Solved

WSUS 3.0 Clients do not display in correct WSUS target group

Posted on 2009-05-07
21
2,551 Views
Last Modified: 2012-05-06
Multiple clients are not sorted into proper WSUS target groups.  Group targeting is enabled via Group Policy.  I have verified that GP is applying correctly to the machines in question.  Some of the machines MAY be based on an image (they were in place before I came on board).  The clients DO communicate with the WSUS server and pull updates.  I have modified the registry on the machines but the changes are reset after reboot OR update session. Attached is a sample from the %windir%\WindowsUpdate.log of one of the machines.
2009-05-07	14:23:28:192	1092	190	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++

2009-05-07	14:23:28:192	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx

2009-05-07	14:23:30:146	1092	190	PT	WARNING: Cached cookie has expired or new PID is available

2009-05-07	14:23:30:146	1092	190	PT	Initializing simple targeting cookie, clientId = b4573d38-847a-42b1-a7b6-3d73f9fd51dc, target group = ccbnet, DNS name = ccb2052.ccbcreditservices.net

2009-05-07	14:23:30:161	1092	190	PT	  Server URL = http://ccbnet/SimpleAuthWebService/SimpleAuth.asmx

2009-05-07	14:27:18:337	1092	190	PT	+++++++++++  PT: Synchronizing extended update info  +++++++++++

2009-05-07	14:27:18:337	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx

2009-05-07	14:27:30:978	1092	190	Agent	  * Found 0 updates and 42 categories in search; evaluated appl. rules of 620 out of 950 deployed entities

2009-05-07	14:27:31:478	1092	190	Agent	*********

2009-05-07	14:27:31:478	1092	190	Agent	**  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]

2009-05-07	14:27:31:478	1092	190	Agent	*************

2009-05-07	14:27:31:494	1092	8a8	AU	>>##  RESUMED  ## AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]

2009-05-07	14:27:31:494	1092	8a8	AU	  # 0 updates detected

2009-05-07	14:27:31:510	1092	8a8	AU	#########

2009-05-07	14:27:31:510	1092	8a8	AU	##  END  ##  AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]

2009-05-07	14:27:31:510	1092	8a8	AU	#############

2009-05-07	14:27:31:510	1092	8a8	AU	AU setting next detection timeout to 2009-05-08 06:17:09

2009-05-07	14:27:31:510	1092	8a8	AU	Setting AU scheduled install time to 2009-05-08 15:00:00

2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {ACC08546-33E5-4357-9D55-17EC05074D7B}	2009-05-07 14:27:31:478-0500	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Software Synchronization	Windows Update Client successfully detected 0 updates.

2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {1AC08CE8-6528-407D-BB6D-96DB56267D27}	2009-05-07 14:27:31:478-0500	1	156	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Pre-Deployment Check	Reporting client status.

2009-05-07	14:39:33:039	1092	190	Report	Uploading 2 events using cached cookie, reporting URL = http://ccbnet/ReportingWebService/ReportingWebService.asmx

2009-05-07	14:39:33:055	1092	190	Report	Reporter successfully uploaded 2 events.

Open in new window

0
Comment
Question by:CCBIL
  • 10
  • 6
  • 5
21 Comments
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
Run clientdiag on clients
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
gpresult(on client) will tell which gpo's are being applied to the clients
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s
 
will tell you what target group the client is getting applied to
 
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
Do you have the following configured under Options>>>Computers ?
wsusreg.bmp
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
WSUS server relies on group policy.  Most clients report to the proper group.  Group policy is applied correctly to the machines which are affected.  I have used gpresult to see if the GPO is not applied for some reason.  The registry keys point to an old target group.  I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group.  Attached is the result for clientdiag from one of the machines.  

PS.  I think the issue is related to the message "WARNING: Cached cookie has expired or new PID is available" which is found in the WindowsUpdate.log  
WSUS Client Diagnostics Tool
 

Checking Machine State

	Checking for admin rights to run tool . . . . . . . . . PASS

	Automatic Updates Service is running. . . . . . . . . . PASS

	Background Intelligent Transfer Service is running. . . PASS

	Wuaueng.dll version 7.1.6001.65 . . . . . . . . . . . . PASS

		This version is WSUS 2.0
 

Checking AU Settings

	AU Option is 4: Scheduled Install . . . . . . . . . . . PASS

		Option is from Policy settings
 

Checking Proxy Configuration

	Checking for winhttp local machine Proxy settings . . . PASS

		Winhttp local machine access type

			<Direct Connection>

		Winhttp local machine Proxy. . . . . . . . . .  PASS

		Winhttp local machine ProxyBypass. . . . . . .  PASS

	Checking User IE Proxy settings . . . . . . . . . . . . PASS

		User IE Proxy

		ccbisa1:8080

		User IE ProxyByPass

		

		User IE AutoConfig URL Proxy . . . . . . . . .  PASS

		User IE AutoDetect

		AutoDetect not in use
 

Checking Connection to WSUS/SUS Server

		WUServer = http://ccbnet

		WUStatusServer = http://ccbnet

	UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS

	Connection to server. . . . . . . . . . . . . . . . . . PASS

	SelfUpdate folder is present. . . . . . . . . . . . . . PASS

Open in new window

0
 
LVL 47

Accepted Solution

by:
dstewartjr earned 500 total points
Comment Utility
" I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group."
 
This indicates that the client is getting settings applied from a different gpo
 
"WARNING: Cached cookie has expired or new PID is available"
 http://blogs.technet.com/sus/archive/2008/10/29/wsus-clients-fail-synchronization-with-0x80244015-and-0x8024400d-errors.aspx
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
I do not think it indicates that the setting is getting applied via another GPO.  Computers within the same OU are placed within the correct WSUS target group. My gut tells me that it has something to do with the possibility that the work stations are from an image(again these were setup before I arrived)
Thank you for the link however it seems to deal with WSUS load balancing and systems not getting updates, neither of which apply to my issue.


0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
An imaged machine will only cause problems with duplicate SIDS, it will not have anything to do with target groups.
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
Are there any commands that I can use to force the client to communicate with the update server?  I want to change the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the correct target group, then force the client to talk to the WSUS server and see if the key is changed back?
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
wuauclt.exe /detectnow
wuauclt.exe /reportnow
 
Try the batch below saved as fixwsus.cmd

%Windir%\system32\net.exe stop bits 

%Windir%\system32\net.exe stop wuauserv

%Windir%\system32\net.exe stop cryptsvc
 

del C:\Windows\WindowsUpdate.log /S /Q 

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientValidation /f

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
 

proxycfg -u 
 

if exist %Windir%\system32\comcat.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\comcat.dll

if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdoc401.dll

if exist %Windir%\system32\cdm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdm.dll

if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll

if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll

if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll

if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll

if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll

if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll 

if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll 

if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll

if exist %Windir%\system32\mssip32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mssip32.dll

if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll

if exist %Windir%\system32\wucltui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll

if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /i /s  %Windir%\system32\shdoc401.dll

if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll

if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll

if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll

if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll

if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll 

if exist %Windir%\system32\asctrls.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\asctrls.ocx

if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll

if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll

if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll

if exist %Windir%\system32\oleaut32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\oleaut32.dll

if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe  /I /s %Windir%\system32\shdocvw.dll

if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdocvw.dll 

if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\browseui.dll

if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /I /s %Windir%\system32\ browseui.dll 

if exist %Windir%\system32\msrating.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msrating.dll

if exist %Windir%\system32\mlang.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mlang.dll

if exist %Windir%\system32\hlink.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\hlink.dll

if exist %Windir%\system32\mshtmled.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mshtmled.dll

if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\urlmon.dll

if exist %Windir%\system32\plugin.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\plugin.ocx

if exist %Windir%\system32\sendmail.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sendmail.dll

if exist %Windir%\system32\scrobj.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\scrobj.dll

if exist %Windir%\system32\mmefxe.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\mmefxe.ocx

if exist %Windir%\system32\corpol.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\corpol.dll

if exist %Windir%\system32\msxml.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msxml.dll 

if exist %Windir%\system32\imgutil.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\imgutil.dll

if exist %Windir%\system32\thumbvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\thumbvw.dll

if exist %Windir%\system32\cryptext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptext.dll

if exist %Windir%\system32\rsabase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsabase.dll

if exist %Windir%\system32\inseng.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inseng.dll

if exist %Windir%\system32\iesetup.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\iesetup.dll

if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll

if exist %Windir%\system32\actxprxy.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\actxprxy.dll

if exist %Windir%\system32\dispex.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dispex.dll

if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\occache.dll

if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\occache.dll

if exist %Windir%\system32\iepeers.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\iepeers.dll

if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\urlmon.dll

if exist %Windir%\system32\cdfview.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdfview.dll 

if exist %Windir%\system32\webcheck.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\webcheck.dll

if exist %Windir%\system32\mobsync.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mobsync.dll

if exist %Windir%\system32\pngfilt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\pngfilt.dll

if exist %Windir%\system32\licmgr10.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\licmgr10.dll

if exist %Windir%\system32\icmfilter.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\icmfilter.dll

if exist %Windir%\system32\hhctrl.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\hhctrl.ocx

if exist %Windir%\system32\inetcfg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcfg.dll

if exist %Windir%\system32\tdc.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\tdc.ocx

if exist %Windir%\system32\MSR2C.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\MSR2C.DLL

if exist %Windir%\system32\msident.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msident.dll

if exist %Windir%\system32\msieftp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msieftp.dll

if exist %Windir%\system32\xmsconf.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\xmsconf.ocx

if exist %Windir%\system32\ils.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\ils.dll

if exist %Windir%\system32\msoeacct.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msoeacct.dll

if exist %Windir%\system32\inetcomm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcomm.dll

if exist %Windir%\system32\msdxm.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\msdxm.ocx

if exist %Windir%\system32\dxmasf.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxmasf.dll

if exist %Windir%\system32\l3codecx.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\l3codecx.ax

if exist %Windir%\system32\acelpdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\acelpdec.ax

if exist %Windir%\system32\mpg4ds32.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\mpg4ds32.ax

if exist %Windir%\system32\voxmsdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\voxmsdec.ax

if exist %Windir%\system32\danim.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\danim.dll 

if exist %Windir%\system32\Daxctle.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\Daxctle.ocx

if exist %Windir%\system32\lmrt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\lmrt.dll

if exist %Windir%\system32\datime.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\datime.dll

if exist %Windir%\system32\dxtrans.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtrans.dll

if exist %Windir%\system32\dxtmsft.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtmsft.dll

if exist %Windir%\system32\WEBPOST.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WEBPOST.DLL

if exist %Windir%\system32\WPWIZDLL.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WPWIZDLL.DLL

if exist %Windir%\system32\POSTWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\POSTWPP.DLL

if exist %Windir%\system32\CRSWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\CRSWPP.DLL

if exist %Windir%\system32\FTPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FTPWPP.DLL

if exist %Windir%\system32\FPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FPWPP.DLL

if exist %Windir%\system32\wshom.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshom.ocx

if exist %Windir%\system32\wshext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshext.dll

if exist %Windir%\system32\vbscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\vbscript.dll

if exist %Windir%\system32\scrrun.dll mstinit.exe%Windir%\system32\regsvr32.exe /setup /s %Windir%\system32\scrrun.dll

if exist %Windir%\system32\msnsspc.dll %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msnsspc.dll

if exist %Windir%\system32\msapsspc.dll  %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msapsspc.dll

proxycfg -d

if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  

if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 

if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  

if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 

if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  

if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  

if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  

if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  

if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  

if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  

if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll

if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll

if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll

if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll

if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll

if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll

if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll

if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll

if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll

if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll

if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
 

ren %windir%\system32\catroot2 catroot2.old

rd /s /q %windir%\softwareDistribution

ping 127.0.0.1 -n 2 -w 1000 > nul

ping 127.0.0.1 -n %1% -w 1000> nul
 
 

%Windir%\system32\net.exe start cryptsvc

%Windir%\system32\net.exe start bits 

%Windir%\system32\net.exe start wuauserv 
 
 

sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 

sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 

if exist %Windir%\system32\mshtml.dll %windir%\system32\regsvr32.exe /s mshtml.dll

wuauclt.exe /resetauthorization

wuauclt.exe /detectnow 

wuauclt.exe /reportnow
 
 
 

exit /B 0 

Open in new window

0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
Something else to check is gpedit.msc and set the computer config\windows components\system\logon and enable the feature "always wait for network"

In my experience, sometime the computer policies are not being applied due to this setting.

Also take a look at rsop.msc even tho gpresult will show you what policies are being applied, rsop.msc will show you what settings are being applied via a policy.
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
nappy_d :
I will test the "Always wait for network" and report back.

dstewartjr:
I have been digging in group policy to see what is not working correctly.  Here is what I found.  A group policy with is not listed as being inherited in any way is effecting the settings for WSUS.  I have disabled the incorrect GPO and will perform a Gpupdate /force to see if they release the GP settings.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 1

Author Comment

by:CCBIL
Comment Utility
I have determined that the issue is with the machines using settings from an old GPO.  The GPO has been deleted but the clients still use the information it contained.  I have a new GPO which contains our new WSUS target settings, the clients says they are using the new GPO (gpupdate, GPMC).  Any suggestions on how to force the client to use the new settings (I have rebooted the clients several times and used gpupdate /force).
0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
have you tried gpupdate /target:computer /force /boot
0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
Is the always wait for network enabled on the local GPO?
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
If you delete the key under
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
 
and run gpudpdate /force it will reapply with your new GPO
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
Deleted the key, issued the command and the settings returned.  I ran gpresult /z and rsop, both report the old policy is used.  I have veriifed that the policy does not exist under the \\DOMAIN_NAME\SYSVOL\DOMAIN_NAME\Policies folder

Attached is a shot of RSOP which displays the SID of the policy, again I have verified that policy does not have a folder under "Policies".  The red is the SID the yellow is the incorrect WSUS Targer.

WSUS-GPO-Issue.JPG
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
Nappy:
I am using the wait for network, and the machines have been rebooted several times since the old policy was deleted.
0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
Is this client running vista?
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
All clients are running XP Pro SP 3.
0
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
Anything for WSUS in the event viewer or the WSUS logs on the workstations?
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
The original post has one of the clients WindowsUpdate.log files.
0
 
LVL 1

Author Comment

by:CCBIL
Comment Utility
I am going to re-post this issue under a Group Policy since the issue is an old GPO being applied rather than anything wrong with the WSUS server or client.  Thank you for the assistance.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now