Discussion:
WSUS server HDD crashed
(too old to reply)
Special Access
2010-06-23 21:37:31 UTC
Permalink
WSUS 3.0 SP1
The primary 'closed network' (no direct internet access) WSUS server
had a HDD crash today. The drive is lost, the server will have to be
rebuilt. The main question here is what will happen to the computers
presently talking (or trying to) the WSUS once the new server comes
online? Will each have to have a 'resetauthorization' done and will
this also cause each computer to revisit each KB that has been
approved?

WSUS 3.0 SP2
Our second 'closed network' server (not a replica of the broken one)
gave us a report today that shows a KB article approved for
installation. There is a computer listed as "needing" the patch, the
patch approval is set to "install", but the status is reporting "Not
Installed". This computer is in a group that GPO is set to download
but not install automatically. When we went to the computer and did a
/detectnow, the log file showed 0 updates detected.

Thanks for pointers, direct info... anything at this point (smile)

Mike
Dave Warren
2010-06-23 23:42:55 UTC
Permalink
Post by Special Access
WSUS 3.0 SP1
I can help with this one, anyway...
Post by Special Access
The primary 'closed network' (no direct internet access) WSUS server
had a HDD crash today. The drive is lost, the server will have to be
rebuilt. The main question here is what will happen to the computers
presently talking (or trying to) the WSUS once the new server comes
online? Will each have to have a 'resetauthorization' done and will
this also cause each computer to revisit each KB that has been
approved?
The short answer is that you don't have to do a resetauthorization or
anything else, just bring up the new WSUS server with the same name (or
update the GPO or however you push settings)

The clients will automatically register with the new server
automatically.

Updates that are already installed will stay in the "Not needed"
category, you won't see massive reinstalls of existing patches or
anything else out of the ordinary.

The only thing I would suggest, re-image or re-install one of your test
machines and let it sync up with the new WSUS server so that you can
ensure that any and all needed patches are available, to avoid the
situation where you image a machine in a few months and it doesn't get
patches that all your other machines got before the WSUS explosion.
Special Access
2010-06-24 23:37:02 UTC
Permalink
On Wed, 23 Jun 2010 16:42:55 -0700, Dave Warren
Post by Dave Warren
Post by Special Access
WSUS 3.0 SP1
I can help with this one, anyway...
Thanks for the reply
<snip>

the fact that the current clients will automatically reconnect to the
server a welcome note to the concerns. Although we had under 400
servers, we also don't have a lot of manpower available so it would've
been difficult and time consuming... or scripted heheh
Post by Dave Warren
Updates that are already installed will stay in the "Not needed"
category, you won't see massive reinstalls of existing patches or
anything else out of the ordinary.
Exactly how did this work out? I figure each computer knows if it
needs an update or not... and how would WSUS do this without a
complete rescan or re-detect on the client? Maybe I need to find some
more detailed info on how this actually works to help figure this one
out.
Post by Dave Warren
The only thing I would suggest, re-image or re-install one of your test
machines and let it sync up with the new WSUS server so that you can
ensure that any and all needed patches are available, to avoid the
situation where you image a machine in a few months and it doesn't get
patches that all your other machines got before the WSUS explosion.
We always have VMs that are "OOBE" we can test with. it's just fun
watching someone logon and see "there are 56 updates ready for
installation... click here"
Dave Warren
2010-06-25 00:26:49 UTC
Permalink
Post by Special Access
On Wed, 23 Jun 2010 16:42:55 -0700, Dave Warren
Post by Dave Warren
Updates that are already installed will stay in the "Not needed"
category, you won't see massive reinstalls of existing patches or
anything else out of the ordinary.
Exactly how did this work out? I figure each computer knows if it
needs an update or not... and how would WSUS do this without a
complete rescan or re-detect on the client? Maybe I need to find some
more detailed info on how this actually works to help figure this one
out.
As I understand it, WSUS doesn't actually care what updates have been
applied in the past, the detection logic runs every time the client
checks for updates.
Post by Special Access
Post by Dave Warren
The only thing I would suggest, re-image or re-install one of your test
machines and let it sync up with the new WSUS server so that you can
ensure that any and all needed patches are available, to avoid the
situation where you image a machine in a few months and it doesn't get
patches that all your other machines got before the WSUS explosion.
We always have VMs that are "OOBE" we can test with. it's just fun
watching someone logon and see "there are 56 updates ready for
installation... click here"
Fun is one word for it :)

Loading...