We help IT Professionals succeed at work.

Computer not being added to WSUS

supanatral
supanatral asked
on
I installed a fresh copy of windows 2003 server and setup WSUS with SQL 2005 Standard and no computers are being added to WSUS. I changed the group policy to http://192.168.1.2 which is the IP address for the computer. Actually-there is one computer that got added which was itself.

I also ran the WSUS client diagnostics and everything passes. What else can I do?
Comment
Watch Question

Top Expert 2009

Commented:
You have to create an OU in AD and move the server/pc that you want to update with WSUS in it. Create a template in GPO for deploying WSUS with GPO. Apply the new rule (template) to the OU. Check the following procedure from MS for more hint:
http://technet2.microsoft.com/windowsserver/en/library/51c8a814-6665-4d50-a0d8-2ae27e69ca7c1033.mspx?mfr=true

K
Top Expert 2009

Commented:
More detail procedure that is exactly what you need:
http://www.cites.uiuc.edu/wsus/clientinstall.html

K
Top Expert 2009

Commented:

Author

Commented:
Does it matter if the server that has WSUS on it is a backup domain controller?
Top Expert 2009

Commented:
No, it does not. In windows 2003 environment, there is no such backup DC. Every DC is the same.

K

Author

Commented:
Also, I don't know how much this helps but the one computer that has connected to WSUS (which is itself) hasn't gotten a report yet and its been 24 hours now. does that mean anythign?
Top Expert 2009

Commented:
You have to configure WSUS with GPO. That is how the software design for. Here is more detail with screenshot of how to completely implement WSUS in case you have never set it up before:
http://win2k.ucsd.edu/UCSD-WSUS-Howto/

K

Author

Commented:
I think I already set it up correctly but I'm going to paste my GPO configuration.

Do not display 'Install Updates and shut Down' option in Shut Down Windows dialog box - Enabled

Do not Adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box - Enabled

Configure Automatic Updates - Enabled - Auto Download and schedule the install everyday at 3:00

Specify intranet Microsoft update service location - Enabled - http://192.168.1.2 and http://192.168.1.2

Enable client-side targeting - Enabled - ATD

Reschedule Automatic Updates scheduled installations - Enabled - startup = 1 minute

No auto-restart for scheduled Automatic Updates installations - Enabled

Automatic Updates detection frequency : enabled - 1 hour

Allow Automatic updates immediate installation - Enabled

Delay Restart for scheduled installations - Enabled - Restart after 5 minutes

re-prompt for restart with scheduled installations - Disabled

Allow non-administrators to recieve update notifications - Enabled

Enable recommended updates via Automatic Update - Enabled

Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates - Enabled

Allow Signed Content from intranet Microsoft update service location - Enabled

-
Does that look right? I only set it to look for updates every hour just so It would be nice and quick if the WSUS server and clients are working correctly. also, like i said before, I ran the WSUS client diagnostics on another client computer, and it seems to be getting the group policy pushed down to it because one of the tests it looks for 192.168.1.2. Any ideas?
Top Expert 2009

Commented:
GPO looks good to me. What happen if you type 192.168.1.2 on the browser? Does it go to the update site?

K

Author

Commented:
It asks me for the username and password, then when i type in administrators username and password, it tells me that the site is under construction. When I turned off Integrated Windows Authentication, I then got a page that told me that I'm not authorized to access the page. I turned it back on and I'm back to where I was before. This is interesting....What's going on here?

Author

Commented:
OK, Now I'm confused. I decided to install it on another computer and change the group policy so as to reflect the new IP. I'm excited because the clients are connecting to it, however if I run client diagnostics, I still get an error that says:

WinHttpDownloadFileToMemory(szURLDest, NULL, 0, NULL, NULL, NULL, &downloadBuffer) failed with hr=0x80190194

Should I be worried or just happy that it works?
Top Expert 2009

Commented:
still get an error that says.....

Did you have IIS installed on the server? IIS took port 80 so you want to make sure there is no other web server such as: Apache, TomCat, Jboss... is running or sharing port 80. Also, do not install WSUS on your Exchange server because it will share port 80 with Exchange.

K
Top Expert 2009

Commented:
Top Expert 2009

Commented:

Author

Commented:
I changed it to make it easier already, Its now 8530, which is the default port if you decide to use a new website during install. I also changed the GPO to reflect these changes. Heres the latest diagnostics and config.

Once again, theres only one computer thats been added to WSUS and that's itself
ClientDiag.JPG
GetConfiguration.log

Author

Commented:
One of those websites gave me the idea to check the windows update log on one of the clients. I am getting an error though. Here it is:

2008-01-18      10:30:26:296      1184      1178      PT      WARNING: Cached cookie has expired or new PID is available
2008-01-18      10:30:26:296      1184      1178      PT      Initializing simple targeting cookie, clientId = ab466de4-112a-456c-93cb-901ad259b1c8, target group = , DNS name = seiko.atd.autotriminc.com
2008-01-18      10:30:26:296      1184      1178      PT        Server URL = http://192.168.1.2/SimpleAuthWebService/SimpleAuth.asmx
2008-01-18      10:30:26:312      1184      1178      PT      WARNING: GetAuthorizationCookie failure, error = 0x80244017, soap client error = 10, soap error code = 0, HTTP status code = 401
2008-01-18      10:30:26:312      1184      1178      PT      WARNING: Failed to initialize Simple Targeting Cookie: 0x80244017
2008-01-18      10:30:26:312      1184      1178      PT      WARNING: PopulateAuthCookies failed: 0x80244017
2008-01-18      10:30:26:312      1184      1178      PT      WARNING: RefreshCookie failed: 0x80244017
2008-01-18      10:30:26:312      1184      1178      PT      WARNING: RefreshPTState failed: 0x80244017
2008-01-18      10:30:26:312      1184      1178      PT      WARNING: PTError: 0x80244017
2008-01-18      10:30:26:312      1184      1178      Report      WARNING: Reporter failed to upload events with hr = 80244017.
Top Expert 2009

Commented:
Did you create an OU and set a computer policy for update (not user)? Move you server to that OU. You need to link WSUS to the OU containing your server or other computer that to be update with WSUS.

K



Author

Commented:
No I didn't. How would I go about doing that? All I did for policies is right click on the domain,go to properties, go to the group policy tab then click the default one and finally click edit. Sorry, I don't fully understand. Is there a how to on a website somewhere?

Author

Commented:
Wait, is this what you mean? http://win2k.ucsd.edu/UCSD-WSUS-Howto/

I really don't understand this one. I've only installed it and tried going from there. heres a screenshot. Keep in mind that this is only a backup domain controller.
untitled.JPG
Top Expert 2009

Commented:
How would I go about doing that?
You have to create an OU in Active Directory User and computer. Here is the instruction:
http://technet2.microsoft.com/windowsserver/en/library/f66c6142-c87a-457a-9595-d89fb5ce96c71033.mspx?mfr=true

After created OU, move your computers, servers to the OU so when you apply the policy to that OU all the computers will be affected. Here is how you link your WSUS policy to the OU:
http://win2k.ucsd.edu/UCSD-WSUS-Howto/


K
Commented:
You moved the server to an alternative port. Port security applications, like a firewall, will now have to be unblocked. So, what type of software firewall are you using?

Your GPO should now go to the site of Http://yourservername:8530

Once you have your firewall in order and the GPO with the correct port number, it should work. If not there are plenty of other reasons that could be the reason your server is not populating the list of clients and servers in WSUS.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.