Solved

Missing Computer from WSUS console

Posted on 2008-10-27
20
1,423 Views
Last Modified: 2010-04-21
Hello All,

I have a small problem. I have about 250 systems and I use a WSUS server to keep them up to date. I have 2 workstations for some reason, that just will not report to the WSUS server.

Things I've tried:

net stop wuauserv
net stop bits
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
net start bits
wuauclt /resetauthorization /detectnow

Also have completely deleted the windowsupdate section from the Registry and replaced it from a working system.

I added the update server to the local machine by going into gpedit.msc

I have a GP for this and it works on all but 2 of my systems so I'm pretty sure that's not it. I have searched the Internet extensively on this issue and have seen hints of a utility from Microsoft that fixes this problem but that Microsoft doesn't openly publish. If that's true it really 'upsets' me.

Anyway I'm kind of stuck. Anybody have any ideas what could be causing my problem.

Thanks
Eric
0
Comment
Question by:bwask
  • 8
  • 8
  • 3
  • +1
20 Comments
 
LVL 12

Expert Comment

by:nsx106052
ID: 22816373
I would also check to make sure those 2 computers are in the correct OU that points to your WSUS service.  Also be sure to restart the Windows firewall service.  
0
 

Author Comment

by:bwask
ID: 22816676
Thanks for the response,

Yep, done that, and they are. I have a GP that turns off the Firewall on all my workstation and it is off on these systems as well.
0
 
LVL 12

Expert Comment

by:nsx106052
ID: 22816951
Did you also try removing the two computers from the WSUS console and then adding them back in?  The registry might be messed up.  

I found this web page which has a utility that may help:
http://www.espinola.net/wiki/So_you_want_to_fix_all_your_WSUS_clients
0
 

Author Comment

by:bwask
ID: 22817225
I guess I should have made it more clear, they aren't showing up under computers on the WSUS server, so I can't remove them.

When you say "the registry might be messed up" do you mean the server or the workstation? I've already removed all registry info as per my above post from the problem workstation.

I have however removed a few workstations from the console that are listed, and they repopulate just fine.

Thanks
Eric
0
 
LVL 12

Expert Comment

by:nsx106052
ID: 22817469
I think the server is fine.  I meant the workstation.  
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22818997
I have been working with another post where only a couple clients showed up. When running a WSUS client diagnostic tool, they came up with the 503 error on the client (overloaded NIC). The WSUS client diag tool will show a line in the text that says something like:

VerifyWUServerURL() failed with hr=0x801901f7

The proposed fix to this is:
"Check your registry (on the client machine) for a Binary value in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet
Settings\Connections that is called WinHttpSettings. If it exists,
delete it."

and I found that fix on this site:
http://www.wsus.info/forums/index.php?showtopic=5308


The fact that the majority of your clienst means the clients are seeing the server.
____________________________________________________________________________
Another thing could be the client's software firewall blocking you from accessing the server.
____________________________________________________________________________
Yet, another problem is imaged/cloned computers. You can't have the same SID as another computer. Otherwise this computer will not show up.
http://www.wsus.info/forums/index.php?showtopic=9312&pid=34802&mode=threaded&start=

0
 

Author Comment

by:bwask
ID: 22821676
Thanks for the reply,

OK, I checked the registry for "WiinHttpSettings", none exists.

Here's the screen dump from running clientdiag.exe

========================================


WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.0.6000.381. . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Policy settings

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy
                x.x.x.x:xxxx
                User IE ProxyByPass
                172.17.137.7;*.paccar.com;*.pactools.net;*.pactools.net;172.17.1
37.13;http://buckeye;http://gopher;172.17.137.8;172.24.27.17;http://myano;172.17
.139.7;172.17.139.16;172.24.27.81;172.24.27.5;;<local>
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
                WUServer = http://buckeye
                WUStatusServer = http://buckeye
        UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
        Connection to server. . . . . . . . . . . . . . . . . . PASS
        SelfUpdate folder is present. . . . . . . . . . . . . . PASS

Press Enter to Complete
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22824287
What the heck is this?

http://buckeye;http://gopher;172.17.137.8;172.24.27.17;http://myano;172.17
.139.7;172.17.139.16;172.24.27.81;172.24.27.5;;<local>

It looks like a browser hijack.

Please run Hijack this and post it on this site for analization:
http://www.hijackthis.de/index.php?langselect=english#anl
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22824308
another thing to lookout for:

http://buckeye

Are you using port 8530? If so, you GP may be correct, but the client isn't.
0
 

Author Comment

by:bwask
ID: 22824647
ChiefIT,

Ya, I was afraid that might confuse somebody. That's my exception list in IE. Notice on the screen dump it says "User IE ProxyByPass", that's exactly what it is. You'll notice that there are ";" separating the http entries. These are all different servers that reside internally that the workstations have to access directly and not through the proxy.

As far as port 8530 is concerned, all my machine use http://buckeye and that's it. This runs on the Default Web Site on port 80 on the buckeye server.

Thanks
Eric
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 38

Expert Comment

by:ChiefIT
ID: 22824796
Oh, I see. Well, in that case I don't see any issues in client diag.

Is this an imaged or cloned machine? WSUS has issues with those.
http://www.wsus.info/forums/index.php?showtopic=9312&pid=34802&mode=threaded&start=
and
http://support.microsoft.com/kb/903262/en-us
0
 

Author Comment

by:bwask
ID: 22825017
This is a RIS (Remote Installation Services) image, (Microsoft's version of Ghost). These loads are all syspreped as part of the image process.

At any rate I've deleted the entries in the registry (as stated above) that have to do with this particular problem:

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f

Thanks
Eric
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22825150
I think by default, It can take up to 22 hours to show up. Want to see if this works for you?
0
 

Author Comment

by:bwask
ID: 22826031
If I don't do anything, then yes, however if I run the command:

wuauclt /resetauthorization /detectnow

It forces it to list immediately. I have done this on working systems and if I remove them from the console run the command they will instantly pop back into the console.

Eric
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22826502
that's true, what was I thinking??

did a reset auth come up with good results?
0
 

Author Comment

by:bwask
ID: 22826537
It runs fine but the system never shows up in the WSUS server console.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22848892
Wow, I guess I am as stumped as you are. Usually imaged machines, or firewall, or group policy, or something that pops up in WSUS points us in the right direction. This is an odd case.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 250 total points
ID: 22848899
There is one other case that I found odd. It appeared that cookies were the culprite. The cookies needed to be flushed out. Now, I don't know why cookies were an issue.

I also had one that we needed to flush the DNS cache on the client. But, you have a clear connection to the server because everything works fine.
0
 

Author Closing Comment

by:bwask
ID: 31510499
Well this appears to have fixed it, weirdest damn thing. Anyway thanks.
0
 

Expert Comment

by:fno
ID: 25342530
I would say that clearing cookies or flushing the DNS client cache will not help this problem. The WSUS Client Diagnostics Tool would not give its "PASS" if any of those were the problem. I'm currently having the same issue, and have had for 6 months now. The Automatic Update Client do its patching part, so communication with the server do work, it's the reporting that doesn't.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now