Solved

WSUS 3.0 Clients do not display in correct WSUS target group

Posted on 2009-05-07
21
2,617 Views
Last Modified: 2012-05-06
Multiple clients are not sorted into proper WSUS target groups.  Group targeting is enabled via Group Policy.  I have verified that GP is applying correctly to the machines in question.  Some of the machines MAY be based on an image (they were in place before I came on board).  The clients DO communicate with the WSUS server and pull updates.  I have modified the registry on the machines but the changes are reset after reboot OR update session. Attached is a sample from the %windir%\WindowsUpdate.log of one of the machines.
2009-05-07	14:23:28:192	1092	190	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++
2009-05-07	14:23:28:192	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx
2009-05-07	14:23:30:146	1092	190	PT	WARNING: Cached cookie has expired or new PID is available
2009-05-07	14:23:30:146	1092	190	PT	Initializing simple targeting cookie, clientId = b4573d38-847a-42b1-a7b6-3d73f9fd51dc, target group = ccbnet, DNS name = ccb2052.ccbcreditservices.net
2009-05-07	14:23:30:161	1092	190	PT	  Server URL = http://ccbnet/SimpleAuthWebService/SimpleAuth.asmx
2009-05-07	14:27:18:337	1092	190	PT	+++++++++++  PT: Synchronizing extended update info  +++++++++++
2009-05-07	14:27:18:337	1092	190	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://ccbnet/ClientWebService/client.asmx
2009-05-07	14:27:30:978	1092	190	Agent	  * Found 0 updates and 42 categories in search; evaluated appl. rules of 620 out of 950 deployed entities
2009-05-07	14:27:31:478	1092	190	Agent	*********
2009-05-07	14:27:31:478	1092	190	Agent	**  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2009-05-07	14:27:31:478	1092	190	Agent	*************
2009-05-07	14:27:31:494	1092	8a8	AU	>>##  RESUMED  ## AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]
2009-05-07	14:27:31:494	1092	8a8	AU	  # 0 updates detected
2009-05-07	14:27:31:510	1092	8a8	AU	#########
2009-05-07	14:27:31:510	1092	8a8	AU	##  END  ##  AU: Search for updates [CallId = {ED592B73-8AA8-486F-B3C4-706FB27228C1}]
2009-05-07	14:27:31:510	1092	8a8	AU	#############
2009-05-07	14:27:31:510	1092	8a8	AU	AU setting next detection timeout to 2009-05-08 06:17:09
2009-05-07	14:27:31:510	1092	8a8	AU	Setting AU scheduled install time to 2009-05-08 15:00:00
2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {ACC08546-33E5-4357-9D55-17EC05074D7B}	2009-05-07 14:27:31:478-0500	1	147	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Software Synchronization	Windows Update Client successfully detected 0 updates.
2009-05-07	14:27:36:525	1092	190	Report	REPORT EVENT: {1AC08CE8-6528-407D-BB6D-96DB56267D27}	2009-05-07 14:27:31:478-0500	1	156	101	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Pre-Deployment Check	Reporting client status.
2009-05-07	14:39:33:039	1092	190	Report	Uploading 2 events using cached cookie, reporting URL = http://ccbnet/ReportingWebService/ReportingWebService.asmx
2009-05-07	14:39:33:055	1092	190	Report	Reporter successfully uploaded 2 events.

Open in new window

0
Comment
Question by:CCBIL
  • 10
  • 6
  • 5
21 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24330498
Run clientdiag on clients
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
gpresult(on client) will tell which gpo's are being applied to the clients
 
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s
 
will tell you what target group the client is getting applied to
 
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24330537
Do you have the following configured under Options>>>Computers ?
wsusreg.bmp
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24330661
WSUS server relies on group policy.  Most clients report to the proper group.  Group policy is applied correctly to the machines which are affected.  I have used gpresult to see if the GPO is not applied for some reason.  The registry keys point to an old target group.  I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group.  Attached is the result for clientdiag from one of the machines.  

PS.  I think the issue is related to the message "WARNING: Cached cookie has expired or new PID is available" which is found in the WindowsUpdate.log  
WSUS Client Diagnostics Tool
 
Checking Machine State
	Checking for admin rights to run tool . . . . . . . . . PASS
	Automatic Updates Service is running. . . . . . . . . . PASS
	Background Intelligent Transfer Service is running. . . PASS
	Wuaueng.dll version 7.1.6001.65 . . . . . . . . . . . . PASS
		This version is WSUS 2.0
 
Checking AU Settings
	AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
		Option is from Policy settings
 
Checking Proxy Configuration
	Checking for winhttp local machine Proxy settings . . . PASS
		Winhttp local machine access type
			<Direct Connection>
		Winhttp local machine Proxy. . . . . . . . . .  PASS
		Winhttp local machine ProxyBypass. . . . . . .  PASS
	Checking User IE Proxy settings . . . . . . . . . . . . PASS
		User IE Proxy
		ccbisa1:8080
		User IE ProxyByPass
		
		User IE AutoConfig URL Proxy . . . . . . . . .  PASS
		User IE AutoDetect
		AutoDetect not in use
 
Checking Connection to WSUS/SUS Server
		WUServer = http://ccbnet
		WUStatusServer = http://ccbnet
	UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
	Connection to server. . . . . . . . . . . . . . . . . . PASS
	SelfUpdate folder is present. . . . . . . . . . . . . . PASS

Open in new window

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24330731
" I have checked the GPO settings and changed the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the proper setting.  However upon reboot OR an update session the key is changed back to the original (incorrect) target group."
 
This indicates that the client is getting settings applied from a different gpo
 
"WARNING: Cached cookie has expired or new PID is available"
 http://blogs.technet.com/sus/archive/2008/10/29/wsus-clients-fail-synchronization-with-0x80244015-and-0x8024400d-errors.aspx
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24330981
I do not think it indicates that the setting is getting applied via another GPO.  Computers within the same OU are placed within the correct WSUS target group. My gut tells me that it has something to do with the possibility that the work stations are from an image(again these were setup before I arrived)
Thank you for the link however it seems to deal with WSUS load balancing and systems not getting updates, neither of which apply to my issue.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24331006
An imaged machine will only cause problems with duplicate SIDS, it will not have anything to do with target groups.
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24331075
Are there any commands that I can use to force the client to communicate with the update server?  I want to change the HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup key to the correct target group, then force the client to talk to the WSUS server and see if the key is changed back?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24331108
wuauclt.exe /detectnow
wuauclt.exe /reportnow
 
Try the batch below saved as fixwsus.cmd

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
 
del C:\Windows\WindowsUpdate.log /S /Q 
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientValidation /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
 
proxycfg -u 
 
if exist %Windir%\system32\comcat.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\comcat.dll
if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdoc401.dll
if exist %Windir%\system32\cdm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdm.dll
if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll
if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll
if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll
if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll
if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll
if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll 
if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll 
if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll
if exist %Windir%\system32\mssip32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mssip32.dll
if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll
if exist %Windir%\system32\wucltui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll
if exist %Windir%\system32\shdoc401.dll %Windir%\system32\regsvr32.exe /i /s  %Windir%\system32\shdoc401.dll
if exist %Windir%\system32\dssenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dssenh.dll
if exist %Windir%\system32\rsaenh.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsaenh.dll
if exist %Windir%\system32\gpkcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\gpkcsp.dll
if exist %Windir%\system32\sccbase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sccbase.dll
if exist %Windir%\system32\slbcsp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\slbcsp.dll 
if exist %Windir%\system32\asctrls.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\asctrls.ocx
if exist %Windir%\system32\wintrust.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wintrust.dll
if exist %Windir%\system32\initpki.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\initpki.dll
if exist %Windir%\system32\softpub.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll
if exist %Windir%\system32\oleaut32.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\oleaut32.dll
if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe  /I /s %Windir%\system32\shdocvw.dll
if exist %Windir%\system32\shdocvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\shdocvw.dll 
if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\browseui.dll
if exist %Windir%\system32\browseui.dll %Windir%\system32\regsvr32.exe /I /s %Windir%\system32\ browseui.dll 
if exist %Windir%\system32\msrating.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msrating.dll
if exist %Windir%\system32\mlang.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mlang.dll
if exist %Windir%\system32\hlink.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\hlink.dll
if exist %Windir%\system32\mshtmled.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mshtmled.dll
if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\urlmon.dll
if exist %Windir%\system32\plugin.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\plugin.ocx
if exist %Windir%\system32\sendmail.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\sendmail.dll
if exist %Windir%\system32\scrobj.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\scrobj.dll
if exist %Windir%\system32\mmefxe.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\mmefxe.ocx
if exist %Windir%\system32\corpol.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\corpol.dll
if exist %Windir%\system32\msxml.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msxml.dll 
if exist %Windir%\system32\imgutil.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\imgutil.dll
if exist %Windir%\system32\thumbvw.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\thumbvw.dll
if exist %Windir%\system32\cryptext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptext.dll
if exist %Windir%\system32\rsabase.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\rsabase.dll
if exist %Windir%\system32\inseng.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inseng.dll
if exist %Windir%\system32\iesetup.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\iesetup.dll
if exist %Windir%\system32\cryptdlg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cryptdlg.dll
if exist %Windir%\system32\actxprxy.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\actxprxy.dll
if exist %Windir%\system32\dispex.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dispex.dll
if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\occache.dll
if exist %Windir%\system32\occache.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\occache.dll
if exist %Windir%\system32\iepeers.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\iepeers.dll
if exist %Windir%\system32\urlmon.dll %Windir%\system32\regsvr32.exe /i /s %Windir%\system32\urlmon.dll
if exist %Windir%\system32\cdfview.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\cdfview.dll 
if exist %Windir%\system32\webcheck.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\webcheck.dll
if exist %Windir%\system32\mobsync.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\mobsync.dll
if exist %Windir%\system32\pngfilt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\pngfilt.dll
if exist %Windir%\system32\licmgr10.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\licmgr10.dll
if exist %Windir%\system32\icmfilter.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\icmfilter.dll
if exist %Windir%\system32\hhctrl.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\hhctrl.ocx
if exist %Windir%\system32\inetcfg.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcfg.dll
if exist %Windir%\system32\tdc.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\tdc.ocx
if exist %Windir%\system32\MSR2C.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\MSR2C.DLL
if exist %Windir%\system32\msident.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msident.dll
if exist %Windir%\system32\msieftp.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msieftp.dll
if exist %Windir%\system32\xmsconf.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\xmsconf.ocx
if exist %Windir%\system32\ils.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\ils.dll
if exist %Windir%\system32\msoeacct.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\msoeacct.dll
if exist %Windir%\system32\inetcomm.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\inetcomm.dll
if exist %Windir%\system32\msdxm.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\msdxm.ocx
if exist %Windir%\system32\dxmasf.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxmasf.dll
if exist %Windir%\system32\l3codecx.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\l3codecx.ax
if exist %Windir%\system32\acelpdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\acelpdec.ax
if exist %Windir%\system32\mpg4ds32.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\mpg4ds32.ax
if exist %Windir%\system32\voxmsdec.ax %Windir%\system32\regsvr32.exe /s %Windir%\system32\voxmsdec.ax
if exist %Windir%\system32\danim.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\danim.dll 
if exist %Windir%\system32\Daxctle.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\Daxctle.ocx
if exist %Windir%\system32\lmrt.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\lmrt.dll
if exist %Windir%\system32\datime.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\datime.dll
if exist %Windir%\system32\dxtrans.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtrans.dll
if exist %Windir%\system32\dxtmsft.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\dxtmsft.dll
if exist %Windir%\system32\WEBPOST.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WEBPOST.DLL
if exist %Windir%\system32\WPWIZDLL.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\WPWIZDLL.DLL
if exist %Windir%\system32\POSTWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\POSTWPP.DLL
if exist %Windir%\system32\CRSWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\CRSWPP.DLL
if exist %Windir%\system32\FTPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FTPWPP.DLL
if exist %Windir%\system32\FPWPP.DLL %Windir%\system32\regsvr32.exe /s %Windir%\system32\FPWPP.DLL
if exist %Windir%\system32\wshom.ocx %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshom.ocx
if exist %Windir%\system32\wshext.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wshext.dll
if exist %Windir%\system32\vbscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\vbscript.dll
if exist %Windir%\system32\scrrun.dll mstinit.exe%Windir%\system32\regsvr32.exe /setup /s %Windir%\system32\scrrun.dll
if exist %Windir%\system32\msnsspc.dll %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msnsspc.dll
if exist %Windir%\system32\msapsspc.dll  %Windir%\system32\regsvr32.exe /SspcCreateSspiReg /s %Windir%\system32\msapsspc.dll
proxycfg -d
if exist %Windir%\system32\atl.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\atl.dll  
if exist %Windir%\system32\jscript.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\jscript.dll 
if exist %Windir%\system32\softpub.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\softpub.dll  
if exist %Windir%\system32\wuapi.dll %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuapi.dll 
if exist %Windir%\system32\wuaueng.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng.dll  
if exist %Windir%\system32\wuaueng1.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuaueng1.dll  
if exist %Windir%\system32\wucltui.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wucltui.dll  
if exist %Windir%\system32\wups.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups.dll  
if exist %Windir%\system32\wups2.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wups2.dll  
if exist %Windir%\system32\wuweb.dll  %Windir%\system32\regsvr32.exe /s %Windir%\system32\wuweb.dll  
if exist %windir%\system32\iuengine.dll %windir%\system32\regsvr32.exe /s iuengine.dll
if exist %windir%\system32\wuauserv.dll %windir%\system32\regsvr32.exe /s wuauserv.dll
if exist %windir%\system32\cdm.dll %windir%\system32\regsvr32.exe /s cdm.dll
if exist %windir%\system32\msxml2r.dll %windir%\system32\regsvr32.exe /s msxml2r.dll
if exist %windir%\system32\msxml3r.dll %windir%\system32\regsvr32.exe /s msxml3r.dll
if exist %windir%\system32\msxml3.dll %windir%\system32\regsvr32.exe /s msxml3.dll
if exist %windir%\system32\msxmlr.dll %windir%\system32\regsvr32.exe /s msxmlr.dll
if exist %windir%\system32\msxml2.dll %windir%\system32\regsvr32.exe /s msxml2.dll
if exist %windir%\system32\qmgr.dll %windir%\system32\regsvr32.exe /s qmgr.dll
if exist %windir%\system32\qmgrprxy.dll %windir%\system32\regsvr32.exe /s qmgrprxy.dll
if exist %windir%\system32\iuctl.dll %windir%\system32\regsvr32.exe /s iuctl.dll
 
ren %windir%\system32\catroot2 catroot2.old
rd /s /q %windir%\softwareDistribution
ping 127.0.0.1 -n 2 -w 1000 > nul
ping 127.0.0.1 -n %1% -w 1000> nul
 
 
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 
 
 
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
 
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
 
if exist %Windir%\system32\mshtml.dll %windir%\system32\regsvr32.exe /s mshtml.dll
wuauclt.exe /resetauthorization
wuauclt.exe /detectnow 
wuauclt.exe /reportnow
 
 
 
exit /B 0 

Open in new window

0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24331288
Something else to check is gpedit.msc and set the computer config\windows components\system\logon and enable the feature "always wait for network"

In my experience, sometime the computer policies are not being applied due to this setting.

Also take a look at rsop.msc even tho gpresult will show you what policies are being applied, rsop.msc will show you what settings are being applied via a policy.
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24337742
nappy_d :
I will test the "Always wait for network" and report back.

dstewartjr:
I have been digging in group policy to see what is not working correctly.  Here is what I found.  A group policy with is not listed as being inherited in any way is effecting the settings for WSUS.  I have disabled the incorrect GPO and will perform a Gpupdate /force to see if they release the GP settings.
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339374
I have determined that the issue is with the machines using settings from an old GPO.  The GPO has been deleted but the clients still use the information it contained.  I have a new GPO which contains our new WSUS target settings, the clients says they are using the new GPO (gpupdate, GPMC).  Any suggestions on how to force the client to use the new settings (I have rebooted the clients several times and used gpupdate /force).
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339416
have you tried gpupdate /target:computer /force /boot
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339422
Is the always wait for network enabled on the local GPO?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24339436
If you delete the key under
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
 
and run gpudpdate /force it will reapply with your new GPO
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339627
Deleted the key, issued the command and the settings returned.  I ran gpresult /z and rsop, both report the old policy is used.  I have veriifed that the policy does not exist under the \\DOMAIN_NAME\SYSVOL\DOMAIN_NAME\Policies folder

Attached is a shot of RSOP which displays the SID of the policy, again I have verified that policy does not have a folder under "Policies".  The red is the SID the yellow is the incorrect WSUS Targer.

WSUS-GPO-Issue.JPG
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339659
Nappy:
I am using the wait for network, and the machines have been rebooted several times since the old policy was deleted.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339665
Is this client running vista?
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339673
All clients are running XP Pro SP 3.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24339704
Anything for WSUS in the event viewer or the WSUS logs on the workstations?
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24339736
The original post has one of the clients WindowsUpdate.log files.
0
 
LVL 1

Author Comment

by:CCBIL
ID: 24354345
I am going to re-post this issue under a Group Policy since the issue is an old GPO being applied rather than anything wrong with the WSUS server or client.  Thank you for the assistance.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question