here is a tip for getting more views, i think you should name the time for each part your are doing for example your are creating an OU then put the time from 1:00 to 1:40 and when people search on google how to create an OU your video will pop up first. anyways, love your work. thank you
Dude, your videos are soooo great! It's helped me a lot, to install a complete W2019 server in my work. I would like to leave a suggestion: How to prepare and customize a default Windows 10 user profile and deploy it. Thanks you sooo much and greetings from Brazil!
Hello MSFT Webcast I always watch your but never really left a message. You are amazing and your videos do help many people. Keep up the good work God Bless
Thanks for the video. Can i please ask why did you manually check updates from the member server? Shouldn't the group policy take care of updating that server?
Sometime computers will take little time in production environment. You can use batch file with wuauclt /detectnow and wuauclt /reportnow command using group policy.
Yes one reason a separate database server is recommended is because SQL server has a tendancy to occupy 100% physical memory and can grind a server to a hault. They say SQL server is designed to yield memory to other applications on demand but this has not been my experience. This means when the database is crunching WSUS can cease to function which you do not want when running patches.
What could be the reason that your computer didn't show up under "Computers"? Since you can't manually use wuauclt /detectnow on every single computer on a production environment, it would be helpful to know. Is it because it takes a while to detect the devices?
Hey boss trying to setup in 2022 and getting an error? nvm found the answer you have to start the IIS web server, also need to open services and start the WSUS service.
I have chosen to try to deploy updates to Windows 10 Pro N, but for some reason it does find any updates for it. I have only selected windows 10 for products. The firewall is not the issue. Do I need to select a different product? I have even tried updating my server. The windows 10 machine also has never been updated.
Might be update is not needed by the windows 10 client. Make sure that that you will select proper product to get the list of updates. You can also check from the KB number of the update for the more information.
@@MSFTWebCast Thanks a lot for the help, but what client would Pro N be? I only selected the flat windows 10. Most likely it is was updated already though when I started my VM
Do the weekly choices in the Configure Automatic Updates policy depends on the WSUS, if it's installed or not? Because I've some domains win srvm 2016 where there are not present these options.
Hi there, thank you very much for the great video. I wanted to know if it is possible for the update to automatically download and install on the member server. I noticed that you had to go to the member server and refresh in order to install. Is there a way to automate that process. Because it will be difficult to do if you have 15 server and have to log into everyone of them
WSUS updates will be automatically installed on clients or server based on the group policy settings which you have configured in the GPO for WSUS. I have manually checked and installed the update to demonstrate that it is working.
@@MSFTWebCast great sir should we used option 4 for automate the download and install update? actually in a lab of 200 pcs its so much time consuming to go on each pc and click on update
@@zubair5244 You can do that. Keep in mind that you also need to specify the schedule for that. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM.
hi thanks for the video i have configured wsus but when i check from update from the client machine its not updating and giving error it tries to update but fails ASAP the error states there were some problems installing updates ....(0x8024401c)
Hi, thanks for the video. I need your help. In my production environment I want to use wsus server only for my servers (40 servers) . 1. How do you think I should group the servers on wsus? I was thinking of grouping by OS.. CRITICAL SERVERS, server 2012, server 2016, server 2019.. Or is there a better way you would revommend? 2. I will create the OU in AD according to the groups listed above and use client side targeting. How would you recommend auto updates to be configured? I was thinking download but let me choose to install for the critical servers, but what about the other groups? If you could tell me the way you do it in your production environment that will be great. Thank you
Hello, thank you for the video. It was great and well explained. I just have some questions. How come you did not install the WSUS on the domain controller? If you were asked to install a WSUS for a company, on which server (DC or member) would you install it? And why that specific server?
You can install it on Domain Controller but it's not ideal according to Microsoft. In Small environment you can go with it. For more information you can read this MS Article: social.technet.microsoft.com/wiki/contents/articles/4236.guidance-about-wsus-on-a-domain-controller.aspx
Generally, its better to install a new (virtual) server for each role. I have seen environments were WSUS + DC + DHCP and even a file server go together. So if you need to update that server or need to migrate. Now you need to take care of ALL those things pretty much at the same time. Its a rookie sysadmin mistake.
i have a question, why is it that my configured wsus will have an error everytime i choose Approval: unapproved status : any (the error is " reset server node)???
1. Reduce the number of approved updates or 2. Increase WSUSPool's private memory limit and decrease regular time interval. For that search for: how to fix WSUSPool in IIS stops repeatedly.
Is setting Automatic Update to 1 hour wise considering that Microsoft has put out updates in the past that have broken Windows and Windows Server? Shouldn't there be at least a 48 or 72 hour period between auto updates in case the news the next day warns of a broken Microsoft patch?
This is update detection from the client side, not installation. If you use Windows Defender on the managed machines you may need separate policies for definition updates for it as those you typically want to install ASAP (aside from Crowdstrike lol)
Today I have approved from wsus November updates to be installed but as i can see those updates were automaticly installed 22.11.2022 - so my WSUS is not controlling updates in my organization >? How i can chect it and make a correction ?
I do have one question: let's assume in a computer group ( group inside WSUS) there are 2 different type of OS i.e. server 2016 and 2019. Then you have a KB#123. But actually there are 2 types of Kb with same name one for 2016 and other for 2019. If I approve the one for 2016 will be deployed even in the other server ( 2019 in this example) or then os is smart enough to prevent from update an update that is not for that Target OS?
It is best practice to create computer group of same operating system. If you have different OS then it will be more difficult to apply updates from WSUS. If update is not applicable then definitely OS will skip the update. In short OS is sometime behave smartly.
Hi i was synchronizing like in 14:19 but then my network down and the first synchronization succeded but the next sync failed. can i still proceed with the next steps?
Sir I have 10 clients in my domain with win 10 OS and I want to update win patches and antivirus patches update trough server2019 but offline because we have not authorised to use internet my dc is 2019 server can I configured wsus in same machine or different machine In past we download the antivirus patches from different machine then update the client machine one by one
sir, I have 4 labs and total 200 pcs is there any way to add all 200 pcs at once into wsus computer section ? or i need to run command one by one on all 200 pcs please reply
Those computer will report automatically to WSUS server, in video I need to show you the result quickly so I had to do to that. If computer does not report to WSUS and dont appear in WSUS console, you can use .bat file script to force them.
@@MSFTWebCast sir in my vm environment pc was not added after 5 or 6th attempt i also tried after restart but on the next day after restarting vm it got added thats why i am a little confused in detection for 200 pcs
Here ur using 2 member servers...we r confused. U said we r using only one member server that is SRO1...and ur installing wsus services into another member server I.e ..wsus
Yes, you can but it is not recommended. It is little bit risky if WSUS crash it may affect the AD services and performance issue will be also there. If you have small network then you can go with it.
i have configured the WSUS but when i am starting from tools it is sayin local server not able to start .i.e locally hosted server requires additional information i choose default directory i.e D:\wsus-store but is gets an error unable to complete post deployment
You will find logs about the errors in Server manager. Go to IIS section in server manager and check for logs related path information. You can also check the status of WSUS related services like IIS, BITS etc. Try to restart them.
Is WSUS service just installed? I mean did you completed post-installation? If you have just installed then remove the WSUS server role and re-install again. During service removal it will ask for restart, so planned accordingly.
Since this is a test lab created in oracle virtualbox, the VM are directly connect to my local router. All the VMs are configured with bridge adapter type.
I am not able to connect my client computers, even I have applied the group policy settings. it is showing the error like " your WSUS server currently shows that no computers are registered to receive updates". Please help me to solve the issue. Thanks in advance.
Clients will take some time to report to WSUS server. You can force then by using command wuauclt /reportnow and wuauclt /detectnow commands. You can create a .bat file and run it on client computers.
Hi everyone, Just wanted to say if you get an error on server 2012r2 saying 'a HTTP error occurred' update the server as that worked for me and many other people
Helped me a ton for a school assignment, thanks a lot!
Thanks it's also working in Oct 2023
A great tutorial. I appreciate your time and effort!
Thank You.
This is awesome I love your methodology and explanation. You are a fantastic educator.
Glad you think so!
Great video! Thanks for your service to the community 👏
Thank You very much, your videos are good reference material!! greetins from CUBA.
here is a tip for getting more views, i think you should name the time for each part your are doing for example your are creating an OU then put the time from 1:00 to 1:40 and when people search on google how to create an OU your video will pop up first.
anyways, love your work. thank you
Thank You for the bro tip. Will do the same.
Very well explained! helped me a lot! thank you.
thank you so much, my friend. Greetings from caracas venezuela.
Really good tutorial, thank you for taking the time to record this.
Glad it was helpful!
Dude, your videos are soooo great!
It's helped me a lot, to install a complete W2019 server in my work.
I would like to leave a suggestion: How to prepare and customize a default Windows 10 user profile and deploy it.
Thanks you sooo much and greetings from Brazil!
Great vid, helped alot
Hello thank you, my class loves you
That's awesome! Thank you too..
Hello MSFT Webcast
I always watch your but never really left a message.
You are amazing and your videos do help many people.
Keep up the good work
God Bless
Wow, thank you. Really appreciate the message. Surely videos will keep coming.
Good Video. Very clear and helpful
Glad you liked it
Thank you very much for helping configure my WSUS. Your explanations was very clear !
Glad it helped!
Thanks for the video. Can i please ask why did you manually check updates from the member server? Shouldn't the group policy take care of updating that server?
Awesome tutorial. SO much easier than the MS Documentation. I have one issue. Can not seem to get my computers to show up
Any suggestions
Sometime computers will take little time in production environment. You can use batch file with wuauclt /detectnow and wuauclt /reportnow command using group policy.
Excellent video. In real world would you recommend to install WSUS on member server and database on another SQL server?
Yes, if you have large network. It will be recommended to use SQL to store updates. This kind of setup work well for small size environment.
Yes one reason a separate database server is recommended is because SQL server has a tendancy to occupy 100% physical memory and can grind a server to a hault. They say SQL server is designed to yield memory to other applications on demand but this has not been my experience. This means when the database is crunching WSUS can cease to function which you do not want when running patches.
Thank you , strainght to the point .
Nice explanation
Nice film
What could be the reason that your computer didn't show up under "Computers"? Since you can't manually use wuauclt /detectnow on every single computer on a production environment, it would be helpful to know. Is it because it takes a while to detect the devices?
Deploy the startup script to run wuauclt /detectnow and wuauclt /reportnow to computers using group policy.
Hey, in which network configuration are your servers working in?
What updates must I choose (only valid updates)?
This is a beautiful demonstration. Thanks for sharing :-)
@Conner Izaiah scam lol
Solid video, thanks for the tutorial.
Thank you! your video's helps me a lot!
Hey boss trying to setup in 2022 and getting an error? nvm found the answer you have to start the IIS web server, also need to open services and start the WSUS service.
thanks my friend, i appreciate your information and help!
Glad to help!
I had some troubles with your English BUT THANKS FOR YOUR GREAT TUTORIAL
Sorry for the first part and thank you for the second part...
Thanks, very helpful Video, God Bless you ...
Hi, Nice demo, Is that the Windows client pc or server...one we have server 2019 and another we have client pc right?
I have used dedicated member server for WSUS. One Domain Controller, One Member Server and for testing one More Server VM.
@@MSFTWebCast so it means u have used 3 servers . one WSUS and 2nd Domain Controller and 3rd member server.
@@mannu509 Yes. But instead of using Server VM, you can use client VM.
I have chosen to try to deploy updates to Windows 10 Pro N, but for some reason it does find any updates for it. I have only selected windows 10 for products. The firewall is not the issue. Do I need to select a different product? I have even tried updating my server. The windows 10 machine also has never been updated.
Might be update is not needed by the windows 10 client. Make sure that that you will select proper product to get the list of updates. You can also check from the KB number of the update for the more information.
@@MSFTWebCast Thanks a lot for the help, but what client would Pro N be? I only selected the flat windows 10. Most likely it is was updated already though when I started my VM
Do the weekly choices in the Configure Automatic Updates policy depends on the WSUS, if it's installed or not?
Because I've some domains win srvm 2016 where there are not present these options.
Excellent Video, very well explained keep the good work up
Thanks a lot!
Hi there, thank you very much for the great video. I wanted to know if it is possible for the update to automatically download and install on the member server. I noticed that you had to go to the member server and refresh in order to install. Is there a way to automate that process. Because it will be difficult to do if you have 15 server and have to log into everyone of them
WSUS updates will be automatically installed on clients or server based on the group policy settings which you have configured in the GPO for WSUS. I have manually checked and installed the update to demonstrate that it is working.
@@MSFTWebCast great sir
should we used option 4 for automate the download and install update?
actually in a lab of 200 pcs its so much time consuming to go on each pc and click on update
@@zubair5244 You can do that. Keep in mind that you also need to specify the schedule for that. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM.
hi thanks for the video i have configured wsus but when i check from update from the client machine its not updating and giving error it tries to update but fails ASAP the error states there were some problems installing updates ....(0x8024401c)
Hi, thanks for the video. I need your help.
In my production environment I want to use wsus server only for my servers (40 servers) .
1. How do you think I should group the servers on wsus? I was thinking of grouping by OS.. CRITICAL SERVERS, server 2012, server 2016, server 2019.. Or is there a better way you would revommend?
2. I will create the OU in AD according to the groups listed above and use client side targeting. How would you recommend auto updates to be configured? I was thinking download but let me choose to install for the critical servers, but what about the other groups?
If you could tell me the way you do it in your production environment that will be great. Thank you
I think you should create an OU for each OS to approve updates easily
Hello, thank you for the video. It was great and well explained. I just have some questions. How come you did not install the WSUS on the domain controller? If you were asked to install a WSUS for a company, on which server (DC or member) would you install it? And why that specific server?
You can install it on Domain Controller but it's not ideal according to Microsoft. In Small environment you can go with it. For more information you can read this MS Article: social.technet.microsoft.com/wiki/contents/articles/4236.guidance-about-wsus-on-a-domain-controller.aspx
Generally, its better to install a new (virtual) server for each role. I have seen environments were WSUS + DC + DHCP and even a file server go together. So if you need to update that server or need to migrate. Now you need to take care of ALL those things pretty much at the same time. Its a rookie sysadmin mistake.
You rock! Good job thank you!
Thank you
Thank you! Good work!
Thank you too!
Can you provide cleanup procedure for WSUS Server 2022. I have assign 300 GB for WSUS download Destination drive, but it is full with in 2 days.
does this tutorial includes configuration for downstream to receive updates?
Partially. You can see those options with explanation but this is not the configuration for downstream WSUS server.
i have a question, why is it that my configured wsus will have an error everytime i choose Approval: unapproved status : any (the error is " reset server node)???
1. Reduce the number of approved updates or 2. Increase WSUSPool's private memory limit and decrease regular time interval. For that search for: how to fix WSUSPool in IIS stops repeatedly.
to use wsus do we need to join our client instances to domain?
You can setup windows update group policy on workgroup server or client and then specify the path to your local wsus server to get windows updates.
Is setting Automatic Update to 1 hour wise considering that Microsoft has put out updates in the past that have broken Windows and Windows Server? Shouldn't there be at least a 48 or 72 hour period between auto updates in case the news the next day warns of a broken Microsoft patch?
This is update detection from the client side, not installation. If you use Windows Defender on the managed machines you may need separate policies for definition updates for it as those you typically want to install ASAP (aside from Crowdstrike lol)
Today I have approved from wsus November updates to be installed but as i can see those updates were automaticly installed 22.11.2022 - so my WSUS is not controlling updates in my organization >? How i can chect it and make a correction ?
Great work
I do have one question: let's assume in a computer group ( group inside WSUS) there are 2 different type of OS i.e. server 2016 and 2019. Then you have a KB#123. But actually there are 2 types of Kb with same name one for 2016 and other for 2019. If I approve the one for 2016 will be deployed even in the other server ( 2019 in this example) or then os is smart enough to prevent from update an update that is not for that Target OS?
It is best practice to create computer group of same operating system. If you have different OS then it will be more difficult to apply updates from WSUS. If update is not applicable then definitely OS will skip the update. In short OS is sometime behave smartly.
beautiful
Thank you! 😊
Good video
Thanks for the visit.
thanks
Hi i was synchronizing like in 14:19 but then my network down and the first synchronization succeded but the next sync failed. can i still proceed with the next steps?
You can find those option in WSUS management console and click on "Options".
How they will do in production environment for 1000 servers
Shared Good information Sir if have PDF document this one?
Sir I have 10 clients in my domain with win 10 OS and I want to update win patches and antivirus patches update trough server2019 but offline because we have not authorised to use internet my dc is 2019 server can I configured wsus in same machine or different machine
In past we download the antivirus patches from different machine then update the client machine one by one
Great
i have download stuck on 0% on clients, but they see updates and they are downloaded on wsus from ms
sir, I have 4 labs and total 200 pcs is there any way to add all 200 pcs at once into wsus computer section ? or i need to run command one by one on all 200 pcs
please reply
Those computer will report automatically to WSUS server, in video I need to show you the result quickly so I had to do to that. If computer does not report to WSUS and dont appear in WSUS console, you can use .bat file script to force them.
@@MSFTWebCast sir in my vm environment pc was not added after 5 or 6th attempt i also tried after restart but on the next day after restarting vm it got added
thats why i am a little confused in detection for 200 pcs
@@zubair5244 It will be added automatically. Sometime it will take day or two but will be added for sure.
Thanks, subscribing for more
Thanks for the sub!
Here ur using 2 member servers...we r confused. U said we r using only one member server that is SRO1...and ur installing wsus services into another member server I.e ..wsus
Can we configured offline
i followed all these steps but when you are using sample that you have imported the program just bugs up.
Can you tell me the time stamp which you are referring?
Can i install wsus on my domain controller?
Yes, you can but it is not recommended. It is little bit risky if WSUS crash it may affect the AD services and performance issue will be also there. If you have small network then you can go with it.
i have configured the WSUS but when i am starting from tools it is sayin local server not able to start .i.e locally hosted server requires additional information
i choose default directory i.e D:\wsus-store but is gets an error
unable to complete post deployment
You will find logs about the errors in Server manager. Go to IIS section in server manager and check for logs related path information. You can also check the status of WSUS related services like IIS, BITS etc. Try to restart them.
@@MSFTWebCast I am not able to see any site added in the sites list .only default site is there
Is WSUS service just installed? I mean did you completed post-installation? If you have just installed then remove the WSUS server role and re-install again. During service removal it will ask for restart, so planned accordingly.
how did you connect the server to internet
Since this is a test lab created in oracle virtualbox, the VM are directly connect to my local router. All the VMs are configured with bridge adapter type.
I am not able to connect my client computers, even I have applied the group policy settings.
it is showing the error like " your WSUS server currently shows that no computers are registered to receive updates".
Please help me to solve the issue.
Thanks in advance.
Clients will take some time to report to WSUS server. You can force then by using command wuauclt /reportnow and wuauclt /detectnow commands. You can create a .bat file and run it on client computers.
my work station are not showing up
same
while trying to configure wsus, i am getting a message like An Http error occured.. Please help me
Hi everyone,
Just wanted to say if you get an error on server 2012r2 saying 'a HTTP error occurred' update the server as that worked for me and many other people
hello i got the same error can u please tell me what to do here as i am using windows server 2019
You should also provide information in Hindi
Planning for that.
Murphy Mall
A lot of things are missing here in this video
You can mention those things here, so I can include those details in next videos.
was so happy to find guide.... then indian english .. :-(
Bechtelar Cliffs
Wilson William Walker Deborah Brown Laura
hi
Hello.
so confusing
At what point, you feel confusing?
What the fuck is group policy for if it isnt installed? Why is that needed?
your voice is really funny ... hahahahaha