It would be nice to just list what I have found and done on this new version of Update Services from Microsoft, 1) for my record in the future, getting older now; 2) share with other people who might be interested in this topic as well.
Configuration
- Remember to enable anonymous access on the IIS
I forgot about it when I did on the previous version, SUS, which caused me hours to try to figure out why the client machine always failed to get updated.
- Add local build-in user ASPNet on Windows Server 2000 and Network Service on 2003 into the security list on default WSUS web location. It might not be necessary but would be nice to try if you are having some weird problems that you can't figure it out why.
Useful Command
- Detect Now Option
wuauclt.exe /detectnow
- Resetauthorization Option - which expire the cookie, initiate detection, and have WSUS update computer group membership
wuauclt.exe /resetauthorization /detectnow
- Restart Automatic Updates services
net stop wuauserv
net start wuauserv
Check the Log files
- Client computer - check the log file to see if it successfully communicate with the WSUS server.
The log file is named windowsupdate.log without space between windows and update, and it is located under default windows root folder.
- WSUS server - check the IIS log file to see if the client machine gets updated successfully.
Check the IIS log file which is located at System32\Logfiles folder under default Windows folder.
Tip 1: For some reason, some time the workstations just can't get updated and rebooted on schedule. One of the reason is because there is another update service running at that time. Kill the process wuauclt.exe from Task Manager or Stop the Update services may help to fix this issue.
Tip 2: If you have workstations and laptops in your organization, seperating them into two different OU might be a good approach to work with because those laptops might not get updated on schedule.
Tip 3 (updated on Aug 5, 2005): When you update the workstation on AD by adding GP on it, you can run "gpupdate /force" to get the new GP settings updated on the workstion without rebooting it.