TroubleShooting_配置正确的WAU

SYMPTOMS

最近在TA机器上的WAU(Windows automatically update)经常会出现如下的情况：

CAUSE & Analysis

See the analysis on the picture.

考虑到WSUS的重要性，并且不能影响TA process，有两种方案可供选择：

1）设置合适的registry and group policy, 让WSUS能定时自动更新，自动重启（如果需要的话）

[分析]优点：简便可行；缺点：需要定时自动更新，可能会影响TA process。另外 TA机器没有实行域控制，所以如果update policy有变，需要考虑如何方便更改所有机器的update policy。

2) 使用windows update agent, 考虑自己编程完成update任务

[分析]优点：运行的时机是可控的，update policy也应该是可控的；缺点：需要编程 cost。

Refer to: http://msdn.microsoft.com/en-us/library/aa387102(VS.85).aspx

方案1）通常registry的设置可以满足非域PC的AU要求，若是在域中应该考虑group policy的设置了。另外要注意的是，即使是非域的机器你最好也把local computer group policy 和registry在AU上设成一致，或者把所的相关的local group policy设置成No configured 以免相互影响。所以我们下同分两种pc-client来讨论：在域的和不在域中的PC

1) Configure Clients Using Group Policy in Active Directory Environment

When you configure the Group Policy settings for WSUS, you should use a Group Policy object (GPO) linked to an Active Directory container appropriate for your environment. Microsoft does not recommend editing the Default Domain or Default Domain Controller GPOs to add WSUS settings.

After you set up a client computer, it will take a few minutes before it appears on the Computers page in the WSUS console. For client computers configured with an Active Directory-based GPO, it will take about 20 minutes after Group Policy refreshes (that is, applies any new settings to the client computer). By default, Group Policy refreshes in the background every 90 minutes, with a random offset of 0–30 minutes.

Option-1 : Configure Automatic Updates

Option-2: Specify intranet Microsoft Update service location

Option-3: Reschedule Automatic Updates scheduled installations

This policy specifies the amount of time that Automatic Updates should wait after system startup before proceeding with a scheduled installation that did not take place earlier.

If the status is set to Enabled, a missed installation will occur the specified number of minutes after the computer is next started.

(一个missed installation icon 将会在机器重起后一指定时间后出现)

If the status is set to Disabled, a missed installation will occur with the next scheduled installation.

(一个missed installation icon 将会在机器重起后出现)

If the status is set to Not Configured, a missed installation will occur one minute after the next time the computer is started.

Option-4: Allow Automatic Update immediate installation

2) Configure Clients in a Non–Active Directory Environment

In a non-Active Directory environment, you can configure Automatic Updates by using any of the following methods:

Ø Using Group Policy Object Editor and editing the Local Group Policy object

Ø Editing the registry directly by using the registry editor (Regedit.exe)

The registry entries for Automatic Update configuration options are located in the following subkey:

HKEY_LOCAL_MACHINE/Software/Policies/Microsoft/Windows/WindowsUpdate/AU

The keys and their value ranges are listed in the following table.

Automatic Updates Configuration Registry Keys

Entry name	Data type	Value range and meanings
AUOptions	Reg_DWORD	Range = 2\|3\|4\|5 2 = Notify before download. 3 = Automatically download and notify of installation. 4 = Automatically download and schedule installation. (Only valid if values exist for ScheduledInstallDay and ScheduledInstallTime.) 5 = Automatic Updates is required, but end users can configure it.
AutoInstallMinorUpdates	Reg_DWORD	Range = 0\|1 0 = Treat minor updates as other updates are treated. 1 = Silently install minor updates.
DetectionFrequency	Reg_DWORD	Range = n, where n = time in hours (1–22). Time between detection cycles.
DetectionFrequencyEnabled	Reg_DWORD	Range = 0\|1 1 = Enable DetectionFrequency. 0 = Disable custom DetectionFrequency (use default value of 22 hours).
NoAutoRebootWithLoggedOnUsers	Reg_DWORD	Range = 0\|1 1 = Logged-on user gets to choose whether or not to restart his or her computer. 0 = Automatic Updates notifies user that the computer will restart in 5 minutes.
NoAutoUpdate	Reg_DWORD	Range = 0\|1 0 = Enable Automatic Updates. 1 = Disable Automatic Updates.
RebootRelaunchTimeout	Reg_DWORD	Range = n, where n = time in minutes (1–1,440). Time between prompting again for a scheduled restart.
RebootRelaunchTimeoutEnabled	Reg_DWORD	Range = 0\|1 1 = Enable RebootRelaunchTimeout 0 = Disable custom RebootRelaunchTimeout(use default value of 10 minutes)
RebootWarningTimeout	Reg_DWORD	Range = n, where n = time in minutes (1–30). Length, in minutes, of the restart warning countdown, after installing updates with a deadline or scheduled updates.
RebootWarningTimeoutEnabled	Reg_DWORD	Range = 0\|1 1 = Enable RebootWarningTimeout 0 = Disable custom RebootWarningTimeout (use default value of 5 minutes)
RescheduleWaitTime	Reg_DWORD	Range = n, where n = time in minutes (1–60). Time, in minutes, that Automatic Updates should wait at startup before applying updates from a missed scheduled installation time. Note that this policy applies only to scheduled installations, not deadlines. Updates whose deadlines have expired should always be installed as soon as possible. 在机器重新启动后，等待安装missed updated的时间。可参见group policy Option-3: Reschedule Automatic Updates scheduled installations
RescheduleWaitTimeEnabled	Reg_DWORD	Range = 0\|1 1 = Enable RescheduleWaitTime 0 = Disable RescheduleWaitTime (attempt the missed installation during the next scheduled installation time).
ScheduledInstallDay	Reg_DWORD	Range = 0\|1\|2\|3\|4\|5\|6\|7 0 = Every day. 1 through 7 = The days of the week from Sunday (1) to Saturday (7). (Only valid if AUOptions = 4.)
ScheduledInstallTime	Reg_DWORD	Range = n, where n = the time of day in 24-hour format (0–23).
UseWUServer	Reg_DWORD	Range = 0\|1 1 = This machine gets its updates from a WSUS server. 0 = This machine gets its updates from Microsoft Update. The WUServer value is not respected unless this key is set.

Refer to http://technet.microsoft.com/en-us/library/cc708574(WS.10).aspx

RESOLUTION

我们暂时采取方案一,要完成以下几件事：

1) 把group policy 的所有关于WAU的项，均设成No Configured ，只使用registry

2) 更改registry 中WAU的设置如下：

[HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate]

"WUServer"="http://update.hf.webex.com"

"WUStatusServer"="http://update.hf.webex.com"

"ElevateNonAdmins"=dword:00000001

"AcceptTrustedPublisherCerts"=dword:00000001

"TargetGroupEnabled"=dword:00000001

"TargetGroup"=""

[HKEY_LOCAL_MACHINE/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate/AU]

"NoAutoUpdate"=dword:00000000

"AUOptions"=dword:00000004

"ScheduledInstallDay"=dword:00000002

"ScheduledInstallTime"=dword:00000016

"UseWUServer"=dword:00000001

"RescheduleWaitTimeEnabled"=dword:00000001

"RescheduleWaitTime"=dword:00000001

( 让它重启一分钟后，就安装missed installation patches)

"DetectionFrequencyEnabled"=dword:00000001

"DetectionFrequency"=dword:00000016

"AutoInstallMinorUpdates"=dword:00000001

"RebootWarningTimeoutEnabled"=dword:00000001

"RebootWarningTimeout"=dword:00000001

(win update install后，设置过X分钟后系统重启, 配合"NoAutoRebootWithLoggedOnUsers=0" , 在X分钟后就自动重启；反之过X分钟后，会有重启提示对话框出现，要求用户交互！)

"RebootRelaunchTimeoutEnabled"=dword:00000001

"RebootRelaunchTimeout"=dword:0000000a

[表明提示重启对话框出现的间隔时间，设为16分钟，结合上面的在win update install 之后，它会在1分钟内自动重启，所以重启提示对话框永不会在此设置中出现。]

"IncludeRecommendedUpdates"=dword:00000001

"AUPowerManagement"=dword:00000001

"NoAutoRebootWithLoggedOnUsers"=dword:00000000

STATUS

This behavior is by the incorrectly windows settings.

MORE INFORMATION

关于方案2，要论证一下是否值得写工具去完成WAU。

TroubleShooting_配置正确的WAU相关推荐

怎么检测JDK环境变量是否配置正确
怎么检测JDK环境变量是否配置正确.. 点击开始--运行--输入cmd,点击确定. 在命令行窗口输入java 然后Enter.没有出现java既不是内部命令也不是外部命令.说明配置是正确的. 在命令 ...
tnsping通oracle连不上,TNS配置正确，而tnsping不通
TNS-03505: Failed to resolve name TNS配置正确,而tnsping不通,可能会有以下原因: 查看:/oracle/product/9204/network/admin ...
react二级路由配置正确不显示页面的问题解决
react二级路由配置正确不显示页面的问题解决最近在写react项目,配置二级路由时出了一个小小的bug,虽然是一个小小的bug,但是也苦思大半天不得其解.直到第二天豁然开朗,才发觉就这?? 问题描 ...
请连接虚拟服务器来配置,datastage8.7客户端连接虚拟服务器无法连接显示 (用户名和/或密码不正确。如果使用了凭证映射，请检查凭证映射用户名和密码是否配置正确。 (80011))...
无法连接至 Information Server 引擎:INFOSRVR,项目:dstage1. (用户名和/或密码不正确.如果使用了凭证映射,请检查凭证映射用户名和密码是否配置正确. (80011) ...
源“ySQL 8.0 Community Server”的GPG密钥已安装，但是不适用于此软件包。请检查源的公钥URL是否配置正确。
源"ySQL 8.0 Community Server"的GPG密钥已安装,但是不适用于此软件包.请检查源的公钥URL是否配置正确. 方法: 将 sudo yum install ...
配置JAVA环境变量以及验证是否配置正确
配置JAVA环境变量以及验证是否配置正确简介一.JDK的下载与安装下载安装二.配置JAVA环境变量 1.配置JAVA_HOME变量 2. 配置Path变量 3. 配置ClssPath变量三 ...
关于idea使用SpringMVC配置正确却404问题及解决办法
今天在学习SpringMVC的时候,配置文件完全正确,可是一直 404. 同时检查了依赖,也没有问题.后面发现是idea自身问题. 具体解决办法如下: 重启tomcat,发现可以正确访问了. 总结: ...
wifi 计算机配置正确但,您的计算机配置似乎是正确的，但该设备或资源(DNS服务器)没有响应...
您的计算机配置似乎是正确的,但该设备或资源(DNS服务器)没有响应0 有关网络适配器诊断的详细信息: 网络适配器无线网络连接驱动程序信息: 描述..........:Intel(R)WiFiLink5 ...
编译工具各种报错（步骤正确，代码正确，配置正确）均可认为无解，除非...
程序猿见到上帝:各种编译报错 1.JAVA SSH三大框架配置时各种编译不通过以前尝试过各种百度.谷歌.stackoverflow,均无解,怀疑猿生最后瞎折腾,更换各种jar包版本,终于得解: 一 ...

TroubleShooting_配置正确的WAU

TroubleShooting_配置正确的WAU相关推荐

最新文章

热门文章