Clients not seeing WSUS

[NOVACHEM]

I have several servers behind a firewall, all with 192 addressing and none have had updates in several years. I have installed a WSUS server into this area and it is pingable from all clients. I have downloaded the newest WA Client, have played with the registry as well as the local GP. None of these servers are in a domain - all in a workgroup.

Getting error 16 in Event Log

Have removed the PingID, AccountDomainSid, SusClientID, SusClientIDValidation entries in Registry.

WindowsUpdate.log
Looks like server is trying to get updates from http://download.windowsupdate.com and not the local WSUS server.

1376 150 Misc WARNING: Send failed with hr = 80072efd.
1376 150 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
1376 150 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab>. error 0x80072efd
1376 150 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
1376 150 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
1376 150 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd

registry key(s) WUServer and WUStatusServer pointing to local WSUS
Local GP same thing.

Log shows no WSUS pointers:
2010-04-19 10:38:10:921 1376 770 Agent * WSUS server: <NULL>
2010-04-19 10:38:10:921 1376 770 Agent * WSUS status server: <NULL>
2010-04-19 10:38:10:921 1376 770 Agent * Target group: (Unassigned Computers)
2010-04-19 10:38:10:921 1376 770 Agent * Windows Update access disabled: No


Any one have any suggestions on what I can try next?

[adelara]

>> I have several servers behind a firewall, all with 192 addressing and
>> none have had updates in several years.

The firewall should have a rule to let requests to outside to windowsupdate.microsoft.com using port 80

>> I have installed a WSUS server into this area and it is pingable
>> from all clients.

Pingable means only that: the server receives and responds to the pings from the clients.
You have to make sure that your WSUS server is listening on port 80.
If the server is inside the firewall, on the same subnet as the clients, then they should have no problem findind your server.

Start with your WSUS server and make sure it can get updates from Microsoft, so your other machines have a place to go to get updates from.

Better yet, start with your firewall to make sure your server will be able to get updates.
- Use Internet Explorer on your WSUS server to test if it can reach windowsupdate.microsoft.com (or Menu-->Tools-->Windows Update)

Configure your WSUS server to get updates daily from MS.
On the "Update Services" console, click on your server to expand it, then click on "Options" and "Update Source and Proxy Server"
Select "Synchronize from Microsoft Update", click Ok.
Then click on "Synchronizations" and, on the right side, click on "Synchronize now". With all good, it should complete, depending on your network speed,
or you have to wait until it finishes.

Check your IIS settings, and "TO MAKE YOUR LIFE EASIER" edit the default page (usually it is in C:\Inetpub\wwwroot\iisstart.htm) and put the actual name of your server. It's better to see a friendly message.

Go to any of your clients, open a webbrowser and point it to http://yourserver and you should see the page you just modified.

If all is good so far, it means that your WSUS server is listening and serving on port 80, ie. this is the default, and you are good to go.

For your reference, here are the registry settings on a client side that *works* on a "workgroup" environment.

C:\ > reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
TargetGroupEnabled REG_DWORD 0x0
ElevateNonAdmins REG_DWORD 0x0
WUServer REG_SZ http://mywsusserver.acme.com
WUStatusServer REG_SZ http://mywsusserver.acme.com

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

C:\ > reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoUpdate REG_DWORD 0x0
AUOptions REG_DWORD 0x5
NoAutoRebootWithLoggedOnUsers REG_DWORD 0x1
AutoInstallMinorUpdates REG_DWORD 0x1
RebootRelaunchTimeoutEnabled REG_DWORD 0x1
RescheduleWaitTimeEnabled REG_DWORD 0x1
RescheduleWaitTime REG_DWORD 0xf
DetectionFrequencyEnabled REG_DWORD 0xf
DetectionFrequency REG_DWORD 0xf
RebootWarningTimeoutEnabled REG_DWORD 0xf
RebootWarningTimeout REG_DWORD 0x1e
UseWUServer REG_DWORD 0x1
NoAUShutdownOption REG_DWORD 0x0
NoAUAsDefaultShutdownOption REG_DWORD 0x0

Hope this helps.

-ALex

[NOVACHEM]

Thank you - the registry keys worked.

[ejpb]

Hello.
I have the same error, when I press "check for updates" on a client, the result is a 80072EFD error. They seem to search for microsoft's server instead of my WSUS, even though they have the address to it.

In log:

Code:

...
CWERReporter::Init succeeded
***********  Agent: Initializing Windows Update Agent  ***********
***********  Agent: Initializing global settings cache  ***********
* WSUS server: http://192.168.50.179
* WSUS status server: http://192.168.50.179
* Target group: (Unassigned Computers)
* Windows Update access disabled: No
Download manager restoring 0 downloads
###########  AU: Initializing Automatic Updates  ###########
# WSUS server: http://192.168.50.179
# Detection frequency: 22
# Approval type: Pre-install notify (Policy)
# Auto-install minor updates: No (User preference)
# Will interact with non-admins (Non-admins are elevated (User preference))
...
...
WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab>. error 0x80072efd
WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
WARNING: Send failed with hr = 80072efd.
...

I have set the three things in a Policy Group Object that the client gets: the "WSUS server and statistics server", "frequency" and "configuration type".
Is there anything more that needs to be set?

In the log it has the WSUS (192.168.50.179) but it still looks for microsoft.com.
http://download.windowsupdate.com/v9...uv4wuredir.cab
Is there something about "Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>" that is wrong?

Also I have a slightly smaller registry set at the client, than in adelara's tip above.

Code:

C:\Windows\system32>reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    WUServer    REG_SZ    http://192.168.50.179
    WUStatusServer    REG_SZ    http://192.168.50.179

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

C:\Windows\system32>reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    DetectionFrequencyEnabled    REG_DWORD    0x1
    DetectionFrequency    REG_DWORD    0x16
    NoAutoUpdate    REG_DWORD    0x0
    AUOptions    REG_DWORD    0x3
    ScheduledInstallDay    REG_DWORD    0x0
    ScheduledInstallTime    REG_DWORD    0x3
    UseWUServer    REG_DWORD    0x1

Do I need to edit or add stuff here manually?

If anyone knows what may be wrong, I'd appreciate some pointers.
Thanks.