The past 8 or more years most of us have managed PC updates using WSUS (Windows Server Update Service) and Group policy. However, the structure of the modern office has changed to a large percentage of mobile employees who never ‘touch down’ at headquarters. If these devices do not connect to the domain they do not have updates applied.
A client who has not returned to the office in 18 months, and likely will not for the life of their laptop, recently asked how they could update their machine manually. Currently they were not able to do so as Windows Update showed “settings are managed by your system administrator”, in other words, by WSUS
It is quite simple to disable WSUS management in the registry, however remember if the device is reconnected to the domain, the WSUS policies will be reapplied. Therefore you may want to move the device to an OU not linked to the WSUS policy or remove the device in the policy under security filtering.
Disclaimer: Be aware making incorrect registry changes can have disastrous effects to the health of the device. Be sure to backup the registry before editing. To do so see the following Microsoft article; “How to back up and restore the registry in Windows” http://support.microsoft.com/kb/322756
- Open the registry editor, by entering Regedit in the Start / Run box, and browse to: HKLM\Software\Policies\Microsoft\Windows\
- Locate the WindowsUpdate Key and delete it
- Reboot the PC (may take 2 reboots)
- Now you can manually update and configure Windows updates to automatically check for and install updates directly from the Microsoft Update site
You may want to consider using a newer service such as Windows Intune to manage your computers, especially mobile devices. http://www.microsoft.com/en-us/server-cloud/products/windows-intune/
There are many articles regarding how to locate and regain space consumed by many SBS services and log files, including one of my own; “Missing SBS 2008/2011 Drive Space“. One of the most common issues is the WSUS admin logs located in C:\inetpub\logs\LogFiles\W3SVC_____ which can consume huge amounts of drive space. With SBS 2011 and SBS 2008 (2008 if updates are applied) this particular folder should be looked after by a scheduled task which clears out log files older than 100 days. In a few cases you may want to edit this and reduce it to a shorter period of time, as very nicely explained by Ronny Pot.
I was asked to look at an SBS server today which had ‘lost’ most of its system partition available space. It was not really lost as it was found in a C:\inetpub\logs\LogFiles\W3SVC_____ folder. However, this should have been looked after by the aforementioned scheduled task. Upon review of the task history it seems the task’s script has been failing for several months resulting in “Action start failed” and “Action failed to start” messages with an Error Value of 2147942402.
Note: the task is located under Administrative Tools | Task Scheduler | Task Scheduler Library | Microsoft | Windows | Windows Small Business Server 20xx Standard | WSUSLog Cleaner
In this case the time frame had been reduced to 30 days, but noticed when saving the changes, if not paying attention, the “arguments” for the script can get modified by Windows. The changes can be made under the Actions tab as per the image below:
However, in some but not all cases, when clicking OK to save you may get a popup as below:
Note the text. If you select yes it changes the Program/Script field to C:\Program, and the Argument field to Files\Windows Small Business Server\Bin\WSUSLogCleaner.vbs 30. The entire path needs to be in the Program/Scripts field and only 30 in the argument. It seems someone in a hurry clicked yes, as one would assume when approving changes, and did not double check after the fact. It seems the popup only occurs if there are no existing quotes around “C:\Program,Files\Windows Small Business Server\Bin\WSUSLogCleaner.vbs” in the Program/Scripts field.
I just installed “Security Update for Windows Services 3.0 x 64 KB2596911” on a clients SBS 2008 server, as 1 of 6 updates, only to have it fail. Upon reboot neither Sharepoint website or the WSUS console were functioning. In addition the Application Event Log was full of Event ID 5084, Source MSSQL$MICROSOFT##SSEE informational events. A quick Google showed many folk have encountered similar issues, for example:
In my case after the reboot I was able to resolve by downloading the single update from the link below, right clicking and choosing run as administrator, and wait, and wait, and wait! Be patient, the update though small took about 45 minutes to complete but it was successful, and all services restarted. Though it did not prompt for a reboot I felt it was best to do so and everything still functioned properly.
For the record, there is no mention of it in the KB article, but during the install it advises that you need volume licensing to use the update. I choose to accept the notification and continue, working on the assumption the licensing referred to the base product. In my case this was being installed on Small Business Server where Sharepoint is an integrated component.
This may not be a solution in all cases, but it was a simple, though tedious, repair for this server.
There have been numerous problems reported after installing Microsoft update KB2720211
- WSUS server stops synchronizing with Microsoft Update
- Website Verifications are not accurate
- WSUS server stops working and also fails to reinstall
- Errors in errorlog for Windows internal database
- Some have reported backups fail to run on SBS
Should any of these be plaguing your systems Microsoft just released a TechNet Blog article addressing these issues which may be of some help:
If interested in reading about end user reports, currently the key links to follow are:
Google/Bing KB2720211 to locate more.