7 Replies Latest reply on Nov 18, 2014 4:14 PM by Lawrence Garvin

    Updates with no status

    dave.smith@yumacountyaz.gov

      Hello Everyone,

       

      I’m running a Server 2008 R2 box with the WSUS role running on it. The server is also running patch manager.

      I have noticed that the summary status of updates has many updates with no status. Say that three times fast.

      wsus.png 

       

      I read that my wsus database might need some TLC so I ran the reindexing that is recommend but nothing.

      Reindex the WSUS Database

      I read sometimes you have to recreate the database. What would be involved with what sounds like a huge task.

      I should tell you that I inherited the desktop software update task so this is kinda new for me. This WSUS box and patch manager was just installed about a month ago and replaced a server 2003 wsus box.

       

      Thanks,

      DLSII

        • Re: Updates with no status
          Lawrence Garvin
          I have noticed that the summary status of updates has many updates with no status.

          Not only do you have a high number of updates with no status, but you also have an exceptionally high number of failed update installations.


          Updates with no status occur in a couple of scenarios:

          • When an update is first synchronized by the WSUS server, no clients have evaluated the detection logic, so the update will show No Status for all computers. As computers check in with the WSUS server, the status will change to Needed/Installed/NotApplicable.
          • However, if there are clients registered with the WSUS server that do not exist, or are not properly communicating with the WSUS server, the status for that update for those computers will forever remain as "No Status".


          A better indicator of this state is to look at the Computers node of the console, and the count of *computers* with no status.

          11-14-2014 2-20-22 PM.png


           

          I read that my wsus database might need some TLC so I ran the reindexing that is recommend but nothing.

           

          Merely running the reindex by itself rarely produces any noticable benefit. The reindex should be done in conjunction with update approval administration and filesystem defragmentation.

          This series of articles provides more detail:

          WSUS Timeout Errors - Removing unneeded update approvals

          WSUS Timeout Errors - Defragment the filesystem

          WSUS Timeout Errors - WSUS database maintenance


          However, in this case, maintenance is not the issue. The issue is whether or not your client systems are properly communicating with the WSUS server.


           

          I read sometimes you have to recreate the database.

           

          Not sure where you read this, but this is absolutely not true.

            • Re: Updates with no status
              dave.smith@yumacountyaz.gov

              Well it looks like I have a bunch of computers with no status..

              wsus2.png

               

              I'm glad I don't have to recreate the database.

              I went back to where I thought I read that but it looks like I might have been mistaken.

              WSUS Updates Overview all showing with no status.

                • Re: Updates with no status
                  Lawrence Garvin

                  Those 61 computers with no status probably account for almost all of your updates with no status. The question then becomes:

                  Are these non-existent computers that should be removed from WSUS?

                  Are these existing computers that are no longer communicating with WSUS?

                   

                  Also, since you've inherited this server and the job, you should also confirm that the WSUS server has been properly patched.

                  Depending on what version of Patch Manager is installed, we may have already done that for you.

                  In the WSUS Server node of the Patch Manager console, check the "Server Version".

                  It should be 3.2.7600.251 or newer. If it's 3.2.7600.226, you'll need to download and install KB2734608.

                  11-14-2014 2-53-44 PM.png

                    • Re: Updates with no status
                      dave.smith@yumacountyaz.gov

                      I'm guessing that the computers that haven't reported in over a week would be the 61 computers.

                      If that's the case we have an issue. There are a lot of computers here on our network that turn on for a day and then may be off for a week or two especially laptops.

                       

                      here is that info you asked for

                      wsus3.png

                        • Re: Updates with no status
                          Lawrence Garvin
                          I'm guessing that the computers that haven't reported in over a week would be the 61 computers.


                          That's a strong probability.


                          You'll still need to install KB2734608. I misstated the condition earlier. Patch Manager automatically installs KB2734608 on the WSUS console installed on the PM server, but your pre-existing WSUS server needs to be updated. The update is a manual download and install and has post-install instructions as well so be sure to read through the KB article and understand all that is required.

                            • Re: Updates with no status
                              dave.smith@yumacountyaz.gov

                              Well I cleaned out some computers that haven't reported in for about a month. It made a huge difference.

                              wsus.jpg

                              I did run the Server Cleanup Wizard before I did that, but it only cleaned up a handful of computers.

                              Is this the way I should be doing this or is there a recommended way of cleaning out old computers?

                               

                              Thanks

                                • Re: Updates with no status
                                  Lawrence Garvin
                                  is there a recommended way of cleaning out old computers?


                                  You definitely should schedule the Server Cleanup Wizard to run once a month to decline/delete updates.

                                  Depending on the turnover in your computers, you may only need to do the "Delete computers..." task once a quarter.


                                  BUT, more significantly, you should be reviewing the All Computers list weekly for computers that do not have current "Last Reported Date" values.

                                  From there, if they're known to be gone, just right click and delete; if they're off the network temporarily, ignore them; but most importantly, if they're not gone (i.e. they're broken), you can fix them quicker.