step is neccesary or good]
net stop “Automatic Updates”
net start “Automatic Updates”
wuauclt /detectnow

If client machines do not have web access, download the full file Windows Update Client agent Agent from
http://go.microsoft.com/fwlink/?LinkId=43264

WindowsUpdateAgent20-x86.exe /wuforce /quiet to install it remotely.

Add /norestart if you’re doing it during the day (my clients didn’t need a reboot, but ya never know).

 

 

If you’re seeing error 0x8024400A and are running WSUS on Win2K3 SP1 it might be an IIS bug that’s causing it.  A hotfix is available.  See: http://support.microsoft.com/Default.aspx?id=898708  

I personally had success via a “shotgun” aproach suggested by ctobio on the wsus.info forums.  I’ve consolidated the operations into a batch file form here, suitable for running remotely:

REM Stop the Automatic Updates service
net stop wuauserv

REM Stop the Windows Management Instrumentation service
net stop winmgmt

REM Backup ReportingEvents.log.  Then, delete the contents of
REM  %systemroot%\SoftwareDistribution and
REM  %systemroot%\system32\WBEM\Repository
copy %systemroot%\softwaredistribution\reportingevents.log %homedrive%\
del /f /q %systemroot%\softwaredistribution\*.*
move %homedrive%\reportingevents.log %systemroot%\softwaredistribution

REM Delete SusClientID and AccountDomainSid keys from
REM  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SET WU_KEY=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
reg delete %WU_KEY% /v SusClientID
reg delete %WU_KEY% /v AccountDomainSid
SET WU_KEY=

REM Start the Automatic Updates service
net start wuauserv

REM Start the Windows Management Instrumentation service
net start winmgmt

REM Force a group policy update
gpupdate /force

REM Roll the WU Client…
wuauclt /resetauthorization /detectnow

After you do this, you will have to delete the old and now spurious computer account in the WSUS admin interface.  Delete the old computer that shows a status of not having checked in for so many days.  Leave the account that’s never checked in.  This new account will be checking in and that should be reflected after a little while in the admin interface.  You’ll also have to move the new account into the proper group where the old one was.  Monitor the WindowsUpdate.log in %systemroot% on that client machine to ensure that it’s grabbing updates again.

 

If a client appears in the admin console but all the updates are flagged “unknown” the system cannot determine which updates are needed or installed. Multiple errors similar to the following may appear in the client’s Application event log:

Event Type: Error
Event Source: ESENT
Event Category: General
Event ID: 427
Date: 5/17/2005
Time: 10:51:44 AM
User: N/A
Computer: [computername]
Description:
wuaueng.dll (1280) The database engine could not access the file called C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log.

Additionally the following error may appear once around the time of the first occurrence of the above error:

Event Type: Error
Event Source: ESENT
Event Category: Logging/Recovery
Event ID: 413
Date: 5/12/2005
Time: 2:46:16 PM
User: N/A
Computer: [computername]
Description:
wuaueng.dll (1280) Unable to create the log. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

To resolve this problem, stop the Automatic Updates service on the affected client, delete %windir%\SoftwareDistribution\DataStore\Logs\edb.log and restart the service.

[I couldn’t find any record of this error at Microsoft or anywhere else.]

The following registry location can be useful to see what state the client is in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUState  This will have one of the following values

 

NameVersionSizeDateUser
Wsus error.txt1157427/10/06 3.28praveenr
Wsus error

Comments:

From karmacop – 29/03/05 8.10

Hi

WUS is all working fine, but i accidentally removed all my clients ffrom the ‘All Computers’ Group. Is there a way to get the computers back or do i need to re-install WUS?

From ipelivan – 20/04/05 15.07

Hi! I have simillar problem. I removed one client computer from computer group. How to get it back?

From jahovabob – 07/07/05 9.48

clientdiag can also be downloaded here.

From helsby – 06/10/05 8.45

You are better going to http://www.microsoft.com/windowsserversystem/updateservices/support/default.mspx for the client diag download as this also has links to the readme. There are also server diag tools from this link too.

From rpaz – 08/01/06 17.42

 

I’m a little bit confused.

Can the AUState registry key be used to check WSUS Status? Or this key is only used by SUS?

 

From rpaz – 08/01/06 17.46

 

For those that accidentally removed All The Clients, don’t worry to much they will get back on next cycle

I made the same mistake Wink

From rpaz – 08/01/06 18.00

 

For those that accidentally removed All The Clients, don’t worry to much they will get back on next cycle

I made the same mistake Wink

From rpaz – 08/01/06 18.00

 

For those that accidentally removed All The Clients, don’t worry to much they will get back on next cycle

I made the same mistake Wink

From rpaz – 08/01/06 18.13

Sorry about the duplicated comments. Dam reload!

From giadzich – 22/02/06 12.16

It will take a while for client to report back to WSUS server after you delete it.
I hate to see those little icons saying the computer not report in xx days.  I decided to delete them all.  No harm.

From weeble – 27/02/06 1.47

This may not apply to everybody but I’ve got around 40 Windows 2000 machines that are not checking into my WSUS Server.

So far, the solution that I’ve found to get them all to start checking in is as follows:

Download and install the following:

  • Windows installer 3.1 (don’t restart, just install the next item)
  • BITS Update for Windows 2000 (KB842773) (don’t restart, just install the next item)
  • MDAC Update (if prompted to re-start, do the next step before clicking restart)
  • Once I’ve done that, I have to then copy over the latest WUAUENG.DLL file renaming the old one to WUAUENG.DLL.OLD (or whatever you choose).
  • Restart your computer (cross your fingers)

Once I’ve restarted the computer, it will then check in with my WSUS server and start the updating process.

I’ve found that in some remote cases, I’ve also had to export the REGKEYS from a working machine and them import them into a machine that isn’t working after I’ve done all the updates.

If you’re having problems, and you’ve checked everything else, try this … it may work and you’ve obviously got nothing else to loose. So far, it’s worked without fail for me.

From laurin1 – 21/06/06 13.27

I had it working fine, but now it’s broke. None of my clients show up in the Console and all log Event ID 16.

From geraghty – 11/05/07 6.39

I spent days trying to work out why none of my clients were connecting to WSUS – finally realised the problem was that the IUSER account was disabled! I’d disabled it ages ago to increase the security of the server…

Last Modified 11/04/06 22.39

.