?
Solved

Wsus3 Clients connected to wrong wsus Server

Posted on 2009-05-05
6
Medium Priority
?
632 Views
Last Modified: 2012-05-06
Hi


We have an issue where a few clients from a few offices are connected to the wrong wsus server. It is also downloading something from the wsus3 server and causing heavy network traffic

If i run a netstat on a client that is registred to stockholmwsus, i see connections to glasgowwsus.

We have used tpcview, and the connections are: system:4 connections.

Why are some clients connected to a diffrent wsusbox while they are registred on the correct one and can be seen as active on the correct wsusserver, but still is downloading stuff from another wsusserver which is not specified in gpo??

All XP, GPO's used. Clients are in correct GPO.

Thanks /Dabosa
0
Comment
Question by:Dabosa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:rentonc
ID: 24303125
Assuming you have checked the GPO and confirmed by looking at the registry settings on the affected machines
in the follwoing key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

It couild be a DNS issue on the affected machines, can you ping to your stockholmwsus from the affected machines to make sure they are not resolving to the ip of the glasgowwsus

0
 

Author Comment

by:Dabosa
ID: 24303462
GPO is checked and correct, also the correct server stockholmwsus is specified in this registry key.
Still there are connections to the glasgowwsus.

The clint ip settings are correct, the stockholmwsus resolves fine.

I have now checked the IP config on both wsus servers and they have the same correct  dns's and wins's.
0
 
LVL 4

Expert Comment

by:rentonc
ID: 24303793
1 final thought - is that maybe it is in the middle of a large update so the cookie may still point to the old server - maybe you could try this from the command prompt
wuauclt /resetauthorization /detectnow

0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:Dabosa
ID: 24303856
Just tried it, command went fine, but still i see connection to wrong wsus server.

I have used the taskkill /F /PID "nr" on client tio kill connection and it sussessfully removes the connection but its instantly re-establishes connectivity once removed.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24306641
What does this command return?
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s  
0
 

Accepted Solution

by:
Dabosa earned 0 total points
ID: 24314029
It is solved now. This was the problem: In the same subnet we had a rightfax server

It just so happens that it used  to be the same IP address as the new Glasgow WSUS Server. No IP confilct events on the wsus though:(

The problem is arising when users have accidently printed to the Rightfax driver (possibly because it was set a default at one point.)

These then attempt to connect to the WSUS Server.

The size of the print seems to have some bearing on the connections also, but Im not sure where the downloading is coming from, or if the prints determine the size.

WSUS was fine all along - All fine now.

Thanks for all troubleshoot input! /D

0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question