Link to home
Start Free TrialLog in
Avatar of skielve
skielveFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Computer accounts disappearing in WSUS when new account registered

Hi,

Some time ago I created a new group in WSUS for our laptop accounts.
I noticed recently that the group only contains 16 accounts instead of all laptop accounts in the  designated OU.
I ran wuauclt /resetauthorization /detectnow as part of our logon script on some of the laptops which also writes date of WSUS files update to a txt file in %windir%.
Now, once wuauclt is run on a client, the computer account appears in correct group in WSUS directory. When I run it on another client though, the previously registered account is "overwritten" by the new account i.e. I run wuauclt on laptop 7 and the account appears in the WSUS directory, then I run wuauclt on laptop 15 and laptop 15's account appears in the directory, but laptop 7's account is gone.

All the while, the number of accounts in my Laptops group in WSUS directory is 16.

If you need any further explanation of the issue, please shout.

Any ideas?

Thanks in advance,
Skielve
Avatar of Don
Don
Flag of United States of America image

You are experiencing a duplicate sid issue, run the following .bat on them so they request a new sid

%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc

del %WINDIR%\WindowsUpdate.log /S /Q  



reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f


rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv


wuauclt /resetauthorization /detectnow
wuauclt /reportnow

exit /B 0

ASKER CERTIFIED SOLUTION
Avatar of Don
Don
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of skielve

ASKER

Thanks dstewartjr.

This has already been done in the past (when we moved WSUS to another server) and all clients had the old keys removed over a year ago and were re-registered afresh. Hence the logfiles in %windir% - it stops the script from running every time ("if not exist %windir%\[logfile]").

Something must have gone badly wrong at some stage though and we may have to refresh the registrations across the board.

Thanks for your help on this!

Skielve
Thanks a million! I scoured the Internet to try to find solutions to this problem. Many of them pointed to the issue with the registry. Your script made it much easier to fix than manually fixing the registry on the affected computers.
You're welcome
Does this work for Windows Server 2003 and Windows Server 2012? It worked for all my workstations, but I'm still not seeing the servers.
Are the servers getting the Gpo???

on one of them do a reg query from cmd

Reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
I ran the reg query command and it shows the target group and server. Those match what is in my GPO and other servers using the same GPO are showing up in the WSUS console.
One other item to note - the servers that are not showing in WSUS are in a separate DMZ. Maybe there is something that I need to configure in addition to what I already have set up. Are you aware of any best practices for using WSUS in a DMZ environment?
I found this in the event log on one of the servers as well.

+ System

  - Provider

   [ Name]  Windows Error Reporting
 
  - EventID 1001

   [ Qualifiers]  0
 
   Level 4
 
   Task 0
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2015-07-21T18:47:10.000000000Z
 
   EventRecordID 10306
 
   Channel Application
 
   Computer (I removed the computer name for security)
 
   Security
 

- EventData

   
   0
   WindowsUpdateFailure2
   Not available
   0
   7.9.9600.16422
   8024401c
   00000000-0000-0000-0000-000000000000
   Scan
   101
   Managed {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
   0
   
   
   
   
   C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.9.9600.16422_195c6b41c488d0e33a883cc17ef2158bc1ac77de_00000000_cab_3e2bca91
   
   0
   e44c5286-2fd8-11e5-80b7-a5a03e7bcda4
   4