WSUS 3.0 problem partially fixed…Hmm

To make sure an upgrade works I install it first at home. I remain a little suspicious until I see that everything is working. As a test I release an unimportant patch to make sure WSUS still works. After a day I noticed that the patch had not been applied. A little checking showed me that none of my computers had checked in. That’s not good. A little more checking with the client diagnostic utility confirmed that the clients were talking but the server was responding with an error message. My setup under WSUS 2.0 used port 8531 for https and port 8530 for http. I switched the GPO to tell the clients to use the non-ssl port 8530 instead of 8531 and the clients could communicate with the WSUS server. Using 8530 is a temporary solution but I think I have the problem narrowed down. Hopefully this will be the only problem I have with WSUS 3.0.

WSUS 3.0 and ISA 2004 SP3 Updates

Windows Server Update Services(WSUS)

I was feeling a little adventurous yesterday and decided to update the Windows Server Update Services(WSUS). This package is a great tool for managing and tracking the updates to windows computers in a small business server environment. There are other products that may do a little better job but you cannot beat the price(Free). My version of WSUS was working okay but the console had always been very slow and occasionally I yearned for a little custom reporting. I could read between the lines, too. Microsoft really wants us to upgrade to 3.0 so you better be ready soon! I opted to get it done when it fit in my schedule. I cannot really complain about the slowness since I am running it on a server with less than the recommended CPU power. Before I could upgrade I had to install two packages:

  1. Microsoft .Net Framework Version 2.0
  2. Microsoft Report Viewer 2005 SP1

Although my version of WSUS had been migrated over to SQL Server, I did not need to alter the registry as indicated in the README file. With all of the prerequisites in place, I invoked the upgrade. The inplace upgrade took a long time but it completed without error. That is always a good sign. The only part of the upgrade I had not paid attention to was that the new console had completely replaced the old web-based console. The old console was no longer available. The good news is that I could run the upgrade on my workstation and I could install the new console as long as I had met the prerequisites(i.e. .Net 2.0 and Report Viewer 2005). After looking it was finished I went back to see what it had left behind. The SUSDB was gone. I did find a new SQL Server instance called “Microsoft ##SSEE” that was visible in Server Management console. It probably is a SQL Server 2005 Express database since it wants the SQL Server Management Studio to manage it.

Internet Security and Acceleration Server 2004 SP3

This service pack was released today, 5/1/2007. I did not see any advance warning in the mailing lists. Since I started updating the server yesterday and it was still in good condition for more updates, I went ahead and applied this one. This one installed without problems. I will add a new server configuration report for my records.
[tags]sbs, isa 2004, wsus[/tags]

WSUS and MBSA

I think it was last week when I made the changes to the WSUS configuration so that the clients would use SSL. Everything kind of worked but I was not happy. Today I finally got everything to work as expected. The first annoyance was to enable “Display mixed content” for Intranet sites so that I would stop seeing the popup everytime I went into WSUSAdmin using https. The next configuration change was more subtle. I could not go into WSUSAdmin with a fully qualified domain name when I cranked up the browser on my server. I would get a 502 error complaining about https traffic should be on 443. I think this same problem kept MBSA from downloading the latest updates file since it was probably using port 8531, too. The problem was probably related to my IE proxy setup. I had set this manually when I installed the server. Since then I had successfully verified that my automatic configuration with wpad.dat was working. So I set the IE LAN Setting to automatically detect the settings. I can now go into WSUSAdmin. MBSA works correctly, too! At least for me I found that if I can go into WSUSAdmin via https on port 8531 I have the WSUS client set up correctly. I still need to work on distributing the certificate to new clients.

I had been monitoring WSUS ever since Office 2K3 SP2 was released. I was looking for it to appear as a package needing approval. I did find it today but it had been disapproved. I wonder how that happened? Hmm!

This whole episode started off this morning when I noticed that my PC had rebooted. I forgot that I had set it up to automatically install critical updates at 3 AM. I did confirm that I configured WSUS to automatically approve critical updates.