Solved

WSUS 3.0 Clients do not display in correct WSUS target group

Posted on 2009-05-07
21
2,596 Views
Last Modified: 2012-05-06
Multiple clients are not sorted into proper WSUS target groups.  Group targeting is enabled via Group Policy.  I have verified that GP is applying correctly to the machines in question.  Some of the machines MAY be based on an image (they were in place before I came on board).  The clients DO communicate with the WSUS server and pull updates.  I have modified the registry on the machines but the changes are reset after reboot OR update session. Attached is a sample from the %windir%\WindowsUpdate.log of one of the machines.
2009-05-07	14:23:28:192	1092	190	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++

2009-05-07	14:23:28:192	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx

2009-05-07	14:23:30:146	1092	190	PT	WARNING: Cached cookie has expired or new PID is available

2009-05-07	14:23:30:146	1092	190	PT	Initializing simple targeting cookie, clientId = b4573d38-847a-42b1-a7b6-3d73f9fd51dc, target group = ccbnet, DNS name = ccb2052.ccbcreditservices.net

2009-05-07	14:23:30:161	1092	190	PT	  Server URL = http://ccbnet/SimpleAuthWebService/SimpleAuth.asmx

2009-05-07	14:27:18:337	1092	190	PT	+++++++++++  PT: Synchronizing extended update info  +++++++++++

2009-05-07	14:27:18:337	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx

2009-05-07	14:27:30:978	1092	190	Agent	  * Found 0 updates and 42 categories in search; evaluated appl. rules of 620 out of 950 deployed entities

2009-05-07	14:27:31:478	1092	190	Agent	*********

2009-05-07	14:27:31:478	1092	190	Agent	**  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]

2009-05-07	14:27:31:478	1092	190	Agent	*************

2009-05-07	14:27:31:494	1092	8a8	AU	>>##  RESUMED  ## AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]

2009-05-07	14:27:31:494	1092	8a8	AU	  # 0 updates detected

2009-05-07	14:27:31:510	1092	8a8	AU	#########

2009-05-07	14:27:31:510	1092	8a8	AU	##  END  ##  AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]

2009-05-07	14:27:31:510	1092	8a8	AU	#############

2009-05-07	14:27:31:510	1092	8a8	AU	AU setting next detection timeout to 2009-05-08 06:17:09

2009-05-07	14:27:31:510	1092	8a8	AU	Setting AU scheduled install time to 2009-05-08 15:00:00

2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {ACC08546-33E5-4357-9D55-17EC05074D7B}	2009-05-07 14:27:31:478-0500	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Software Synchronization	Windows Update Client successfully detected 0 updates.

2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {1AC08CE8-6528-407D-BB6D-96DB56267D27}	2009-05-07 14:27:31:478-0500	1	156	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Pre-Deployment Check	Reporting client status.

2009-05-07	14:39:33:039	1092	190	Report	Uploading 2 events using cached cookie, reporting URL = http://ccbnet/ReportingWebService/ReportingWebService.asmx

2009-05-07	14:39:33:055	1092	190	Report	Reporter successfully uploaded 2 events.

Open in new window

0
Comment
Question by:CCBIL
  • 10
  • 6
  • 5
21 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24330498
Run clientdiag on clients
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
gpresult(on client) will tell which gpo's are being applied to the clients
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s
 
will tell you what target group the client is getting applied to
 
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24330537
Do you have the following configured under Options>>>Computers ?
wsusreg.bmp
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24330661
WSUS server relies on group policy.  Most clients report to the proper group.  Group policy is applied correctly to the machines which are affected.  I have used gpresult to see if the GPO is not applied for some reason.  The registry keys point to an old target group.  I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group.  Attached is the result for clientdiag from one of the machines.  

PS.  I think the issue is related to the message "WARNING: Cached cookie has expired or new PID is available" which is found in the WindowsUpdate.log  
WSUS Client Diagnostics Tool
 

Checking Machine State

	Checking for admin rights to run tool . . . . . . . . . PASS

	Automatic Updates Service is running. . . . . . . . . . PASS

	Background Intelligent Transfer Service is running. . . PASS

	Wuaueng.dll version 7.1.6001.65 . . . . . . . . . . . . PASS

		This version is WSUS 2.0
 

Checking AU Settings

	AU Option is 4: Scheduled Install . . . . . . . . . . . PASS

		Option is from Policy settings
 

Checking Proxy Configuration

	Checking for winhttp local machine Proxy settings . . . PASS

		Winhttp local machine access type

			<Direct Connection>

		Winhttp local machine Proxy. . . . . . . . . .  PASS

		Winhttp local machine ProxyBypass. . . . . . .  PASS

	Checking User IE Proxy settings . . . . . . . . . . . . PASS

		User IE Proxy

		ccbisa1:8080

		User IE ProxyByPass

		

		User IE AutoConfig URL Proxy . . . . . . . . .  PASS

		User IE AutoDetect

		AutoDetect not in use
 

Checking Connection to WSUS/SUS Server

		WUServer = http://ccbnet

		WUStatusServer = http://ccbnet

	UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS

	Connection to server. . . . . . . . . . . . . . . . . . PASS

	SelfUpdate folder is present. . . . . . . . . . . . . . PASS

Open in new window

0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24330731
" I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group."
 
This indicates that the client is getting settings applied from a different gpo
 
"WARNING: Cached cookie has expired or new PID is available"
 http://blogs.technet.com/sus/archive/2008/10/29/wsus-clients-fail-synchronization-with-0x80244015-and-0x8024400d-errors.aspx
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24330981
I do not think it indicates that the setting is getting applied via another GPO.  Computers within the same OU are placed within the correct WSUS target group. My gut tells me that it has something to do with the possibility that the work stations are from an image(again these were setup before I arrived)
Thank you for the link however it seems to deal with WSUS load balancing and systems not getting updates, neither of which apply to my issue.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24331006
An imaged machine will only cause problems with duplicate SIDS, it will not have anything to do with target groups.
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24331075
Are there any commands that I can use to force the client to communicate with the update server?  I want to change the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the correct target group, then force the client to talk to the WSUS server and see if the key is changed back?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24331108
wuauclt.exe /detectnow
wuauclt.exe /reportnow
 
Try the batch below saved as fixwsus.cmd

%Windir%\system32\net.exe stop bits 

%Windir%\system32\net.exe stop wuauserv

%Windir%\system32\net.exe stop cryptsvc
 

del C:\Windows\WindowsUpdate.log /S /Q 

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientValidation /f

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
 

proxycfg -u 
 

if exist %Windir%\system32\comcat.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\comcat.dll

if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdoc401.dll

if exist %Windir%\system32\cdm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdm.dll

if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll

if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll

if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll

if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll

if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll

if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll 

if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll 

if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll

if exist %Windir%\system32\mssip32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mssip32.dll

if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll

if exist %Windir%\system32\wucltui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll

if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /i /s  %Windir%\system32\shdoc401.dll

if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll

if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll

if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll

if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll

if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll 

if exist %Windir%\system32\asctrls.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\asctrls.ocx

if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll

if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll

if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll

if exist %Windir%\system32\oleaut32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\oleaut32.dll

if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe  /I /s %Windir%\system32\shdocvw.dll

if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdocvw.dll 

if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\browseui.dll

if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /I /s %Windir%\system32\ browseui.dll 

if exist %Windir%\system32\msrating.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msrating.dll

if exist %Windir%\system32\mlang.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mlang.dll

if exist %Windir%\system32\hlink.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\hlink.dll

if exist %Windir%\system32\mshtmled.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mshtmled.dll

if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\urlmon.dll

if exist %Windir%\system32\plugin.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\plugin.ocx

if exist %Windir%\system32\sendmail.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sendmail.dll

if exist %Windir%\system32\scrobj.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\scrobj.dll

if exist %Windir%\system32\mmefxe.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\mmefxe.ocx

if exist %Windir%\system32\corpol.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\corpol.dll

if exist %Windir%\system32\msxml.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msxml.dll 

if exist %Windir%\system32\imgutil.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\imgutil.dll

if exist %Windir%\system32\thumbvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\thumbvw.dll

if exist %Windir%\system32\cryptext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptext.dll

if exist %Windir%\system32\rsabase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsabase.dll

if exist %Windir%\system32\inseng.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inseng.dll

if exist %Windir%\system32\iesetup.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\iesetup.dll

if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll

if exist %Windir%\system32\actxprxy.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\actxprxy.dll

if exist %Windir%\system32\dispex.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dispex.dll

if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\occache.dll

if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\occache.dll

if exist %Windir%\system32\iepeers.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\iepeers.dll

if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\urlmon.dll

if exist %Windir%\system32\cdfview.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdfview.dll 

if exist %Windir%\system32\webcheck.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\webcheck.dll

if exist %Windir%\system32\mobsync.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mobsync.dll

if exist %Windir%\system32\pngfilt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\pngfilt.dll

if exist %Windir%\system32\licmgr10.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\licmgr10.dll

if exist %Windir%\system32\icmfilter.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\icmfilter.dll

if exist %Windir%\system32\hhctrl.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\hhctrl.ocx

if exist %Windir%\system32\inetcfg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcfg.dll

if exist %Windir%\system32\tdc.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\tdc.ocx

if exist %Windir%\system32\MSR2C.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\MSR2C.DLL

if exist %Windir%\system32\msident.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msident.dll

if exist %Windir%\system32\msieftp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msieftp.dll

if exist %Windir%\system32\xmsconf.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\xmsconf.ocx

if exist %Windir%\system32\ils.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\ils.dll

if exist %Windir%\system32\msoeacct.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msoeacct.dll

if exist %Windir%\system32\inetcomm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcomm.dll

if exist %Windir%\system32\msdxm.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\msdxm.ocx

if exist %Windir%\system32\dxmasf.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxmasf.dll

if exist %Windir%\system32\l3codecx.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\l3codecx.ax

if exist %Windir%\system32\acelpdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\acelpdec.ax

if exist %Windir%\system32\mpg4ds32.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\mpg4ds32.ax

if exist %Windir%\system32\voxmsdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\voxmsdec.ax

if exist %Windir%\system32\danim.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\danim.dll 

if exist %Windir%\system32\Daxctle.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\Daxctle.ocx

if exist %Windir%\system32\lmrt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\lmrt.dll

if exist %Windir%\system32\datime.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\datime.dll

if exist %Windir%\system32\dxtrans.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtrans.dll

if exist %Windir%\system32\dxtmsft.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtmsft.dll

if exist %Windir%\system32\WEBPOST.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WEBPOST.DLL

if exist %Windir%\system32\WPWIZDLL.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WPWIZDLL.DLL

if exist %Windir%\system32\POSTWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\POSTWPP.DLL

if exist %Windir%\system32\CRSWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\CRSWPP.DLL

if exist %Windir%\system32\FTPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FTPWPP.DLL

if exist %Windir%\system32\FPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FPWPP.DLL

if exist %Windir%\system32\wshom.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshom.ocx

if exist %Windir%\system32\wshext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshext.dll

if exist %Windir%\system32\vbscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\vbscript.dll

if exist %Windir%\system32\scrrun.dll mstinit.exe%Windir%\system32\regsvr32.exe /setup /s %Windir%\system32\scrrun.dll

if exist %Windir%\system32\msnsspc.dll %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msnsspc.dll

if exist %Windir%\system32\msapsspc.dll  %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msapsspc.dll

proxycfg -d

if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  

if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 

if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  

if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 

if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  

if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  

if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  

if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  

if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  

if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  

if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll

if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll

if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll

if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll

if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll

if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll

if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll

if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll

if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll

if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll

if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
 

ren %windir%\system32\catroot2 catroot2.old

rd /s /q %windir%\softwareDistribution

ping 127.0.0.1 -n 2 -w 1000 > nul

ping 127.0.0.1 -n %1% -w 1000> nul
 
 

%Windir%\system32\net.exe start cryptsvc

%Windir%\system32\net.exe start bits 

%Windir%\system32\net.exe start wuauserv 
 
 

sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 

sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 

if exist %Windir%\system32\mshtml.dll %windir%\system32\regsvr32.exe /s mshtml.dll

wuauclt.exe /resetauthorization

wuauclt.exe /detectnow 

wuauclt.exe /reportnow
 
 
 

exit /B 0 

Open in new window

0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24331288
Something else to check is gpedit.msc and set the computer config\windows components\system\logon and enable the feature "always wait for network"

In my experience, sometime the computer policies are not being applied due to this setting.

Also take a look at rsop.msc even tho gpresult will show you what policies are being applied, rsop.msc will show you what settings are being applied via a policy.
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24337742
nappy_d :
I will test the "Always wait for network" and report back.

dstewartjr:
I have been digging in group policy to see what is not working correctly.  Here is what I found.  A group policy with is not listed as being inherited in any way is effecting the settings for WSUS.  I have disabled the incorrect GPO and will perform a Gpupdate /force to see if they release the GP settings.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 1

Author Comment

by:CCBIL
ID: 24339374
I have determined that the issue is with the machines using settings from an old GPO.  The GPO has been deleted but the clients still use the information it contained.  I have a new GPO which contains our new WSUS target settings, the clients says they are using the new GPO (gpupdate, GPMC).  Any suggestions on how to force the client to use the new settings (I have rebooted the clients several times and used gpupdate /force).
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339416
have you tried gpupdate /target:computer /force /boot
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339422
Is the always wait for network enabled on the local GPO?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24339436
If you delete the key under
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
 
and run gpudpdate /force it will reapply with your new GPO
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339627
Deleted the key, issued the command and the settings returned.  I ran gpresult /z and rsop, both report the old policy is used.  I have veriifed that the policy does not exist under the \\DOMAIN_NAME\SYSVOL\DOMAIN_NAME\Policies folder

Attached is a shot of RSOP which displays the SID of the policy, again I have verified that policy does not have a folder under "Policies".  The red is the SID the yellow is the incorrect WSUS Targer.

WSUS-GPO-Issue.JPG
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339659
Nappy:
I am using the wait for network, and the machines have been rebooted several times since the old policy was deleted.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339665
Is this client running vista?
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339673
All clients are running XP Pro SP 3.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339704
Anything for WSUS in the event viewer or the WSUS logs on the workstations?
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339736
The original post has one of the clients WindowsUpdate.log files.
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24354345
I am going to re-post this issue under a Group Policy since the issue is an old GPO being applied rather than anything wrong with the WSUS server or client.  Thank you for the assistance.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now