Oh, and you will probably need to restart the automatic updates service afterwards
-----Original Message----- From: Martin Blackstone [mailto:mblackst...@gmail.com] Sent: Tuesday, January 05, 2010 7:05 PM To: NT System Admin Issues Subject: RE: Windows Update failure You should be able to remove the offending entries from the registry Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU] -----Original Message----- From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, January 05, 2010 6:18 PM To: NT System Admin Issues Subject: RE: Windows Update failure Ya I think so. I killed the lnks to the offending GPO object, but now the DC's still have the settings lingering on them, and I don't see the WSUS stuff in the local policy MMC snap in. So I figured I'd edit the old WSUS policy GPO to turn all the settings back to "off",... and that's when I found out that the polices don't seem to exist anywhere. I hear ya on the time at home thing.... as a matter of fact that's probably why the DC's hadn't been updated for a while and I really hadn't paid attention to the event logs. Bad home admin....:( -sc > -----Original Message----- > From: Richard Stovall [mailto:rich...@gmail.com] > Sent: Tuesday, January 05, 2010 9:10 PM > To: NT System Admin Issues > Subject: Re: Windows Update failure > > No fun. Is this one of those situations where you have to create a GPO to > unset some settings that some other settings set? (Sorry, my son has been > playing with tongue twisters lately.) > > Regarding the home domain question, I guess I was thinking in the context of > someone who doesn't run one. I can't tell you how many times I've almost > set one up, but pulled the plug at the last minute after asking the question, > "Why?" When I need/want to test/play with something I set up a virtual > solution and tear it down when I'm done. > I totally get the notion of a full-blown home domain, I just don't have time at > home anymore (or maybe I just don't want to use it) for feeding/caring for > yet another IT environment. I've got %dayjob%, inlaws, and a couple of non- > profits that keep me more than adequately occupied. Maybe IT at home, for > me, is what it is for others at the office. It should just be there and it should > just work. The simpler the better. (Luckily I can fix things when they do go > awry.) > > Good luck with it in any case. > > RS > > On Tue, Jan 5, 2010 at 8:45 PM, Steven M. Caesare <scaes...@caesare.com> > wrote: > > Well, Ken got me down the correct path, methinks. > > > > I had an old GPO still linked to the DC's OU that had a (long since > > decommissioned) WSUS server set up in it. I've removed those links. > > > > However, it appears that the actual GPO object itself is not anywhere > > in my SYSVOL. As a matter of fact, it appears that _ALL_ of my GPO's, > > even the "standard" ones like "Default Domain Controller", don't exist > > as files. > > > > So this is now a much bigger problem: Why are they all missing... and > > what do I do about it? Reading up on how to troubleshoot this now. > > > > FWIW: I have a boatload of "can't load policy" errors in my event log. > > The SYSVOL share has only a single GUID in the policies folder... > > despite having 8-10 polices in the MMC snap in.... all of which barf > > when I try to view or edit them. > > > > <sigh> > > > > -sc > > > > PS- Aren't we all supposed to have multiple DC's for redundancy? :) I > > have most of my home infrastructure setup such that losing the domain > > would be a pain... file perms, SQL authentication, and the biggie: > > Exchange. I ran one for a long time, and had the root disk hiccup on > > me a couple of times, and it made me nervous. So when I virtualized > > the home environment, I put a DC on 2 of the ESXi severs I built up. > > > > -----Original Message----- > > From: Richard Stovall [mailto:rich...@gmail.com] > > Sent: Tuesday, January 05, 2010 8:29 PM > > To: NT System Admin Issues > > Subject: Re: Windows Update failure > > > > I have had somewhat similar problems in the past with Windows Update > > that were apparently caused by using OpenDNS for my external > > resolvers, and thereby receiving sub-optimal responses for Windows > > Update-related sites. update.microsoft.com is a small maze of > > distributed sites, and for a while earlier this year if I used OpenDNS > > at work it would often take > 5 minutes to load any pages (on XP, > > etc.). I went so far as chasing down all the related domains I could > > find (nsatc.net, etc.) and putting in conditional forwarders for them > > to DNS servers other than OpenDNS. > > > > YMMV, but I did see drastically improved Windows Update performance > > after adding the forwarders and moving resolution of > > update.microsoft.com, microsoft,com, > > www.update.microsoft.com.nsatc.net, > > and a handful of others away from OpenDNS. > > > > (Having said all this, I don't think that OpenDNS' responses were/are > > invalid. I think that probably what happened is that for a while I > > was being sent to destinations that just didn't perform very well. > > > > PS You have 2 DCs at your house? > > > > On Tue, Jan 5, 2010 at 7:32 PM, Steven M. Caesare > > <scaes...@caesare.com> > > wrote: > >> So.. both my home Win2K8sp1 DC's decided to stop resolving DNS twice > >> in the last several days. The service was running, it just stopped > > resolving names. > >> A restart of the service did the trick. > >> > >> > >> > >> Being the typical cobbler without shoes, I hadn't patched these boxes > >> in a while. Attampting to Windows Update either of them results in a > >> failure code 8024402C in the GUI. Curiously, this is not logged in > >> Applications, Security, System or > > MS/Windows/windowsUpdateClient/Operational event logs. > >> > >> > >> > >> The MS article for this error > >> (http://windows.microsoft.com/en-US/windows-vista/Windows-Update- > erro > >> r -8024402C), appears to suggest generic connectivity issues > >> (firewall, > >> etc..) or WSUS. > >> Neither apply here (and I disabled IE ESC to be sure). I can browse > >> the interweb just fine > >> > >> > >> > >> No AV or local FW enabled. Nor proxy. > >> > >> > >> > >> Thoughts? > >> > >> > >> > >> -sc > >> > >> > >> > >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~