• Windows Update
– Just patches Windows
– http://update.microsoft.com/windowsupdate
• Microsoft update
– http://update.microsoft.com/microsoftupdate
– Patches [at this time]
– Windows
– Office
– Exchange
– More to come
• Engine is the same - Troubleshoot the same
MU is optional
• Opt in to MU
MU steps
• Accept EULA
• Need to install software to get it to use it
• Downloads activeX files
• \Windows\Downloaded Program Files
• The following ActiveX controls will be
installed:
– MUWebControl Class
– WUWebControl Class
Is it safe?
• Go back
• Click on Change settings
• Check the box
Test connectivity
• https://update.microsoft.com/v6/ClientWebService
• If you see this:
• Download
• Will allow you to install them at a later time
But don’t forget the help files
Troubleshooting
• 0x80070424
• 0x80244001/0x800A01AD
– These Windows Update error codes can be
caused by a damaged Windows XP XML
subsystem. The first step to take is to
reregister this component using the command
“regsvr32 msxml3.dll”. If this does not resolve
the issue, check for more recently updated
MSXML Parser and MSXML components
from the following link:
http://www.microsoft.com/downloads/resul
ts.aspx?
productID=&freetext=msxml&DisplayLang
=en
Common Errors
• 0x80248011
– This Windows Update error code is normally
related to inconsistent or damaged
information in the
c:\windows\softwaredistribution folder.
Stopping the Automatic Updates service then
renaming the c:\windows\softwaredistribution
folder to SDOLD then restarting the Automatic
Updates service normally is the fix for this
issue.
Note: Renaming this folder will clear the
display of previous successful and failed
updates.
Common Errors
• 0x800B0001
– This Windows Update error code is related to
3 particular DLL files that are not registered in
windows correctly. Registering the following
files with REGSVR32 normally fixes this
issue:
– Softpub.dll
– Mssip32.dll
– Initpki.dll
Common Errors
• 0x8024402C
– This Windows Update error can be caused by
a damaged installation of BITS and corrupted
information in the SoftwareDistribution folder.
The solution is normally to re-download the
BITS updates (KB883357 and KB842773)
from the Microsoft.com website, then stop the
Automatic Updates service and rename the
SoftwareDistribution folder to SDOLD.
Reboot the computer and return to Windows
Update.
Diagnose tools
• Install on server
• Will default go on port 8530
• On standard loads up a MSDE instance
• Remember …clients may need in registry
http://servername:8530 or Group
• Beginners guide to WSUS
• http://uphold2001.brinkster.net/vbshf/wsus/w
sus_faq.htm
WSUS issues
Now up to 8 gigs
• WSUS on SBS will chose 8530
On premium – set up the rule [pre done
on SBS]
• http://windowsupdate.microsoft.com
• http://*.windowsupdate.microsoft.com
• https://*.windowsupdate.microsoft.com
• http://*.update.microsoft.com
• https://*.update.microsoft.com
• http://*.windowsupdate.com
• http://download.windowsupdate.com
• http://download.microsoft.com
• http://*.download.windowsupdate.com
• http://wustat.windows.com
• http://ntservicepack.microsoft.com
Proxy settings
• Admin tools
• http://servername:8530/WSUSAdmin/
WSUS sync
WSUS console
• Two methods
– Group policy
– Move computers
GPMC
• Computer config
• Admin
• Components
• Windows Update
WU – point it
• GPupdate /force
– On server
– And on workstation if you want to test it ‘now’
Group Policy settings
• www.smallbizserver.net
WSUS for your clients
•
• If you are a Microsoft Certified Partner or Registered Partner, submit two (2)
signed complete originals of the Microsoft SPLA agreement V2.1
Sept03.pdf to Software Spectrum Inc.
• If you are NOT a Microsoft Certified Partner or Registered Partner;
• 1) You will need to have a Microsoft Registered Partner number to complete
the attached SPLA MCP addendum. You can become a Registered Partner
at http://members.microsoft.com/partner/program/enroll/default.aspx .
• 2) You need to register for the Microsoft Windows® Web Holster Program at
http://www.microsoft.com/serviceproviders/webhosting/default.asp
• 3) Submit two (2) signed complete originals of the SPLA MCP addendum
V2.1.doc to Software Spectrum Inc.
• 4) Submit two (2) signed complete originals of the Microsoft SPLA
agreement V2.1 Sept03.pdf to Software Spectrum Inc.
• All Signed agreements must be mailed to:
• Software Spectrum
• Attn: Microsoft Contracts Team
3480 Lotus Dr.
Plano, TX 75075
• spprograms@softwarespectrum.com
Clients can point to you
• As Master WSUS er
• Easier if you just remote and approve
• Recommend a patch agreement program
• You do not guarantee patch status
• You offer to work with vendor
• Investigate work arounds and mitigations
WSUS info
• http://support.microsoft.com/default.aspx?
scid=kb;en-us;894199
Approve updates
• Approval
Approval
• Approval – be patient
Patch issues
• Patch testing
– How can we do it in SBSland
– Virtual servers
– Identified key testers
– Review known issues [in each bulletin]
– Watch the communities
– Don’t bother testing Office/Windows…unless
– Standardize …standardize
Patching
• www.patchmanagement.org
– WSUS
– General Patch Mgmt
• WSUS blog - http://msmvps.com/athif/
• WSUS wiki -
http://wsus.editme.com/WSUSonSBS
• WSUS blog – http://blogs.technet.com/wsus
What’s better about WSUS?
• 5 key benefits
– More products updated (Exchange, Office,
SQL) and more update types (drivers, etc).
– Reporting
– Target Groups
– Install at Shutdown
– Scripting/API
Scripting
• Forcing
WSUSAdmin site
to use SSL is
simple
– Obtain and
install a web
certificate
– Enable SSL on
WSUSADMIN
directory
Admin duties