We help IT Professionals succeed at work.

WSUS Issue

kiran_kumar01
kiran_kumar01 used Ask the Experts™
on
most of our servers not showing up in WSUS but they are picking updates from WSUS.

Can you please provide solution so that the servers get reported in WSUS

Regards
R

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
try this on the clients
wuauclt.exe /detectnow or
wuauclt.exe /ReportNow
Lee OsborneSenior Infrastructure Engineer

Commented:
You could also try resetauthorization with detectnow -

wuauclt /resetauthorization /detectnow

This will refresh the targeting group too.

Lee

Commented:
If the updates are applying correctly it may be worth checking the following registry keys match:

Specifies WSUS Server
"HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer"
Specifies WSUS Report Server
"HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\UStatusServer""

Here are a few things to check.  

1)  Verify Group policy is properly applied to the systems.   Open Regedit and navigate to the following keys.

HKLM>Software>policies>microsoft>Windows>Windowsupdate

Verify that the value "WUServer" points to your internal WSUS server

Verify that the value "WUStatusServer" points to your WSUS reporting server

Assuming both of those are correct.  Look at you windowsupdate.log file to check for errors.  This can be found at c:\windows\windowsupdate.log (this assumes a default installation of the OS!)

if you do not see errors try the following steps.

1)  Stop the Automatic Updates service.
2)  Open regedit and navigate to
      HKLM>Software>Microsoft>Windows>Current Verion>WindowsUpdate

      Delete the SusClientID and the SusClientIdValidation entires.

3)  Open c:\windows\software distribution and delete all the contents of this folder

4)  rename the windowsupdate.log file to something else like windowsupdate.bak  (this will make it easier to see what is happening later)

5)  restart the Automatic Updates service.

6)  from a CMD prompt enter WUAUCLT /resetauthorization /detectnow.

7)  wait a couple of minutes and check the windowsupdate.log file.   Assuming you see no errors. You should see your server in the WSUS console now.

Good luck!  
DonNetwork Administrator

Commented:
Just run the Microsoft "Reset Windows Update Component"  Fix-it on them
 
http://support.microsoft.com/Default.aspx?kbid=971058 
Not sure running the "Reset Windows Update Component" will help since he is getting updates just fine.  His issue is with reporting.   One of the most common reasons this takes place is that the systems are cloned (ghosted) and the SUS client ID is the same on all the servers so they cannot differentiate themselves to the WSUS server.  By removed the SUS IDs in the regsitry and rebuilding them, they will be able to report themselves to the WSUS database.  

For more information about WSUS and troubleshooting please refer to the following discussion group:
http://social.technet.microsoft.com/Forums/en/winserverwsus/threads
DonNetwork Administrator

Commented:
"Not sure running the "Reset Windows Update Component" " 
 Really???
http://blogs.technet.com/b/mkleef/archive/2009/08/21/wsus-and-clients-not-yet-reported.aspx
 
 
"One of the most common reasons this takes place is that the systems are cloned (ghosted) "
 
Used to be...
 
 
 http://support.microsoft.com/kb/903262
 
We have added an automatic feature to the Windows Update Agent that is installed on WSUS client computers. This feature can help address this duplicate-SusClientID issue. The feature provides a solution that is added to the client-side Windows Update Agent starting with version 7.0.6000.374. (This version is the client version that was included with WSUS 3.0.)
Only used to be if the following situation applies:

"Note In WSUS 3.0, the client changes its SusClientID if the hardware configuration changes. For Windows Vista, for Windows Server 2008, and for later versions, Sysprep is changed to reset the SusClientID. Therefore, this problem affects only virtual machines that run pre-Windows Vista operating systems, or that were not created by using Sysprep."


So for systems that are hosted in VMware or HyperV this can still be a big problem, especially with pre-Vista/2008 sysprep.   Your suggestion does not help him diagnose the issue to see if it is something as simple as a failure in GPO settings.  
DonNetwork Administrator

Commented:
@ranmasao12
 
The only person that should be questioning my comments is the OP!!
 
For one, I posted a comment/suggestion that hasn't been mentioned. <<<meaning that if the prior comments dont work that would be something to try. I am more than capable of troubleshooting WSUS issues. My reputation here backs that.

Author

Commented:
checked the registry settings below

Specifies WSUS Server
"HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer"
Specifies WSUS Report Server
"HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\UStatusServer"" which point to the correct wsus server.

I have tested with the commands
wuauclt /resetauthorization /detectnow but still the server is not reporting in WSUS,

Commented:
what about /reportnow?

Commented:
what if you run a gpresult? what does it say?
Did you go through the process I listed above yet?

Commented:
yeah.. try to rename the windowsupdate log. file

then type wuauclt.exe /resetauthorization /detectnow

examine the log file after that or post it here :)

Author

Commented:
The clientdiag shows results which all PASS
have you gone through the process on a machine that I posted above yet?

Author

Commented:
The computers appears when i renamed windowsupdate log file and ran the command wuauclt.exe /resetauthorization /detectnow.

after 2 min they disappear again ,I am not able to find the computer when i do the search.
If you went through the entire process I posted above it should prevent that unless you have database corruption in your WSUS database.  Do you know how to browse your tables in the SQL manager to see if you see the computer in there?

DonNetwork Administrator

Commented:
Run the script found here on them


http://msmvps.com/blogs/athif/pages/66376.aspx