DHCP XP Clients do not appear in the WSUS Console. Static IP Clients/Servers do
Hello
I have migrated from SMS 2003 to SCCM. All DHCP Clients do not appear in the WSUS Admin console. However Static IP Clients/Servers do appear and seem to be working correctly.
Server setup :-
SCCM SP2, Windows Server 2003 x64 (fully patched) WSUS SP2, SQL 2005 SP2
Clients DHCP :-
Windows XP SP3
Clients STATIC :-
Windows 7 Pro
Windows XP SP3
We want to control the windows updates via SCCM. SCCM client has been installed fine via the client push method and is reporting back lots of useful information so I know we have at least got some communication going on. When I run a Compliance report on the "All Systems collection" all DHCP Clients report back as "Compliance state unknown" . The Static IP Clients report correctly.
We do have two ISA Servers running in an array. Could this in some way block communication for the clients to WSUS.
For info I have not created a GPO for Windows Updates as you would if only using WSUS as I understand its not required when SCCM controls the updates. We currently do have a User GPO "Remove access to use all Windows Update features" enabled, i think this must be causing the error I receive in the windowsupdate log when running wuauclt /detectnow on a DHCP client . "Can not perform non-interactive scan if AU is interactive-only"
I also have to enter in a command window "proxycfg -d" to cure the error "WARNING: GetConfig failure, error = 0x8024401B, soap client error = 10, soap error code = 0, HTTP status code = 407" which I beleive is caused by our ISA Server being our proxy server and requiring authentication.
Has anyone been in this situation before. Is ISA the problem or am I missing some fundamental configurations here ?
Thank you.
I have migrated from SMS 2003 to SCCM. All DHCP Clients do not appear in the WSUS Admin console. However Static IP Clients/Servers do appear and seem to be working correctly.
Server setup :-
SCCM SP2, Windows Server 2003 x64 (fully patched) WSUS SP2, SQL 2005 SP2
Clients DHCP :-
Windows XP SP3
Clients STATIC :-
Windows 7 Pro
Windows XP SP3
We want to control the windows updates via SCCM. SCCM client has been installed fine via the client push method and is reporting back lots of useful information so I know we have at least got some communication going on. When I run a Compliance report on the "All Systems collection" all DHCP Clients report back as "Compliance state unknown" . The Static IP Clients report correctly.
We do have two ISA Servers running in an array. Could this in some way block communication for the clients to WSUS.
For info I have not created a GPO for Windows Updates as you would if only using WSUS as I understand its not required when SCCM controls the updates. We currently do have a User GPO "Remove access to use all Windows Update features" enabled, i think this must be causing the error I receive in the windowsupdate log when running wuauclt /detectnow on a DHCP client . "Can not perform non-interactive scan if AU is interactive-only"
I also have to enter in a command window "proxycfg -d" to cure the error "WARNING: GetConfig failure, error = 0x8024401B, soap client error = 10, soap error code = 0, HTTP status code = 407" which I beleive is caused by our ISA Server being our proxy server and requiring authentication.
Has anyone been in this situation before. Is ISA the problem or am I missing some fundamental configurations here ?
Thank you.
merowinger
Have you configured the site boundaries for the dhcp client subnet?
ASKER
Hello Merowinger
I have setup an Active Directory boundary only
No other boundaries exist at the moment.
Thanks
I have setup an Active Directory boundary only
No other boundaries exist at the moment.
Thanks
Are the clients shown as approved, installed and assigned in sccm console?
ASKER
Hi
All clients are installed, approved etc . I have created collections based on custom queries i.e PC Model type or operating system. So it seems most if not all functions except windows updates are working ok.
Thanks
All clients are installed, approved etc . I have created collections based on custom queries i.e PC Model type or operating system. So it seems most if not all functions except windows updates are working ok.
Thanks
If you do not have changed the sccm client port make sure that port 80 is not blocked between the client and the software update point and management point.
have you enabled the Software update feature on the sccm server?
have you enabled the Software update feature on the sccm server?
ASKER
Hi
Our Wsus is setup on 8530 and sccm on 80. We are not blocking these ports and oddly enough I now have two DHCP Clients which have reported back to the Server for compliance. Could this just be awaiting game ? If so it seems quite some time to wait before i get any info back so could I have miss configured something within software updates etc.
Our Wsus is setup on 8530 and sccm on 80. We are not blocking these ports and oddly enough I now have two DHCP Clients which have reported back to the Server for compliance. Could this just be awaiting game ? If so it seems quite some time to wait before i get any info back so could I have miss configured something within software updates etc.
It takes some time yes
ASKER
I have now set the Software update client to scan for updates at 1.00pm each day, a bit extreme i know but at least by tomorrow I will have a better idea if this is working and just taking a very long time to complete.
FYI Another client has just appeared in my complicance report. 3 down 408 to go.
Thanks for your help so far. I will let you know what I see in my reports tomorrow.
FYI Another client has just appeared in my complicance report. 3 down 408 to go.
Thanks for your help so far. I will let you know what I see in my reports tomorrow.
Go over the "Publish WSUS policy in ISA Server" section here
http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/
http://araihan.wordpress.com/2009/08/13/install-and-configure-wsus-3-0-sp2-step-by-step/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the infomation.
I am reading through the ISA WSUS rule which I hope to implement later this week.
Once this has been completed and hopefully cures my problem I can start to give points.
Thank you
I am reading through the ISA WSUS rule which I hope to implement later this week.
Once this has been completed and hopefully cures my problem I can start to give points.
Thank you
ASKER
We are about to remove our ISA Servers as we have a new solution in hand. I suspect this will cure my problems with Client to Server communication. Once the new soultion is I will update here and award points etc.
Thank you
Thank you
ASKER
Thank you for the information regarding the rules in ISA.
A new rule was implemented which allowed all clients to bypass the proxy servers and communicate with the server WSUS directly. All clients are not reporting compliance in SCCM
A new rule was implemented which allowed all clients to bypass the proxy servers and communicate with the server WSUS directly. All clients are not reporting compliance in SCCM