Share via

Windows server lost gpo and do update troughs internet instead wsus

Laurent B 5 Reputation points
2023-06-09T06:07:58.1933333+00:00

I am a system engineer for a company and we are facing an issue that has left us perplexed. Our Windows Server 2012 R2 Datacenter, which also has an SQL Server 2017 installed in it, rebooted by itself set ago and we are trying to find out why. After investigating, we found out that an update was pushed through, which was not approved in WSUS and it seems like the server is downloading updates from the internet instead of WSUS.

In the windowsupdate.log, we observed that the issue occurred due to the following part:

*********** Agent: Initializing global settings cache ***********

  • Endpoint Provider: 00000000-0000-0000-0000-000000000000
  • WSUS server: <NULL>
  • WSUS status server: <NULL>
  • Target group: (Unassigned Computers)
  • Windows Update access disabled: No

And after some time:

Update {D1FE2427-174B-4B7B-BA04-69AA90060D12}.200 was auto-approved for forced install

Normally this log looks very different as we have WSUS server.

WSUS server: https://server.eu:8531, etc.

We are not able to figure out why this problem occurred. One possible solution could be to block the server's access to the internet and only allow WSUS updates. But before doing that, we want to understand the root cause of this issue.

Could anyone provide any insights that might lead us to the root cause of this issue. The only change we made on this server recently was the introduction of a new antivirus (BitDefender Endpoint Security). However, it was installed two weeks before the reboot.

Thank you in advance if anyone can help.

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 14,185 Reputation points MVP
    2023-06-09T12:02:10.6733333+00:00

    The server's Group Policy settings have been lost, and it's downloading updates directly from the Internet rather than from your WSUS server. This is an unusual situation and could have been caused by a variety of factors.

    Group Policy Issue: A possible reason for this could be corruption or deletion of the Group Policy Objects (GPOs). There might have been a system crash, software conflict, or unexpected shutdown which may have led to the corruption of the GPO. Also, an incorrect configuration of the Group Policy settings may lead to such issues. You should verify your GPO settings, especially those related to Windows Update, and check if there were any recent changes that might have affected these.

    Windows Update Agent Issue: In the log, it shows that the Windows Update Agent didn't find a WSUS server and updated directly from the internet. The Windows Update Agent could have been reset or reconfigured, which might have caused it to forget the WSUS settings. Try resetting the Windows Update Agent and reconfiguring it to use your WSUS server.

    BitDefender Endpoint Security: You mentioned that you installed BitDefender Endpoint Security two weeks prior to the incident. While it seems unlikely that the antivirus directly caused the issue, it could be a contributing factor, especially if it's not correctly configured to work with WSUS or if it has some conflicts with Group Policy settings. It would be a good idea to investigate this angle further.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.