Solved

WSUS not finding all computers on my network

Posted on 2007-03-23
18
437 Views
Last Modified: 2010-04-18
I've installed WSUS on my Server 2003. The problem is that it only finds half the computer on my network. All the computers have the same setup running XP and were taken from the same image. How can I get WSUS too see all the machines on my network?
0
Comment
Question by:lenivan
  • 6
  • 4
  • 4
  • +1
18 Comments
 
LVL 5

Expert Comment

by:juanfermin
ID: 18781543
Generally problems like this are rooted in DNS & DHCP.  Here's a checklist of what you want to do:
 --- Write down your current DNS service Providors, given to you by your ISP, if you don't know this, check in the setting of your Router or Firewall.
 --- Disable DHCP from your Router or Firewall and configure your Windows server to handles this service.
 --- When setting up the DHCP, make sure your clients are ONLY getting your INTERNAL DNS servers (usually just your main server)
 --- Make sure that your DNS service is running on the main server and that it is "Active Directory Integrated"
 --- Go into the "Forwarders Tab" in your DNS service (accessed by Right Clicking in the DNS Area of the Snap in) and put in the DNS servers that you wrote down at the beginning of this excercise.
 --- Make sure that your Servers only list your INTERNAL DNS server(s) in the TCP/IP Settings of your network connection.
 --- Make sure all of your clients are set to automatically obtain both the IP and DNS from DHCP.
 --- Reboot everything and you're good to go.

One of the reasons this causes a problem is because when your computer goes to "look" for a resource inside your network, but you have external DNS listings in your network connections, it begins to look at the Extneral DNS' (such as Bellsouths) for internal resources.  By placing these external DNS listings in the "Forwarders" section, the only requests that will be made to the external DNS servers are the ones that your Internal DNS server can't handle (such as Where is Experts Exchange).

Best Regards!!!
Juan M. Fermin
www.sfnworks.com
0
 

Author Comment

by:lenivan
ID: 18781700
My server is already setup exactly as you described, but the problem still occurs. What else can I try?
0
 
LVL 3

Expert Comment

by:cgbent
ID: 18781837
This is the problem I always run into with this is not that clients can't find the server its they don't know how to communicate with the server.

Inside of the GPO you have set for your "Computers" what is the address you used for the server name? Did you happen to put the port in?

Microsofts documentation is a little misleading in the fact they basically say you do not need to put the port number in at the end of the address; http://servername/ instead of http://servername:portnumber

I run 2 SUS servers on two different networks here, both were setup the same (default ports and such) however I have one on my main network that has to have the port number or else the clients wont connect and the other which I didn't have to set the port number on and the clients are fine.

I don't know what the differences are between the two domains (I am currently reverse engineering them myself since I didn't put them in) however there is something that has forced me to have to use the port number on one of my domains.

Report back any findings please. I have a continuing fascination with how come my situation is like this and any information is helpful at this point.
0
 
LVL 3

Expert Comment

by:cgbent
ID: 18781845
My apologies, I didn't see the part about how half of your systems are on it and the others are not. I would try the above anyways however.
0
 
LVL 5

Expert Comment

by:juanfermin
ID: 18781865
The only other thing that I can think of is that if you have a Firewall setup on the workstations, it may be preventing you from communicating with the server, I've seen this happen many times, especially with Norton.

Best Regards!!!
Juan M. Fermin
www.sfnworks.com
0
 

Author Comment

by:lenivan
ID: 18782022
I can confirm that firewall is not enabled on the unfound machines.

This may sound like a stupid question, but what port does WSUS use?

Can I install the WSUS service on the outstanding machines manually?
0
 
LVL 3

Expert Comment

by:cgbent
ID: 18782723
yes I believe you can manually however what good is that going to do if the clients still can't connect.

The default port for WSUS is 8530
0
 
LVL 5

Expert Comment

by:juanfermin
ID: 18784128
Even if you have Regular windows, you could have a situation where the built in Windows Firewall is blocking, you may want to check and make sure that you have port 8530 open on those.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Expert Comment

by:StuFox100
ID: 18784310
You mention that all the machines are the same image - one problem common to imaging is that if the base image is added to WSUS there are issues with duplicate WSUS SIDS (yes another SID). I have seen two main things happen 1) Machines not in the list 2) multiple entries for some machines.

You may need to remove the entries in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
* AccountDomainSid
* PingID
* SusClientId

Then run a "wuauclt /resetauthorization /detectnow" on the client.
Hope this helps
Cheers
Stu
0
 

Author Comment

by:lenivan
ID: 18795585
StuFox100,
You mention removing entries in regedit. Do you mean removing this on the server side or the workstation side? How would I know which ones to remove?
0
 
LVL 12

Expert Comment

by:StuFox100
ID: 18798453
On the workstation.

You need to open -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
and remove the values
* AccountDomainSid
* PingID
* SusClientId
Note PingID is not always there.

Cheers
Stu
0
 

Author Comment

by:lenivan
ID: 18801187
This sounds like a huge task considering I have over 100 machines that WSUS is not detecting. Is there a global way of going about this?
0
 

Author Comment

by:lenivan
ID: 18802393
So I removed the below values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
* AccountDomainSid
* PingID
* SusClientId
and I ran "wuauclt /resetauthorization /detectnow"  on the client side, but still WSUS is not detecting this or any other machines. I also set WSUS to port 8530, but still no dice. Any other suggestions?
0
 
LVL 12

Accepted Solution

by:
StuFox100 earned 250 total points
ID: 18805642
Another idea - not a real solution but may help find one. Have you tried to point the machines that are not working the WSUS IP address instead of the servername? Maybe worth a shot.
Cheers
Stu
0
 
LVL 3

Expert Comment

by:cgbent
ID: 18808304
Ok, I think it is time to regroup and re-gather some information! WSUS is not this complicated of a beast!

Could I ask lenivan that you post as much infmoration as possible in regards to the differences physically and logically between the machines that are connecting and the machines that are not?

I am starting to lean towards user rights and machine rights as the culprite now. Is there any particular differences between these machines and users?

0
 

Author Comment

by:lenivan
ID: 18809408
There is no difference between the machines that WSUS recognizes and the machines it doesn't recognize. They are all on XP with the same Group Policy applied. They were all taken from the same image and all have a unique SID. Firewall is disabled on all of them.

When I first installed WSUS and clicked on the Computers section, about 60 of my machines were recognized and I was able to group them. It has been 2 weeks now and no other machines are being recognized by WSUS in the Computers section. I have even logged in as an administrator on the unrecognized machines, and still no luck.
0
 
LVL 12

Expert Comment

by:StuFox100
ID: 19071607
HI Again
Just had another idea about this.
Do you use a proxy server?
If so, You will have to setup your machines to bypass the proxy to get to WSUS.
You can check the proxy settings with proxycfg command from the command line.
Hope this works
Cheers
Stu
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now