At my company, we've been successfully using Microsoft Software Update Services (SUS) for patch management for sometime now. We're also currently testing the beta version of Windows Server Update Services (WSUS). Although we love SUS, there were some hard-to-troubleshoot problems early on. Sometimes, not all the clients were updated, and I wasn't sure why or how to find out why. After some research, I figured out that it's all about knowing where to look.

If your clients are having trouble downloading and installing updates from your SUS or WSUS server, you should check a familiar place—the registry. Go to the problematic client PC and follow these steps:

  1. Select Run on the Start menu.
  2. In the Run dialog box, type regedit, then click OK.
  3. In the registry, navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer subkey. Make sure the WUServer subkey points to your SUS or WSUS server and not Microsoft Windows Update.
  4. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update subkey. Find the AUState entry and note its value. The AUState value can help you determine the problem. Here are the possible values and what they mean:
  • 0—initial 24-hour timeout (Automatic Updates doesn't run until 24 hours after it first detects an Internet connection.)
  • 1—waiting for the user to run Automatic Updates
  • 2—detection pending
  • 3—download pending (Automatic Updates is waiting for the user to accept the predownloaded prompt.)
  • 4—download in progress
  • 5—install pending
  • 6—install complete
  • 7—disabled
  • 8—reboot pending (Updates that require a reboot were installed, but the reboot was declined. Automatic Updates won't do anything until this value is cleared and a reboot occurs.)

You can force an update detection on a client by following these steps:

  1. Stop the Automatic Updates service.
  2. Make sure that the Auto Update subkey's AUState value is set to 2.
  3. Delete the Auto Update subkey's LastWaitTimeout value.
  4. Restart the Automatic update Service.

Following these two sets of steps has made troubleshooting SUS and WSUS client problems much easier for me. I hope they help you as well.