Updates install but there is no reboot prompt and no forced reboot

We have been pulling our hair out trying to figure out what is going on...
The WSUS server is pushing out updates fine, they are installing fine, but
they are not prompting the user to reboot,

Here is a snippet from the WindowsUpdate.log file,

2008-10-21 11:26:09:148 1116 840 AU Launched new AU client for directive
'Reboot Pending', session id = 0x0
2008-10-21 11:26:09:195 3832 cc4 Misc =========== Logging initialized
(build: 7.0.6000.374, tz: -0400) ===========
2008-10-21 11:26:09:195 3832 cc4 Misc = Process:
C:\WINDOWS\system32\wuauclt.exe
2008-10-21 11:26:09:195 3832 cc4 AUClnt Launched Client UI process
2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy for
user
2008-10-21 11:26:09:211 3832 cc4 Misc =========== Logging initialized
(build: 7.0.6000.374, tz: -0400) ===========
2008-10-21 11:26:09:211 3832 cc4 Misc = Process:
C:\WINDOWS\system32\wuauclt.exe
2008-10-21 11:26:09:211 3832 cc4 Misc = Module:
C:\WINDOWS\system32\wucltui.dll
2008-10-21 11:26:09:211 3832 cc4 CltUI FATAL: Failed to get notification
handle, hr=80240025
2008-10-21 11:26:09:226 1116 840 AU AU received handle event

This message is repeated every 15 seconds.

Why is the user not notified that a reboot needs to be performed?

Thanks,
Drew

> 2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy for
> user

0x80240025 WU_E_USER_ACCESS_DISABLED
Group Policy settings prevented access to Windows Update.

Forwarded to the WSUS newsgroup for Drew's convenience:

NNTP link for OE:
news://msnews.microsoft.com/microsof...pdate_services


MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============




Drew wrote:

> We have been pulling our hair out trying to figure out what is going on...
> The WSUS server is pushing out updates fine, they are installing fine, but
> they are not prompting the user to reboot,
>
> Here is a snippet from the WindowsUpdate.log file,
>
> 2008-10-21 11:26:09:148 1116 840 AU Launched new AU client for directive
> 'Reboot Pending', session id = 0x0
> 2008-10-21 11:26:09:195 3832 cc4 Misc =========== Logging initialized
> (build: 7.0.6000.374, tz: -0400) ===========
> 2008-10-21 11:26:09:195 3832 cc4 Misc = Process:
> C:\WINDOWS\system32\wuauclt.exe
> 2008-10-21 11:26:09:195 3832 cc4 AUClnt Launched Client UI process
> 2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy for
> user
> 2008-10-21 11:26:09:211 3832 cc4 Misc =========== Logging initialized
> (build: 7.0.6000.374, tz: -0400) ===========
> 2008-10-21 11:26:09:211 3832 cc4 Misc = Process:
> C:\WINDOWS\system32\wuauclt.exe
> 2008-10-21 11:26:09:211 3832 cc4 Misc = Module:
> C:\WINDOWS\system32\wucltui.dll
> 2008-10-21 11:26:09:211 3832 cc4 CltUI FATAL: Failed to get notification
> handle, hr=80240025
> 2008-10-21 11:26:09:226 1116 840 AU AU received handle event
>
> This message is repeated every 15 seconds.
>
> Why is the user not notified that a reboot needs to be performed?
>
> Thanks,
> Drew
>
>
>

I apologize for the wrong NG... I was unaware that there was one for update
services. Thanks for pointing me in the right direction.

Drew

"Drew" <> wrote in message
news:...
> We have been pulling our hair out trying to figure out what is going on...
> The WSUS server is pushing out updates fine, they are installing fine, but
> they are not prompting the user to reboot,
>
> Here is a snippet from the WindowsUpdate.log file,
>
> 2008-10-21 11:26:09:148 1116 840 AU Launched new AU client for directive
> 'Reboot Pending', session id = 0x0
> 2008-10-21 11:26:09:195 3832 cc4 Misc =========== Logging initialized
> (build: 7.0.6000.374, tz: -0400) ===========
> 2008-10-21 11:26:09:195 3832 cc4 Misc = Process:
> C:\WINDOWS\system32\wuauclt.exe
> 2008-10-21 11:26:09:195 3832 cc4 AUClnt Launched Client UI process
> 2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy
> for
> user
> 2008-10-21 11:26:09:211 3832 cc4 Misc =========== Logging initialized
> (build: 7.0.6000.374, tz: -0400) ===========
> 2008-10-21 11:26:09:211 3832 cc4 Misc = Process:
> C:\WINDOWS\system32\wuauclt.exe
> 2008-10-21 11:26:09:211 3832 cc4 Misc = Module:
> C:\WINDOWS\system32\wucltui.dll
> 2008-10-21 11:26:09:211 3832 cc4 CltUI FATAL: Failed to get notification
> handle, hr=80240025
> 2008-10-21 11:26:09:226 1116 840 AU AU received handle event
>
> This message is repeated every 15 seconds.
>
> Why is the user not notified that a reboot needs to be performed?
>
> Thanks,
> Drew
>
>
>

Drew wrote:

> We have been pulling our hair out trying to figure out what is going on...
> The WSUS server is pushing out updates fine, they are installing fine, but
> they are not prompting the user to reboot,

> 2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy for
> user

Looks as if you have the user group policy setting "Remove access to use all
Windows Update features" enabled. This will disable the reboot prompt.

This post describes how to enable just the reboot prompt while leaving the group
policy setting in place:

<http://groups.google.com/group/microsoft.public.windows.server.update_services/msg/60e7023cbee2712e>

http://groups.google.com/group/micro...e7023cbee2712e

Harry.

> Drew wrote:
>
>> We have been pulling our hair out trying to figure out what is going
>> on...
>> The WSUS server is pushing out updates fine, they are installing fine,
>> but
>> they are not prompting the user to reboot,


>> 2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy
>> for
>> user

>> 2008-10-21 11:26:09:211 3832 cc4 CltUI FATAL: Failed to get notification
>> handle, hr=80240025

> 0x80240025 WU_E_USER_ACCESS_DISABLED
> Group Policy settings prevented access to Windows Update.

>> Why is the user not notified that a reboot needs to be performed?

They're never going to prompt the user to reboot -- you've blocked access to
the UI to allow that to happen by enabling the user policy "Remove access to
use all Windows Update features".



--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

Ok, that makes sense. If I disable, "Remove access to use all Windows
Update features." then it seems to look to Windows Update instead of our
WSUS server. For instance, I set 10 updates to be pushed, if I disable that
policy, then I get 15 updates to be installed. Is it looking somewhere else
besides my local WSUS?

Thanks,
Drew

"Lawrence Garvin (MVP)" <lawrence@nospam> wrote in message
news:...
>> Drew wrote:
>>
>>> We have been pulling our hair out trying to figure out what is going
>>> on...
>>> The WSUS server is pushing out updates fine, they are installing fine,
>>> but
>>> they are not prompting the user to reboot,
>
>
>>> 2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy
>>> for
>>> user
>
>>> 2008-10-21 11:26:09:211 3832 cc4 CltUI FATAL: Failed to get notification
>>> handle, hr=80240025
>
>> 0x80240025 WU_E_USER_ACCESS_DISABLED
>> Group Policy settings prevented access to Windows Update.
>
>>> Why is the user not notified that a reboot needs to be performed?
>
> They're never going to prompt the user to reboot -- you've blocked access
> to the UI to allow that to happen by enabling the user policy "Remove
> access to use all Windows Update features".
>
>
>
> --
> Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2009)
>
> MS WSUS Website: http://www.microsoft.com/wsus
> My Websites: http://www.onsitechsolutions.com;
> http://wsusinfo.onsitechsolutions.com
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>

Drew wrote:

> Ok, that makes sense. If I disable, "Remove access to use all Windows
> Update features." then it seems to look to Windows Update instead of our
> WSUS server. For instance, I set 10 updates to be pushed, if I disable that
> policy, then I get 15 updates to be installed.

That definitely shouldn't happen. I suspect you're mistaken; could you try it
again?

Harry.

"Drew" <> wrote in message
news:...

> Ok, that makes sense. If I disable, "Remove access to use all Windows
> Update features." then it seems to look to Windows Update instead of our
> WSUS server.

That policy would not make any distinction between WSUS or Automatic
Updates.

Of course, if you're expecting to see a web-based client interface for WSUS,
that could be the source of the confusion.

WSUS works in the background, just like Automatic Updates has for the past
ten years.


> For instance, I set 10 updates to be pushed, if I disable that policy,
> then I get 15 updates to be installed.

This would suggest that the client isn't even using WSUS, but is still using
the default "Automatic Updates" methodology.


>Is it looking somewhere else besides my local WSUS?

Quite possibly!

1. Technical/semantical point -- the WSUS Server doesn't push updates, it
makes them available to clients who identify and request them.

2. In order for clients to identify and request them, they need to know
where the WSUS Server is. Have you configured Group Policy (or Local Policy
if no Active Directory) to correctly configure the clients to use the WSUS
Server? Of particular note, the one policy that impacts the WSUS vs AU
decision is the policy "Specific intranet Microsoft update services
location" which must be enabled to faciliate the use of a WSUS Server.

3. Once the policy is configured, to verify that the clients are properly
receiving the policy you can use any of the policy management tools, or you
can inspect the registry at HKLM\Software\Policies\Microsoft\WindowsUpdate,
and in the AU subkey the value "UseWUServer" should be = dword:0x1.


>
--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

"Harry Johnston [MVP]" <> wrote in message
news:...
> Drew wrote:
>
>> Ok, that makes sense. If I disable, "Remove access to use all Windows
>> Update features." then it seems to look to Windows Update instead of our
>> WSUS server. For instance, I set 10 updates to be pushed, if I disable
>> that policy, then I get 15 updates to be installed.
>
> That definitely shouldn't happen. I suspect you're mistaken; could you
> try it again?
>
> Harry.

I retried it. I was mistaken, it looks to have worked correctly. Although
now I need to figure out how to automatically install them and then prompt
the user to reboot.

We had this working at one time, but it was automatically rebooting the
user, which causes a lot of problems. Most of our computers aren't kept
powered on all night (power saving initiatives), so we can't schedule to
install the updates and reboot.

Thanks,
Drew

"Drew" wrote:

> I apologize for the wrong NG... I was unaware that there was one for update
> services. Thanks for pointing me in the right direction.
>
> Drew
>
> "Drew" <> wrote in message
> news:...
> > We have been pulling our hair out trying to figure out what is going on...
> > The WSUS server is pushing out updates fine, they are installing fine, but
> > they are not prompting the user to reboot,
> >
> > Here is a snippet from the WindowsUpdate.log file,
> >
> > 2008-10-21 11:26:09:148 1116 840 AU Launched new AU client for directive
> > 'Reboot Pending', session id = 0x0
> > 2008-10-21 11:26:09:195 3832 cc4 Misc =========== Logging initialized
> > (build: 7.0.6000.374, tz: -0400) ===========
> > 2008-10-21 11:26:09:195 3832 cc4 Misc = Process:
> > C:\WINDOWS\system32\wuauclt.exe
> > 2008-10-21 11:26:09:195 3832 cc4 AUClnt Launched Client UI process
> > 2008-10-21 11:26:09:211 1116 fd0 AU Windows Update is disabled by policy
> > for
> > user
> > 2008-10-21 11:26:09:211 3832 cc4 Misc =========== Logging initialized
> > (build: 7.0.6000.374, tz: -0400) ===========
> > 2008-10-21 11:26:09:211 3832 cc4 Misc = Process:
> > C:\WINDOWS\system32\wuauclt.exe
> > 2008-10-21 11:26:09:211 3832 cc4 Misc = Module:
> > C:\WINDOWS\system32\wucltui.dll
> > 2008-10-21 11:26:09:211 3832 cc4 CltUI FATAL: Failed to get notification
> > handle, hr=80240025
> > 2008-10-21 11:26:09:226 1116 840 AU AU received handle event
> >
> > This message is repeated every 15 seconds.
> >
> > Why is the user not notified that a reboot needs to be performed?
> >
> > Thanks,
> > Drew
> >
> >
> >
>
>
>