Release Notes for Microsoft Windows Server Update Services 3.0 SP1

Applies To: Windows Server 2008, Windows Server Update Services

These release notes describe known issues affecting Microsoft® Windows® Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1) and include recommendations and requirements for installing the application. These notes contain the following sections:

• System requirements for WSUS 3.0 SP1 server installation

• Configuration requirements for WSUS 3.0 SP1 server installation

• System requirements for WSUS 3.0 SP1 remote console installation

• System requirements for client installation

• Software requirements for WSUS SP1 server installation

• Minimum disk-space requirements for WSUS 3.0 SP1 server installation

• WSUS 3.0 SP1 upgrade requirements

• Setup command-line parameters

• Setup issues

• Upgrade issues

• Known issues

• WSUS 3.0 SP1 on Windows Server® 2008

• WSUS 3.0 SP1 on Windows Small Business Server 2003

System requirements for WSUS 3.0 SP1 server installation

Supported operating systems

• Windows Server 2008

• Windows Server 2003 Service Pack 1 or later

WSUS 3.0 Server software prerequisites

• Windows Server 2008

• Windows Server 2003 SP1 or later

• IIS 6.0 or later

• Microsoft .NET Framework 2.0

• Microsoft Management Console 3.0

• Microsoft Report Viewer

• SQL Server 2008 Express, Standard, or Enterprise; or SQL Server 2005 SP1

  Note that SQL Server is optional. If a supported version of SQL Server is not installed, WSUS 3.0 SP1 will install Windows Internal Database.

WSUS 3.0 Administration Console software prerequisites

• Additional Supported Operating Systems: Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 or later

• Microsoft .NET Framework 2.0

• Microsoft Management Console 3.0

• Microsoft Report Viewer

WSUS 3.0 SP1 server is supported on Windows Server 2008 and Windows Server 2003 Service Pack 1

The WSUS 3.0 SP1 server is supported on Windows Server 2008 and Windows Server 2003 Service Pack 1.

Windows 2000 Server is not supported for WSUS 3.0 SP1 servers

Microsoft Windows 2000 Server is not a supported operating system for WSUS 3.0 SP1 servers.

WSUS 3.0 SP1 is not supported on servers running Terminal Services

Although WSUS 3.0 SP1 may still run on servers running Terminal Services, doing so is not supported or recommended. WSUS 3.0 SP1 will not run on a server running Terminal Services in configurations using remote SQL Server implementations. Because all remote custom actions (including installation) on a Terminal Services license server will be run as the system account, and the server's system account may not have permissions on the remote SQL Server, the installation may fail.

Configuration requirements for WSUS 3.0 SP1 server installation

IIS must be installed

WSUS 3.0 SP1 requires Internet Information Services (IIS), which is not installed by default on Windows Server 2008 or Windows Server 2003. If you attempt to install WSUS 3.0 SP1 without IIS, Windows Server Update Services Setup displays an error message saying that IIS is not installed.

If IIS is running in IIS 5.0 isolation mode, installation will fail

If you have upgraded the server from Windows 2000 Server to Windows Server 2003, IIS may be running in IIS 5.0 compatibility mode. It is also possible to enable IIS 5.0 isolation mode in IIS Manager. This will cause installation to fail. You will need to disable IIS 5.0 isolation mode before installing WSUS 3.0 SP1.

If any IIS component is installed in 32-bit compatibility mode on a 64-bit platform, the WSUS 3.0 SP1 installation may fail

All IIS components should be installed in native mode on 64-bit platforms. The installation may fail if any IIS component is in 32-bit compatibility mode.

Proxy servers may support HTTP only, or HTTP and HTTPS

In WSUS 3.0 SP1 it is possible for a proxy server to support HTTP only. You should configure a second proxy server that runs HTTPS by means of the command-line (wsusutil configuresslproxy) before configuring the WSUS server from the Configuration Wizard or the Administration console.

If two or more Web sites are already running on port 80, delete all but one of them before installing WSUS

If you have two or more Web sites running on port 80 (for example Windows® SharePoint® Services), you should delete all but one of them before installing WSUS. If you do not do this, your server’s clients may fail to self-update.

When installing WSUS 3.0 SP1, you may need to disable antivirus programs

When you install WSUS 3.0 SP1, you may need to disable antivirus programs before you can successfully perform the installation. After you disable the antivirus program, restart the computer before installing WSUS. Restarting the computer prevents files from being locked when the installation process needs to access them. After the installation is complete, be sure to re-enable your antivirus program. Visit your antivirus program vendor’s Web site for the exact steps to disable and re-enable your antivirus program and version.

WSUS 3.0 SP1 requires the nested triggers option to be turned on in SQL Server

The nested triggers option is turned on by default; however, it can be turned off by a SQL Server administrator.

If you plan to use a SQL Server database as the Windows Server Update Services data store, the SQL Server administrator should verify that the nested triggers option on the server is turned on before the WSUS 3.0 SP1 administrator installs WSUS 3.0 SP1 and specifies the database during setup.

WSUS 3.0 SP1 Setup turns on the RECURSIVE_TRIGGERS option, which is a database-specific option; however, it does not turn on the nested triggers option, which is a server global option.

To see if the nested triggers option is on, use the following:

sp_configure 'nested triggers'

To turn on the nested triggers option in SQL Server, run the following from a batch file on the computer running SQL Server:

sp_configure 'nested triggers', 1

GO

RECONFIGURE

GO

If you do not have SQL Server Management Studio on your server, you may want to run SQL scripts from the command line. You can obtain the Microsoft SQL Server 2005 Command Line Query Utility from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=70728). To get started, run sqlcmd.

If you wish to run SQL scripts against Windows Internal Database, you must also download the SQL Server Native Client from the same download page.

Remote SQL limitations and requirements

WSUS 3.0 SP1 offers support for running database software on a computer separate from the computer with the rest of the WSUS 3.0 SP1 application. There are some requirements for configuring a remote SQL installation:

• You cannot use a server configured as a domain controller for the back end of the remote SQL pair.

• You must not be running Terminal Server on the computer that will be the front-end server of a remote SQL installation.

• You must use at least Microsoft SQL Server 2005 Service Pack 1 (available on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=66143) for database software on the back-end computer if that computer is running Windows Server 2003, and SQL Server 2005 Service Pack 2 if the back-end computer is running Windows Server® 2008.

• Both the front-end computer and the back-end computer must be joined to an Active Directory domain; otherwise, if they are in different domains, you must establish cross-domain trust between the domains before running WSUS setup.

• If you already have WSUS 2.0 installed in a remote SQL configuration and wish to upgrade to WSUS 3.0 SP1, you should uninstall WSUS 2.0 (using Add or Remove Programs in Control Panel) on the back-end computer while ensuring that the existing database remains intact. Then you should install SQL Server 2005 SP1 or SP2 and upgrade the existing database. Finally, you should install WSUS 3.0 SP1 on the front-end computer.

System requirements for WSUS 3.0 SP1 remote console installation

The WSUS 3.0 SP1 remote console can be installed on the following platforms:

• Windows Server 2008

• Windows Vista® or later

• Windows Server 2003 SP1 or later

• Windows XP SP2 or later

System requirements for client installation

Automatic Updates is the WSUS client software. It can be used with WSUS on any of the following operating systems:

• Windows Vista or later

• Windows Server 2008 or later

• Windows Server 2003, any edition

• Windows XP Professional SP2 or later

• Microsoft Windows 2000 Professional SP4, Windows 2000 Server SP4, or Windows 2000 Advanced Server with SP4

Software requirements for WSUS 3.0 SP1 server installation

The following table shows required software for Windows Server 2003 SP1 platforms. Required software for Windows Server 2008 will be addressed in the section that deals with WSUS 3.0 SP1 on Windows Server 2008.

Make sure the WSUS 3.0 SP1 server meets this list of requirements before you run WSUS 3.0 SP1 setup. If any of these updates require restarting the computer when installation is completed, you should perform the restart before installing WSUS 3.0 SP1.

Requirement	Details
Microsoft Internet Information Services (IIS)	Install from the operating system.
Microsoft .NET Framework Version 2.0 Redistributable Package	See Microsoft .NET Framework Version 2.0 Redistributable Package (x86) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=68935). For 64-bit platforms, see Microsoft .NET Framework Version 2.0 Redistributable Package (x64) at the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=70637)
Microsoft Management Console 3.0 for Windows Server 2003	This is a prerequisite for using the WSUS 3.0 SP1 user interface. See Microsoft Management Console 3.0 for Windows Server 2003 (KB907265) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=70412). For 64-bit platforms, see Microsoft Management Console 3.0 for Windows Server 2003 x64 Edition (KB907265) at the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=70638).
Microsoft Report Viewer	This is a prerequisite for using the WSUS 3.0 SP1 user interface. See Microsoft Report Viewer Redistributable 2005 on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=70410).
SQL Server 2005 (optional)	WSUS 3.0 SP1 will install Windows Internal Database for you if a compatible version of SQL Server is not installed already. If you plan to use a full SQL Server database, you must use (at a minimum) SQL Server 2005 SP1 (available on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=66143) on Windows Server 2003, or SQL Server 2005 SP2 (available on the Microsoft Download Center at https://go.microsoft.com/fwlink/?LinkId=84823) on Windows Server 2008.

Minimum disk-space requirements for WSUS 3.0 SP1 server installation

The following are the minimum disk-space requirements to install Windows Server Update Services:

• 1 GB on the system partition

• 2 GB for the volume on which database files will be stored

• 20 GB for the volume on which content is stored

WSUS 3.0 SP1 upgrade requirements

Ensure that your WSUS installation is running correctly, and back up the WSUS database before upgrading

If you are upgrading to WSUS 3.0 SP1 from a previous version, ensure that your current installation is running correctly, and back up the WSUS database before upgrading.

1. Check for recent errors in the event logs, problems with synchronization between downstream servers and upstream servers, or problems with clients not reporting. Make sure that these issues have been resolved before continuing.

2. You may want to run DBCC CHECKDB to ensure that the WSUS database is correctly indexed. For more information about DBCC CHECKDB, see DBCC CHECKDB (https://go.microsoft.com/fwlink/?LinkId=86948).

3. Back up the WSUS database.

If you have manually modified the port used by WSUS, uninstall before upgrading

When modifying the port for WSUS, always use the wsusutil utility rather than attempting to modify the port manually. If you manually modified the port, and previously upgraded from Software Update Services 1.0 to WSUS 2.0:

1. If you have not yet installed WSUS 3.0, uninstall WSUS 2.0, keeping the database and content. (If you have already installed WSUS 3.0, uninstall it, keeping the database and content.)

2. Start the Default Web site, temporarily re-enabling SUS 1.0, but making it accessible to the uninstaller.

3. Uninstall SUS 1.0.

4. Install WSUS 3.0.

Software Update Services 1.0 should be uninstalled

The installation of WSUS 3.0 SP1 will fail if Software Update Services 1.0 is installed on the same machine. You should uninstall Software Update Services 1.0 before installing WSUS 3.0 SP1.

It is not possible to upgrade from WSUS 2.0 to WSUS 3.0 SP1 on a 64-bit operating system

WSUS 2.0 is not supported on 64-bit operating systems. It is not possible to upgrade from WSUS 2.0 to WSUS 3.0 SP1 on 64-bit operating systems.

If you have configured WSUS 3.0 for NLB, then you will have to upgrade it for WSUS 3.0 SP1

Network Load Balancing should be upgraded for WSUS 3.0 SP1. For more information about how to upgrade NLB, see Upgrading NLB in Appendix C: Configure WSUS for Network Load Balancing.

Setup command-line parameters

You can perform unattended installations of WSUS 3.0 SP1 using the WSUS command-line setup program. This table shows the command-line parameters for WSUS 3.0 SP1 setup.

Option	Description
/q	Perform silent installation.
/u	Uninstall the product. Also uninstalls the Windows Internal Database instance if it is installed.
/p	Prerequisite check only. Does not install the product, but inspects the system and reports any prerequisites that are missing.
/?, /h	Display command-line parameters and their descriptions.
/g	Upgrade from the previous version of WSUS. (Do not attempt to upgrade from SUS 1.0.) The only valid parameter with this option is /q (silent installation). The only valid property with this option is DEFAULT_WEBSITE.

This table shows the command-line properties for WSUS 3.0 SP1.

Property	Description
CONTENT_LOCAL	0=content hosted locally, 1=host on Microsoft Update
CONTENT_DIR	Path to content directory. Default is WSUSInstallationDrive\WSUS\WSUSContent, where WSUSInstallationDrive is the local drive with the largest amount of free space.
WYUKON_DATA_DIR	Path to Windows Internal Database data directory.
SQLINSTANCE_NAME	The name should appear in the format ServerName\SQLInstanceName. If the database instance is on the local machine, use the %COMPUTERNAME% environment variable. If an existing instance is not present, the default is %COMPUTERNAME%\WSUS.
DEFAULT_WEBSITE	0=port 8530, 1=port 80
PREREQ_CHECK_LOG	Path and file name for log file
CONSOLE_INSTALL	0=install the WSUS server, 1=install console only
ENABLE_INVENTORY	0=do not install inventory features, 1=install inventory features
DELETE_DATABASE	0=retain database, 1=remove database
DELETE_CONTENT	0=retain content files, 1=remove content files
DELETE_LOGS	0=retain log files, 1=remove log files (used with the /u installation switch).
CREATE_DATABASE	0=use current database, 1=create database
PROGRESS_WINDOW_HANDLE	Window handle to return MSI progress messages
MU_ROLLUP	1=join Microsoft Update Improvement Program, 0=do not join Microsoft Update Improvement Program
FRONTEND_SETUP	1=do not write the content location to the database, 0=write the content location to the database (for NLB)

Sample Usage

WSUSSetup.exe /q DEFAULT_WEBSITE=0  (install in quiet mode using port 8530)
WSUSSetup.exe /q /u (uninstall WSUS)

Setup issues

IIS will be restarted during WSUS 3.0 SP1 Setup

WSUS 3.0 SP1 Setup will restart IIS without notification, which could affect existing Web sites within your organization. If IIS is not running, WSUS 3.0 SP1 setup will start it.

If connections are open to an existing WSUS database, the installation may fail

If you are upgrading to WSUS 3.0 SP1 from an existing installation and connections are still open to the existing WSUS database (for example, if SQL Server Management Studio is open), the installation may fail. Please close all connections and reinstall WSUS 3.0 SP1.

WSUS setup shows the wrong directory for database files

In WSUS setup, the Ready to Install screen reports incorrectly that the database location is the parent directory of the database location. For example, the default location is %systemdrive%\WSUS\UpdateServicesDbFiles, but this location appears incorrectly as %systemdrive%\WSUS.

If WSUS is installed on a machine that has Multilingual User Interface language packs with a default language other than English, Help will be displayed in the default language rather than in English

If you have a machine that has Multilingual User Interface language packs with a default language other than English, you will still be able to install WSUS when the current user's locale is English. The UI will be displayed in English, but you must use a workaround to have Help display in English. Copy the English-language Help .chm file (WSUSInstallDir\documentation\mui\0409\WSUS30Help.chm) to the main documentation directory (WSUSInstallDir\documentation\WSUS30Help.chm). At this point Help should display correctly in all languages.

Upgrade issues

Recovering from a failed upgrade

If you are upgrading from a previous version of WSUS (WSUS 3.0, WSUS 2.0 SP1, or WSUS 2.0) to WSUS 3.0 SP1 and the upgrade fails for any reason:

1. Reinstall the previous version of WSUS.

2. Restore the database from the backup that you made before attempting the upgrade. (In most cases, WSUS also automatically creates a backup. See the WSUSSetup.log file for the location.)

3. Review the logs to determine the cause of the failure, and correct the problem.

4. Reattempt to upgrade WSUS.

It is not possible to upgrade from WSUS 2.0 to WSUS 3.0 SP1 if there is a WSUS 3.0 SP1 database from a previous installation

If you have previously installed WSUS 3.0 SP1 and then reinstalled WSUS 2.0, you must delete the WSUS 3.0 SP1 database on the machine before attempting to reinstall WSUS 3.0 SP1.

Changing the computer name prior to upgrading to WSUS 3.0 SP1 can cause the upgrade to fail

If you change the computer name after installing WSUS 2.0 and before you upgrade to WSUS 3.0 SP1, the upgrade can fail.

Use the following script to remove and re-add the ASPNET and WSUS Administrators groups. Then run the upgrade again.

You will need to replace <DBLocation> with the folder where the database is installed, and <ContentDirectory> with the local storage folder.

sqlcmd.exe -S <DBLocation> -E -Q "USE SUSDB DECLARE @asplogin varchar(200) SELECT @asplogin=name from sysusers WHERE name like '%ASPNET' EXEC sp_revokedbaccess @asplogin"
sqlcmd.exe -S <DBLocation> -E -Q "USE SUSDB DECLARE @wsusadminslogin varchar(200) SELECT @wsusadminslogin=name from sysusers WHERE name like '%WSUS Administrators' EXEC sp_revokedbaccess @wsusadminslogin"
 
sqlcmd.exe -S <DBLocation> -E -Q "USE SUSDB DECLARE @asplogin varchar(200) SELECT @asplogin=HOST_NAME()+'\ASPNET' EXEC sp_grantlogin @asplogin EXEC sp_grantdbaccess @asplogin EXEC sp_addrolemember webService,@asplogin"
sqlcmd.exe -S <DBLocation> -E -Q "USE SUSDB DECLARE @wsusadminslogin varchar(200) SELECT @wsusadminslogin=HOST_NAME()+'\WSUS Administrators' EXEC sp_grantlogin @wsusadminslogin EXEC sp_grantdbaccess @wsusadminslogin EXEC sp_addrolemember webService,@wsusadminslogin"
 
sqlcmd.exe -S <DBLocation> -E -Q "backup database SUSDB to disk=N'<ContentDirectory>\SUSDB.Dat' with init"

Setup will overwrite a previous database backup

WSUS 3.0 SP1 setup will add the database to the default directory, which is drive\WSUS (where drive is the local NTFS drive that has the greatest amount of free space). If there is a database backup in this directory, it may be overwritten. Administrators should save a database backup of the current version in a different location before upgrading to WSUS 3.0 SP1.

If you have migrated from MSDE to SQL Server 2000 or SQL Server 2005 on WSUS 2.0, you will need to change a registry value

If you have an installation of WSUS 2.0, and have migrated to SQL Server 2000 or SQL Server 2005, you will need to change the HKLM\SOFTWARE\Microsoft\Update Services\Server\Setup\WmsdeInstalled value from 1 to 0. If you do not do so before upgrading to WSUS 3.0 SP1, the upgrade will fail.

If WSUS 2.0 setup is started and canceled, it will delete the WSUS registry key

If you launch WSUS 2.0 setup and then cancel it, the WSUS registry key will be deleted. This may cause problems if you have WSUS 3.0 SP1 already installed. The same problem will occur if you begin to uninstall WSUS 2.0 and then cancel the operation, then attempt to upgrade from WSUS 2.0 to WSUS 3.0 SP1.

If you uninstall WSUS 3.0 SP1 and leave the log files behind, they may not have the correct permissions after reinstallation

When you uninstall WSUS 3.0 SP1, you have the option of keeping the installation's log files. When you reinstall WSUS 3.0 SP1, the old log files lose their permissions (usually for WSUS Administrators only). You should restore the permissions on these log files.

If WSUS 2.0 clients have updates with "Not Applicable" status, the updates will appear as "Unknown" for a short time after upgrading to WSUS 3.0 SP1

If a WSUS 2.0 server has clients with Not Applicable updates, these updates will appear to have Unknown status for a short time after the server is upgraded to WSUS 3.0 SP1. The update status will return to Not Applicable after the next time the client does a scan.

Known Issues

Troubleshooting multiple download errors or repeated client synchronization failures

If WSUS 3.0 SP1 clients report multiple download errors or if clients fail to synchronize with the WSUS 3.0 SP1 server for an extended period of time, you may have a corrupted client download cache. To recover from this state, you can try deleting the client download cache from the file system.

To delete the client download cache:

1. Delete all files and subdirectories in this location on the client computer: %windir%\SoftwareDistribution\Download

2. Attempt to install the update by synchronizing the client computer with WSUS 3.0 SP1 again. This installation attempt should fail with the following error: WU_E_DM_NOTDOWNLOADED, "The update has not been downloaded."

3. After this failure, the client computer will automatically restart the download and the installation will be able to proceed.

If synchronization fails, retry synchronization

If synchronization fails, your first course of troubleshooting action should be to try to synchronize the server again. If subsequent synchronizations fail, use the troubleshooting information in the Windows Server Update Services 3.0 Operations Guide (https://go.microsoft.com/fwlink/?LinkId=81072).

Changing the WSUS 3.0 SP1 configuration directly in the database is not supported

Windows Server Update Services stores its configuration data in a SQL Server database. However, changing the configuration data by accessing the database directly is not supported. Do not attempt to modify the WSUS 3.0 SP1 configuration by accessing the database directly. You should change the WSUS 3.0 SP1 configuration using the WSUS 3.0 SP1 console or calling WSUS 3.0 SP1 APIs.

Download failures are not reported quickly if disk quotas are turned on

If disk quotas are turned on and the quota is reached, update download failures on the WSUS server may not be reported in a timely manner. To avoid this issue, disable disk quotas or increase the quota.

If WSUS 3.0 SP1 is deployed using SSL, client computers may fail with a 0x8024400a error code

Client computers can sometimes fail with a 0x8024400a error code when communicating with a WSUS 3.0 SP1 server using SSL. For an update that addresses this issue, see KB 905422 (https://go.microsoft.com/fwlink/?LinkId=70593).

The WSUS Administrators domain account will not be deleted when WSUS is uninstalled

The WSUS Administrators group is created as a domain account (not a local account) on domain controllers, so all installations using this domain account would be disabled if the account were deleted when WSUS is uninstalled. Therefore, uninstalling WSUS will not delete the WSUS Administrators domain account.

If a downstream server is converted to an upstream server, catalog site updates must be re-imported

When you promote a downstream server to be an upstream server, you must also re-import all catalog site updates. Otherwise the site will fail to synchronize new catalog site update revisions to this server.

If you are using IIS with SSL, unencrypted access is still possible unless "Require Secure Channel" is checked

If you set up IIS to use SSL by installing a certificate, it is still possible to access the site via unencrypted HTTP unless the option Require Secure Channel is checked. For more information, see the documentation for IIS (https://go.microsoft.com/fwlink/?LinkId=98084).

Catalog site import may fail without read/write permissions to the %windir%\TEMP folder

When performing a catalog site import, if the Network Service account does not have read/write permission for the %windir%\TEMP folder, the import may fail with an error message such as the following: Server was unable to process request. ---> Could not find file "C:\WINDOWS\TEMP\tempFileName.dll".

Performance may be slow when synchronizing between WSUS 3.0 SP1 and a downstream replica server running WSUS 2.0

If you install WSUS 3.0 SP1 on an upstream server and attempt to synchronize with a downstream replica server running WSUS 2.0, you may experience performance problems. To address this issue, see KB 910847 (https://go.microsoft.com/fwlink/?LinkId=70669).

If the e-mail server is down or unreachable, e-mail notification fails without notice

If the network's e-mail server is offline, WSUS 3.0 SP1 will silently fail to send e-mail notifications. However, it will write event 10052 (HealthCoreEmailNotificationRed) in the event log.

Changed settings on an upstream server are not pushed immediately to the downstream server

When the upstream server configuration is changed, it might take some time before these configuration changes actually become effective. For example, if you change a setting on the upstream server such as selecting a new language, and immediately trigger a synchronization on the downstream server, the change will not appear. Instead, it will be pushed to the downstream server on the next scheduled synchronization. The wait time increases depending on the number of updates present on the upstream server.

Uninstalling WSUS 3.0 SP1 does not uninstall the database instance

If WSUS 3.0 SP1 is uninstalled, the database instance will not be uninstalled. The instance may be shared by more than one application, and will cause other applications to fail if it is removed.

If it is necessary to uninstall Windows Internal Database, the following commands will uninstall the application:

(on 32-bit platforms)

msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} callerid=ocsetup.exe

(on 64-bit platforms)

msiexec /x {BDD79957-5801-4A2D-B09E-852E7FA64D01} callerid=ocsetup.exe

If you wish to uninstall Windows Internal Database Service Pack 2 from Windows Server 2008, you may do so by using Server Manager.

However, the removal of the application may not remove the default .mdf and .ldf files, which will cause a subsequent WSUS 3.0 SP1 installation to fail. These files can be deleted from the %windir%\SYSMSI\SSEE directory.

If a downstream server changes its upstream server, "Unknown" status updates are reported as "Not Applicable"

If a downstream server starts to synchronize from a different upstream server, updates that have a status of Unknown will be reported on the new upstream server as Not Applicable. This state is temporary and will be corrected the next time the downstream server reports its status, after its clients have synchronized with it.

If the Server Cleanup Wizard times out on one server when run on multiple servers from a remote console, the connection to all servers will be lost

It is possible to run the Server Cleanup Wizard on multiple servers from a single remote console. However, if the cleanup process times out on one of the servers, the console will lose its connection to all the servers. No data will be lost, but the administrator will need to reset the remote connection to each of the servers.

Starting and stopping the connection in quick succession causes "There was no synchronization failure" error message in the Configuration Wizard

When you configure WSUS, you are required to connect to the upstream server (either Microsoft Update or the intranet upstream server) in order to transfer basic information about the server. If you click Start Connecting and immediately click Stop Connecting, you will receive the incorrect error message “There was no synchronization failure.”

WSUS 3.0 SP1 on Windows Server 2008

Supported Versions

WSUS 3.0 SP1 supports Windows Server 2008 in both 32-bit and 64-bit versions.

Prerequisites

Requirement	Details
Microsoft Internet Information Services (IIS)	Install from the operating system. Make sure that the following components are enabled: Windows Authentication Static Content ASP.NET 6.0 Management Compatibility 6.0 IIS Metabase Compatibility
Microsoft .NET Framework Version 2.0 Redistributable Package (x86)	Not necessary on Windows Server 2008; already installed as part of the operating system.
Microsoft Management Console 3.0	Not necessary on Windows Server 2008; already installed as part of the operating system.
Microsoft Report Viewer	This is a prerequisite for using the WSUS user interface. See Microsoft Report Viewer Redistributable 2005 on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=70410).

Using the Security Configuration Wizard

In Windows Server 2008, when you run the Security Configuration Wizard (SCW), you can select the WSUS role and enable its dependencies. To run the SCW, click Start, point to Administrative Tools, and then click Security Configuration Wizard.

The following known issues exist with using the SCW together with the WSUS role:

• The Windows Internal Database service is enabled even though it may not be used by WSUS. You configure WSUS to use a database—either Windows Internal Database or SQL Server database. If WSUS is installed with SQL Server and you select the WSUS role in the SCW, the Windows Internal Database service is enabled if it is installed on the computer, but it is not used by WSUS. You should disable the Windows Internal Database service if you are using SQL Server database instead of Windows Internal Database.

• Firewall rules for WSUS on a custom Web site are not selected by default. If you install WSUS on a custom Web site (port 8530 or 8531), the required firewall rules are not automatically selected even if you select the WSUS role in the SCW. You should enable the appropriate firewall rules for WSUS based on whether Secure Sockets Layer (SSL) is configured for the WSUS server.

WSUS 3.0 SP1 on Windows Small Business Server 2003

If the IIS virtual root is restricted to certain IP addresses or domain names, the WSUS 3.0 SP1 server will not be able to update itself

Some installations of Windows Small Business Server may have the default IIS Web site configured for IP address and domain name restrictions. If so, the Windows Update Client on the server may not be able to update itself.

Installing WSUS 3.0 SP1 on Small Business Server—Integration Issues

• If Windows Small Business Server 2003 uses an ISA proxy server to access the Internet, the following must be typed in the Settings user interface: proxy server settings, proxy server name, port.

• If ISA is using Windows Authentication, proxy server credentials should be typed in the form DOMAIN\user and the user should be a member of the Internet Users group.

If you have added a subnet to your network without using the Windows SBS wizards, you must perform this procedure

The WSUS server setup process installs two IIS vroots on the server: SelfUpdate and ClientWebService. Setup also places some files under the home directory of the default Web site (on port 80), which enables client computers to self-update through the default Web site. By default, the default Web site is configured to deny access to any IP address other than localhost or to specific subnets attached to the server. As a result, client computers that are not on localhost or on those specific subnets cannot self-update. If you have added a subnet to your network without using the Microsoft Windows Small Business Server 2003 (Windows SBS) wizards, you must perform this procedure:

1. In Server Management, expand Advanced Management, expand Internet Information Services, expand Web Sites, expand Default Web Site, right-click the Selfupdate virtual directory, and then click Properties.

2. Click Directory Security.

3. Under IP address and domain name restrictions, click Edit, and then click Granted Access.

4. Click OK, right-click the ClientWebService virtual directory, and then click Properties.

5. Click Directory Security.

6. Under IP address and domain name restrictions, click Edit, and then click Granted Access.

Copyright

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2008 Microsoft Corporation. All rights reserved.

Microsoft, SQL Server, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.