question

Junk430-0886 avatar image
0 Votes"
Junk430-0886 asked Junk430-0886 answered

Where did the 2019 servers get their updates from?

I'm trying to transition from one patch program to use WSUS to approve updates and then use an Ansible play to tell the clients to install and reboot.
It seemed to work in a test.
Now that it's after patch Tuesday I look and I only see patches for 2012R2 and all my 2019 boxes say they are ether fully patched or missing some number of patches BUT no patches show up for approval or needed.
When I log onto a 2019 server I see it has already downloaded the Oct OS and .net patches and is ready to install. How did it get them and approve them?

The 2012R2 servers show no updates available in Windows Update because I've not approved any.

I've used WSUS in the past and never had this issue. How does it think the 2019 servers are fully patched when they show patches waiting to install in Windows Update? Where did Windows Update get these patches? I'm guessing they went to MS.

GPO is set as follows:
Config Auto Updates: Enabled, download, don't install, don't reboot
Auto Update Detection: 5 hours
Dispay options for update notifications: 1- disable all notifications
Do not adjust default options to install updates and shut down: enabled
Do not connect to any Windows Update Internet Locations: Enabled -----Now this was enabled for some time because 2019 servers would not show up in WSUS without it.
Do not display install updates and shut down: enabled
No auto restart with logged on users: disabled
Specify intranet MS update service location: Enabled
Intranet Update service for detecting updates: http://mywusserver.myhouse.now:8530
Set intranet statics server: http://mywusserver.myhouse.now:8530

windows-server-update-services
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Junk430-0886
It seems that there are no updates for several days. May I know the status of the case? May I know whether the issue has been resolved or not?

According to your post, it is recommeded to run the below PowerShell script to confirm the update scurce on the Windows Server 2019:

 $MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
     
 $MUSM.Services | select Name, IsDefaultAUService

Here is a screenhost in my lab for your reference:
141237-8.png

Looking forward for your feedback. Please keep us in touch if there are any updates of the case.

Regards,
Rita

0 Votes 0 ·
8.png (12.1 KiB)
AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

Dual Scan Scenario likely - https://www.ajtek.ca/wsus/dual-scan-making-sense-of-why-so-many-admins-have-issues/
Here's part 4 of my 8 part blog series on How to Setup, Manage, and Maintain WSUS - https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-4-creating-your-gpos-for-an-inheritance-setup/
Part 4 gives you policies, part 5 is the linking of the policies for an inheritance setup.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Junk430-0886 avatar image
0 Votes"
Junk430-0886 answered

AJ I have another question. After changing those WU for Biz setting it seems to be listing to my WSUS server only one problem.
I'm using Ansible to have the client search for, then install updates and reboot.
What I see happen is the server installs the patch, it's listed in installed patches, it falls of WSUS as needed but when I log into the server I see WU shows the patch as "Updates are ready to install" with the "Install now" button.
What the heck... how is it installed and ready to install at the same time?

142162-screen-shot-2021-10-20-at-100550-am.png



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Junk430-0886 avatar image
0 Votes"
Junk430-0886 answered

Ok may have answered my own question.. after clicking "install updates" it immediately changes to You're up to date. So I think the GUI was just not updating.

Thanks again.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.