I checked WSUS and Option #3 is checked.
Confirmed that servers are getting Windows Updates from PM server.
I scheduled task to run immediately, see task complete and the server will have the patches but they will never install.
Thanks
What settings do you have in your GPO besides the WSUS server?
Configure Automatic Updates - Enabled, Option #5 Allow Local Administrators to choose settings
Allow Automatic Updates immediate installation - Enabled
My guess for what frgpugs is getting at is:
You need to have "Allow signed updates" enabled as well.
Configure clients using Group Policy - SolarWinds Worldwide, LLC. Help and Support
Three things at a minimum:
This is working with third party updates, if it were only MS updates then you would only really need #2 in most cases.
I am only installing Microsoft updates, no third party ones.
OK, want to start at this from the top a bit and see what we can figure out:
According to your posts you have these group policy settings set:
Any others?
These are only MS updates. What is your process from the Patch Manager end? You're approving updates only? Do you have a task set to install certain updates? Update Management or Update Management Wizard?
If you are using the tasks you can set them to download only which could be a thing.
If you are using the tasks, if you check your task history are you seeing any errors?
If you go to Microsoft Update on the machine and manually install an update does it work or do you see any errors?
Is the WSUS server that the machine is communicating with a downstream server or the primary WSUS server?
I apologize for the kitchen sink approach, but what you've posted so far seems like it should work, so there's some other details that might help get at a resolution for you.
The issue is resolved, I changed the GPO to Option #4 Auto Download and Schedule the install. But before that I went through the install guide step by step and the certificates were not published correctly.
