Solved

WSUS on SBS 2003 not picking up new pc

Posted on 2010-08-30
24
939 Views
Last Modified: 2012-05-10
Are replacing PC's and WSUS on SBS 2003 have not picked up the new pc's.  Nothing has changed other than pc names. We have deleted the old PC's out of WSUS. I do not see a way to add them. The group policy is still in effect because we get an error going to windowsupdate that tells us we are prevented from doing this on the pc. How do I get around this?
0
Comment
Question by:sraley
  • 11
  • 7
  • 4
  • +1
24 Comments
 
LVL 4

Expert Comment

by:vnicolae
Comment Utility
Refresh the group policy on the PCs and restart the windows update process:

%sytemroot%\system32\gpupdate /force
%sytemroot%\system32\wuauclt /resetauthorization /detectnow
0
 

Author Comment

by:sraley
Comment Utility
done and then rebooted. can't go to windows updates and according to policy I should be able to go to http://server:8080 and that gives me a forbidden error.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Are you adding the machines using the SBS wizard or are you adding them from the computer properties screen? If computersa are getting placed in the wrong OU or permissions are not getting set properly, all manner of inconsistent behavior may be occurring.
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
0
 

Author Comment

by:sraley
Comment Utility
They were added from the PC by joining domain. Imaged. Well they came out of the box from HP and all we did was windows updates and naming computers before joining the domain.
0
 

Author Comment

by:sraley
Comment Utility
the script code in the blog should be run on the server with WSUS ?
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
on clients
0
 

Author Comment

by:sraley
Comment Utility
ran the script on 2 machines, rebooted machines and on wsus on server manual did 2 synchronize and no new computers showed up in wsus.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
I would unjoin the domain (put them back on a workgroup) and then use the wizard. Should resolve your issues.
-Cliff
 
0
 

Author Comment

by:sraley
Comment Utility
it would be easier to just remove wsus than do this to the 7 pc's that are not showing up and let them handle updates on their own.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Easier? Perhaps (I never found joining a workgroup and running a wizard hard...), but there is also something to be said for centrally administering updates, which is why people use WSUS, Shavlik, Kace, or other patch management solutions. IF you are fine with letting machines update themselves, by all means, do so. But I guess I assume that if someone is using WSUS and if they are concerned about machines not showing up that they've already made the decision that patch management (management being the key word) is important enough to fix the problem.
In short, it is your network and I won't presume to tell you which you should do. But I do stand by my advice to resolve the issue if you so choose to resolve it instead of pass on it.
-Cliff
 
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
dstewartjr: In a non-sbs environment I'd agree with you. But this isn't simply unjoining and rejoining the domain. SBS, if you are not aware has a wizard that is designed to join workstations to the domain and preconfigures WSUS group policies during installation with settings and OU links set with the intention that the wizard would be used.
In short, manually attaching a machine to an SBS domain can cause many seemingly unrelated problems due to some of the registry settings, added installation steps, and other changes that the wizard makes during its execution where the scope is far beyond a simple domain join. Missing those other settings can cause many components to not act as expected in an SBS domain environment; WSUS is just one symptom.
In short, I'd recommend unjoining and using the wizard to rejoin the domain even if WSUS is fixed, as other unrelated issues will surface down the road as you start attempting to use other SBS-specific services.
-Cliff
 
0
 

Author Comment

by:sraley
Comment Utility

WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.4.7600.226. . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Control Panel

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL

Press Enter to Complete










0
 

Author Comment

by:sraley
Comment Utility
followed the link for gpo troubleshooting and changed 1 item in the admin template that didn't give an address for where to get updates. I don't know why that would affect the computers when it says not enabled but all the old computer names show up in WSUS. we haven't made any server changes.

Sorry I just saw that this is not SBS its 2003 Standard. I made a mistake when typing this up originally. Too many server projects happening at once.
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
0
 

Author Comment

by:sraley
Comment Utility
done. Now what?
0
 
LVL 4

Expert Comment

by:vnicolae
Comment Utility
Have you tried to delete the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate registry key on the client computers?
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
"...delete the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate registry key on the client computers?"
 
Why? <<<unnecessary(if the client isnt picking up the GPO then it wont refresh this setting regardless)
 
Verify that the client machine is getting the GPO by either running rsop.msc or from command prompt type:
 
Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
You should see your WSUS server in results
 
Does clientdiag pass?
0
 

Author Comment

by:sraley
Comment Utility
deleted key and client doesn't pick up any updates.
0
 

Author Comment

by:sraley
Comment Utility
running rsop everything is empty like the machine is not being applied any group policy but I get an error manually going to the windowsupdate website.  Run the dos command states key not found after a reboot.
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
What error do you get ? Post the windowsupdate.log


You need to troubleshoot your group policy. Do you have your WSUS GPO applied to a container that your computers are in?
0
 

Author Comment

by:sraley
Comment Utility
the standard error that i'm denied access because of a policy.
0
 
LVL 47

Accepted Solution

by:
dstewartjr earned 500 total points
Comment Utility
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now