Option 1 - WSUS approval script failed
The WSUS approval script (to approve the patches deployment on endpoint groups) may fail.
To check it:
- Go to Endpoint Activities
- Filter the Task Type to include System
- Filter the Task to "Sync approval status with WSUS"
Check the Status of the last activities - If they were failed, the script could not change the approval in WSUS.
Please contact JetPathe Support
Option 2 - WSUS could not download/didn't downloaded yet the patches binaries.
WSUS needs to download the patches from Microsoft Update Services or another WSUS repository (based on the WSUS configuration) before populating the patch to the relevant endpoints.
To check if there is any problem in the patching download
- Login to WSUS
- Open the Windows Server Update Service console
- Go to "Updates" and "All Updates" section
- Make sure the table is for "Approval" Approved and "Status" is Any
If there are problems in the patch download you should see an error icon on the left column with an additional error message in the top of the update description:
Check Proxy Setting
A possible failure of downloading the patches to WSUS is because of Proxy authentication.
In the WSUS log (C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log) search for "Proxy authentication is required".
If you find this line in the log - please re-validate the Proxy configuration.
Option 3 - Check that the Windows Update Agent is working on the endpoint
Try to make a manual update via the "Windows Update" setting page in the endpoint itself:
- Open Start
- Search for "Windows Update" and click it
- Click on "Check For Updates" button
If it is failing - you should see the error in the "Windows Update" setting page.
If the operation is successful and the endpoint was updated - contact JetPatch Support
Option 4 - WSUS replica has not synced with WSUS primary (If using WSUS replica)
For more information check How often should I sync the WSUS replica to its primary server?