• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

WSUS on SBS 2003 not picking up new pc

Are replacing PC's and WSUS on SBS 2003 have not picked up the new pc's.  Nothing has changed other than pc names. We have deleted the old PC's out of WSUS. I do not see a way to add them. The group policy is still in effect because we get an error going to windowsupdate that tells us we are prevented from doing this on the pc. How do I get around this?
0
sraley
Asked:
sraley
  • 11
  • 7
  • 4
  • +1
1 Solution
 
vnicolaeCommented:
Refresh the group policy on the PCs and restart the windows update process:

%sytemroot%\system32\gpupdate /force
%sytemroot%\system32\wuauclt /resetauthorization /detectnow
0
 
sraleyAuthor Commented:
done and then rebooted. can't go to windows updates and according to policy I should be able to go to http://server:8080 and that gives me a forbidden error.
0
 
Cliff GaliherCommented:
Are you adding the machines using the SBS wizard or are you adding them from the computer properties screen? If computersa are getting placed in the wrong OU or permissions are not getting set properly, all manner of inconsistent behavior may be occurring.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
DonNetwork AdministratorCommented:
0
 
sraleyAuthor Commented:
They were added from the PC by joining domain. Imaged. Well they came out of the box from HP and all we did was windows updates and naming computers before joining the domain.
0
 
sraleyAuthor Commented:
the script code in the blog should be run on the server with WSUS ?
0
 
DonNetwork AdministratorCommented:
on clients
0
 
sraleyAuthor Commented:
ran the script on 2 machines, rebooted machines and on wsus on server manual did 2 synchronize and no new computers showed up in wsus.
0
 
Cliff GaliherCommented:
I would unjoin the domain (put them back on a workgroup) and then use the wizard. Should resolve your issues.
-Cliff
 
0
 
sraleyAuthor Commented:
it would be easier to just remove wsus than do this to the 7 pc's that are not showing up and let them handle updates on their own.
0
 
Cliff GaliherCommented:
Easier? Perhaps (I never found joining a workgroup and running a wizard hard...), but there is also something to be said for centrally administering updates, which is why people use WSUS, Shavlik, Kace, or other patch management solutions. IF you are fine with letting machines update themselves, by all means, do so. But I guess I assume that if someone is using WSUS and if they are concerned about machines not showing up that they've already made the decision that patch management (management being the key word) is important enough to fix the problem.
In short, it is your network and I won't presume to tell you which you should do. But I do stand by my advice to resolve the issue if you so choose to resolve it instead of pass on it.
-Cliff
 
0
 
Cliff GaliherCommented:
dstewartjr: In a non-sbs environment I'd agree with you. But this isn't simply unjoining and rejoining the domain. SBS, if you are not aware has a wizard that is designed to join workstations to the domain and preconfigures WSUS group policies during installation with settings and OU links set with the intention that the wizard would be used.
In short, manually attaching a machine to an SBS domain can cause many seemingly unrelated problems due to some of the registry settings, added installation steps, and other changes that the wizard makes during its execution where the scope is far beyond a simple domain join. Missing those other settings can cause many components to not act as expected in an SBS domain environment; WSUS is just one symptom.
In short, I'd recommend unjoining and using the wizard to rejoin the domain even if WSUS is fixed, as other unrelated issues will surface down the road as you start attempting to use other SBS-specific services.
-Cliff
 
0
 
sraleyAuthor Commented:

WSUS Client Diagnostics Tool

Checking Machine State
        Checking for admin rights to run tool . . . . . . . . . PASS
        Automatic Updates Service is running. . . . . . . . . . PASS
        Background Intelligent Transfer Service is running. . . PASS
        Wuaueng.dll version 7.4.7600.226. . . . . . . . . . . . PASS
                This version is WSUS 2.0

Checking AU Settings
        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS
                Option is from Control Panel

Checking Proxy Configuration
        Checking for winhttp local machine Proxy settings . . . PASS
                Winhttp local machine access type
                        <Direct Connection>
                Winhttp local machine Proxy. . . . . . . . . .  NONE
                Winhttp local machine ProxyBypass. . . . . . .  NONE
        Checking User IE Proxy settings . . . . . . . . . . . . PASS
                User IE Proxy. . . . . . . . . . . . . . . . .  NONE
                User IE ProxyByPass. . . . . . . . . . . . . .  NONE
                User IE AutoConfig URL Proxy . . . . . . . . .  NONE
                User IE AutoDetect
                AutoDetect not in use

Checking Connection to WSUS/SUS Server
AU does not have Policy Set
AU does not have Policy Set
        UseWuServer is disabled . . . . . . . . . . . . . . . . FAIL

Press Enter to Complete










0
 
sraleyAuthor Commented:
followed the link for gpo troubleshooting and changed 1 item in the admin template that didn't give an address for where to get updates. I don't know why that would affect the computers when it says not enabled but all the old computer names show up in WSUS. we haven't made any server changes.

Sorry I just saw that this is not SBS its 2003 Standard. I made a mistake when typing this up originally. Too many server projects happening at once.
0
 
DonNetwork AdministratorCommented:
0
 
sraleyAuthor Commented:
done. Now what?
0
 
vnicolaeCommented:
Have you tried to delete the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate registry key on the client computers?
0
 
DonNetwork AdministratorCommented:
"...delete the HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate registry key on the client computers?"
 
Why? <<<unnecessary(if the client isnt picking up the GPO then it wont refresh this setting regardless)
 
Verify that the client machine is getting the GPO by either running rsop.msc or from command prompt type:
 
Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
You should see your WSUS server in results
 
Does clientdiag pass?
0
 
sraleyAuthor Commented:
deleted key and client doesn't pick up any updates.
0
 
sraleyAuthor Commented:
running rsop everything is empty like the machine is not being applied any group policy but I get an error manually going to the windowsupdate website.  Run the dos command states key not found after a reboot.
0
 
DonNetwork AdministratorCommented:
What error do you get ? Post the windowsupdate.log


You need to troubleshoot your group policy. Do you have your WSUS GPO applied to a container that your computers are in?
0
 
sraleyAuthor Commented:
the standard error that i'm denied access because of a policy.
0
 
DonNetwork AdministratorCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 11
  • 7
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now