Link to home
Start Free TrialLog in
Avatar of J.R. Sitman
J.R. SitmanFlag for United States of America

asked on

New WSUS server not seeing any computers

I built a new WSUS server two days ago and it has not added any of our computers.  I changed the existing GPO to point to the new server.  I also rebooted all the computers.  It's 2012 R2 VM server on Hyper-V
I'm guessing I've missed a step in the installation.

What should I check?
ASKER CERTIFIED SOLUTION
Avatar of LukeMo
LukeMo

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of J.R. Sitman

ASKER

did gpupdate /force

When I ran wuauclt /ShowWUAutoscan it open the "check for updates"  When I ran wuauclt /r it did not show up on the WSUS server.

On WSUS server if I do a search for a computer, it doesn't find it.

I didn't see and setting to enter a port #.

Registry on one computer still shows the previous WSUS server.  I double checked the GPO and it has the new server.
Under the settings for Computers, it has "Use the Update Services console"  is that correct?
Post your gpo info for wsus

Also take a look at the log file on the local computers

%systemroot%\windowsupdate.log

Check for errors
Post results
"Registry on one computer still shows the previous WSUS server.  I double checked the GPO and it has the new server. "

Did you create a new GPO for this new WSUS server, or did you edit the old ??
I didn't see and setting to enter a port #.

it's part of the URL
i provided the example above
you put the port number there the same way you port a port number the URL bar of a browser when it's other than 80 or 443
Avatar of LukeMo
LukeMo

Not sure on the "use the update services console"  I can't recall seeing that.

Check all of the applied GP to your client by running "gpresult /r" on your client and see if you've possibly got the WSUS configured in two separate GPO.    

Once you've ID'd the correct GPO, just run "gpupdate /force" instead of rebooting to save some time.
You can also speed up clients reporting by running the following .bat on them

%Windir%\system32\gpupdate

%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
del %WINDIR%\WindowsUpdate.log /S /Q
rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv


sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)


sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

wuauclt /resetauthorization /detectnow
wuauclt /reportnow

exit /B 0
when I enter either of the ports I get page cannot be displayed.

Also I don't believe running the bat file will fix anything because the computer settings are still pointed to the previous server.
I verified only one WSUS GPO is being deployed to the computer
so when you installed WSUS, you changed the default port to 80 with wsusutil?
I don't recall what port I used.  How do I verify and or change?
I think I may have found the problem.  I made a new GPO, removed the OU from the old GPO.  From a computer I did gpupdate /force.  It states it was successful, however then it states computer policy could not be updated.  
See attached.   I'll be away from the computer for an hour.
wsus-command.jpg
How do I verify and or change?

it's in the wsus2.jpg screenshot you posted earlier (update service and statistics server location)
based on what you are providing, might also be something else going on
check your domain controller replication for any issues
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I fixed the problem in post 40914470.  I had a brain fart and the // were backward in the GPO.  
However, I still can't get the the wsus server using http://wsusVM_LA:8530 or it's ip address, http://172.16.1.78:8530

I did verify the port is 8530 based on Lukemo screen shot.  
In the GPO I have only the server name http://WSUSVM_LA.  Also the old server still has WSUS installed.

Additional help is appreciated.
that's why I setup a DNS record for WSUS then the GPO using the DNS record so if you ever change the server you will not need to remember to change any thing


Just food for thought
Thanks, but still need help on this.
Lets try this from your computer not the server running WSUS

Start MMC

File >  Add/Remove snap in >  scroll down Available Snap-ins > Select Update Services > OK

Highlight "Update Services"  in right most panel click on Connect to Server

Enter server name  WSUSVM_LA  PORT default is 80 if you setup WSUS as default try 8530

Lets see if you can connect to the WSUS Server  remotely
I tried it from my workstation, a DC and a member server.  None of them had "update servces" as a Snap-in
Another thought

Did we ever figure out if the computers are getting the GPO updates correctly?
I deleted the new GPO because it was causing an error when I did gpupdate /force.  I activated the old GPO.  So all computers are getting it.  In the old GPO I changes the server to the new server.
Ok now we are back to the original question correct.?

I see in your posting above https://www.experts-exchange.com/questions/28702870/New-WSUS-server-not-seeing-any-computers.html?anchorAnswerId=40914786#a40914786

That you have 8 computers that have not yet reported.

Is that still true?

Where are the computers in WSUS? Do you manually add them to the Group Pc or Server?

Can we see a screen shot of the groups expanded or are they all unassigned?

also try running this if the GPO is correct now.

wuauclt.exe /resetauthorization /detectnow


HTH
correct, we are back at the beginning.  the new WSUSVM_LA server has no computers.  I ran the wuauclt.exe on my workstation and nothing displayed.  I'm running it from the run box.  Should I be running it from a command prompt?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
According to your log, your computers are pointing to http://spcala189
I ran the command and also checked the registry.  The correct WSUS server is there, but so far, the server hasn't displayed any computers.  It's been 12 minutes.  I'll be away from computer for an hour or so.  Let me know what you want me to do.
I also checked another computer without running the command and the correct server is there
When you are checking the WSUs Console make sure you do a refresh the console does not update automatically
yep, I've done it several times.  It's been an hour now and no computers.
In my 2nd attachment I showed the address for the WSUS server with http://HOST:8530 
Is your GPO set like that?  
Did WSUS work with the previous server?

Try this URL from your client's web browser:
http://HOST:8530/SimpleAuthWebService/SimpleAuth.asmx
This should be the response:
User generated imageReplace HOST with either your DNS name or your IP address.   You could even have a DNS issue where the clients are looking for HOST and it's not resolving, so maybe try the FQDN - HOST.DOMAIN.
this is how the GPO is set.  http://WSUSVM_LA.  I can try and change it to the ip.  Would it look like this, http://172.16.1.78:8530
What happens if you ping by the DNS name does that work from the computer?

Ipconfig /all post results
Would it look like this,

yes, that is the example i gave in the beginning
if you did not change the default port, then it runs on port 8530 in 2012
I can ping it from my workstation with FQDN, ip or just dns name.  All resolve
@Seth, I didn't bother to change it because the information previously in the GPO used just the DNS name.  With that said, "thank you"  they have started to report in to the WSUS server.  I will go through all the help and accept the best answers.

Thanks VERY much to all.
can you post the last few hundred lines of a client's windowsupdate.log file again?
Glad they are now reporting sometimes it takes time

Hope we all helped
you all definitely helped
Thanks to all for sticking with me.