Tymetwister
asked on
WSUS clients not connecting
The computers show up in the WSUS Update Services, but it says none of them can be contacted and they dont show an IP address, windows version, etc. No updates are being pushed to them. The server is running Server 2003. They are XP machines. help?
ASKER
Everything passed except for the IE Proxy settings because there was None.
I tried running gpupdate /force from the command prompt, and also the script below, but to no avail:
@echo off
Echo This batch file will Force the Update Detection from the AU client:
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists)
Echo 3. Deletes the DetectionStartTime registry key (if it exists)
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv)
Echo 6. Force the detection
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\W indows\Cur rentVersio n\WindowsU pdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\W indows\Cur rentVersio n\WindowsU pdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\W indows\Cur rentVersio n\WindowsU pdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.
Pause
I tried running gpupdate /force from the command prompt, and also the script below, but to no avail:
@echo off
Echo This batch file will Force the Update Detection from the AU client:
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists)
Echo 3. Deletes the DetectionStartTime registry key (if it exists)
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv)
Echo 6. Force the detection
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\W
REG DELETE "HKLM\Software\Microsoft\W
Reg Delete "HKLM\Software\Microsoft\W
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.
Pause
Post a windowsupdate.log from a client using the "Code" or "File" button below.
Maybe a basic question, but have you check Internet connectivity (and LAN connectivity) on your WSUS server? Is it on the same subnet as the clients? If not, are exceptions made in a router or firewall to let either port 80 or 8080 through to the clients?
If this is happening to all clients (and if all of them were working previously), first place that I would check is server side...
Also, how about something simple like whether the "Update Services" service is still running and stable on the WSUS server?
Hope this helps some.
If this is happening to all clients (and if all of them were working previously), first place that I would check is server side...
Also, how about something simple like whether the "Update Services" service is still running and stable on the WSUS server?
Hope this helps some.
ASKER
Here is a windows update log from a client machine.
I've checked the router and the firewall is off. The WSUS server has connectivity. Update Services is still running... it can see the machines, it just isn't sending updates to them.
WindowsUpdate.log
I've checked the router and the firewall is off. The WSUS server has connectivity. Update Services is still running... it can see the machines, it just isn't sending updates to them.
WindowsUpdate.log
Did you approve the updates?
ASKER
I approved a small # of the critical updates, but I still didn't see any of the client machines connect. They all had a yellow exclamation to the left of them in Update Services which said Update Services couldn't contact the machine. Do I need to approve all of the updates for them to go through?
From the log you provided, the computer is awaiting a pending reboot. Additional updates will not install until a pending reboot is taken care of. No you dont need approve all of them to start. You do need to approve updates before they are downloaded to the WSUS server so that clients can pull their updates. Wsus does no pushing of any sort. Clients report their status.
ASKER
So you think all I should have to do is reboot the client machines after approving the updates? Would that cause Update Services not to be able to 'contact' them?
I am going to try it tomorrow morning but I wanted to be sure and I will let you know, it could mean my job so that's why. lol. Thanks for your continued help.
I am going to try it tomorrow morning but I wanted to be sure and I will let you know, it could mean my job so that's why. lol. Thanks for your continued help.
ASKER
Rebooted a clients machine after approving some critical updates, but all client machines in Update Services all say "Not Yet Reported" for status and "This computer has not yet contacted" over to the left.
Run this .bat on them
%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
del %WINDIR%\WindowsUpdate.log /S /Q
reg delete HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\WindowsU pdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\WindowsU pdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\W indows\Cur rentVersio n\WindowsU pdate\Auto Update" /v NextDetectionTime /f
rd /s /q %windir%\softwareDistribut ion
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;; ;SY)(A;;CC DCLCSWRPWP DTLOCRSDRC WDWO;;;BA) (A;;CCLCSW LOCRRC;;;A U)(A;;CCLC SWRPWPDTLO CRRC;;;PU)
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;; ;SY)(A;;CC DCLCSWRPWP DTLOCRSDRC WDWO;;;BA) (A;;CCLCSW LOCRRC;;;A U)(A;;CCLC SWRPWPDTLO CRRC;;;PU)
wuauclt /resetauthorization /detectnow
wuauclt /reportnow
exit /B 0
%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
del %WINDIR%\WindowsUpdate.log
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete "HKLM\SOFTWARE\Microsoft\W
reg delete "HKLM\SOFTWARE\Microsoft\W
reg delete "HKLM\SOFTWARE\Microsoft\W
rd /s /q %windir%\softwareDistribut
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv
sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;
sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;
wuauclt /resetauthorization /detectnow
wuauclt /reportnow
exit /B 0
ASKER
Ran the script on a client machine, but I didn't see it connect on Update Services. Rebooted and still not yet reported.
lets see the windowsupdate.log from same machine
ASKER
Here it is...
WindowsUpdate.log
WindowsUpdate.log
On your WSUS server, what port does it say its using? You can find this in the WSUS console.
ASKER
Port 80.
On your WSUS server run from the command line
wsusutil checkhealth
http://technet.microsoft.com/en-us/library/cc708604(WS.10).aspx
Then look in eventvwr>>>application log for errors related to WSUS
wsusutil checkhealth
http://technet.microsoft.com/en-us/library/cc708604(WS.10).aspx
Then look in eventvwr>>>application log for errors related to WSUS
You may have to repair the the Selfupdate virtual directory by running
cscript C:\Program Files\Update Services\setup\InstallSelf updateOnPo rt80.vbs
more on that here
http://technet.microsoft.com/en-us/library/cc708554(WS.10).aspx
cscript C:\Program Files\Update Services\setup\InstallSelf
more on that here
http://technet.microsoft.com/en-us/library/cc708554(WS.10).aspx
ASKER
Ran the checkhealth util and then the event viewer, the only error that keeps generating is that all of the client computers have not reported back to the server in more than 30 days.
I ran that cscript line as a batch command but I didn't see it change anything. The file is in the directory specified though.
I ran that cscript line as a batch command but I didn't see it change anything. The file is in the directory specified though.
Some other troubleshooting here as well.
http://technet.microsoft.com/en-us/library/cc708627(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc708627(WS.10).aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did check this and yes they were all on the same subnet. I haven't tried contacting by IP... I will have to try this step when I return to the customer's site tomorrow.
From a client machine, you can also try opening up a web browser and putting in:
http://wsus_server_IP/selfupdate
where "wsus_server_IP" is simply the IP address of your WSUS server.
When you attempt to reach this site, you *should* receive a HTTP 403 Forbidden error. If you receive a HTTP 404 error, that is completely different b/c that's a "Page Not Found" error and you need to take a detailed look at all of the configs on your IIS server.
The WSUS 3.0 Operations Guide is actually very well written and easy to follow. It contains all of the default IIS settings and you can compare against them. It is available here:
http://technet.microsoft.com/en-us/library/cc708504(WS.10).aspx
http://wsus_server_IP/selfupdate
where "wsus_server_IP" is simply the IP address of your WSUS server.
When you attempt to reach this site, you *should* receive a HTTP 403 Forbidden error. If you receive a HTTP 404 error, that is completely different b/c that's a "Page Not Found" error and you need to take a detailed look at all of the configs on your IIS server.
The WSUS 3.0 Operations Guide is actually very well written and easy to follow. It contains all of the default IIS settings and you can compare against them. It is available here:
http://technet.microsoft.com/en-us/library/cc708504(WS.10).aspx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is also another good guide to go over
http://blogs.technet.com/sus/archive/2009/02/19/troubleshooting-guide-for-issues-where-wsus-clients-are-not-reporting-in.aspx
http://blogs.technet.com/sus/archive/2009/02/19/troubleshooting-guide-for-issues-where-wsus-clients-are-not-reporting-in.aspx
ASKER
Thanks guys. The issue was that even though it was set to port 80 in the Update Services app... it was set to a different port in the IIS settings. Once I changed it there the PC's started updating. Thanks for all the time and patience!
http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE