ksilvoso
asked on
WSUS Client Computer not showing up
I installed WSUS on my 2003 domain controller along with the MS Sql Desktop engine. The installation went without a hitch. I let it install to the default port 8530 and I don't have any port blocking. I created a group policy and applied it to a test workstation which runs 2000 Professional, pointing the machine to my server like this: http:\\lhs1. I put the path to server in the places recommended by the wsus step by step guide.
My problem is that the test machine isn't showing up on wsus administration page and I get this under the To Do List
Check your server configuration
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running. Non-running services: SelfUpdate
The users IWAM and IUSR are both enabled as is guest account as recommended.
I found this log in c:\wsusmssql$wsus\log:
2006-01-26 08:48:45 - ! [LOG] SQLAgent is not allowed to run
2006-01-26 08:48:46 - ? [098] SQLServerAgent terminated (normally)
I checked out services and wsus service shows that it is running. When I try to start SQLagent$wsus it starts and stops with this error :
The sql agent on local computer started and then stopped. Some services stop automatically if they have no work to do.
(Incidently, I get this same error with SQLagent$sharepoint but sharepoint services is working fine.)
I was able to run a synchronization from the wsus admin page and it downloaded all the updates but no computers are showing up on the wsus admin page.
I've done a gpupdate /force which made no difference.
When I run Gpresult on the test machine it shows that it did receive the wsus policy. When I log in as admin to that test machine and go to windows update in control panel all options are grayed out which makes me think the policy is indeed being applied.
Please advise,
Karen
My problem is that the test machine isn't showing up on wsus administration page and I get this under the To Do List
Check your server configuration
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running. Non-running services: SelfUpdate
The users IWAM and IUSR are both enabled as is guest account as recommended.
I found this log in c:\wsusmssql$wsus\log:
2006-01-26 08:48:45 - ! [LOG] SQLAgent is not allowed to run
2006-01-26 08:48:46 - ? [098] SQLServerAgent terminated (normally)
I checked out services and wsus service shows that it is running. When I try to start SQLagent$wsus it starts and stops with this error :
The sql agent on local computer started and then stopped. Some services stop automatically if they have no work to do.
(Incidently, I get this same error with SQLagent$sharepoint but sharepoint services is working fine.)
I was able to run a synchronization from the wsus admin page and it downloaded all the updates but no computers are showing up on the wsus admin page.
I've done a gpupdate /force which made no difference.
When I run Gpresult on the test machine it shows that it did receive the wsus policy. When I log in as admin to that test machine and go to windows update in control panel all options are grayed out which makes me think the policy is indeed being applied.
Please advise,
Karen
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, have a look at the services, and check the properties. What user is the service running as? Does it work any better if you try running it under an admin's credentials?
Like you said though, it does sound like the policy is applied, so al would appear to be fine there, however, it wouldn't hurt too terribly much to go into the Options page from the WSUS page, then to Computers, and ensure that "Use Group Policy or registry blah blah" option is selected. If the group policy is working, the registry on the client machine already has the entries Snewo's described there.
Another thing to try is using "wuauclt.exe /detectnow" to force the machine to detect updates. If you're downloading them silently in the background, and there's a lot of updates to download, that couls also be another possibility.
Like you said though, it does sound like the policy is applied, so al would appear to be fine there, however, it wouldn't hurt too terribly much to go into the Options page from the WSUS page, then to Computers, and ensure that "Use Group Policy or registry blah blah" option is selected. If the group policy is working, the registry on the client machine already has the entries Snewo's described there.
Another thing to try is using "wuauclt.exe /detectnow" to force the machine to detect updates. If you're downloading them silently in the background, and there's a lot of updates to download, that couls also be another possibility.
ASKER
I did all the things you suggested, plus did another gpupdate and rebooted the client pc. Your cmd script ran fine - no errors but I still don't have any computers showing up. I have ghosted some computers but I did a sysprep before I created the image and I've checked the sids and they're all unique.
Karen
Karen
it may also take a day or so for them to show up in your wsus computer list! mine did not show up untill the following day.
ASKER
EssayDave,
I changed wsus service from local system account to administrator. When I went to options in wsus use the move computers task was checked instead of the group policy. So I checked group policy and since doing so I get a message on the wsus computers page saying this server is configured for computer based targeting some settings cannot be changed. Is it supposed to say that?
I've already tried running wuauclt at on the dc and client computer but get no feedback from it. It doesn't seem likes it's doing anything. Karen
I changed wsus service from local system account to administrator. When I went to options in wsus use the move computers task was checked instead of the group policy. So I checked group policy and since doing so I get a message on the wsus computers page saying this server is configured for computer based targeting some settings cannot be changed. Is it supposed to say that?
I've already tried running wuauclt at on the dc and client computer but get no feedback from it. It doesn't seem likes it's doing anything. Karen
Yup, it won't look like its doing anything, but if you fire up task manager you should seethe process appear when you run it. Sort reverse alphabetcally by process name and you'll see what I mean (you might already have it running there). As for the computer based targeting, that's what it should be doing. Another thing you might want to try is setting the check for updates option to the smallest interval possible. Also, what time do you have to schedule the updates? Possibly set it for overnight, then go home and check tomorrow morning.
ASKER
What about the error in the to do list in wsus:
Check your server configuration
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running. Non-running services: SelfUpdate
Any ideas on what that's about?
Thanks, Karen
Check your server configuration
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running. Non-running services: SelfUpdate
Any ideas on what that's about?
Thanks, Karen
Another good tool to use for troubleshooting your issue is the WindowUpdate.log file located in the c:\windows\ directory on the client. Once your client is configured to communicate to the wsus server this log will show you if it's having any issues. Take a gander in there and see if you see errors. You could also post them on here for us to see.
Snewo
This script will force the client to update when run. Just copy this to forceupdate.cmd and run it:
@echo off
Echo This batch file will Force the Update Detection from the client:
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\W
REG DELETE "HKLM\Software\Microsoft\W
Reg Delete "HKLM\Software\Microsoft\W
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.
Pause
Snewo
Microsoft client diagnostic tool: http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
This can help diagnose your problem too.
Snewo
ASKER
Here's My windows update log file for just today:
2006-01-26 10:08:14 3628 ec4 AUClnt AU client got new directive = 'Shutdown', serviceId = {9482F4B4-E343-43B6-B170-9 A65BC822C7 7}, return = 0x00000000
2006-01-26 10:08:28 1740 b88 AU WARNING: AU found no suitable session to launch client in
2006-01-26 10:30:38 1740 b88 AU AU found 1 sessions to launch client into
2006-01-26 10:30:38 1740 b88 AU Launched new AU client for directive 'Setup Wizard', session id = 0x0
2006-01-26 10:30:38 3008 12c Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0600) ===========
2006-01-26 10:30:38 3008 12c Misc = Process: C:\WINDOWS\system32\wuaucl t.exe
2006-01-26 10:30:38 3008 12c AUClnt Launched Client UI process
2006-01-26 10:30:38 3008 12c AUClnt AU client got new directive = 'Setup Wizard', serviceId = {9482F4B4-E343-43B6-B170-9 A65BC822C7 7}, return = 0x00000000
2006-01-26 10:30:38 1740 75c AU AU setting client response for sessionId 0x0 to 'Pending'
2006-01-26 10:53:02 6120 43c Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0600) ===========
2006-01-26 10:53:02 6120 43c Misc = Process: C:\WINDOWS\system32\wuaucl t.exe
2006-01-26 10:53:02 6120 43c AUClnt Launched Client UI process
2006-01-26 10:53:02 6120 10b4 AUClnt FATAL: DuplicateHandle failed for auevent 80070006
2006-01-26 14:30:38 1740 10ec AU AU setting client response for sessionId 0x0 to 'Overdue'
2006-01-26 16:58:21 1740 b88 AU AU setting pending client directive to 'Setup Wizard'
2006-01-26 16:58:21 3008 12c AUClnt AU client got new directive = 'Shutdown', serviceId = {9482F4B4-E343-43B6-B170-9 A65BC822C7 7}, return = 0x00000000
2006-01-26 16:58:35 1740 b88 AU AU found 1 sessions to launch client into
2006-01-26 16:58:35 1740 b88 AU Launched new AU client for directive 'Setup Wizard', session id = 0x1
2006-01-26 16:58:35 2928 83c Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0600) ===========
2006-01-26 16:58:35 2928 83c Misc = Process: C:\WINDOWS\system32\wuaucl t.exe
2006-01-26 16:58:35 2928 83c AUClnt Launched Client UI process
2006-01-26 16:58:35 2928 83c AUClnt AU client got new directive = 'Setup Wizard', serviceId = {9482F4B4-E343-43B6-B170-9 A65BC822C7 7}, return = 0x00000000
2006-01-26 16:58:35 1740 fb8 AU AU setting client response for sessionId 0x1 to 'Pending'
2006-01-26 10:08:14 3628 ec4 AUClnt AU client got new directive = 'Shutdown', serviceId = {9482F4B4-E343-43B6-B170-9
2006-01-26 10:08:28 1740 b88 AU WARNING: AU found no suitable session to launch client in
2006-01-26 10:30:38 1740 b88 AU AU found 1 sessions to launch client into
2006-01-26 10:30:38 1740 b88 AU Launched new AU client for directive 'Setup Wizard', session id = 0x0
2006-01-26 10:30:38 3008 12c Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0600) ===========
2006-01-26 10:30:38 3008 12c Misc = Process: C:\WINDOWS\system32\wuaucl
2006-01-26 10:30:38 3008 12c AUClnt Launched Client UI process
2006-01-26 10:30:38 3008 12c AUClnt AU client got new directive = 'Setup Wizard', serviceId = {9482F4B4-E343-43B6-B170-9
2006-01-26 10:30:38 1740 75c AU AU setting client response for sessionId 0x0 to 'Pending'
2006-01-26 10:53:02 6120 43c Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0600) ===========
2006-01-26 10:53:02 6120 43c Misc = Process: C:\WINDOWS\system32\wuaucl
2006-01-26 10:53:02 6120 43c AUClnt Launched Client UI process
2006-01-26 10:53:02 6120 10b4 AUClnt FATAL: DuplicateHandle failed for auevent 80070006
2006-01-26 14:30:38 1740 10ec AU AU setting client response for sessionId 0x0 to 'Overdue'
2006-01-26 16:58:21 1740 b88 AU AU setting pending client directive to 'Setup Wizard'
2006-01-26 16:58:21 3008 12c AUClnt AU client got new directive = 'Shutdown', serviceId = {9482F4B4-E343-43B6-B170-9
2006-01-26 16:58:35 1740 b88 AU AU found 1 sessions to launch client into
2006-01-26 16:58:35 1740 b88 AU Launched new AU client for directive 'Setup Wizard', session id = 0x1
2006-01-26 16:58:35 2928 83c Misc =========== Logging initialized (build: 5.8.0.2469, tz: -0600) ===========
2006-01-26 16:58:35 2928 83c Misc = Process: C:\WINDOWS\system32\wuaucl
2006-01-26 16:58:35 2928 83c AUClnt Launched Client UI process
2006-01-26 16:58:35 2928 83c AUClnt AU client got new directive = 'Setup Wizard', serviceId = {9482F4B4-E343-43B6-B170-9
2006-01-26 16:58:35 1740 fb8 AU AU setting client response for sessionId 0x1 to 'Pending'
ASKER
Here is the result of my wsus client diagnostics tool:
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is running. . . PASS
Wuaueng.dll version 5.8.0.2469. . . . . . . . . . . . . PASS
This version is WSUS 2.0
Checking AU Settings
AU Option is 2 : Notify Prior to Download . . . . . . . PASS
Option is from Policy settings
Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . PASS
Winhttp local machine ProxyBypass. . . . . . . PASS
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . PASS
User IE ProxyByPass. . . . . . . . . . . . . . PASS
User IE AutoConfig URL Proxy . . . . . . . . . PASS
User IE AutoDetect
AutoDetect not in use
Checking Connection to WSUS/SUS Server
WUServer = http://192.168.1.224
WUStatusServer = http://192.168.1.224
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Client is pointed to SUS 1.0 Server
No Error description could be found
But I still can't see any computers in wsus and I still see that doggone error message:
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running. Non-running services: SelfUpdate
Karen
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is running. . . PASS
Wuaueng.dll version 5.8.0.2469. . . . . . . . . . . . . PASS
This version is WSUS 2.0
Checking AU Settings
AU Option is 2 : Notify Prior to Download . . . . . . . PASS
Option is from Policy settings
Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . PASS
Winhttp local machine ProxyBypass. . . . . . . PASS
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . PASS
User IE ProxyByPass. . . . . . . . . . . . . . PASS
User IE AutoConfig URL Proxy . . . . . . . . . PASS
User IE AutoDetect
AutoDetect not in use
Checking Connection to WSUS/SUS Server
WUServer = http://192.168.1.224
WUStatusServer = http://192.168.1.224
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Client is pointed to SUS 1.0 Server
No Error description could be found
But I still can't see any computers in wsus and I still see that doggone error message:
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running. Non-running services: SelfUpdate
Karen
OK, I'm leaning towards the server now. The client appears to be working. Can you post the exact error message you receive? Are there any entries in the event log? Post those number and info if there is ok?
Snewo
Are these clients all from a ghost or other image? If the sids are the same, WSUS will refuse to see them.
Now that I review your logs I see something very strange:
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Client is pointed to SUS 1.0 Server
Do you, or did you have an SUS server running on your network, if you did have you removed the GPO. It looks like you installed the WSUS on the same server as your old SUS server without uninstalling the SUS server or disableing the SUS server first.
That means that the clients looking at port 80 will see the SUS not the WSUS server and update from there.
Here is a result from my computer:
Checking Connection to WSUS/SUS Server
WUServer = http://servername
WUStatusServer = http://servername
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Connection to server. . . . . . . . . . . . . . . . . . PASS
SelfUpdate folder is present. . . . . . . . . . . . . . PASS
see the differance. Unistall SUS AND WSUS from that server then reinstall WSUS on that server and you sould be fine. Better yet. install the WSUS server on a different server and updat your GPO.
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Client is pointed to SUS 1.0 Server
Do you, or did you have an SUS server running on your network, if you did have you removed the GPO. It looks like you installed the WSUS on the same server as your old SUS server without uninstalling the SUS server or disableing the SUS server first.
That means that the clients looking at port 80 will see the SUS not the WSUS server and update from there.
Here is a result from my computer:
Checking Connection to WSUS/SUS Server
WUServer = http://servername
WUStatusServer = http://servername
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Connection to server. . . . . . . . . . . . . . . . . . PASS
SelfUpdate folder is present. . . . . . . . . . . . . . PASS
see the differance. Unistall SUS AND WSUS from that server then reinstall WSUS on that server and you sould be fine. Better yet. install the WSUS server on a different server and updat your GPO.
ASKER
I finally got rid of the error message on the wsus admin console saying "check your server config."
I stumbled upon this Microsoft Technet site:
http://technet2.microsoft.com/WindowsServer/en/Library/b23562a8-1a97-45c0-833e-084cd463d0371033.mspx
and followed the directions for preventing sharepoint services (which I do have installed) from interfering with wsus.
On the client machine here's the output from clientdiag: I'm still getting "Client is pointed to SUS 1.0 Server" as you can see but when I enter the text as instructed by the Microsoft Technet site into the address window of the client machine it behaves correctly. The client machines still aren't showing up in the wsus admin console but I'm hoping it's due to the time lag.
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is not running. PASS
Wuaueng.dll version 5.8.0.2469. . . . . . . . . . . . . PASS
This version is WSUS 2.0
Checking AU Settings
AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
Option is from Policy settings
Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . PASS
Winhttp local machine ProxyBypass. . . . . . . PASS
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . PASS
User IE ProxyByPass. . . . . . . . . . . . . . PASS
User IE AutoConfig URL Proxy . . . . . . . . . PASS
User IE AutoDetect
AutoDetect in use
Checking Connection to WSUS/SUS Server
WUServer = http://192.168.1.224
WUStatusServer = http://192.168.1.224
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Client is pointed to SUS 1.0 Server
Connection to server. . . . . . . . . . . . . . . . . . PASS
SelfUpdate folder is present. . . . . . . . . . . . . . PASS
I stumbled upon this Microsoft Technet site:
http://technet2.microsoft.com/WindowsServer/en/Library/b23562a8-1a97-45c0-833e-084cd463d0371033.mspx
and followed the directions for preventing sharepoint services (which I do have installed) from interfering with wsus.
On the client machine here's the output from clientdiag: I'm still getting "Client is pointed to SUS 1.0 Server" as you can see but when I enter the text as instructed by the Microsoft Technet site into the address window of the client machine it behaves correctly. The client machines still aren't showing up in the wsus admin console but I'm hoping it's due to the time lag.
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is not running. PASS
Wuaueng.dll version 5.8.0.2469. . . . . . . . . . . . . PASS
This version is WSUS 2.0
Checking AU Settings
AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
Option is from Policy settings
Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . PASS
Winhttp local machine ProxyBypass. . . . . . . PASS
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . PASS
User IE ProxyByPass. . . . . . . . . . . . . . PASS
User IE AutoConfig URL Proxy . . . . . . . . . PASS
User IE AutoDetect
AutoDetect in use
Checking Connection to WSUS/SUS Server
WUServer = http://192.168.1.224
WUStatusServer = http://192.168.1.224
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Client is pointed to SUS 1.0 Server
Connection to server. . . . . . . . . . . . . . . . . . PASS
SelfUpdate folder is present. . . . . . . . . . . . . . PASS
ASKER
Well, it's not due to the lag time. The clients are still saying pointing to sus server. I just don't get it - I didn't have an sus server; I neve even heard of it.
In my add /remove programs panel I see:
microsoft windows server update services, saying when it was installed, etc and at the bottom of the list:
windows update agent self update
there's no install date or info of any kind other than size (48mb) and it says it's used rarely. Could this have something to do with the sus server thing?
In my add /remove programs panel I see:
microsoft windows server update services, saying when it was installed, etc and at the bottom of the list:
windows update agent self update
there's no install date or info of any kind other than size (48mb) and it says it's used rarely. Could this have something to do with the sus server thing?
ASKER
I've ran snewo's script and checked out local workstation registries to be sure they were pointing to the right place whcih they are. I'm think it still has to do with sharepoint being on the same server. Sharepoint is on port 80 and microsoft has an article about migrating from sus to wsus and decommissioning sus and changing wsus to port 80.
http://technet2.microsoft.com/WindowsServer/en/Library/e16235fe-d2ec-496e-add7-32071ab6210c1033.mspx
Even though I didn't have sus configured it seems like client computers are confusing sharepoint with sus. I tried changing sharepoint to a different port but then sharepoint didn't work.
Anyone have any suggestions?
http://technet2.microsoft.com/WindowsServer/en/Library/e16235fe-d2ec-496e-add7-32071ab6210c1033.mspx
Even though I didn't have sus configured it seems like client computers are confusing sharepoint with sus. I tried changing sharepoint to a different port but then sharepoint didn't work.
Anyone have any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Success!! I took your advice and included the port in the gpo and the computers are showing up!
Thanks a million to everyone!
Karen
Thanks a million to everyone!
Karen
FYI, I'm not sure whether the group has to exist on the server in order for this to work, so create a group and call it "Test Group" for the above to work.
Snewo