• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 455
  • Last Modified:

WSUS not finding all computers on my network

I've installed WSUS on my Server 2003. The problem is that it only finds half the computer on my network. All the computers have the same setup running XP and were taken from the same image. How can I get WSUS too see all the machines on my network?
0
lenivan
Asked:
lenivan
  • 6
  • 4
  • 4
  • +1
1 Solution
 
juanferminCommented:
Generally problems like this are rooted in DNS & DHCP.  Here's a checklist of what you want to do:
 --- Write down your current DNS service Providors, given to you by your ISP, if you don't know this, check in the setting of your Router or Firewall.
 --- Disable DHCP from your Router or Firewall and configure your Windows server to handles this service.
 --- When setting up the DHCP, make sure your clients are ONLY getting your INTERNAL DNS servers (usually just your main server)
 --- Make sure that your DNS service is running on the main server and that it is "Active Directory Integrated"
 --- Go into the "Forwarders Tab" in your DNS service (accessed by Right Clicking in the DNS Area of the Snap in) and put in the DNS servers that you wrote down at the beginning of this excercise.
 --- Make sure that your Servers only list your INTERNAL DNS server(s) in the TCP/IP Settings of your network connection.
 --- Make sure all of your clients are set to automatically obtain both the IP and DNS from DHCP.
 --- Reboot everything and you're good to go.

One of the reasons this causes a problem is because when your computer goes to "look" for a resource inside your network, but you have external DNS listings in your network connections, it begins to look at the Extneral DNS' (such as Bellsouths) for internal resources.  By placing these external DNS listings in the "Forwarders" section, the only requests that will be made to the external DNS servers are the ones that your Internal DNS server can't handle (such as Where is Experts Exchange).

Best Regards!!!
Juan M. Fermin
www.sfnworks.com
0
 
lenivanAuthor Commented:
My server is already setup exactly as you described, but the problem still occurs. What else can I try?
0
 
cgbentCommented:
This is the problem I always run into with this is not that clients can't find the server its they don't know how to communicate with the server.

Inside of the GPO you have set for your "Computers" what is the address you used for the server name? Did you happen to put the port in?

Microsofts documentation is a little misleading in the fact they basically say you do not need to put the port number in at the end of the address; http://servername/ instead of http://servername:portnumber

I run 2 SUS servers on two different networks here, both were setup the same (default ports and such) however I have one on my main network that has to have the port number or else the clients wont connect and the other which I didn't have to set the port number on and the clients are fine.

I don't know what the differences are between the two domains (I am currently reverse engineering them myself since I didn't put them in) however there is something that has forced me to have to use the port number on one of my domains.

Report back any findings please. I have a continuing fascination with how come my situation is like this and any information is helpful at this point.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
cgbentCommented:
My apologies, I didn't see the part about how half of your systems are on it and the others are not. I would try the above anyways however.
0
 
juanferminCommented:
The only other thing that I can think of is that if you have a Firewall setup on the workstations, it may be preventing you from communicating with the server, I've seen this happen many times, especially with Norton.

Best Regards!!!
Juan M. Fermin
www.sfnworks.com
0
 
lenivanAuthor Commented:
I can confirm that firewall is not enabled on the unfound machines.

This may sound like a stupid question, but what port does WSUS use?

Can I install the WSUS service on the outstanding machines manually?
0
 
cgbentCommented:
yes I believe you can manually however what good is that going to do if the clients still can't connect.

The default port for WSUS is 8530
0
 
juanferminCommented:
Even if you have Regular windows, you could have a situation where the built in Windows Firewall is blocking, you may want to check and make sure that you have port 8530 open on those.
0
 
StuFox100Commented:
You mention that all the machines are the same image - one problem common to imaging is that if the base image is added to WSUS there are issues with duplicate WSUS SIDS (yes another SID). I have seen two main things happen 1) Machines not in the list 2) multiple entries for some machines.

You may need to remove the entries in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
* AccountDomainSid
* PingID
* SusClientId

Then run a "wuauclt /resetauthorization /detectnow" on the client.
Hope this helps
Cheers
Stu
0
 
lenivanAuthor Commented:
StuFox100,
You mention removing entries in regedit. Do you mean removing this on the server side or the workstation side? How would I know which ones to remove?
0
 
StuFox100Commented:
On the workstation.

You need to open -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
and remove the values
* AccountDomainSid
* PingID
* SusClientId
Note PingID is not always there.

Cheers
Stu
0
 
lenivanAuthor Commented:
This sounds like a huge task considering I have over 100 machines that WSUS is not detecting. Is there a global way of going about this?
0
 
lenivanAuthor Commented:
So I removed the below values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
* AccountDomainSid
* PingID
* SusClientId
and I ran "wuauclt /resetauthorization /detectnow"  on the client side, but still WSUS is not detecting this or any other machines. I also set WSUS to port 8530, but still no dice. Any other suggestions?
0
 
StuFox100Commented:
Another idea - not a real solution but may help find one. Have you tried to point the machines that are not working the WSUS IP address instead of the servername? Maybe worth a shot.
Cheers
Stu
0
 
cgbentCommented:
Ok, I think it is time to regroup and re-gather some information! WSUS is not this complicated of a beast!

Could I ask lenivan that you post as much infmoration as possible in regards to the differences physically and logically between the machines that are connecting and the machines that are not?

I am starting to lean towards user rights and machine rights as the culprite now. Is there any particular differences between these machines and users?

0
 
lenivanAuthor Commented:
There is no difference between the machines that WSUS recognizes and the machines it doesn't recognize. They are all on XP with the same Group Policy applied. They were all taken from the same image and all have a unique SID. Firewall is disabled on all of them.

When I first installed WSUS and clicked on the Computers section, about 60 of my machines were recognized and I was able to group them. It has been 2 weeks now and no other machines are being recognized by WSUS in the Computers section. I have even logged in as an administrator on the unrecognized machines, and still no luck.
0
 
StuFox100Commented:
HI Again
Just had another idea about this.
Do you use a proxy server?
If so, You will have to setup your machines to bypass the proxy to get to WSUS.
You can check the proxy settings with proxycfg command from the command line.
Hope this works
Cheers
Stu
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 6
  • 4
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now