All computers not reporting in to WSUS

All computers have stopped reporting in to WSUS.  How do I trouble shoot this?  I used to have WSUS on a 2003 server but now it's on a 2008.
J.R. SitmanIT DirectorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mstrasserCommented:
check if they are updating via the the Windows site first , could be that your Group Policy is not holding right. Also check you WSUS server to see if you have any issues on him , you servers might failover since your WSUS server is out.

Carpe Diem
0
mstrasserCommented:
WSUS Reporting Rollup Sample Tool

http://download.microsoft.com/download/3/3/9/339ac5ee-ae9a-44a4-b09c-483736294433/WSUSRollupSample.EXE

This tool uses the WSUS application programming interface (API) to demonstrate centralized monitoring and reporting for WSUS. It creates a single report of update and computer status from the WSUS servers into your WSUS environment. The sample package also contains sample source files to customize or extend the tool functionality of the tool to meet specific needs. The WSUS Reporting Rollup Sample Tool and files are provided AS IS. No product support is available for this tool or sample files.

http://technet.microsoft.com/en-us/wsus/bb466192.aspx


Carpe Diem
0
mstrasserCommented:
Client Diagnostics Tool

Download this tool, which has been designed to aid the WSUS administrator in troubleshooting client machines that are failing to report back to the WSUS Server. The tool will conduct preliminary checks and test the communication between the WSUS Server and the client machine. Once the tool has completed the tests it will display the results in the console window. The Windows Server Update Services Client Diagnostic tool is provided AS IS. No product support is available for this tool. For more information, read the readme file.

http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE

Carpe Diem
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

mstrasserCommented:
also see where your workstations are pointing to under the following reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

your WSUS server should be mentioned in there

Carpe Diem
0
J.R. SitmanIT DirectorAuthor Commented:
I'm testing the  Windows update from two computers.  They both required that I allow the install of an ActiveX add on.  However, I don't think that would affect it?
0
mstrasserCommented:
did you check the registry Key ?

carpe Diem
0
mstrasserCommented:
also run a gpresults on those PC's to see if your Group Policy takes
0
J.R. SitmanIT DirectorAuthor Commented:
The registry states UseWUServer
0
J.R. SitmanIT DirectorAuthor Commented:
gpresult shows WSUS is being applied.  Both computers I'm testing have 25 security updates needed.  I'll run the Client diagnostic tool now
0
J.R. SitmanIT DirectorAuthor Commented:
attached are the results.  How do I fix this.
wsustest.png
0
mstrasserCommented:
are you applying the GPO to users or Computers?
Carpe Diem
0
J.R. SitmanIT DirectorAuthor Commented:
computers
0
mstrasserCommented:
thats the right way
maby you have a defect GPO
try creating anew one with only thet policy  and disabeling the other (just to see)

Carpe Diem
0
J.R. SitmanIT DirectorAuthor Commented:
I'm reading the article and was checking permissions on the folders.  I'm new to Server 2008 and I don't see how to add an account to the security.  i.e. NT Authority is not listed as having permissions to the Microsoft.net folder.  How do I add it?
0
DonNetwork AdministratorCommented:
What is the results from command prompt


reg query  "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"


Post your windowsupdate.log
0
DonNetwork AdministratorCommented:
0
J.R. SitmanIT DirectorAuthor Commented:
log attached
WindowsUpdate.log
0
DonNetwork AdministratorCommented:
"I used to have WSUS on a 2003 server but now it's on  a 2008."

did you change the "Specify intranet Microsoft update  service location" ?


Computer Configuration -> Administrative Templates   ->  Windows Update->"Specify intranet Microsoft update  service location"



wsus-specify-intranet-microsoft-.gif
0
J.R. SitmanIT DirectorAuthor Commented:
yes it was changed to the new server
0
DonNetwork AdministratorCommented:
Run the following . bat on the client

net stop bits
net stop wuauserv
Ipconfig  /flushdns
cd "Documents and Settings\All Users\Application  Data\Microsoft\Network\Downloader"
del qmgr0.dat
del qmgr1.dat
net  start bits
net start wuauserv
wuauclt.exe /resetauthorization  /detectnow
0
J.R. SitmanIT DirectorAuthor Commented:
I did all of the above.  Now what?
0
DonNetwork AdministratorCommented:
After waiting a few moments has the client reported in?
0
DonNetwork AdministratorCommented:
Save below as reportnow.bat and run on clients that havent reported

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv 
%Windir%\system32\net.exe stop cryptsvc

del %WINDIR%\WindowsUpdate.log /S /Q  



reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f


rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 


sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)


sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

wuauclt /resetauthorization /detectnow
wuauclt /reportnow

exit /B 0 

Open in new window

0
J.R. SitmanIT DirectorAuthor Commented:
been 5 minutes nothing yet.  I'll keep checking.  Should I delete the original GPO and create another?

Also I never got an answer about add a service to the permissions that are listed in the WSUS set up article
0
DonNetwork AdministratorCommented:
"been 5 minutes nothing yet.  I'll keep checking.  Should I delete the  original GPO and create another?"

Did you try the latest .bat I posted? No your GPO is fine as long as you get results when you run reg query  "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" from command prompt



"Also I never got an answer about add a service to the permissions that  are listed in the WSUS set up article"

go over the verify wsus settings link I posted, although I dont think that is your issue.


0
DonNetwork AdministratorCommented:
are the computers in the container that the GPO is applied to ?
0
J.R. SitmanIT DirectorAuthor Commented:
Yes i ran your bat a few minutes ago.  No I haven't done the verifying steps.  I will now.  As fas as I can tell the problem started when I installed WSUS on the 2008 server, because it's been 75 days since they reported in.  I'm the only Admin so sometimes I negelect to check everything due to time limits.
0
DonNetwork AdministratorCommented:
Double check that the "Specify intranet Microsoft update  service location"  points to the correct server IP or Servername

http://servername


FQDN is not recommended
0
J.R. SitmanIT DirectorAuthor Commented:
yep set to http://spcala11
0
J.R. SitmanIT DirectorAuthor Commented:
in the registry is this correct SQLServerName %computername%\Microsoft##SSEE?  or should it have the server name?
0
DonNetwork AdministratorCommented:
%computername%\Microsoft##SSEE is correct
0
J.R. SitmanIT DirectorAuthor Commented:
ok.  awaiting your next suggestion
0
DonNetwork AdministratorCommented:
What are the results of ?

 reg query  "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"  from command prompt
0
J.R. SitmanIT DirectorAuthor Commented:
both results show the correct server.  http://spcala11
0
DonNetwork AdministratorCommented:
should be reporting then, post latest windowsupdate.log from a client that you ran the earlier .bat on
0
J.R. SitmanIT DirectorAuthor Commented:
workstation log attached
WindowsUpdate.log
0
DonNetwork AdministratorCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
J.R. SitmanIT DirectorAuthor Commented:
Which folder is the problem?
0
DonNetwork AdministratorCommented:
sorry, no way to tell from logs.
0
DonNetwork AdministratorCommented:
Go over this, as the error is in your log


http://support.microsoft.com/kb/920151
0
J.R. SitmanIT DirectorAuthor Commented:
I'm in IIS mgr but don't know how to enable Windows integrated authentication.  Can you detail it.
0
J.R. SitmanIT DirectorAuthor Commented:
Cancel last post.  I found the authenication setting
0
J.R. SitmanIT DirectorAuthor Commented:
here is the workstation current log after I changed the Authentication
WindowsUpdate.log
0
DonNetwork AdministratorCommented:
I appears to be a success


"This computer is currently scheduled to install these updates on Monday, April 26, 2010 at 3:00 AM:  - Update for Microsoft Office Outlook 2007 Junk Email Filter (KB981433)..........."
0
DonNetwork AdministratorCommented:
should have read , It appears
0
J.R. SitmanIT DirectorAuthor Commented:
When will WSUS update the last time the computer checked in?
0
DonNetwork AdministratorCommented:
Thats random based on a default period of 22 hours. The .Bat I provided above deletes these keys and the wuauclt /resetauthorization /detectnow
wuauclt /reportnow


reapplies them
0
J.R. SitmanIT DirectorAuthor Commented:
ok.  So it looks like it's fixed, "correct"
0
DonNetwork AdministratorCommented:
yup, are they now starting to report? The .bat will speed it up.
0
J.R. SitmanIT DirectorAuthor Commented:
I ran your bat and yes the workstation reported in.   Thanks for hanging in there..  is 32063781, the answer I should award points to?
0
DonNetwork AdministratorCommented:
That's the one that got rid of your 0x800710DD errors   :)
0
J.R. SitmanIT DirectorAuthor Commented:
Thanks for your patience
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.