You folks saw this today, right?
http://myitforum.com/myitforumwp/2012/10/31/a-hot-one-update-causes-wsus-or-configmgr-admin-to-re-download-huge-number-of-updates/ Sent from Windows Mail From: Kurt Buff Sent: October 31, 2012 8:59 PM To: NT System Admin Issues Subject: Re: FW: 1100+ "revised" updates on WSUS? On Wed, Oct 31, 2012 at 5:13 PM, Ben Scott <mailvor...@gmail.com> wrote: > On Wed, Oct 31, 2012 at 7:55 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >>> Do you have your servers set to automatically download and install >>> updates? >> >> No. > > Then they won't automatically download and install updates. The WU > client won't do anything unless it's configured to do so. The WU > client behavior is independent of WSUS configuration. If an update > isn't approved on WSUS, the WU client won't even consider it. If the > WU client isn't told to download/install, it doesn't matter what WSUS > is doing. > > At least, that's the documented behavior, and I've never seen > anything else. (Well, the WU client can update the WU client itself > without asking, but that's "outside" the regular update mechanism (at > least in XP).) > > Now, the next time you tell your server (WU client) to check for > updates, maybe it will say it needs to download and install 42 billion > updates, I dunno. But it won't do it without asking. > > And I have no idea what is or isn't going on in WSUS server. :-) There is my problem - all machines in the environment are set up via group policy to talk with the WSUS server to download and install any approved updates - logged in users can postpone installs until deadline, and if there's no logged in user, go ahead and install at will. All relevant updates were approved in WSUS at the time of the original release. I would think (just IMHO, you know) that if MSFT releases a bunch of revised updates and says "some of these will probably need reinstalling" that WSUS would notice and say "you need to re-approve these, as they've been updated", but that's not happening. Nor am I seeing new updates for approval that say the previous updates were superseded. So, I can think of three alternatives, though there might be more: o- WSUS doesn't care about the revisions, or at least doesn't believe they require re-installation, and won't raise them for approval, so they won't get re-installed (but if that's the case, why send me a 2mb email telling me about all of them?) o- WSUS cares about the revisions, and since the originals have already been approved, will send the revisions on their merry way, probably causing machines in the environment to reboot (but if that's the case, why aren't any of my machines rebooting now, 24 hours after I received the status update from WSUS?) o- WSUS has sent out the updates, but the machines aren't rebooting. (But if that's the case, why aren't there any event log messages regarding this on, for instance, my Win2k8R2 DCs, which I've just checked?) One alternative I know isn't true: o- WSUS isn't aware of the revisions, so nothing happens. I know this isn't true, because WSUS sent me an 2mb email detailing the revised updates it had just received. Bleh. I'm going home, and hoping the world still exists when I get back tomorrow. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
