WSUS ignoring GP?

Run the below saved as fixwsus.cmd on all your clients, you can do it in a startup script just long enough till they all start showing up in wsus console then remove it.

:BUILD_REG_FILE
ECHO Windows Registry Editor Version 5.00>                                       %TEMP%\FIXWSUS.REG
ECHO.>>                                                                          %TEMP%\FIXWSUS.REG
ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]>>    %TEMP%\FIXWSUS.REG
ECHO "AccountDomainSid"=->>                                                     %TEMP%\FIXWSUS.REG
ECHO "PingID"=->>                                                               %TEMP%\FIXWSUS.REG
ECHO "SusClientId"=->>                                                          %TEMP%\FIXWSUS.REG
 
:PROCESS
ECHO Attempting to fix \\%computername%:
CMD /C NET STOP "Automatic Updates" /Y
CMD /C NET STOP "Background Intelligent Transfer Service" /Y
CMD /C COPY %TEMP%\FIXWSUS.REG \\%computername%\C$\FIXWSUS.REG
CMD /C REGEDt32 /S C:\FIXWSUS.REG
CMD /C IF EXIST \\%computername%\C$\FIXWSUS.REG DEL \\%computername%\C$\FIXWSUS.REG
CMD /C REGSVR32 /s /u WUAPI.DLL    & REGSVR32 /s WUAPI.DLL
CMD /C REGSVR32 /s /u WUAUENG.DLL  & REGSVR32 /s WUAUENG.DLL
CMD /C REGSVR32 /s /u WUAUENG1.DLL & REGSVR32 /s WUAUENG1.DLL
CMD /C REGSVR32 /s /u ATL.DLL      & REGSVR32 /s ATL.DLL
CMD /C REGSVR32 /s /u WUCLTUI.DLL  & REGSVR32 /s WUCLTUI.DLL
CMD /C REGSVR32 /s /u WUPS.DLL     & REGSVR32 /s WUPS.DLL
CMD /C REGSVR32 /s /u WUPS2.DLL    & REGSVR32 /s WUPS2.DLL
CMD /C REGSVR32 /s /u WUWEB.DLL    & REGSVR32 /s WUWEB.DLL
CMD /C RMDIR /S /Q %WINDIR%\SoftwareDistribution 
CMD /C MD %WINDIR%\system32\WUTEMP
CMD /C START /WAIT \\YOURserver1\patches\patch.exe /norestart /quiet /wuforce
CMD /C START /WAIT \\YOURserver1\patches\patch2.exe /norestart /quiet
CMD /C NET START "Background Intelligent Transfer Service" /Y
CMD /C NET START "Automatic Updates" /Y
CMD /C wuauclt /clearlog|
cmd /c wuauclt.exe /resetauthorization /detectnow

Select allOpen in new window

You can also run clientdiag on the clients to determine if there is any other misconfigurations  

I do not have
\\YOURserver1\patches\patch2.exe
(obviously replacing my server with my actual server name) but there's no share, folders or files that match that).

Thanks for the speedy reply

Results of client diag =
==========================================================
WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is not running. . . . . . . . FAIL
        Background Intelligent Transfer Service is not running. PASS
        Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Control Panel

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy
                192.168.10.13:8080
                User IE ProxyByPass
                intranet;opus;;<local>
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL
======================================================

Thanks for the input

Oh, sorry forgot to remove those 2 lines, I usually have those lines for the latest windowsupdateagent.exe for both x86 and server 2003. You can remove those lines or modify them to include windowsupdateagent.exe

Since I see that Automatic Updates Service is not running

download windowsupdateagent and place it in a share then modify line 26/ remove 27

CMD /C START /WAIT \\YOURserver1\patches\windowsupdateagent30-x86.exe /norestart /quiet /wuforce

Also read here to check if you missed something during your setup.

http://www.bristol.ac.uk/is/computing/advice/operatingsystems/supportstaff/wsus/configuring.html

I beleive the service was stopped due to the the script stopping before it requested it to restart (due to the aforementioned problem (\\YOURserver1\patches\patch.exe))

I've put this script in place and had all users reboot, so that's a good start to restoring network functionality, i've looked through your WSUS configuration guide, i've pretty much followed it to the letter.
However i'm allowing the systems to reboot once the updates have beein installed at night.

Still no users showing up under the admin tool, I found it odd that one user was able to see it, but no more, even after a few days?

Are your systems ghosted? This is known to cause SID problems(duplicate)

you said >>>  I've modified the GPO that all users get when they log in, from what I can tell that GPO is being applied

The Policy gets applied to the computers are startup and not when the users login.

Did you set up client site targeting for WSUS groups?

Can you post some of the contest from your WSUS logs? it is located in these places. Saveas text files and upload them here for us to review
%windir%\WindowsUpdate.log 
%Program Files%\Update Services\LogFiles\changes.log
%Program Files%\Update Services\LogFiles\SoftwareDistribution.log

Here is a URL of what I did to help solve another EE member that was having WSUS issues..https://www.experts-exchange.com/questions/24128081/Implementing-WSUS-on-SBS-2003.html

Yes, all our machines are ghosted, bar the one that I'm able to see,

You may be onto something here. I will post logs as soon as I can.

tyvm

download and run newsid

http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

I ran newSID on a few test PC's, but nothings showing up still under the WSUS administration tool.

I've attached the requested logs.

Also worthy to note, I checked out Nappy_d's other post, and I did need to change the settings to look for group policy, but the computers still do not show under the admin tool.
WSUS-LOGS.zip

Has anyone had a chance to look at this? I've included the logs (see above) and am still unable to see client PC's. NewSID did not seem to fix the problem. I'm not sure where to look, the GP seems to be intact and configured correctly. The permissions under IIS seem to be adequate. The settings under WSUS admin are configured correctly (according to comments and other posts).

If anyone has any feedback or is able to ascertain where the problem lies, i'd be grateful.

run wuauclt /resetauthorization /detectnow on the clients you ran newsid on

You can also run the script above minus line 26,27 again

I see this in your logs.  Failed to show client UI, directive=5, hr=80010108

Try this on your client:

try removing automatic updates and reinstalling by going to a command prompt and run regsvr32 /u wuaueng.dll. This should remove windows update. Then run regsvr32 wuaueng.dll. Start the automatic updates service and run wuauclt.exe /detectnow.

I was composing my post.  Sorry I don't refresh then post my comment.

Also, try removing automatic updates and reinstalling by going to a command prompt and run regsvr32 /u wuaueng.dll. This should remove windows update. Then run regsvr32 wuaueng.dll. Start the automatic updates service and run wuauclt.exe /detectnow.

I've added the log from one of the client PC's that i've ran NEWSID, reregistered the DLLs and reset the authoriziation.

Thanks guys,
clientlog.txt

Did you by chance change WSUS from its default listening ports?

run the script so that it clears out the software distribution and resets susclientsid

yeah

After you ran newsid did you reboot? this needs to be done

from here:
 
http://support.microsoft.com/kb/920151 
 
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
On the Edit menu, point to New, and then click String Value.
Type Domain for the name of the String Value, and then press ENTER. Exit Registry Editor.

The above was based on this from your client log
 
WARNING: Cached cookie has expired or new PID is available

I've rebooted several times. Ran the script again (without26+27). I'm pretty sure I accept defaults when installing the WSUS server. How can I check what port it's running under, I couldn't find it under options (could be having a mans look).

That key already exists in the registry.(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\)

Read here:    



Client Configuration Checks & Known Issues
http://www.wsuswiki.com/ClientFAQ

Have your machines started showing up in the console yet??

"My problem is that all clients ignored the Specify Intranet component (i've checked for typos and added port 8350, then tried IP address instead of name)."

The port should be 8530

DS, Thanks, (that was a typo in my post)

Went through the FAQ, tested everything, versions are all fine.

The latest log looks interesting, i've included it.
client-log2.txt

this should fix it for you

http://msmvps.com/blogs/athif/archive/2006/05/08/Error-80072efd.aspx

DNS is a possible issue here with your computers due to this error SendRequest failed with hr = 80072efd

posting this for the next person

Error 0x80072efd            
SYMPTOMS
You see the following errors in "%Windir%\WindowsUpdate.log"
WARNING: Send failed with hr = 80072efd.
WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
WARNING: WinHttp: SendRequestUsingProxy failed for <http://wsusserver:8530/selfupdate/wuident.cab>. error 0x80072efd
WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
WARNING: DownloadFileInternal failed for http://wsusserver:8530/selfupdate/wuident.cab: error 0x80072efd
FATAL: IsUpdateRequired failed with error 0x80072efd
WARNING: SelfUpdate: Default Service: IsUpdateRequired failed: 0x80072efd
WARNING: SelfUpdate: Default Service: IsUpdateRequired failed, error = 0x80072EFD
  * WARNING: Skipping scan, self-update check returned 0x80072EFD
  * WARNING: Exit code = 0x80072EFD
WARNING: WU client failed Searching for update with error 0x80072efd
DESCRIPTION
Error 0x80072efd translates to ERROR_INTERNET_CANNOT_CONNECT which means 'The attempt to connect to the server failed'.
CAUSE
WUA uses WinHTTP proxy settings to access WSUS Server. WinHTTP proxy settings are separate from the proxy settings in Microsoft® Internet Explorer. If you are using Proxy server to access internet and proxy settings are configured for IE and at the same time, If WinHTTP proxy settings are set to null, then sometimes WUA fails with the errors as seen above.
Use ClientDiag Tool which will check for WinHTTP local machine Proxy settings and User IE Proxy settings. In the below sample, WinHTTP local machine Proxy settings is set to Direct Connection whereas User IE Proxy settings is set to a local proxy server.
Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy
                proxy:8080
                User IE ProxyByPass
                10.*;;<local>
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use
In such case, send request will fail with 80072efd as it is set to null proxy (no proxy).
WORKAROUND
To troubleshoot this error, configure WinHTTP local machine Proxy settings to use User IE Proxy settings using the command 'proxycfg.exe -u' (This command imports the Internet Explorer proxy settings of the current user).
Run 'proxycfg.exe -u' command followed by ClientDiag. The sample below shows Winhttp local machine Proxy Settings are now cloned to User IE Proxy settings.

sorry nappy, pretty sure its a proxy issue

Could be DNS also see the bottom of this http://www.wsus.info/forums/lofiversion/index.php?t4773.html

(just in case)

I tried to run that proxy fix, which gave me the following results:
C:\proxycfg.exe -u
Error writing proxy settings. (87) The parameter is incorrect.
Migration failed with error. (87) The parameter is incorrect.

Thought i'd include another clientdiag:

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
                This version is WSUS 2.0
Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Policy settings
Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use
Checking Connection to WSUS/SUS Server
                WUServer = http://myserver:8530
                WUStatusServer = http://myserver:8530
        UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
VerifyWUServerURL() failed with hr=0x80072efd
A connection with the server could not be established

Thanks

Can you try entering your FQDN rather than just your Netbios computer name?  This could be DNS related also.  Have you looked into this suggestion?

look at method E:


http://support.microsoft.com/default.aspx?scid=kb;EN-US;836941

also is your proxy set to bypass local?

Its not dns!!!

Also please try this if it was not already suggested in the long string of posts to assist you ;)  The was taken from this URL a bit old but may help.. http://forums.techarena.in/server-update-service/465028.htm

REG Fix
 The issue was with the value of REG_BINARY value called WINHTTPSETTINGS under the key:
 HKEY_LOCAL_MACHINE\software\microsoft\windows\curr  entversion\internet settings\connections
 
 I renamed the key WINHTTPSETTINGS to WINHTTPSETTINGS_ and ran CLIENTDIAG.EXE with success.
 
 I sincerely hope this helps those out there.
 

Run proxycfg.exe -d this time

proxycfg.exe

-d      Specifies that WinHTTP applications access the network directly, without a proxy.

this may be why the -u option didnt work

-u      Specifies that WinHTTP applications use the current user's proxy settings for Internet Explorer. This parameter does not work if Internet Explorer is automatically detecting proxy settings, or if it is using an automatic configuration URL to set the proxy information.

Have to run proxycfg as local admin, domain admin doesn't seem to work for some reason:

Tried method E: Adding my server to the list of trusted sites. I also tried downloading a file from the US Servers website and was able to (as reccomended by one of these links)
------------------------------------------------------]
proxycfg.exe -d
Updated proxy settings
Current WinHTTP proxy settings under:
  HKEY_LOCAL_MACHINE\
    SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
      WinHttpSettings :

     Direct access (no proxy server).
--------------------------------------------------------------
Cleared the update log and and reposted recent information from client (log 3)

Tried bypassing the DNS by using local HOSTS file, seemed to give all the same errors. (in case of DNS)
client-log3.txt

try the suggested solution here:

https://www.experts-exchange.com/questions/21746030/wsus-cleints-can't-connect.html

maybe before that try disabling firewall and see if that helps

if that works you need to make an exception in gp for port 8530

Firewall is disabled. Actually I'm in the process of trying the other suggestion.
https://www.experts-exchange.com/questions/21746030/wsus-cleints-can't-connect.html
The default web site is running on port 80. However http://localhost/wsusadmin gives me a 404.

I'm also running MSVS on the same server, but that's running on port 1024.

you should have tried

http://localhost:8530/WSUSAdmin

and since you said that the default website  is running on port 80, that will explain the whole problem

You may also refer back to this

http://support.microsoft.com/default.aspx?scid=kb;EN-US;836941


Not giving up on you!!!  


: ^ )

Can you try manually connecting to these URLs?

http://wsusservername/iuident.cab
 http://wsusservername/selfupdate/iuident.cab
 http://wsusservername/clientwebservi...verversion.xml
 
 http://wsusservername:8530/iuident.cab
 http://wsusservername:8530/selfupdate/iuident.cab
 http://wsusservername:8530/clientweb...verversion.xml
 http://wsusservername:8530/simpleaut...impleauth.asmx
 

Sorry I was changing back and forth as various solutions suggested. Currently it's running on port 80 and as nappy_d requested (and I already tried in post ID: 23677046) I was able to download all the files without specifying port 8530, so the it seems that port 80 is functioning correctly. Each time i've modified any port settings, I've also changed group policy to reflect the change and waited for replication.

Actually I just did another cliantdiag and everything passed:

WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Policy settings

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
                WUServer = http://myserver
                WUStatusServer = http://myserver
        UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
        Connection to server. . . . . . . . . . . . . . . . . . PASS
        SelfUpdate folder is present. . . . . . . . . . . . . . PASS

Still nothing showing in US Admin though

They should start populating shortly.

Waited about 12 hours. Still nothing.

Thanks for not giving up ^.-

cigsupport,

I don't want you to discount any of the potential solutions but can you please not discount the suggestion.

Could be DNS also see the bottom of this http://www.wsus.info/forums/lofiversion/index.php?t4773.html

Hi, Well thanks for your help guys, I seem to have solved it myself.

I did some searching for the "WARNING: GetAuthorizationCookie failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200"

From this link "http://forums.techarena.in/server-update-service/753433.htm"

Message and someone else was having the same problems, apparently it's a problem with the WSUS installer itself. I removed WSUS from the server and installed WSUS2-KB919004-x86.exe

From here it took about 2 mins for all my computers to show up in the correct group.

Thanks heaps to nappy_d and dstewartjr for their persistance.