Software updates are not managed by Windows Small Business Server 2003 Update Services after you upgrade to Windows Server Update Services 3.0 Service Pack 1

SYMPTOMS
Consider the following scenario:
  • You make changes in the Windows Server Update Services (WSUS) 3.0 console, or you make changes in the WSUS 2.0 console.
  • You upgrade to WSUS 3.0 Service Pack 1 (SP1).
  • You try to open the Update Services node in the Microsoft Windows Small Business Server 2003 Administrator console.
In this scenario, you receive a message that resembles the following:
Windows Small Business Server (Windows SBS) Update Services is not running because it automatically turns off if you customize Windows Server Update Services (WSUS).

For a list of specific settings that cause Windows SBS Software Update Services to turn off, see the Microsoft Web site. Even if WSUS is managing updates for your network, the accuracy of the status in the Windows SBS monitoring report or on the Update Services home page cannot be guaranteed. To use Windows SBS Update Services, reverse the changes that you have made to WSUS or reinstall Windows SBS 2003 R2 and WSUS 3.0
CAUSE
This issue occurs when one or more of the following conditions are true:
  • Under Automatic Approvals, the Default Automatic Approval Rule is enabled in Options.
  • Under Products and Classifications, All Microsoft Products is not selected in Options.
  • Under Synchronization Schedule, the Synchronize manually option is selected in Options.
  • Under Computers, the Use Group Policy or Registry settings on computers option is enabled in Options.
  • The Update Services service is stopped.
If these conditions do not apply, the Approve for Detection setting may have been disabled when you upgraded to WSUS 3.0 SP1. However, the option to change this is not available after you upgrade to WSUS 3.0 SP1. In this case, you must use a script to change the Approve for Detection setting.

Note You can still use the Windows Server Update Services 3.0 Administrators console to manage updates.
WORKAROUND
To work around this issue, you can use one of the following methods.

Method 1: Make the required changes in the WSUS 3.0 administrator console

If one or more of the conditions that are mentioned in the "Cause" section are true, follow these steps:
  1. Under Automatic Approvals, make sure that the Default Automatic Approval Rule is disabled in Options.
  2. Under Products and Classifications, make sure that the All Microsoft Products is selected in Options.
  3. Under Synchronization Schedule, make sure that the Synchronize manually option is not selected in Options.
  4. Under Computers, make sure that the Use Group Policy or Registry settings on computers option is disabled in Options.
  5. If the Update Services service is not started. Follow these steps:
    1. Click Start, point to Administrative Tools, and then click Services.
    2. Right-click Update Services, and then click Start.

Method 2: Use a script to change the "Approve for Detection" setting

  1. Copy the following script into a text file, and then use a .sql file name extension to save the file. For example, save the file as C:\FixR2.sql.
    USE SUSDBPRINT 'Using SUSDB';GOIF NOT EXISTS (SELECT * FROM dbo.tbAutoDeploymentRule WHERE ID = 2)BEGIN    PRINT 'Setting IDENTITY_INSERT to On';    SET IDENTITY_INSERT tbAutoDeploymentRule ON;    PRINT 'Inserting auto deployment rule';    INSERT INTO dbo.tbAutoDeploymentRule(ID, Enabled, ActionID, Name) VALUES (2, 0, 0, 'Default Auto Approval Rule');    IF @@ROWCOUNT = 0        PRINT 'Warning: No rows were affected.';    ELSE        PRINT 'Rows were updated.';    PRINT 'Setting IDENTITY_INSERT to Off';    SET IDENTITY_INSERT tbAutoDeploymentRule OFF;ENDELSE    PRINT 'No work to do.  Record already exists.';GO--check automatic approval for detectionIF EXISTS (SELECT * FROM dbo.tbAutoDeploymentRule WHERE ID = 1 AND NAME = 'Scan AutoDeployment Rule' AND Enabled = 0)	BEGIN		PRINT 'Automatic Approval For Detection not enabled.';		UPDATE dbo.tbAutoDeploymentRule SET Enabled=1 WHERE ID = 1		IF @@ROWCOUNT = 0			PRINT 'Warning: no rows were affected';		ELSE			PRINT 'Automatic Approval For Detection enabled.';	ENDELSE	PRINT 'Automatic Approval For Detection is already enabled';GO--check computer group target of approval for detectionIF NOT EXISTS (SELECT * FROM dbo.tbTargetGroupInAutoDeploymentRule WHERE AutoDeploymentRuleID = 1 AND TargetGroupID = 'a0a08746-4dbe-4a37-9adf-9e7652c0b421')	BEGIN		PRINT 'Target group of approval for detection is not "AllComputers"'				PRINT 'Inserting "AllComputers" group';		BEGIN TRANSACTION;			--delete all other computer groups assigned to this rule			DELETE FROM dbo.tbTargetGroupInAutoDeploymentRule WHERE AutoDeploymentRuleID = 1			INSERT INTO dbo.tbTargetGroupInAutoDeploymentRule(AutoDeploymentRuleID,TargetGroupID) VALUES(1,'A0A08746-4DBE-4A37-9ADF-9E7652C0B421')		COMMIT TRANSACTION;		IF @@error != 0			PRINT 'Error: Insertion failed';		ELSE			PRINT '"AllComputers" Group added';	ENDELSE	PRINT '"AllComputers" is already the target group of approval for detection.';GO--check if "critical update" is in the auto approval classificationIF NOT EXISTS (SELECT * FROM dbo.tbUpdateClassificationInAutoDeploymentRule WHERE AutoDeploymentRuleID = 1 and UpdateClassificationID = 1)	BEGIN		PRINT 'Critical update is not in approval for detection classification'		INSERT INTO dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID,UpdateClassificationID) VALUES(1,1)		IF @@ROWCOUNT = 0			PRINT 'Warning: no rows were affected';		ELSE			PRINT 'Critical update is inserted to approval for detection classification';	ENDELSE	PRINT 'Critical update is already in approval for detection classification';--check if "security update" is in the auto approval classificationIF NOT EXISTS (SELECT * FROM dbo.tbUpdateClassificationInAutoDeploymentRule WHERE AutoDeploymentRuleID = 1 and UpdateClassificationID = 5)	BEGIN		PRINT 'Security update is not in approval for detection classification'		INSERT INTO dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID,UpdateClassificationID) VALUES(1,5)		IF @@ROWCOUNT = 0			PRINT 'Warning: no rows were affected';		ELSE			PRINT 'Security update is inserted to approval for detection classification';	ENDELSE	PRINT 'Security update is already in approval for detection classification';--check if "service pack " is in the auto approval classificationIF NOT EXISTS (SELECT * FROM dbo.tbUpdateClassificationInAutoDeploymentRule WHERE AutoDeploymentRuleID = 1 and UpdateClassificationID = 6)	BEGIN		PRINT 'Service pack is not in approval for detection classification'		INSERT INTO dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID,UpdateClassificationID) VALUES(1,6)		IF @@ROWCOUNT = 0			PRINT 'Warning: no rows were affected';		ELSE			PRINT 'Service pack is inserted to approval for detection classification';	ENDELSE	PRINT 'Service pack is already in approval for detection classification';
  2. Click Start, click Run, type cmd, and then click OK.
  3. At the command prompt, locate the following folder:
    %programfiles% \Update Services\Setup
  4. At the command prompt, type the following command, and then press ENTER:
    executesql.exe -S MICROSOFT##SSEE -i C:\FixR2.SQL -l C:\Output.log

Method 3: Reinstall WSUS 3.0

Reinstall WSUS 3.0 by using the instructions in the"Uninstalling and reinstalling Windows Small Business Server 2003 R2 components on a server that is running WSUS 3.0" section of the Installing Windows Server Update Services 3.0 on Windows Small Business Server 2003 white paper. To see this white paper, visit the following Microsoft Web site:
Properties

Article ID: 945985 - Last Review: 02/11/2008 21:13:00 - Revision: 2.0

Microsoft Windows Server Update Services 3.0

  • kbtshoot kbprb kbexpertiseinter KB945985
Feedback