Solved

WSUS client questions

Posted on 2006-11-28
29
744 Views
Last Modified: 2008-01-09
We have WSUS running on Windows 2000 Server with 2000 Pro and XP Pro clients.

On a couple of the 2000 clients there is no settings in the registry relating to using WSUS. Normally there are 2 settings I look for:

Under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate there are 2 keys for WUServer and WUStatusServer

and

Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate there are 2 keys for AccountDomainSid and SusClient Id

These 2 computer dont have the WindowsUpdate folders from either registry location.


My second question is that there are a couple of the XP clients that will download the updates but not install them unless its done manually. I am using Group Policy on the DC to have it downolad and install the updates automatically.
0
Comment
Question by:TSI-WLV
  • 11
  • 6
  • 3
  • +4
29 Comments
 
LVL 6

Expert Comment

by:trippleO7
ID: 18029678
For the Registry question.  Are those 2000 clients reporting to the WSUS server?  Are they cloned PC's?  Imaged without Sysprep?

On those XP machines, depends on your GP Settings, etc, but generally, if the users are administrators of those computers, they get prompted to install the updates rather than it being done in the background.  Can you verify what permissions those users have?

Also, could you post what your GPO looks like for the Windows update section?
0
 
LVL 6

Expert Comment

by:trippleO7
ID: 18029679
meant which GPO settings do you have applied, etc...
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18029738
They are not reporting to the WSUS server. They most likely are cloned and Sysprep was not used. What Ive been doing is checking those registry settings on the cloned computers and making sure that they are pointing to the WSUS server and then deleting the AccountDomainSid and SusClient Id and having it recreated using a script I got from someone else. Its worked fine on the other cloned computers but they had the registry settings to begin with and these 2 dont.

For the XP machines one has local admin (mine) and thats why I figured it was prompting me but I just found out another one does it too. His account is a Power User.

For the GPO settings the are set on the DC and point to our WSUS server and have it set to automatically download and install updates daily. Any settings in particular you want to know about?
0
 
LVL 6

Expert Comment

by:trippleO7
ID: 18029807
That was the main setting I was concerned about.  But would like to see the other settings as well to determine the issue with the power user.  Are you using GPMC to manage the settings?  If so, highlight your GPO, click the settings tab, then copy and paste the "Windows Components/Windows Update" section.



On those win2000 clients, what Service Pack is on them?

Also, download the client diagnostic tool via and run it on the problem workstations :

http://www.microsoft.com/windowsserversystem/updateservices/downloads/default.mspx
 
0
 
LVL 7

Expert Comment

by:DenisCooper
ID: 18029842
answers to your questions:

make sure the windows 2000 clients have the latest service pack installed, also make sure that windows xp clients have sp1 installed - this should fix both your problems...
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18029899
I installed the GPMC and here is the section for WSUS

Windows Components/Windows Update
Policy Setting
Allow non-administrators to receive update notifications Enabled
Automatic Updates detection frequency Enabled
Check for updates at the following
interval (hours):  22
 
Policy Setting
Configure Automatic Updates Enabled
Configure automatic updating: 4 - Auto download and schedule the install
The following settings are only required
and applicable if 4 is selected.
Scheduled install day:  0 - Every day
Scheduled install time: 09:00
 
Policy Setting
No auto-restart for scheduled Automatic Updates installations Enabled
Specify intranet Microsoft update service location Enabled
Set the intranet update service for detecting updates: http://qdc1
Set the intranet statistics server: http://qdc1
(example: http://IntranetUpd01)
 

The 2000 Clients have SP4.

I cant run the tool until they are off of the comptuers and I dont know when that will be.
0
 
LVL 6

Accepted Solution

by:
trippleO7 earned 150 total points
ID: 18030312
For your power user issue.... you have set "Allow non-administrators to receive update notifications - Enabled"  That solves your second question, so lets focus more on the first and why those 2000 machines aren't seeing the update server....

Download NewSID from MS:
http://www.microsoft.com/technet/sysinternals/Utilities/NewSid.mspx

Then when you can get on those 2000 machines, run it and let it generate a random SID....You'll probably want to keep the same computer name though.

After that's complete, do the following:

Start > Run

ipconfig /flushdns
ipconfig /registerdns

Reboot your computer, then check your WSUS admin page to see if it showed up.  Run the client diag tool and see if everything looks correctly...if not, it's most likely the policy isn't being applied correctly...if that happens, make sure those 2000 workstations and users logging on to them (if user policy is definded) have correct permissions to the GPO.  By default, it's athenticated users and should work.






0
 

Expert Comment

by:knabitic
ID: 18030618
To make the 2000 box receive and install the updates make sure they have the latest service pack..
0
 
LVL 9

Expert Comment

by:Krompton
ID: 18031008
trippleO7 is on track with NewSID tool. Any time you duplicate a system drive (unless it was prepared with sysprep) I would run NewSID. This will save you many headaches down the road.
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18031546
The 2000 and XP clients have the latest service packs.

Are you sure the NewSid will do the trick if there is no area for the SID to be there in the first place? Normally I would run my script that would delete and recreate the SID and restart the update service etc but there is no section in the registry for this information to go. Therefore there is no old SID info.
0
 
LVL 6

Expert Comment

by:trippleO7
ID: 18031624
You were trying to delete and update the SID in the Windows update part of the registry....this is for Security and SAM accounts, which in turn, will uniquely identify those computers so communication between them and the WSUS server can occur.


From http://www.microsoft.com/technet/sysinternals/Utilities/NewSid.mspx:

How it Works
NewSID starts by reading the existing computer SID. A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account. This key has a value named F and a value named V. The V value is a binary value that has the computer SID embedded within it at the end of its data. NewSID ensures that this SID is in a standard format (3 32-bit subauthorities preceded by three 32-bit authority fields).

Next, NewSID generates a new random SID for the computer. NewSID's generation takes great pains to create a truly random 96-bit value, which replaces the 96-bits of the 3 subauthority values that make up a computer SID.

Three phases to the computer SID replacement follow. In the first phase, the SECURITY and SAM Registry hives are scanned for occurrences of the old computer SID in key values, as well as the names of the keys. When the SID is found in a value it is replaced with the new computer SID, and when the SID is found in a name, the key and its subkeys are copied to a new subkey that has the same name except with the new SID replacing the old.

The final two phases involve updating security descriptors. Registry keys and NTFS files have security associated with them. Security descriptors consist of an entry that identifies which account owns the resource, which group is the primary group owner, an optional list of entries that specify actions permitted by users or groups (known as the Discretionary Access Control List - DACL), and an optional list of entries that specify which actions performed by certain users or groups will generate entries in the system Event Log (System Access Control List - SACL). A user or a group is identified in these security descriptors with their SIDs, and as I stated earlier, local user accounts (other than the built-in accounts such as Administrator, Guest, and so on) have their SIDs made up of the computer SID plus a RID.

The first part of security descriptor updates occurs on all NTFS file system files on the computer. Every security descriptor is scanned for occurrences of the computer SID. When NewSID finds one, it replaces it with the new computer SID.

The second part of security descriptor updates is performed on the Registry. First, NewSID must make sure that it scans all hives, not just those that are loaded. Every user account has a Registry hive that is loaded as HKEY_CURRENT_USER when the user is logged in, but remains on disk in the user's profile directory when they are not. NewSID identifies the locations of all user hive locations by enumerating the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList key, which points at the directories in which they are stored. It then loads them into the Registry using RegLoadKey under HKEY_LOCAL_MACHINE and scans the entire Registry, examining each security descriptor in search of the old computer SID. Updates are performed the same as for files, and when its done NewSID unloads the user hives it loaded. As a final step NewSID scans the HKEY_USERS key, which contains the hive of the currently logged-in user as well as the .Default hive. This is necessary because a hive can't be loaded twice, so the logged-in user hive won't be loaded into HKEY_LOCAL_MACHINE when NewSID is loading other user hives.

Finally, NewSID must update the ProfileList subkeys to refer to the new account SIDs. This step is necessary to have Windows NT correctly associate profiles with the user accounts after the account SIDs are changed to reflect the new computer SID.

NewSID ensures that it can access and modify every file and Registry key in the system by giving itself the following privileges: System, Backup, Restore and Take Ownership.
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18031664
So will this add the Windows Update keys that were missing on these computers?

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate there are 2 keys for WUServer and WUStatusServer

and

Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate there are 2 keys for AccountDomainSid and SusClient Id
0
 
LVL 7

Assisted Solution

by:DenisCooper
DenisCooper earned 150 total points
ID: 18036101
i wouldn't say that the newsid tool will help in this situation, but it might, so don't rule it out....

as you are using group policy to push down the wsus settings, i would suggest that the issue lies here. By default the keys mentioned aren't there if you don't configure WSUS server - as window will use it's default one - the microsoft website.

you need SP4 on windows 2000 machines to enable WSUS configuration, and as you already have this they will be capable of pulling down the updates from your WSUS server. Because the keys are not in the registry, it suggests to me, that your computer is not pulling down the policy from your DC.

From your computer (windows xp), use an account which should have local admin rights on the w2k machine which is not running, and goto a command prompt and type gpresult /s xxx where the xxx is the netbios/dns name of the computer you want to check the group policy on.
This will then tell you what policies are in effect on this computer.

It is possible that the computer is not in the OU, that it has been blocked from your gpo for some reason etc....

You could always also add the reg keys in you mention abbove into the registry of the computer. Just create a script with the below information (edit server name and update schedule for your envirnonment) and save it as a .reg file then double click it on the pc's you are having problems with.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="servername"
"WUStatusServer"="servername"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:00000005
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000004


With regards to the second part of your question, windows xp, prior to SP1 did not support the scheduling options in WSUS so you will need to update these to SP1 or prefably SP2.

Hope this helps.
Denis
0
 
LVL 9

Assisted Solution

by:Krompton
Krompton earned 100 total points
ID: 18037338
TSI-WLV,

trippleO7 has provided an excellent breakdown of NewSid tool. DenisCooper also has a good point that NewSid may not be the only step required to resolve your WSUS issue.

From the same place trippleO7 mentioned you can down load NewSid there should be another set of SysInternals Tools called PSTools. This is a great set of freeware tools any administrator should have. Among them is PSGetSid. You can use PSGetSid to query all the machines on your network and verify that their SIDs are unique.

A local machines SID SHOULD not cause problems in AD because it assigns a domain GUID to each machine, but I have had odd problems in the past if machines had the same Local SID. So I would still recommend using NewSid.

If you haven’t done so already I would use the Group Policy Results wizard from GPMC to see what is happening on the problem machines. That may provide some insight as well.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:TSI-WLV
ID: 18038557
Ok, Im going to be able to run all of these checks in a couple of hours so I will report back what I find.
0
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 18040849
the batch script below is also a combo of registering drivers needed by WSUS. This script also deleted cloned WSUS Sids



rem ***** Fixes problem with client machines not showing up on the server due to imaging method *****

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f

regsvr32 /s wuapi.dll
regsvr32 /s wups.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s msxml3.dll
regsvr32 /s Mssip32.dll
regsvr32 /s Initpki.dll

NET STOP WUAUSERV
NET STOP BITS
regsvr32 /s cdm.dll
regsvr32 /s bitsprx2.dll
regsvr32 /s bitsprx3.dll
regsvr32 /s iuengine.dll
regsvr32 /s qmgr.dll
regsvr32 /s qmgrprxy.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml2.dll
regsvr32 /s msxml3.dll
regsvr32 /s urlmon.dll
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuauserv.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups.dll
regsvr32 /s wuweb.dll

NET START BITS
NET START WUAUSERV
regsvr32 /s softpub.dll
regsvr32 /s initpki.dll
regsvr32 /s mssip32.dll
regsvr32 /s wintrust.dll
regsvr32 /s dssenh.dll
regsvr32 /s rsaenh.dll
regsvr32 /s gpkcsp.dll
regsvr32 /s sccbase.dll
regsvr32 /s slbcsp.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s jscript.dll

wuauclt /resetauthorization /detectnow
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18041786
bigjimbo813, I use that script and may have got it from you to begin with.

------------------------------------------------------------------------------------
Here is the result from the WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 5.8.0.2469. . . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 3 : Notify Prior to Install. . . . . . . . PASS
                Option is from Control Panel

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL
------------------------------------------------------------------------------

I ran NewSid as well but it didnt help. I did have to rejoin the computer to the domain though which I wasnt expecting!
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18041797
Here is the result from gpresult /s before running NewSid

 KeyName:    Software\Policies\Microsoft\SystemCertificates\EFS\Certi
ficates\6F05ECED792553B71EE9D834DBD1D28628773DDC
            ValueName:  Blob
            ValueType:  REG_BINARY
            Value:

                 

            KeyName:    Software\Policies\Microsoft\SystemCertificates\EFS\CRLs
            ValueName:
            ValueType:  REG_NONE
            Value:      This key contains no values

            KeyName:    Software\Policies\Microsoft\SystemCertificates\EFS\CTLs
            ValueName:
            ValueType:  REG_NONE
            Value:      This key contains no values

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate
            ValueName:  ElevateNonAdmins
            ValueType:  REG_DWORD
            Value:      0x00000001

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate
            ValueName:  WUServer
            ValueType:  REG_SZ
            Value:      http://qdc1

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate
            ValueName:  WUStatusServer
            ValueType:  REG_SZ
            Value:      http://qdc1

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  NoAutoRebootWithLoggedOnUsers
            ValueType:  REG_DWORD
            Value:      0x00000001

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  UseWUServer
            ValueType:  REG_DWORD
            Value:      0x00000001

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  DetectionFrequencyEnabled
            ValueType:  REG_DWORD
            Value:      0x00000001

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  DetectionFrequency
            ValueType:  REG_DWORD
            Value:      0x00000016

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  NoAutoUpdate
            ValueType:  REG_DWORD
            Value:      0x00000000

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  AUOptions
            ValueType:  REG_DWORD
            Value:      0x00000004

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  ScheduledInstallDay
            ValueType:  REG_DWORD
            Value:      0x00000000

            KeyName:    Software\Policies\Microsoft\Windows\WindowsUpdate\AU
            ValueName:  ScheduledInstallTime
            ValueType:  REG_DWORD
            Value:      0x0000000d


===============================================================
The computer received "Security" settings from these GPOs:

        Local Group Policy
            Revision Number:    7 (Active Directory) 7 (Sysvol)
            Unique Name:        Local Group Policy
            Domain Name:
            Linked to:          Local computer

        Default Domain Policy
            Revision Number:    28 (Active Directory) 28 (Sysvol)
            Unique Name:        {31B2F340-016D-11D2-945F-00C04FB984F9}
            Domain Name:        EFS-NLSC.COM
            Linked to:          Domain (DC=efs-nlsc,DC=com)


        Run the Security Configuration Editor for more information.


===============================================================
The computer received "EFS recovery" settings from these GPOs:

        Local Group Policy
            Revision Number:    7 (Active Directory) 7 (Sysvol)
            Unique Name:        Local Group Policy
            Domain Name:
            Linked to:          Local computer

        Default Domain Policy
            Revision Number:    28 (Active Directory) 28 (Sysvol)
            Unique Name:        {31B2F340-016D-11D2-945F-00C04FB984F9}
            Domain Name:        efs-nlsc.com
            Linked to:          Domain (DC=efs-nlsc,DC=com)


        Additional information is not available for this type of policy setting.
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18041802
Here is the result from gpresult /s before after NewSid and after forcing a policy update on the DC.

Create global objects


###############################################################

Last time Group Policy was applied: Wednesday, November 29, 2006 at 12:14:43 PM
Group Policy was applied from: qdc1.efs-nlsc.com


===============================================================
The user received "Internet Explorer Branding" settings from these GPOs:

        Default Domain Policy
            Revision Number:    9 (Active Directory) 9 (Sysvol)
            Unique Name:        {31B2F340-016D-11D2-945F-00C04FB984F9}
            Domain Name:        efs-nlsc.com
            Linked to:          Domain (DC=efs-nlsc,DC=com)


        Additional information is not available for this type of policy setting.




###############################################################

  Computer Group Policy results for:



  Domain Name:          EFS-NLSC
  Domain Type:          Windows 2000
  Site Name:            Default-First-Site-Name


  The computer is a member of the following security groups:

        BUILTIN\Administrators
        \Everyone
        NT AUTHORITY\Authenticated Users

###############################################################

Last time Group Policy was applied: Wednesday, November 29, 2006 at 12:04:48 PM
Group Policy was applied from: qdc1.efs-nlsc.com


===============================================================


The computer received "Registry" settings from these GPOs:

        Local Group Policy
            Revision Number:    7 (Active Directory) 7 (Sysvol)
            Unique Name:        Local Group Policy
            Domain Name:
            Linked to:          Local computer




        The following settings were applied from: Local Group Policy

            KeyName:    Software\Policies\Microsoft\SystemCertificates\EFS
            ValueName:  EFSBlob
            ValueType:  REG_BINARY
            Value:



            KeyName:    Software\Policies\Microsoft\SystemCertificates\EFS\Certi
ficates\1B0C91C85D800038B9F6E1301BCDED1096653BF3
            ValueName:  Blob
            ValueType:  REG_BINARY
            Value:



            KeyName:    Software\Policies\Microsoft\SystemCertificates\EFS\CRLs
            ValueName:
            ValueType:  REG_NONE
            Value:      This key contains no values

            KeyName:    Software\Policies\Microsoft\SystemCertificates\EFS\CTLs
            ValueName:
            ValueType:  REG_NONE
            Value:      This key contains no values


===============================================================
The computer received "Security" settings from these GPOs:

        Local Group Policy
            Revision Number:    7 (Active Directory) 7 (Sysvol)
            Unique Name:        Local Group Policy
            Domain Name:
            Linked to:          Local computer


        Run the Security Configuration Editor for more information.


===============================================================
The computer received "EFS recovery" settings from these GPOs:

        Local Group Policy
            Revision Number:    7 (Active Directory) 7 (Sysvol)
            Unique Name:        Local Group Policy
            Domain Name:
            Linked to:          Local computer


        Additional information is not available for this type of policy setting.
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18041823
For the registry edit from DenisCooper I put the text into a file and saved it with .reg and tried to import it and here is what I got.

Cannot import XXXX.reg -- The specified file is not a registry script. You can only import registry files.

I was hoping this was the thing that would fix it too!

The only thing I changed in the text was the server name. Should I have changed anything else?

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="qdc1"
"WUStatusServer"="qdc1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:00000005
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000004
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18041944
I just looked at my WSUS server and the computer is there! I wonder what happened?
0
 
LVL 38

Expert Comment

by:younghv
ID: 18042418
TSI-WLV,
I believe the technical explanation is "FM".
The "M" stands for magic and you can fill in the rest.

This has been a great string of posts and I've already 'cut and pasted' a bunch of it.

Thanks all.

Vic
0
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 18042597
glad its working,

another good source of information can be obtained from -> c:\windows\WindowsUpdate.log  (hence no space).

Usually that file will contain all the errors which WSUS is experiencing. If you haven't deleted it you could revert to the log times before the system appeared for an explanation.

Vic,

This site is wonderful isn't it?
0
 
LVL 9

Assisted Solution

by:bigjimbo813
bigjimbo813 earned 100 total points
ID: 18042611
also the reason that reg hack didnt work was because "  Windows Registry Editor Version 5.00 " was missing from the beginning of the file.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="qdc1"
"WUStatusServer"="qdc1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"UseWUServer"=dword:00000001
"RescheduleWaitTime"=dword:00000005
"NoAutoRebootWithLoggedOnUsers"=dword:00000000
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000004

apply that and it will work!
0
 
LVL 7

Expert Comment

by:DenisCooper
ID: 18044767
you just need to double click the .reg file, it should put it in itself, don't need to import it through regedit....

glad it's all working for you now...
0
 
LVL 9

Expert Comment

by:Krompton
ID: 18044868
This is a great site!

TSI-WLV,
Sorry about the re-adding to the Domain. I typically run the tool prior to the machine having been added to a domain and haven't needed to use it in a loooong time but it is a great tool.
Didn't you say there were a couple machines having this problem? Have they both been cleared up? If the other has not try just removing from Domain and re-joining to see if the problem was just GPO application. If not run NewSid on it as well and see what happens.

Cheers,
Krompton
0
 
LVL 38

Expert Comment

by:younghv
ID: 18045129
The simple fix I use is to drop the box into a Workgroup (NO RE-BOOT),
Re-add to the domain (RE-BOOT).
Then run a time synch.

Create a batch command out of the following lines:

cd\
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time


Vic
0
 
LVL 6

Expert Comment

by:trippleO7
ID: 18045185
Good posts people!  Nice to see it's working for you TSI-WLV.
0
 
LVL 1

Author Comment

by:TSI-WLV
ID: 18046813
Someone moved a bunch of computer around so I will have to find the other one and see what happens.

Thanks for all the ideas and tips and Ill dish out some points when I have a chance to figure out how Im going to do it!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now