[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 713
  • Last Modified:

WSUS 3.0 SP1 - Server not recognizing client-side targeting setting

I have a brand new WSUS 3.0 server installation.  I have a Parent - Child Windows 2003 AD structure. The WSUS server is in the root domain and all the child domains workstations and servers are checking in fine.  However, I need to note that all nodes that are checking in correctly are in the same namespace as the root domain.  For example,

Root Domain name = contoso.int
Child Domain name = dallas.contoso.int

We have a separate name space that is connected to the root domain and none of these will recognize the client side targeting setting (They are showing up though in Unassigned computers and downloading updates) For example,

Root Domain name = contoso.int
Child Domain name = toronoto.ca

I searched all resources for answers to basic functionality of the client. I have logged on to a client in the toronto.ca domain, updated to the latest wsus3.0 client, verified the Group Policy is set correctly.  Ran through many different scripts doing all of the normal deletions of the reg keys, software distribution folders etc.  I have also run the clientdiag tool and it reports back fine.  I have also run the proxycfg tool because the admin in that domain does run an autoconfigurtion script which goes through an ISA proxy.  After all of this, I can see that it is communicating with the new WSUS server, but it shows up in the "Unassigned Computers" container.  It will not go into the container I am targeting.  The only thing left I can see is this domain structure setup possibly causing the WSUS server not being able to read the registry key on the client for some reason.  I know it sees the SUSclient ID reg key.  But it may not see the Policies reg key.

Any ideas?  I could be totally off thinking here but I have exhausted all other avenues.
Thanks

0
cweldoncd
Asked:
cweldoncd
  • 3
  • 2
1 Solution
 
DataBitzCommented:
Have you checked the registry on a machine in dallas.contoso.int
Do these keys exist?
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled

If not it maybe a problem with the group policies not being configured correctly or permissions for these machines to read the policies. Using the group policy editors GP results to check if the machines are receiving the WSUS policy and for permissions errors.
0
 
cweldoncdAuthor Commented:
Thanks but when I mentioned the "policy" registry key in my question above, those were the keys I was referring to.  And yes, all child domains have group policies created IN that domain.  So dallas.contoso.int and toronto.ca both have valid group policies.  

The only domain I am having an issue with is the toronto.ca domain.  All pc's in this domain do check into the wsus server which is in the contoso.int domain, and they do download updates.  However, it is only the "client side targeting" that is the issue.  They never get moved to the target group, they just stay in the "unassigned computers" container.  Again, all other child domains work fine.  Its just this one one-off namespace domain that is having the issue.
0
 
Donald StewartNetwork AdministratorCommented:

Save the following as fixwsus.cmd and run on clients

also look here

http://www.wsuswiki.com/TroubleshootingClientTargeting

%Windir%\system32\net.exe stop bits 
 
%Windir%\system32\net.exe stop wuauserv  
 
 
 
 
if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  
 
if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 
 
if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  
 
if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 
 
if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  
 
if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  
 
if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  
 
if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  
 
if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  
 
if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  
 
if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll
 
if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll
 
if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll
 
if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll
 
if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll
 
if exist %windir%\system32\msxml.dll  %windir%\system32\regsvr32.exe /s msxml.dll
 
if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll
 
if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll
 
if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll
 
if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll
 
if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll
 
if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
 
 
 
rd /s /q %windir%\softwareDistribution
 
sleep 5
 
%Windir%\system32\net.exe start bits 
 
%Windir%\system32\net.exe start wuauserv 
 
 
 
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
 
 
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
wuauclt.exe /resetauthorization /detectnow
 
exit /B 0 

Open in new window

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Donald StewartNetwork AdministratorCommented:
sorry posted wrong version of script  use below instead

%Windir%\system32\net.exe stop bits 
 
%Windir%\system32\net.exe stop wuauserv
 
 
 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientValidation /f
 
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
 
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
 
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
 
 
 
 
 
 
 
 
 
if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  
 
if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 
 
if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  
 
if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 
 
if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  
 
if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  
 
if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  
 
if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  
 
if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  
 
if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  
 
if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll
 
if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll
 
if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll
 
if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll
 
if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll
 
if exist %windir%\system32\msxml.dll  %windir%\system32\regsvr32.exe /s msxml.dll
 
if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll
 
if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll
 
if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll
 
if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll
 
if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll
 
if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
 
 
 
del C:\Windows\WindowsUpdate.log /S /Q
 
rd /s /q %windir%\softwareDistribution
 
sleep 5
 
%Windir%\system32\net.exe start bits 
 
%Windir%\system32\net.exe start wuauserv 
 
 
 
 
 
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
 
 
 
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
 
wuauclt.exe /resetauthorization
 
wuauclt.exe /detectnow 
 
wuauclt.exe /reportnow
 
 
 
 
 
 
 
exit /B 0

Open in new window

0
 
cweldoncdAuthor Commented:
thanks for the scripts....I will use them in the future for troubleshooting. In the console, there is an section under "Options" called Personlization. In the "to do list" section, I noticed the "Computers have requested non-existence computer groups". When I saw this, it made me think to click on the actual Server Name in the console to the the overall status. Sure enough, this message was being displayed.

The wierd thing is that the group did exist. So, I figured I would just delete it and then recreate it. Once I did that, the computers started to move into the group.

thanks for your suggestions.
0
 
cweldoncdAuthor Commented:
I resolved the issue.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now