Link to home
Start Free TrialLog in
Avatar of CHI-LTD
CHI-LTDFlag for United Kingdom of Great Britain and Northern Ireland

asked on

WSUS 3

I have had my new wsus server in site A running for some time working fine.  i decided to reduce the load over the wan connections by installing another wsus box in site b.  the problem i now have is that the wsus server in site b isnt showing any computers...

i have added new wsus in gpo to point to site b wsus server.

site a server is 2008 r2 ent.
site b is 2003 standard

ideas?.
SOLUTION
Avatar of Justin Owens
Justin Owens
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Svet Paperov
Svet Paperov
Flag of Canada image
If the client computers have been attached to the old WSUS, you will need to reset their SusClientID. Here is a VB script that can do that. It is tested on Windows XP but it is not tested on Windows Vista or 7 computers.

'======================================================
' NAME: SusClientIDReset.vbs
'
' AUTHOR: Free for all usage
' DATE  : 29/08/2008
'
' COMMENT: The script resets SusClientID registry value on the current computer.
'
' When Sysprep or another unique SID-generating technology is used to create 
' the images, the SusClientId registry value is not cleared if it has been 
' populated within the image before the image is deployed. Because of that 
' behaviour the computers built from this image do not appear in the WSUS 
' console or they replace the original computer’s entry.
'
' For more information see http://support.microsoft.com/kb/903262.  
'======================================================

const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colServiceList = objWMIService.ExecQuery _
        ("Select * from Win32_Service where Name='wuauserv'")

' === Stop Windows Update (wuauserv) service ===
For each objService in colServiceList
    errReturn = objService.StopService()
Next

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ 
strComputer & "\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"
strStringValueName = "SusClientId"
 
' === Remove the SusClientID from the registry ===
oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strStringValueName

' === Start Windows Update (wuauserv) service ===
For each objService in colServiceList
    errReturn = objService.StartService()
Next

' === Reset the computer ID in WSUS Server ===
Set objProcess = objWMIService.Get("Win32_Process")
Set objProgram = objProcess.Methods_("Create").InParameters.SpawnInstance_

strExe = "wuauclt.exe /resetauthorization /detectnow"
objProgram.CommandLine = strExe
Set strShell = objWMIService.ExecMethod("Win32_Process", "Create", objProgram)

WScript.Echo ("Please, wait 10 min. and run wuauclt.exe /reportnow")
WScript.Quit

Open in new window

SOLUTION
Avatar of Don
Don
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

was added as own server.
thanks for script
well we can see that the GPO is showing the wuauserver but not in name terms, its showing as random set of numbers.....  - so did the same on another wsus server and that also showed numbers...
SOLUTION
Avatar of Don
Don
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

thanks - the new wsus box is pointing to an old wsus server....
another member server is also wrong...
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

and - HKLM - Software - Policies - Microsoft - windows - windowsupdate  = old wsus server!
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

its GPO related.

I have 2 GPO's with WSUS server settings:
1. domain root - for all users compuaters
2. within an OU with block policy inheritance ticked.

how to i enforce that the 2nd poilci ytakes precidence and is the only one applied?
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

is windows 2008 r2 enterprise with wsus 3 compatible with another wsus server v3 running on 2003 standard on same domain?
SOLUTION
Avatar of Don
Don
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Don
Don
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

i want to keep gpo settings for site a (GPO1) and apply GPO settings to site B for 2nd policy
SOLUTION
Avatar of Don
Don
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

sure is.
i've just noticed that some of the servers in site B are picking up the correct wsus server and others are not (picking up the old server - which isint in GPO!)
Avatar of Don
Don
Flag of United States of America image
On the "others are not" run rsop.msc to investigate
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

having change many settings, we have decided to have it in stand by mode (not a replica) but downloading live from MS and ready on the domain should the need for is arise.

there was also issues with the gpo not polulating before...