This blog article is specifically for this reason.
https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a recently set up WSUS server running on Windows Server 2019 Standard. Several servers are set to use WSUS by Group Policy settings.
Currently, several servers are showing 0 needed in WSUS. However, when opening Windows Update locally, several updates are listed as ready to install. How is this possible? How do I make sure that updates are all reporting correctly in WSUS?
Another interesting thing is that Update history shows "No updates have been installed yet". This is false. Get-hotfix lists 5 updates which have been installed. The last 3 were installed from the WSUS server.
I have so far tried: stop and disable wuauserv, delete all from Windows\SoftwareDistribution folder, restart wuauserv, run wuaclt /detectnow /reportnow.
On the Wsus server, I have run wsusutil.exe checkhealth. The event log entry states "WSUS is working correctly".
I have also run Get-WindowsUpdateLog on one of the affected servers. The log shows this line: ComApi Download call complete (succeeded = 1, succeeded with errors = 0, failed = 0, unaccounted = 0) It appears that one update was downloaded. The log file references it by GUID, I know of no way to determine the KB # from this.
WSUS still shows 0 needed for this server, Windows update on the server itself shows 3 updates waiting.
This blog article is specifically for this reason.
https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/
Thanks, I'll take a look and try the suggested actions.
I do wish "Client Machines Not Reporting to WSUS Properly" was more clearly defined (as in specific symptoms). In my case, the server does show in WSUS and the Last Status Report time matches the date and time of the last entry in the WindowsUpdate.log. It's not clear to me still whether this is a problem with the WSUS server or the clients, or why it has affected all 7 of the servers that are 2016 or 2019, but none of the 2012 servers. I'll have a look at the steps in the article and report back.
Hi MichaelMcNally,
Thank you for posting on this forum.
In my opinion, we could use the Last Status Report time on the WSUS console to confirm whether the clients report correctly. Here is a related screenshot for your reference:
As your distribution above, the clients can get updates from the WSUS Server and the report is correct. So the connection between the clients and the WSUS server is normal. As to the WSUS show 0 needed, it is recommended to confirm that following steps:
Please help to confirm the above. If there are any feedback, please inform me.
Regards,
Rita
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Found my answer at https://www.bocoprimeit.com/troubleshooting-wsus-synchronization-issues/.
In short, I needed to set "Do not allow update deferral policies to cause scan against Microsoft Update". Once that policy setting updated on each server, they reported in correctly to WSUS at next cycle.
That's correct. The Do not allow update deferral policies to cause scan against Microsoft Update policy does help to prevent the clients from dual scan. As you said above, these updates which get from not from the WSUS Server are all from the Windows Update. It is helpful if we apply policy on the client.
Thanks for your sharing on this forum. It is helpful for the bros who have the same issue. If the issue has been resolved, please consider marking the answer to help the others. Of course, if there are any issues, please feel free to ask on this forum.
Thanks for your time and wish you have nice day.
Regards,
Rita
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.