I recently installed WSUS in a network and am now waiting for it to download all the updates I want to provide to other clients.
The updates are already approved. The installation is set up to only download approved updates. That is what it is doing right now.
So, this is going to take a while. In the meantime, I set up my group policies to make my clients aware of this new service.
Sadly, my Windows 7 test client (freshly installed), doesn't seem to think there are any updates available:
So, now I'm asking myself, is my setup broken? Or do I simply have to wait for those 140GB to download before it will all start to function properly.
The WindowsUpdate.log
on my test client seems to tell that my correct server is being used:
2012-05-19 15:44:25:523 944 43c AU ########### AU: Initializing Automatic Updates ###########
2012-05-19 15:44:25:523 944 43c AU # WSUS server: http://SRV-PDC
The log is also pretty clear on the number of updates that should be applied:
2012-05-19 15:44:27:133 944 85c Agent * Found 0 updates and 61 categories in search; evaluated appl. rules of 174 out of 895 deployed entities
...
2012-05-19 15:44:27:149 944 754 AU # 0 updates detected
The reportingevents.log
also indicates that no updates are available:
{6DB29978-5D20-4D80-9088-5F87D0CC3417} 2012-05-19 20:13:23:388+0200 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates.
{03B0D7A7-A599-41CE-B583-F2870CEF4225} 2012-05-19 20:13:23:388+0200 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
So, after waiting a couple of
hoursdays, the first updates are being served.I guess what my confusion boiled down to was: Can WSUS offer updates to clients before they are downloaded to the server?
Which, in hindsight, is a pretty stupid question.
In case you're someone waiting desperately for your WSUS to synchronize so you can test your lab or whatever. Here are a few mistakes I made that you might be able to not make yourself.
Initial Synchronization
Your WSUS won't download anything before it is synchronized. Make sure your initial synchronization has already finished (and was actually started).
Initial synchronization can take quite some time. I made the mistake of shutting down the server in the middle of the synchronization process. It would have synchronized every morning at 6am, but the (lab) server was never running at that time.
So I wasn't synchronized for quite a while, not downloading anything.
Approval
Make sure to approve your updates. Updates that are not approved, might not be downloaded and they won't be offered to any clients either.
BITS Transfer Priority
If you've made sure that updates are actually being downloaded to your server, you can additionally increase download speed of those updates by increasing the download priority of BITS. Please refer to KB922330 and this technet article for exact details. There is also this excellent blog post that summarizes setting the foreground download priority.
However, please note that increasing the WSUS download priority in production environments can be counter-productive as it might saturate your internet connection.
Please keep in mind, even after setting the foreground priority for BITS, transfer speeds were far from optimal considering my potential throughput.
Verify that the group policy for referesh interval is not something very large. You can also force the client to check wsus by
This should force it to show up in WSUS as a new client without group. Check the following log also
Also from the WU client, click "check online for microsoft updates" and verify the client does actually need the updaes you have approved.