We help IT Professionals succeed at work.

New Desktops not showing up in WSUS

Info Tech
Info Tech asked
on
Medium Priority
640 Views
Last Modified: 2008-07-03
I have had WSUS running on my system for quite some time now and everything worked just fine.  About 2 months ago now I launched all brand new desktops for the company and I cannot get any of the desktops to show up in WSUS meaning I am not distributing any updates.  I tried running the detectnow command and that does not help.  I cannot figure out why my desktops are not registering to WSUS.  Does anyone have any idea upon why this is not working?

Thanks
Comment
Watch Question

Commented:
Have you verified that the computer accounts are getting the GPO assigning the WSUS server?
brwwigginsIT Manager

Commented:
I would try going to the windows update site and see if there is a newer version of the client that needs to be downloaded. If there is download it and see if the desktops will start to appear in WSUS.
Info TechIT Department

Author

Commented:
I am almost positive that they are getting the correct GPO.  Is there a way to verify this?  Also I have tried going to Windows update.  I did that before I made the ghost for these machines.  
CERTIFIED EXPERT
Top Expert 2005

Commented:
Were these imaged using Sysprep?

If you run GPRESULT, do you see the Group Policy applying that affect WSUS settings?

Let us know.
Giuseppe 'Pino' De FrancescoSnr. Solutions Architect
CERTIFIED EXPERT

Commented:
Hiya,
if you open the client's Automatic Update applet (from Control Panel) what do you read?

Cheers
Pino
Info TechIT Department

Author

Commented:
Yes it says the Default Domain Policy was applied and that is where I have all the automatic update stuff configured.  Also when I go to the Automatic Update applet it is all greyed out and it says everyday at 3:00am which is what I want it to do.  I just can't see any of the computers when I go to the WSUS console.  
Giuseppe 'Pino' De FrancescoSnr. Solutions Architect
CERTIFIED EXPERT

Commented:
CERTIFIED EXPERT
Top Expert 2005

Commented:
Try this on one PC:

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
Delete the PingID, SUSClientID and the AccountDomainSID key values
Stop and start the Wuauserv Service
From the command prompt run: wuauclt /resetauthorization /detectnow

Give it some time and report back whether you see it now.

Also check permissions on the Self Update virtual server - anonymous access must be allowed.


Info TechIT Department

Author

Commented:
OK this is what I found so far and this is really odd.  If I go up to one of my new workstation and run the wuauclt.exe /detectnow the workstation will find the WSUS server and the updates ready icon in the system tray will pop up and want to install the updates.  

When I look at the WSUS console the workstation shows up.  

Ok now if I go to another workstation and do the same thing the workstation will update but when I go to the WSUS server the first workstation that I got to show up is now gone and the last workstation I ran the command on is now there.

 Basically I can only add one at a time and the previous one disappears.  What is going on here?
Giuseppe 'Pino' De FrancescoSnr. Solutions Architect
CERTIFIED EXPERT

Commented:
It seems that your workstations are made all from the same ghost image... same Windows Unique Identifier.... Call your supplier, you've paid for a lot of licences but got only one cloned many times.

Cheers
Pino
Info TechIT Department

Author

Commented:
Actually I am the one that ghosted these machines from one machine.  Is there a way to change the Windows unique ID
Giuseppe 'Pino' De FrancescoSnr. Solutions Architect
CERTIFIED EXPERT

Commented:
Also if such a method exist, explain it is against this site rules AND against the law. I agree that Microsoft is quite expensive, that's why I suggest to install linux instead... but is hard to get people convinced.

The only solution you have is to buy the licences. To mae many clones from a single HD you have to buy an OEM licence... then build up your distribution HD and... buy OEM licensc codes ;)

Cheers
Pino
CERTIFIED EXPERT
Top Expert 2005

Commented:
Huh?  

Anyway, I asked that before - if you imaged them all using Sysprep.  The answer is NO.

Remove each PC from the Domain by putting it into a Workgroup.
Delete the computer account from AD.

Download and extract Sysprep.
Create a folder on each PC on the root of C: called "Sysprep".
Copy the tools into this folder (the ones you downloaded).
Go Start>Run>c:\sysprep\sysprep.exe
Wait for it to shut down the PC.

Restart the PC.
Follow the Wizard.
Rejoin the domain.

When you image a workstation, you MUST run Sysprep before you create the master Ghost image - all your computers now share the same SID...



Info TechIT Department

Author

Commented:
I own more than enough licenses.  I did it this way so I could get all the software on the machines that I needed.  I was told from Microsoft myself that this would be OK for me.  I will try what Netman66 suggested and see how that goes.  Where do I download sysprep from?  Is that right from Microsoft?
Info TechIT Department

Author

Commented:
So when should I take the image from the machine?  I should do it right after I run the sysprep.exe?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2005
Commented:
Yes.  Right after Sysprep is run and it shuts down.  Boot with a DOS Disk with network support, Ghost to a network share.

Info TechIT Department

Author

Commented:
Ok I see.  I also found a way easier way to generate new SID's and it is for people like me who did not run sysprep.  It is call newsid and is made my sysinternals.  It works great and all by itself.  Just generates the new SID and reboots itself.  Now my PC's are showing up in my WSUS server.  I guess that was the problem the whole time.  Thanks everyone for your help and I am going to divide up the points here.

Thanks
CERTIFIED EXPERT
Top Expert 2005

Commented:
Keep in mind, that if you run into problems and require a call to Microsoft, that they will not support the method you used to regenerate the SID.  I'm not saying it doesn't work, just that MS won't support it.

Good job.

Info TechIT Department

Author

Commented:
I have never called microsoft for desktop support and hope I dont have to.  Again thank you for your help!!!  You have solved a two month problem here.  I guess maybe I should have called microsoft on this one huh. :)
CERTIFIED EXPERT
Top Expert 2005

Commented:
You're a bugger for punishment, aren't you!  :o)

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.