?
Solved

Clients Computers are not showing up within WSUS

Posted on 2008-06-20
24
Medium Priority
?
1,170 Views
Last Modified: 2011-10-19
Hello,
I freshly installed WSUS 3.0 on a domain member server.  All computers in my domain are members of the same domain.  Server OS in use Server 2003 Enterprise, Clients are running Windows XP Pro
Question:  From within WSUS I noticed that there is a section on how you can specify how to assign computers to groups.
Options are:
Use the update services console
Use group policy or registry settings on computers.

Problem:
Im not sure which one to select.  If I select either of the two my computers do not show up in WSUS.

I specified the WSUS server location as
http://servername:80

When I run an RSOP on a client machine the information specified in my group policy is being applied, however the cleints are not checking in with WSUS.  How can someone help me get this up and running?
0
Comment
Question by:stressedout2004
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 7
  • 6
  • +1
24 Comments
 
LVL 2

Expert Comment

by:thor_08
ID: 21833578
You will agree to allocate policies.

has performed a GPUpdate / force from customers?
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21833702
To answer your first question, I would suggest that you use Group Policy since they're in a domain and youv'e created a Policy.  Regarding why the clients are not checking in, couple of things to check on the Policy itself:
-That you enabled "Specify intranet Microsoft update service location".  Also define the statistics server for reporting purposes.  I've had trouble with this in the past.
-Ensure that "Configure Automatic Updates" is Enabled.
-What is the 'Automatic Updates detection frequency' set to?  As I recall, that value is a little high by default.  Or is it low?  I just remember changing it.

One last thing to check is that the Policy settings are actually being applied on a client machine.  I know you checked via RSOP but just for fun, check 'HKLM\Software\Software\policies\Microsoft\Windows\WindowsUpdate' and see what you have.

HTH
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21842393
Any hint in event viewer that the group policies have not been applied.

0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 39

Expert Comment

by:ChiefIT
ID: 21843316
Try removing :80 from your GPO. If I remember right, some folks had problems with that.
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21847183
Im going to remove the port number in the GPO so that it reads
Http://servername 

My statistics server and Windows Update Server are defined in group policy and point to the location of the WSUS server.  Does it make a difference if the statistics server points to the same location as the update server.  
http://servername
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21849211
Here is the latest news of my progress.  
Changing the update location without the port http://servername did not seem to work.  The group policy applied locally and is set as follows.  I can prove GPO's are being applied because they are seen using RSOP.

I have included two screenshots fro my latest WSUS settings and errors. Please be sure to remove the txt extension because it is nativly and RTF file format.  
This is a brand new installation of WSUS on a new server.  Why do I keep getting these errors on ever one of my WSUS instalattions?
The DSS Authentication Web Service is not working.
The SimpleAuth Web Service is not working.
The Client Web Service is not working.
The Server Synchronization Web Service is not working.
The Reporting Web Service is not working.
No client computers have ever contacted the server.
Self-update is not working.
WSUS-Settings.rtf.txt
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21849463
Does it make a difference if the statistics server points to the same location as the update server? Absolutely:
Different web pages have to be defined with their own IP addresses. You can't have all the default web pages on one server pointing to the default port 80. Otherwise this would confuse IIS.

I have an article that I might be able to dig up on an creating an alternative Port, port 8530.
http://technet2.microsoft.com/windowsserver/en/library/e0934a67-f0ed-41a3-bf57-78fd9ac949431033.mspx?mfr=true

By default, if WSUS sees a web site on port 80, it will confiugure your port to be 8530. Now, on your GPO, add http:\\servername:8530.
http://www.wsus.info/forums/lofiversion/index.php?t4555.html

An example of your problem:
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_23104233.html

Your problems are striclty IIS configurations, and since you have room for one more zone, I might suggest you add IIS to the zone on this page. configuring ports and stuff like that for websites is not my strongest point.
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21857423
Q: "Does it make a difference if the statistics server points to the same location as the update server?"
A:  Yes, depending on how your WSUS server is configured.  On mine, it's the same and it works fine.  That being said, I had to do some tweaking after doing a default install.  

I agree with ChiefIT, I think the issues you're having are related to IIS configuration or rather a mis-match between the IIS settings and the client settings you're pushing.  You can try running 'netstat -a' from a command prompt on your WSUS server to see what ports are open. TCP servername:http will be the default port 80.  If you see "servername:8530" then you know you'll need to change the Policy to match.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21857916
Cool info Kollenh:

I didn't know you could use netstat like that.
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21860617
I do not see port 8530 listening using netstat.

So what server anmes names do I use for the update server and statistics server?
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21860726
If you don't see 8530 as a listening port then chances are it's still setup on the default port 80.  If you did a default install of WSUS then whatever server you installed it upon should be the name you will use (for both update server and statistics).

Open up IIS manager, connect to that server, and see what Web Sites are listed.  If you don't see WSUS Administration as a separate site, look under the Default Web Site.  If you're not sure what settings to look for, let me know.  Basically at this point, just make sure you see the requisite sites running.  Have you pulled any of the WindowsUpdate logs from a client computer to see where the error may be?  'C:\Windows\WindowsUpdate.log'
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21862765
It doesn't hurt anything to change the port to 8530. Change that in your GPO and try a GPUdated. See if clients start saying, "HOWDY".
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21865216
I have three screenshots of IIS and one file of windowsupdate.txt attached.  
The windows update log file was taken from a client computer.  There are lots of failure indications in the log file that I cannot make sense out of.

Please rename 3screenshots.txt to 3screenshots.rtf
If you look in the the file 3screenshots.rtf yo will see my comments for each item.
 


WindowsUpdate.txt
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21865277
I forgot to add the screenshots file because it was to large.  

3screenshot.zip
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21866945
I followed the instruction in a this link
http://www.wsus.info/forums/index.php?showtopic=5928&hl

Here is my status:  
However a few services are still not working but computers are checking in now.
The DSS Authentication Web Service is not working.
The Server Synchronization Web Service is not working.
The DSS Authentication Web Service is not working.
The SimpleAuth Web Service is working correctly.
The Client Web Service is working correctly.
The Server Synchronization Web Service is not working.
The Reporting Web Service is working correctly.
22 client computers have contacted the server.
Self-update is working.

When I click on a computer, it shows that the computer has not reported its status yet. ??? Almost there but not quite.  Any one make any sense of the windows update log file?
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21876034
Did you edit the contents of the file at all?  Your log differs drastically from what my systems have, with a lot of data "missing" from yours.  Granted I'm running the newer version but I don't recall there being that much difference in the client log.  However, this entry from the log leads me to believe that your clients are not actually configured to point to your WSUS server:
DnldMgr      Regulation server path: http://www.update.microsoft.com/v6/UpdateRegulationService/UpdateRegulation.asmx.

On my clients logs, the DnldMgr path is 'http://myWSUSserver:8530/Content/etc./etc."

No, you shouldn't need to allow any of the extensions that are currently marked 'prohibited' to make WSUS work; the .NET Framework is the important piece and that's allowed.
Yes, the username should be the 'IUSR_<Servername>' service of the IIS/WSUS server.
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21878073

kollenh: stated
Yes, the username should be the 'IUSR_<Servername>' service of the IIS/WSUS server.

I have to enter a password when i select the IUSR 'IUSR_<Servername> account, what password should i use because im being prompted for a password?  I actuall created an account that is a member of domain users and added that account to each service.  Is that incorrect?  does the anomymous account need administrative rights to work?
0
 
LVL 5

Accepted Solution

by:
kollenh earned 2000 total points
ID: 21878535
No, the anonymous account should NOT have administrative rights.  If you don't know the IUSR_ password (and I don't on mine) then here is a good article on how to find and/or change it: http://support.microsoft.com/kb/297989
(Please note you'll need to edit the adsutil.vbs file to get the password in clear text)

I'm not sure I follow what you mean when you say "added that account to each service".  To which services do you refer and where/how did you change the account?  It sounds like you may be striving for more security than you need with this product.  I'd leave the default settings in place, if possible.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 21880202
Download the latest MMC for the server.
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21883820
Im not sure what the difference is between the accounts below.
IWAM account
IUSR account
I have changed the password for both accounts and also set each Virtual Directory in IIS under the default web sites where WSUS is located to use the  IUSR account for anymous autnentication.

I have a screen shot (Access.rtf)of all the virtual directories that use the  IUSR_machine account for authentication. Sicne pictures are worth a thousand words i have included the screenshot which demonstrates this.
Is my configuration now corect?

I just ran the command wsusutil checkhealth and in the application log, I receive the message
Event ID 10000   WSUS is working correctly.  
What do you think?





Access.txt
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21885898
I think that's a good sign and it matches my configuration.  Question now is what happens when the clients try to update?  I'm still a little concerned about the WindowsUpdate log you attached previously; it was missing a lot of content/information that I'm used to seeing.

Pick a client at random and check it's settings in the registry, found here:
'HKLM\Software\Software\policies\Microsoft\Windows\WindowsUpdate' and post the contents, please.
0
 
LVL 9

Author Comment

by:stressedout2004
ID: 21898866
Hello,

Here is a screenshot of a random registry key (regedit.xtx) and also a copy of WSUS log file (Windows.txt).  The log file looks different but still does nto point to the server.  weird.
regedit.txt
WindowsUpdate.txt
0
 
LVL 5

Expert Comment

by:kollenh
ID: 21901285
From what I'm seeing, it looks like things should be working.  If you haven't yet, try running "clientdiag" on one of the systems and see what results you get.
0
 
LVL 9

Author Closing Comment

by:stressedout2004
ID: 31469272
Thank You for all of your help.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question