I have noticed that the summary status of updates has many updates with no status.
Not only do you have a high number of updates with no status, but you also have an exceptionally high number of failed update installations.
Updates with no status occur in a couple of scenarios:
- When an update is first synchronized by the WSUS server, no clients have evaluated the detection logic, so the update will show No Status for all computers. As computers check in with the WSUS server, the status will change to Needed/Installed/NotApplicable.
- However, if there are clients registered with the WSUS server that do not exist, or are not properly communicating with the WSUS server, the status for that update for those computers will forever remain as "No Status".
A better indicator of this state is to look at the Computers node of the console, and the count of *computers* with no status.
I read that my wsus database might need some TLC so I ran the reindexing that is recommend but nothing.
Merely running the reindex by itself rarely produces any noticable benefit. The reindex should be done in conjunction with update approval administration and filesystem defragmentation.
This series of articles provides more detail:
However, in this case, maintenance is not the issue. The issue is whether or not your client systems are properly communicating with the WSUS server.
I read sometimes you have to recreate the database.
Not sure where you read this, but this is absolutely not true.
Well it looks like I have a bunch of computers with no status..
I'm glad I don't have to recreate the database.
I went back to where I thought I read that but it looks like I might have been mistaken.
Those 61 computers with no status probably account for almost all of your updates with no status. The question then becomes:
Are these non-existent computers that should be removed from WSUS?
Are these existing computers that are no longer communicating with WSUS?
Also, since you've inherited this server and the job, you should also confirm that the WSUS server has been properly patched.
Depending on what version of Patch Manager is installed, we may have already done that for you.
In the WSUS Server node of the Patch Manager console, check the "Server Version".
It should be 3.2.7600.251 or newer. If it's 3.2.7600.226, you'll need to download and install KB2734608.
I'm guessing that the computers that haven't reported in over a week would be the 61 computers.
That's a strong probability.
You'll still need to install KB2734608. I misstated the condition earlier. Patch Manager automatically installs KB2734608 on the WSUS console installed on the PM server, but your pre-existing WSUS server needs to be updated. The update is a manual download and install and has post-install instructions as well so be sure to read through the KB article and understand all that is required.
Well I cleaned out some computers that haven't reported in for about a month. It made a huge difference.
I did run the Server Cleanup Wizard before I did that, but it only cleaned up a handful of computers.
Is this the way I should be doing this or is there a recommended way of cleaning out old computers?
is there a recommended way of cleaning out old computers?
You definitely should schedule the Server Cleanup Wizard to run once a month to decline/delete updates.
Depending on the turnover in your computers, you may only need to do the "Delete computers..." task once a quarter.
BUT, more significantly, you should be reviewing the All Computers list weekly for computers that do not have current "Last Reported Date" values.
From there, if they're known to be gone, just right click and delete; if they're off the network temporarily, ignore them; but most importantly, if they're not gone (i.e. they're broken), you can fix them quicker.