Solved

WSUS 3.0 - unable to see client pc's in admin console

Posted on 2010-09-02
26
858 Views
Last Modified: 2013-11-05
Hi,

I am trying to set up WSUS for the first time and I have following a Windows manual to the exactly to the letter. I still can't see any client pc's in the administration console?

Please could somebody help me out with this?

Thanks
0
Comment
Question by:YellowbusTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
  • 4
  • +3
26 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587182
Have you corrretly configured the group policy settings?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587207
it is located @ make sure it is configured and correct

Computer Configuration\Administrative Templates\Windows Components\Windows
Update - "Specify intranet Microsoft update service location".

Enter the http address to your WSUS server, like

http://yourservername
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587424
on any client not showing, run from command prompt:


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"


Does your WSUS server show?


Run Clientdiag on a client


http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:YellowbusTeam
ID: 33587437
I have configured all the group policy settings that the manual instructed. I have configured this policy correctly i beleive with 'http://YBTEST2008/selfupdate'. The administration console has found itself but not the other laptop on the domain (only one laptop setup because it is a test domain).
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587460
It might be a time issue, try rebooting the laptop and checking the policy that dictates how often clients contact the server to look for updates.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587481
It should be only http://YBTEST2008   <<<< remove the "/selfupdate"
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587538
dstewartjr is correct, it should just be the server name as per my first post.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587585
also if you installed on the custom port than you need to add ":8530"
0
 

Author Comment

by:YellowbusTeam
ID: 33587895
@ dstewartjr;

When i ran the command it said Error: the system was unable to find the specified registery key or value?

@ mojotech;

It has been running for over 24 hours now so I dont think it is a time issue
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587995
That means that it is not properly getting the GPO
0
 

Author Comment

by:YellowbusTeam
ID: 33588074
how can I make sure it is getting the proper gpo?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33588132
it applies to computers...Where are your computers located in relation to your WSUS gpo?
0
 

Author Comment

by:YellowbusTeam
ID: 33588167
what do you mean by that?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33588197
Do you have computers in Active directory located in a OU, or are they in the default "Computers" ?
0
 

Author Comment

by:YellowbusTeam
ID: 33588215
there are in the default computers
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33594829
Can you tell us where the group policy object is linked? If you are already using Group Policy Management Console, you can check the "Scope" tab of the policy object. Probably the client is simply out of the scope of the policy, since you cannot link a policy to the computer container.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 33595631
Being in the "Default Computers" container, they will not get any GPO's that you create. This is because you cannot link any GPO's to this container. Create a new OU called "Desktops", move your computers there and then link your WSUS GPO there.
0
 

Author Comment

by:YellowbusTeam
ID: 33596508
@ elbereth21;

The scope is the whole domain.

@ dstewartjr;

I have created the new OU as 'WSUS' and moved coputers there. what should I do now?

0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33596740
Basically, you have to wait for the poplicy to be applied. Check with a client that you can easily reboot, the results of clientDiag (mentioned before)
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33596760
Gpupdate /force /boot


and the reg query should have no error this time


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
0
 

Author Comment

by:YellowbusTeam
ID: 33597535
the reg query is showing the same error

when i run gpresult that also errors but gpupdate seems to work fine.

I dont really know what im looking for in client diag but the settings for AU were wrong.

I think this is definately now a gp issue with the laptop for some reason refusing to pick up the policy.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 33597743
Assuming you are running XP, go to automatic updates in the control panel and see if the settings are grayed out or if you can change them.  If you are able to change the settings and turn the auto updates off or change download options, then you are not getting the group policy.  The group policy will lock the settings so that they cannot be changed.

Microsoft has some knowledge bulletins on this subject.  Here is one of them:
http://technet.microsoft.com/en-us/library/cc708627(WS.10).aspx

The other issue I have had problems with is when computers are cloned, if the mini-setup is not ran, then WSUS will think that three computers are actually the same computer and it will not show up.

You may want to look at this as well: http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_22964186.html.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33597828
@nettek0300,

The Reg query that I had the OP perform quickly and easily verifies whether the GPO is being applied.

This is also not a DuplicateSid issue, as the client machines arent even getting the group policy to retrieve a SUSClientID in the first place.


@YellowbusTeam

You need to determine why your client machines arent getting the GPO applied.
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33611779
I second dstewartjr comment: you need to understand what is preventing your GPO from being applied. Can you give us any detail on the error you are getting from gpresult. Could it be that "always wait for the network at computer startup and logon" is not selected?
0
 

Author Comment

by:YellowbusTeam
ID: 33612215
gpresult error;

INFO: The policy object does not exist.

I am at a loose end now how can I manually force the laptop to pick up the policy?
0
 
LVL 5

Expert Comment

by:AdamJur
ID: 33853074
if you want to manually change it, from the laptop, logged in as an admin.

Start RUN - gpedit.msc  OK
Browse to Computer Configuration - Adminisrtative Templates - Windows Update

Configure Automatic Updates
Specify Intranet Microsoft Update Service location.

You can configure the other options as needed.

Run a gpupdate /force and reboot.
The client should now report in SUS.

If it still fails to show up in SUS the reporting SID may be a duplicate. If say after 20 minutes it still doesnt show, run this command or create a bath file and run. This will force a new sus id to be created by the host:

net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow




0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Determining the an SCCM package name from the Package ID
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question