[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1426
  • Last Modified:

Computers not checking in with WSUS

I am running a centralized WSUS network over a Windows 2000 Server environment.  I have a master WSUS server and six WSUS acting as replicas.  Six of the seven servers were previously running SUS; I installed MSDE plus the security patch and then decomissioned SUS and put WSUS on port 80.  All computers in the specific GPO I set up started reporting in within 2 days.  However, I have a dilemma with the seventh replica server.  This server was running SUS but it was uninstalled before WSUS was installed.  WSUS set up successfully, it syncs successfully, but out of 40 or so computers, only two reported in over a span of two months.  During that time, I checked certain computers to make sure they were getting the GPO (Win Update screen is grayed out with my GPO settings shown underneath but grayed out), i forced the GPO using secedit, and I put a script in the computer OU's startup to register related dlls and reauthorize or redirect old SUS clients to the new WSUS server ( i got it from this site), i ran wuauclt.exe commands on certain computers but all with no effect.  I disabled the Software Update Services service thinking that was interfering with something (Windows Software Update Services is running on Auto, MSSQLWSUS$ instance is running), but the other servers were running this unneccessary service without issue.  The GPO is exactly the same for each site.
Again, 2 computers checked in successfully, but I'm missing a good 30 computers.  About 5% of the PCs may be cloned and I know about the SUS IDs causing issues, but the rest should be checking in.  I think I read something recently about uninstalling an instance of SQL screwing something up but I dont know if it applies here.  The only errors recorded in the Event Viewer are related to the WUSync Service not finding a SUS Server (this is the now useless Software Update Server service from SUS) but this service has been disabled on each server with no ill effect on any.
What am i missing?  
0
bklyngy
Asked:
bklyngy
  • 9
  • 6
  • 3
2 Solutions
 
Mohammed HamadaSenior IT ConsultantCommented:
Can you post the event viewer error..!
0
 
bklyngyAuthor Commented:
There are no event viewer errors anymore (the logs were cleared) since i stoppped the old SUS sync service.  The only items regarding this in the event viewer are Information entries that the WSUS sync starts and completes successfully.
0
 
Mohammed HamadaSenior IT ConsultantCommented:
Can you make sure that port 80 is enabled on all of the win2000 computers?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Mohammed HamadaSenior IT ConsultantCommented:
Check this link under the Client Configuration checks:- you may find some useful information...!

http://www.wsuswiki.com/ClientFAQ
0
 
bklyngyAuthor Commented:
Port 80 is enabled on every wsus server.
0
 
dann47Commented:
Can the remote ping the host at all?
What OS are these machines running?
Any event logged on the remote machines?
0
 
bklyngyAuthor Commented:
The wsus servers are domain controllers; every client can successfully ping and connect to their prospective wsus server. Each replica is successfully synching with the master every night. These are XP SP2 clients.  The client machines have no errors in their event viewers (I have not checked all 30-50 machines, but the users I have tapped into remotely have no errors recorded).
0
 
dann47Commented:
If you provide me with an email address, i can send you over a little tool that acn be used to tell you the settings on these remote PC
0
 
Mohammed HamadaSenior IT ConsultantCommented:
I guess the problem here is that the client computers can not apply WSUS group policy to get updates.

Please check the following setting on the client computers:

1. Right click "My Computer" to choose Properties item to open System Properties page.
2. Under "Automatic Updates" tab, please check if you can change automatic updates settings. If yes, that indicates the group policy does not apply to the client computer. If not, indicates the policy has been applied to the client computer. We need check the WSUS server settings to find cause.

Can you first try to see the IP report, Try to type on one of the clients the below command and see if it's pointing to the IP address of the WSUS server's internal NIC for DNS..!!

Start ---> run --> type cmd and enter
type ipconfig /all and enter

Reset your client Configurations... the following link can be helpful..
http://wsus.editme.com/ClientFAQ

Try to rejoin the clients to the Domain ...

1. Quit the workstation from the domain. To do so, see:

Locate in Client Computers in Server Management console and choose the computer has in right panel. Click Remove from network link to delete the computer from domain.

2. Setup the client computer by running "Setup Client Computer" wizard to setup computer account.

3. In the client computer, try to join it to domain by running http://servername/connectcomputer. And assign the appropriate user accounts to the computer.

Run command "gpupdate /force" Without quotation marks to update group policy.
Logoff then logon the computer with domain user account to see if the group policy has been applied.

Check these links for Wsus AU Settings
http://www.microsoft.com/technet/community/columns/sectip/st0506.mspx

http://groups.google.com.ly/group/microsoft.public.windows.server.update_services/browse_thread/thread/a27906c8dd33f50d/7d73a6f85a3337db?lnk=st&q=client+not+check+in+with+wsus+server&rnum=5&hl=en#7d73a6f85a3337db

the above link contains a diagnostic link for the WSUS..

Hope this helps..
0
 
bklyngyAuthor Commented:
The clients are all getting the GPO and they are absolutely seeing the DCs.  Disjoining the domain is not an option.
0
 
dann47Commented:
BUMP!!

If you provide me with an email address, i can send you over a little tool that acn be used to tell you the settings on these remote PC
0
 
bklyngyAuthor Commented:
I sent you my email address at your posted AOL acct.  Thanks.
0
 
bklyngyAuthor Commented:
The app never made it to me.  
0
 
bklyngyAuthor Commented:
Microsoft just releasd sp1 for wsus that supposedly fixes this issue.  Im giving it a shot tonight..

http://support.microsoft.com/?scid=kb;en-us;919004&spid=2097&sid=global
0
 
bklyngyAuthor Commented:
I ran the client diagnostic tool and the clients are aimed at the old sus server even though the gpo is being applied and the new server is in the gpo.  How do i refresh or clear that cached setting from the clients so they can rediscover the new wsus server?
0
 
Mohammed HamadaSenior IT ConsultantCommented:
Goto Start --> run --> cmd and enter
Gpupdate /force
0
 
bklyngyAuthor Commented:
unfortunately that command only works for win2003; what I did find however is that for some reason, there was a replication issue and my gpo did not make it across; the settings were grayed out because they were still under a gpo that pointed them to a now non-wsus server.  That was resolved today and immediately the missing clients started checking in with WSUS.

Thanks for the help, but the Microsoft WSUS Client Diagnostic Tool was the key:  http://www.microsoft.com/windowsserversystem/updateservices/downloads/default.mspx
0
 
Mohammed HamadaSenior IT ConsultantCommented:
Good Job bklyngy, Now you can close the question by awarding points to the helpful comment/expert or/and refund points by directing this Q's link to community support with a new question asking for refund.

Regards.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 9
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now