-1

I have a large group of servers without a domain that are managing updates through a single WSUS server. Recently we have added a few new servers and manually set the local policy to connect to the WSUS server and download and install with reboot on a schedule. For some reason these new servers do not complete the process with a reboot. They updates install successfully and the server prompts for a reboot. I cannot find any policy discrepancy between the a new server and an old server. Is there another conflicting setting that I am missing that is overriding the reboot?

Here is a screenshot of the policy screen overview

Ari Winokur
  • 129
  • 10

1 Answers1

0

You're setting policies for servers with local policies? That must be fun...

The screenshot you supplied doesn't really help much as it doesn't show what your policy settings are, other than that they are "enabled" or "disabled"

To get the machines to restart themselves after installing updates you need to edit Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Configure Automatic Updates"

Enable it (which I see you already have), set "Configure automatic updating" to "4 - Auto download and schedule the install"

You will then need to set the schedule. If you check "Install during automatic maintenance" the computer will wait until the computer is not in use and then it will reboot and install. Maintenance can be configured in Windows Components > Maintenance Scheduler

Keep in mind that if a user is logged in or if Windows considers the machine to be "in use" it can throw a monkey wrench in the schedule. When specifically scheduled for a time it will ask the logged in user if it is OK to restart and if the user delays it, it won't. If using the automatic maintenance the server will not restart itself if Windows detects a potential for data loss. So if there is an unsaved file open, for example, Windows may not reboot because rebooting would cause data loss. Depending on the type of server any number of things may be holding up an automatic reboot due to "data loss".

In other words, no matter what you do, Windows won't auto reboot if the system is actively in use.

If you make any policy changes make sure you do a GPUPDATE /FORCE to make sure everything applies.

Other things that might help would be to do a GPRESULT and verify that everything is applying correctly. Compare the results from a working server and a non-working server.

Also let me say that I feel your pain. WSUS is definitely not one of Microsoft's more... polished products.

Redwizard000
  • 301
  • 1
  • 4
  • 9
  • Thanks for the info @redwizard000 I have the setting set to 4 to auto download and install. The options you are talking about "Install during automatic maintenance" and "Windows Components > Maintenance Scheduler" don't seem to exist. Are these features of a different version of Server? I am running 2k8r2. As a final clarification, I have many servers running the same setup for a while and working fine. It is just a few new servers that are having this issue. I can only assume that there is a policy issue somewhere. – Ari Winokur Sep 06 '17 at 12:55
  • Oh you are using 2008? IDK if those settings are in 2008. I have all 2012 r2 and 2016 servers here. You can try updating the ADMX templates, but I doubt that it will help, latest ones are from 2010 and 2008 is EOL if I am not mistaken. Run a gpresult on a working server and on a non-working server and compare the results. – Redwizard000 Sep 06 '17 at 15:56
  • Yea. The environment is still all 2k8r2 even though it is approaching eol. I'll continue to analyze policies and see if I can crack it. Or maybe we finally upgrade around here.... It will be a huge project! – Ari Winokur Sep 06 '17 at 16:02