question

IvanildoGalvo-8865 avatar image
0 Votes"
IvanildoGalvo-8865 asked RitaHu-MSFT edited

Network workstations fail to communicate with WSUS.

Guys, greetings to everyone.

I set up a WSUS and created a GPO correctly, so that network stations can get updates through it.
But the stations insist on getting updates on Windows Update on the internet, if I block this access on the firewall, they fail the updates, as if they can't connect to the update source, which is WSUS, but on the WSUS console, I see the stations and all the updates they've got.

Any idea how to solve this?
We need all stations to download updates only on WSUS, not on the internet.

windows-server-update-services
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

Sounds like dual scan going on
https://www.ajtek.ca/wsus/dual-scan-making-sense-of-why-so-many-admins-have-issues/

Also, see:
https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

as it has a bunch of troubleshooting steps under the client side script.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image
0 Votes"
RitaHu-MSFT answered RitaHu-MSFT edited

Hi IvanildoGalvo-8865,

Thanks for your posting on this forum.

Perhaps we could try to check the default AU Service as the below script. Open the PowerShell as an administrator and then post the below script on the clients: 

 $MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager" 
     
 $MUSM.Services | select Name, IsDefaultAUService

Please share with us the result. We could try to apply the below policy on the clients to prevent the clients getting updates from the Internet if the default AU Service is not WSUS/SCCM.

Please apply the Do not allow update deferral policies to cause scans against Windows Update policy.
Reference picture:
69354-2.png

Hope the above will be helpful. Please feel free to post on this forum if there are any confuse or questions.

Regards,
Rita

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


2.png (31.1 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.