DHCP XP Clients do not appear in the WSUS Console. Static IP Clients/Servers do


I have migrated from SMS 2003 to SCCM. All DHCP Clients do not appear in the WSUS Admin console. However Static IP Clients/Servers do appear and seem to be working correctly.

Server setup :-
SCCM SP2, Windows Server 2003 x64 (fully patched) WSUS SP2, SQL 2005 SP2
Clients DHCP :-
Windows XP SP3
Clients STATIC :-
Windows 7 Pro
Windows XP SP3

We want to control the windows updates via SCCM. SCCM client has been installed fine via the client push method and is reporting back lots of useful information so I know we have at least got some communication going on. When I run a Compliance report on the "All Systems collection" all DHCP Clients report back as "Compliance state unknown" . The Static IP Clients report correctly.

We do have two ISA Servers running in an array. Could this in some way block communication for the clients to WSUS.

For info I have not created a GPO for Windows Updates as you would if only using WSUS as I understand its not required when SCCM controls the updates. We currently do have a User GPO "Remove access to use all Windows Update features" enabled, i think this must be causing the error I receive in the windowsupdate log when running wuauclt /detectnow on a DHCP client . "Can not perform non-interactive scan if AU is interactive-only"

I also have to enter in a command window "proxycfg -d" to cure the error "WARNING: GetConfig failure, error = 0x8024401B, soap client error = 10, soap error code = 0, HTTP status code = 407" which I beleive is caused by our ISA Server being our proxy server and requiring authentication.

Has anyone been in this situation before. Is ISA the problem or am I missing some fundamental configurations here ?

Thank you.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you configured the site boundaries for the dhcp client subnet?
WycombeAbbeyAuthor Commented:
Hello Merowinger

I have setup an Active Directory boundary only

No other boundaries exist at the moment.

Are the clients shown as approved, installed and assigned in sccm console?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

WycombeAbbeyAuthor Commented:

All clients are installed, approved etc . I have created collections based on custom queries i.e PC Model type or operating system.  So it seems most if not all functions except windows updates are working ok.

If you do not have changed the sccm client port make sure that port 80 is not blocked between the client and the software update point and management point.
have you enabled the Software update feature on the sccm server?
WycombeAbbeyAuthor Commented:

Our Wsus is setup on 8530 and sccm on 80. We are not blocking these ports and oddly enough I now have two DHCP Clients which have reported back to the Server for compliance. Could this just be awaiting game ?  If so it seems quite some time to wait before i get any info back so could I have miss configured something within software updates etc.
It takes some time yes
WycombeAbbeyAuthor Commented:
I have now set the Software update client to scan for updates at 1.00pm each day, a bit extreme i know but at least by tomorrow I will have a better idea if this is working and just taking a very long time to complete.

FYI Another client has just appeared in my complicance report. 3 down 408 to go.

Thanks for your help so far. I will let you know what I see in my reports tomorrow.

DonNetwork AdministratorCommented:
Go over the "Publish WSUS policy in ISA Server" section here

Visit my site http://araihan.wordpress.com for complete WSUS deployment. In SCCM do the following for integrating WSUS with SCCM.

Right-click Site Systems> click New>choose Server
Right-click the site system you want to use, and then click New Roles.

Site Management>Site Settings>Component Configuration>Software update Point Component>Right Click>Property

Site Management>Site Settings>Component Configuration>Software distribution>Right Click>Property

This part is basically integrating WSUS with SCCM. WSUS and SCCM can be single server or separate server. You have to make secure of http port because SCCM’s default http port config is port 80 and WSUS can be deployed using port 8530.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WycombeAbbeyAuthor Commented:
Thank you for the infomation.

I am reading through the ISA WSUS rule which I hope to implement later this week.

Once this has been completed and hopefully cures my problem I can start to give points.

Thank you

WycombeAbbeyAuthor Commented:
We are about to remove our ISA Servers as we have a new solution in hand.  I suspect this will cure my problems with Client to Server communication. Once the new soultion is I will update here and award points etc.

Thank you
WycombeAbbeyAuthor Commented:
Thank you for the information regarding the rules in ISA.

A new rule was implemented which allowed all clients to bypass the proxy servers and communicate with the server WSUS directly. All clients are not reporting compliance in SCCM
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.