Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2829
  • Last Modified:

WSUS 3.0 Clients do not display in correct WSUS target group

Multiple clients are not sorted into proper WSUS target groups.  Group targeting is enabled via Group Policy.  I have verified that GP is applying correctly to the machines in question.  Some of the machines MAY be based on an image (they were in place before I came on board).  The clients DO communicate with the WSUS server and pull updates.  I have modified the registry on the machines but the changes are reset after reboot OR update session. Attached is a sample from the %windir%\WindowsUpdate.log of one of the machines.
2009-05-07	14:23:28:192	1092	190	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++
2009-05-07	14:23:28:192	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx
2009-05-07	14:23:30:146	1092	190	PT	WARNING: Cached cookie has expired or new PID is available
2009-05-07	14:23:30:146	1092	190	PT	Initializing simple targeting cookie, clientId = b4573d38-847a-42b1-a7b6-3d73f9fd51dc, target group = ccbnet, DNS name = ccb2052.ccbcreditservices.net
2009-05-07	14:23:30:161	1092	190	PT	  Server URL = http://ccbnet/SimpleAuthWebService/SimpleAuth.asmx
2009-05-07	14:27:18:337	1092	190	PT	+++++++++++  PT: Synchronizing extended update info  +++++++++++
2009-05-07	14:27:18:337	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx
2009-05-07	14:27:30:978	1092	190	Agent	  * Found 0 updates and 42 categories in search; evaluated appl. rules of 620 out of 950 deployed entities
2009-05-07	14:27:31:478	1092	190	Agent	*********
2009-05-07	14:27:31:478	1092	190	Agent	**  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2009-05-07	14:27:31:478	1092	190	Agent	*************
2009-05-07	14:27:31:494	1092	8a8	AU	>>##  RESUMED  ## AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]
2009-05-07	14:27:31:494	1092	8a8	AU	  # 0 updates detected
2009-05-07	14:27:31:510	1092	8a8	AU	#########
2009-05-07	14:27:31:510	1092	8a8	AU	##  END  ##  AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]
2009-05-07	14:27:31:510	1092	8a8	AU	#############
2009-05-07	14:27:31:510	1092	8a8	AU	AU setting next detection timeout to 2009-05-08 06:17:09
2009-05-07	14:27:31:510	1092	8a8	AU	Setting AU scheduled install time to 2009-05-08 15:00:00
2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {ACC08546-33E5-4357-9D55-17EC05074D7B}	2009-05-07 14:27:31:478-0500	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Software Synchronization	Windows Update Client successfully detected 0 updates.
2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {1AC08CE8-6528-407D-BB6D-96DB56267D27}	2009-05-07 14:27:31:478-0500	1	156	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Pre-Deployment Check	Reporting client status.
2009-05-07	14:39:33:039	1092	190	Report	Uploading 2 events using cached cookie, reporting URL = http://ccbnet/ReportingWebService/ReportingWebService.asmx
2009-05-07	14:39:33:055	1092	190	Report	Reporter successfully uploaded 2 events.

Open in new window

0
CCBIL
Asked:
CCBIL
  • 10
  • 6
  • 5
1 Solution
 
Donald StewartNetwork AdministratorCommented:
Run clientdiag on clients
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
gpresult(on client) will tell which gpo's are being applied to the clients
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s
 
will tell you what target group the client is getting applied to
 
0
 
Donald StewartNetwork AdministratorCommented:
Do you have the following configured under Options>>>Computers ?
wsusreg.bmp
0
 
CCBILAuthor Commented:
WSUS server relies on group policy.  Most clients report to the proper group.  Group policy is applied correctly to the machines which are affected.  I have used gpresult to see if the GPO is not applied for some reason.  The registry keys point to an old target group.  I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group.  Attached is the result for clientdiag from one of the machines.  

PS.  I think the issue is related to the message "WARNING: Cached cookie has expired or new PID is available" which is found in the WindowsUpdate.log  
WSUS Client Diagnostics Tool
 
Checking Machine State
	Checking for admin rights to run tool . . . . . . . . . PASS
	Automatic Updates Service is running. . . . . . . . . . PASS
	Background Intelligent Transfer Service is running. . . PASS
	Wuaueng.dll version 7.1.6001.65 . . . . . . . . . . . . PASS
		This version is WSUS 2.0
 
Checking AU Settings
	AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
		Option is from Policy settings
 
Checking Proxy Configuration
	Checking for winhttp local machine Proxy settings . . . PASS
		Winhttp local machine access type
			<Direct Connection>
		Winhttp local machine Proxy. . . . . . . . . .  PASS
		Winhttp local machine ProxyBypass. . . . . . .  PASS
	Checking User IE Proxy settings . . . . . . . . . . . . PASS
		User IE Proxy
		ccbisa1:8080
		User IE ProxyByPass
		
		User IE AutoConfig URL Proxy . . . . . . . . .  PASS
		User IE AutoDetect
		AutoDetect not in use
 
Checking Connection to WSUS/SUS Server
		WUServer = http://ccbnet
		WUStatusServer = http://ccbnet
	UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
	Connection to server. . . . . . . . . . . . . . . . . . PASS
	SelfUpdate folder is present. . . . . . . . . . . . . . PASS

Open in new window

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Donald StewartNetwork AdministratorCommented:
" I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group."
 
This indicates that the client is getting settings applied from a different gpo
 
"WARNING: Cached cookie has expired or new PID is available"
 http://blogs.technet.com/sus/archive/2008/10/29/wsus-clients-fail-synchronization-with-0x80244015-and-0x8024400d-errors.aspx
0
 
CCBILAuthor Commented:
I do not think it indicates that the setting is getting applied via another GPO.  Computers within the same OU are placed within the correct WSUS target group. My gut tells me that it has something to do with the possibility that the work stations are from an image(again these were setup before I arrived)
Thank you for the link however it seems to deal with WSUS load balancing and systems not getting updates, neither of which apply to my issue.


0
 
Donald StewartNetwork AdministratorCommented:
An imaged machine will only cause problems with duplicate SIDS, it will not have anything to do with target groups.
0
 
CCBILAuthor Commented:
Are there any commands that I can use to force the client to communicate with the update server?  I want to change the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the correct target group, then force the client to talk to the WSUS server and see if the key is changed back?
0
 
Donald StewartNetwork AdministratorCommented:
wuauclt.exe /detectnow
wuauclt.exe /reportnow
 
Try the batch below saved as fixwsus.cmd

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
 
del C:\Windows\WindowsUpdate.log /S /Q 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientValidation /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
 
proxycfg -u 
 
if exist %Windir%\system32\comcat.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\comcat.dll
if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdoc401.dll
if exist %Windir%\system32\cdm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdm.dll
if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll
if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll
if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll
if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll
if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll
if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll 
if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll 
if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll
if exist %Windir%\system32\mssip32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mssip32.dll
if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll
if exist %Windir%\system32\wucltui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll
if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /i /s  %Windir%\system32\shdoc401.dll
if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll
if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll
if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll
if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll
if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll 
if exist %Windir%\system32\asctrls.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\asctrls.ocx
if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll
if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll
if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll
if exist %Windir%\system32\oleaut32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\oleaut32.dll
if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe  /I /s %Windir%\system32\shdocvw.dll
if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdocvw.dll 
if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\browseui.dll
if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /I /s %Windir%\system32\ browseui.dll 
if exist %Windir%\system32\msrating.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msrating.dll
if exist %Windir%\system32\mlang.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mlang.dll
if exist %Windir%\system32\hlink.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\hlink.dll
if exist %Windir%\system32\mshtmled.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mshtmled.dll
if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\urlmon.dll
if exist %Windir%\system32\plugin.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\plugin.ocx
if exist %Windir%\system32\sendmail.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sendmail.dll
if exist %Windir%\system32\scrobj.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\scrobj.dll
if exist %Windir%\system32\mmefxe.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\mmefxe.ocx
if exist %Windir%\system32\corpol.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\corpol.dll
if exist %Windir%\system32\msxml.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msxml.dll 
if exist %Windir%\system32\imgutil.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\imgutil.dll
if exist %Windir%\system32\thumbvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\thumbvw.dll
if exist %Windir%\system32\cryptext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptext.dll
if exist %Windir%\system32\rsabase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsabase.dll
if exist %Windir%\system32\inseng.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inseng.dll
if exist %Windir%\system32\iesetup.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\iesetup.dll
if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll
if exist %Windir%\system32\actxprxy.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\actxprxy.dll
if exist %Windir%\system32\dispex.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dispex.dll
if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\occache.dll
if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\occache.dll
if exist %Windir%\system32\iepeers.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\iepeers.dll
if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\urlmon.dll
if exist %Windir%\system32\cdfview.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdfview.dll 
if exist %Windir%\system32\webcheck.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\webcheck.dll
if exist %Windir%\system32\mobsync.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mobsync.dll
if exist %Windir%\system32\pngfilt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\pngfilt.dll
if exist %Windir%\system32\licmgr10.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\licmgr10.dll
if exist %Windir%\system32\icmfilter.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\icmfilter.dll
if exist %Windir%\system32\hhctrl.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\hhctrl.ocx
if exist %Windir%\system32\inetcfg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcfg.dll
if exist %Windir%\system32\tdc.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\tdc.ocx
if exist %Windir%\system32\MSR2C.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\MSR2C.DLL
if exist %Windir%\system32\msident.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msident.dll
if exist %Windir%\system32\msieftp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msieftp.dll
if exist %Windir%\system32\xmsconf.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\xmsconf.ocx
if exist %Windir%\system32\ils.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\ils.dll
if exist %Windir%\system32\msoeacct.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msoeacct.dll
if exist %Windir%\system32\inetcomm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcomm.dll
if exist %Windir%\system32\msdxm.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\msdxm.ocx
if exist %Windir%\system32\dxmasf.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxmasf.dll
if exist %Windir%\system32\l3codecx.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\l3codecx.ax
if exist %Windir%\system32\acelpdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\acelpdec.ax
if exist %Windir%\system32\mpg4ds32.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\mpg4ds32.ax
if exist %Windir%\system32\voxmsdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\voxmsdec.ax
if exist %Windir%\system32\danim.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\danim.dll 
if exist %Windir%\system32\Daxctle.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\Daxctle.ocx
if exist %Windir%\system32\lmrt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\lmrt.dll
if exist %Windir%\system32\datime.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\datime.dll
if exist %Windir%\system32\dxtrans.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtrans.dll
if exist %Windir%\system32\dxtmsft.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtmsft.dll
if exist %Windir%\system32\WEBPOST.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WEBPOST.DLL
if exist %Windir%\system32\WPWIZDLL.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WPWIZDLL.DLL
if exist %Windir%\system32\POSTWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\POSTWPP.DLL
if exist %Windir%\system32\CRSWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\CRSWPP.DLL
if exist %Windir%\system32\FTPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FTPWPP.DLL
if exist %Windir%\system32\FPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FPWPP.DLL
if exist %Windir%\system32\wshom.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshom.ocx
if exist %Windir%\system32\wshext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshext.dll
if exist %Windir%\system32\vbscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\vbscript.dll
if exist %Windir%\system32\scrrun.dll mstinit.exe%Windir%\system32\regsvr32.exe /setup /s %Windir%\system32\scrrun.dll
if exist %Windir%\system32\msnsspc.dll %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msnsspc.dll
if exist %Windir%\system32\msapsspc.dll  %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msapsspc.dll
proxycfg -d
if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  
if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 
if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  
if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 
if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  
if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  
if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  
if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  
if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  
if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  
if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll
if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll
if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll
if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll
if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll
if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll
if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll
if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll
if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll
if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll
if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
 
ren %windir%\system32\catroot2 catroot2.old
rd /s /q %windir%\softwareDistribution
ping 127.0.0.1 -n 2 -w 1000 > nul
ping 127.0.0.1 -n %1% -w 1000> nul
 
 
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 
 
 
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
if exist %Windir%\system32\mshtml.dll %windir%\system32\regsvr32.exe /s mshtml.dll
wuauclt.exe /resetauthorization
wuauclt.exe /detectnow 
wuauclt.exe /reportnow
 
 
 
exit /B 0 

Open in new window

0
 
nappy_dCommented:
Something else to check is gpedit.msc and set the computer config\windows components\system\logon and enable the feature "always wait for network"

In my experience, sometime the computer policies are not being applied due to this setting.

Also take a look at rsop.msc even tho gpresult will show you what policies are being applied, rsop.msc will show you what settings are being applied via a policy.
0
 
CCBILAuthor Commented:
nappy_d :
I will test the "Always wait for network" and report back.

dstewartjr:
I have been digging in group policy to see what is not working correctly.  Here is what I found.  A group policy with is not listed as being inherited in any way is effecting the settings for WSUS.  I have disabled the incorrect GPO and will perform a Gpupdate /force to see if they release the GP settings.
0
 
CCBILAuthor Commented:
I have determined that the issue is with the machines using settings from an old GPO.  The GPO has been deleted but the clients still use the information it contained.  I have a new GPO which contains our new WSUS target settings, the clients says they are using the new GPO (gpupdate, GPMC).  Any suggestions on how to force the client to use the new settings (I have rebooted the clients several times and used gpupdate /force).
0
 
nappy_dCommented:
have you tried gpupdate /target:computer /force /boot
0
 
nappy_dCommented:
Is the always wait for network enabled on the local GPO?
0
 
Donald StewartNetwork AdministratorCommented:
If you delete the key under
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
 
and run gpudpdate /force it will reapply with your new GPO
0
 
CCBILAuthor Commented:
Deleted the key, issued the command and the settings returned.  I ran gpresult /z and rsop, both report the old policy is used.  I have veriifed that the policy does not exist under the \\DOMAIN_NAME\SYSVOL\DOMAIN_NAME\Policies folder

Attached is a shot of RSOP which displays the SID of the policy, again I have verified that policy does not have a folder under "Policies".  The red is the SID the yellow is the incorrect WSUS Targer.

WSUS-GPO-Issue.JPG
0
 
CCBILAuthor Commented:
Nappy:
I am using the wait for network, and the machines have been rebooted several times since the old policy was deleted.
0
 
nappy_dCommented:
Is this client running vista?
0
 
CCBILAuthor Commented:
All clients are running XP Pro SP 3.
0
 
nappy_dCommented:
Anything for WSUS in the event viewer or the WSUS logs on the workstations?
0
 
CCBILAuthor Commented:
The original post has one of the clients WindowsUpdate.log files.
0
 
CCBILAuthor Commented:
I am going to re-post this issue under a Group Policy since the issue is an old GPO being applied rather than anything wrong with the WSUS server or client.  Thank you for the assistance.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 10
  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now