skielve
asked on
Computer accounts disappearing in WSUS when new account registered
Hi,
Some time ago I created a new group in WSUS for our laptop accounts.
I noticed recently that the group only contains 16 accounts instead of all laptop accounts in the designated OU.
I ran wuauclt /resetauthorization /detectnow as part of our logon script on some of the laptops which also writes date of WSUS files update to a txt file in %windir%.
Now, once wuauclt is run on a client, the computer account appears in correct group in WSUS directory. When I run it on another client though, the previously registered account is "overwritten" by the new account i.e. I run wuauclt on laptop 7 and the account appears in the WSUS directory, then I run wuauclt on laptop 15 and laptop 15's account appears in the directory, but laptop 7's account is gone.
All the while, the number of accounts in my Laptops group in WSUS directory is 16.
If you need any further explanation of the issue, please shout.
Any ideas?
Thanks in advance,
Skielve
Some time ago I created a new group in WSUS for our laptop accounts.
I noticed recently that the group only contains 16 accounts instead of all laptop accounts in the designated OU.
I ran wuauclt /resetauthorization /detectnow as part of our logon script on some of the laptops which also writes date of WSUS files update to a txt file in %windir%.
Now, once wuauclt is run on a client, the computer account appears in correct group in WSUS directory. When I run it on another client though, the previously registered account is "overwritten" by the new account i.e. I run wuauclt on laptop 7 and the account appears in the WSUS directory, then I run wuauclt on laptop 15 and laptop 15's account appears in the directory, but laptop 7's account is gone.
All the while, the number of accounts in my Laptops group in WSUS directory is 16.
If you need any further explanation of the issue, please shout.
Any ideas?
Thanks in advance,
Skielve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks dstewartjr.
This has already been done in the past (when we moved WSUS to another server) and all clients had the old keys removed over a year ago and were re-registered afresh. Hence the logfiles in %windir% - it stops the script from running every time ("if not exist %windir%\[logfile]").
Something must have gone badly wrong at some stage though and we may have to refresh the registrations across the board.
Thanks for your help on this!
Skielve
This has already been done in the past (when we moved WSUS to another server) and all clients had the old keys removed over a year ago and were re-registered afresh. Hence the logfiles in %windir% - it stops the script from running every time ("if not exist %windir%\[logfile]").
Something must have gone badly wrong at some stage though and we may have to refresh the registrations across the board.
Thanks for your help on this!
Skielve
Thanks a million! I scoured the Internet to try to find solutions to this problem. Many of them pointed to the issue with the registry. Your script made it much easier to fix than manually fixing the registry on the affected computers.
You're welcome
Does this work for Windows Server 2003 and Windows Server 2012? It worked for all my workstations, but I'm still not seeing the servers.
Are the servers getting the Gpo???
on one of them do a reg query from cmd
Reg query HKLM\SOFTWARE\Policies\Mic rosoft\Win dows\Windo wsUpdate
on one of them do a reg query from cmd
Reg query HKLM\SOFTWARE\Policies\Mic
I ran the reg query command and it shows the target group and server. Those match what is in my GPO and other servers using the same GPO are showing up in the WSUS console.
One other item to note - the servers that are not showing in WSUS are in a separate DMZ. Maybe there is something that I need to configure in addition to what I already have set up. Are you aware of any best practices for using WSUS in a DMZ environment?
I found this in the event log on one of the servers as well.
+ System
- Provider
[ Name] Windows Error Reporting
- EventID 1001
[ Qualifiers] 0
Level 4
Task 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2015-07-21T18:47:10.000000 000Z
EventRecordID 10306
Channel Application
Computer (I removed the computer name for security)
Security
- EventData
0
WindowsUpdateFailure2
Not available
0
7.9.9600.16422
8024401c
00000000-0000-0000-0000-00 0000000000
Scan
101
Managed {3DA21691-E39D-4DA6-8A4B-B 43877BCB1B 7}
0
C:\ProgramData\Microsoft\W indows\WER \ReportQue ue\NonCrit ical_7.9.9 600.16422_ 195c6b41c4 88d0e33a88 3cc17ef215 8bc1ac77de _00000000_ cab_3e2bca 91
0
e44c5286-2fd8-11e5-80b7-a5 a03e7bcda4
4
+ System
- Provider
[ Name] Windows Error Reporting
- EventID 1001
[ Qualifiers] 0
Level 4
Task 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2015-07-21T18:47:10.000000
EventRecordID 10306
Channel Application
Computer (I removed the computer name for security)
Security
- EventData
0
WindowsUpdateFailure2
Not available
0
7.9.9600.16422
8024401c
00000000-0000-0000-0000-00
Scan
101
Managed {3DA21691-E39D-4DA6-8A4B-B
0
C:\ProgramData\Microsoft\W
0
e44c5286-2fd8-11e5-80b7-a5
4
%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
del %WINDIR%\WindowsUpdate.log
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete "HKLM\SOFTWARE\Microsoft\W
reg delete "HKLM\SOFTWARE\Microsoft\W
reg delete "HKLM\SOFTWARE\Microsoft\W
rd /s /q %windir%\softwareDistribut
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv
wuauclt /resetauthorization /detectnow
wuauclt /reportnow
exit /B 0