Thanks Martin.. that indeed did allow the system to use MS update. Now to figure out how to fix my broken/missing GPO files.
Any thoughts as to how to replace the default GPO objects that should be there, such as "default domain controller policy", etc...? -sc > -----Original Message----- > From: Martin Blackstone [mailto:[email protected]] > Sent: Tuesday, January 05, 2010 10:10 PM > To: NT System Admin Issues > Subject: RE: Windows Update failure > > Oh, and you will probably need to restart the automatic updates service > afterwards > > -----Original Message----- > From: Martin Blackstone [mailto:[email protected]] > Sent: Tuesday, January 05, 2010 7:05 PM > To: NT System Admin Issues > Subject: RE: Windows Update failure > > You should be able to remove the offending entries from the registry > Windows Registry Editor Version 5.00 > > [- > HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows > Update] > > [- > HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows > Update\AU] > > -----Original Message----- > From: Steven M. Caesare [mailto:[email protected]] > Sent: Tuesday, January 05, 2010 6:18 PM > To: NT System Admin Issues > Subject: RE: Windows Update failure > > Ya I think so. I killed the lnks to the offending GPO object, but now the DC's > still have the settings lingering on them, and I don't see the WSUS stuff in > the > local policy MMC snap in. So I figured I'd edit the old WSUS policy GPO to > turn > all the settings back to "off",... and that's when I found out that the > polices > don't seem to exist anywhere. > > I hear ya on the time at home thing.... as a matter of fact that's probably > why > the DC's hadn't been updated for a while and I really hadn't paid attention to > the event logs. > > Bad home admin....:( > > -sc > > > -----Original Message----- > > From: Richard Stovall [mailto:[email protected]] > > Sent: Tuesday, January 05, 2010 9:10 PM > > To: NT System Admin Issues > > Subject: Re: Windows Update failure > > > > No fun. Is this one of those situations where you have to create a > > GPO to unset some settings that some other settings set? (Sorry, my > > son has been playing with tongue twisters lately.) > > > > Regarding the home domain question, I guess I was thinking in the > > context > of > > someone who doesn't run one. I can't tell you how many times I've > > almost set one up, but pulled the plug at the last minute after asking > > the > question, > > "Why?" When I need/want to test/play with something I set up a > > virtual solution and tear it down when I'm done. > > I totally get the notion of a full-blown home domain, I just don't > > have > time at > > home anymore (or maybe I just don't want to use it) for feeding/caring > > for yet another IT environment. I've got %dayjob%, inlaws, and a > > couple of > non- > > profits that keep me more than adequately occupied. Maybe IT at home, > > for me, is what it is for others at the office. It should just be > > there and > it should > > just work. The simpler the better. (Luckily I can fix things when > > they > do go > > awry.) > > > > Good luck with it in any case. > > > > RS > > > > On Tue, Jan 5, 2010 at 8:45 PM, Steven M. Caesare > > <[email protected]> > > wrote: > > > Well, Ken got me down the correct path, methinks. > > > > > > I had an old GPO still linked to the DC's OU that had a (long since > > > decommissioned) WSUS server set up in it. I've removed those links. > > > > > > However, it appears that the actual GPO object itself is not > > > anywhere in my SYSVOL. As a matter of fact, it appears that _ALL_ of > > > my GPO's, even the "standard" ones like "Default Domain Controller", > > > don't exist as files. > > > > > > So this is now a much bigger problem: Why are they all missing... > > > and what do I do about it? Reading up on how to troubleshoot this now. > > > > > > FWIW: I have a boatload of "can't load policy" errors in my event log. > > > The SYSVOL share has only a single GUID in the policies folder... > > > despite having 8-10 polices in the MMC snap in.... all of which barf > > > when I try to view or edit them. > > > > > > <sigh> > > > > > > -sc > > > > > > PS- Aren't we all supposed to have multiple DC's for redundancy? :) > > > I have most of my home infrastructure setup such that losing the > > > domain would be a pain... file perms, SQL authentication, and the biggie: > > > Exchange. I ran one for a long time, and had the root disk hiccup on > > > me a couple of times, and it made me nervous. So when I virtualized > > > the home environment, I put a DC on 2 of the ESXi severs I built up. > > > > > > -----Original Message----- > > > From: Richard Stovall [mailto:[email protected]] > > > Sent: Tuesday, January 05, 2010 8:29 PM > > > To: NT System Admin Issues > > > Subject: Re: Windows Update failure > > > > > > I have had somewhat similar problems in the past with Windows Update > > > that were apparently caused by using OpenDNS for my external > > > resolvers, and thereby receiving sub-optimal responses for Windows > > > Update-related sites. update.microsoft.com is a small maze of > > > distributed sites, and for a while earlier this year if I used > > > OpenDNS at work it would often take > 5 minutes to load any pages > > > (on XP, etc.). I went so far as chasing down all the related > > > domains I could find (nsatc.net, etc.) and putting in conditional > > > forwarders for them to DNS servers other than OpenDNS. > > > > > > YMMV, but I did see drastically improved Windows Update performance > > > after adding the forwarders and moving resolution of > > > update.microsoft.com, microsoft,com, > > > www.update.microsoft.com.nsatc.net, > > > and a handful of others away from OpenDNS. > > > > > > (Having said all this, I don't think that OpenDNS' responses > > > were/are invalid. I think that probably what happened is that for a > > > while I was being sent to destinations that just didn't perform very well. > > > > > > PS You have 2 DCs at your house? > > > > > > On Tue, Jan 5, 2010 at 7:32 PM, Steven M. Caesare > > > <[email protected]> > > > wrote: > > >> So.. both my home Win2K8sp1 DC's decided to stop resolving DNS > > >> twice in the last several days. The service was running, it just > > >> stopped > > > resolving names. > > >> A restart of the service did the trick. > > >> > > >> > > >> > > >> Being the typical cobbler without shoes, I hadn't patched these > > >> boxes in a while. Attampting to Windows Update either of them > > >> results in a failure code 8024402C in the GUI. Curiously, this is > > >> not logged in Applications, Security, System or > > > MS/Windows/windowsUpdateClient/Operational event logs. > > >> > > >> > > >> > > >> The MS article for this error > > >> (http://windows.microsoft.com/en-US/windows-vista/Windows- > Update- > > erro > > >> r -8024402C), appears to suggest generic connectivity issues > > >> (firewall, > > >> etc..) or WSUS. > > >> Neither apply here (and I disabled IE ESC to be sure). I can browse > > >> the interweb just fine > > >> > > >> > > >> > > >> No AV or local FW enabled. Nor proxy. > > >> > > >> > > >> > > >> Thoughts? > > >> > > >> > > >> > > >> -sc > > >> > > >> > > >> > > >> > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
