Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

WSUS 3.0 - unable to see client pc's in admin console

Posted on 2010-09-02
26
Medium Priority
?
863 Views
Last Modified: 2013-11-05
Hi,

I am trying to set up WSUS for the first time and I have following a Windows manual to the exactly to the letter. I still can't see any client pc's in the administration console?

Please could somebody help me out with this?

Thanks
0
Comment
Question by:YellowbusTeam
  • 9
  • 8
  • 4
  • +3
26 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587182
Have you corrretly configured the group policy settings?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587207
it is located @ make sure it is configured and correct

Computer Configuration\Administrative Templates\Windows Components\Windows
Update - "Specify intranet Microsoft update service location".

Enter the http address to your WSUS server, like

http://yourservername
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587424
on any client not showing, run from command prompt:


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"


Does your WSUS server show?


Run Clientdiag on a client


http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:YellowbusTeam
ID: 33587437
I have configured all the group policy settings that the manual instructed. I have configured this policy correctly i beleive with 'http://YBTEST2008/selfupdate'. The administration console has found itself but not the other laptop on the domain (only one laptop setup because it is a test domain).
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587460
It might be a time issue, try rebooting the laptop and checking the policy that dictates how often clients contact the server to look for updates.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587481
It should be only http://YBTEST2008   <<<< remove the "/selfupdate"
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587538
dstewartjr is correct, it should just be the server name as per my first post.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587585
also if you installed on the custom port than you need to add ":8530"
0
 

Author Comment

by:YellowbusTeam
ID: 33587895
@ dstewartjr;

When i ran the command it said Error: the system was unable to find the specified registery key or value?

@ mojotech;

It has been running for over 24 hours now so I dont think it is a time issue
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587995
That means that it is not properly getting the GPO
0
 

Author Comment

by:YellowbusTeam
ID: 33588074
how can I make sure it is getting the proper gpo?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33588132
it applies to computers...Where are your computers located in relation to your WSUS gpo?
0
 

Author Comment

by:YellowbusTeam
ID: 33588167
what do you mean by that?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33588197
Do you have computers in Active directory located in a OU, or are they in the default "Computers" ?
0
 

Author Comment

by:YellowbusTeam
ID: 33588215
there are in the default computers
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33594829
Can you tell us where the group policy object is linked? If you are already using Group Policy Management Console, you can check the "Scope" tab of the policy object. Probably the client is simply out of the scope of the policy, since you cannot link a policy to the computer container.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 33595631
Being in the "Default Computers" container, they will not get any GPO's that you create. This is because you cannot link any GPO's to this container. Create a new OU called "Desktops", move your computers there and then link your WSUS GPO there.
0
 

Author Comment

by:YellowbusTeam
ID: 33596508
@ elbereth21;

The scope is the whole domain.

@ dstewartjr;

I have created the new OU as 'WSUS' and moved coputers there. what should I do now?

0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33596740
Basically, you have to wait for the poplicy to be applied. Check with a client that you can easily reboot, the results of clientDiag (mentioned before)
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33596760
Gpupdate /force /boot


and the reg query should have no error this time


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
0
 

Author Comment

by:YellowbusTeam
ID: 33597535
the reg query is showing the same error

when i run gpresult that also errors but gpupdate seems to work fine.

I dont really know what im looking for in client diag but the settings for AU were wrong.

I think this is definately now a gp issue with the laptop for some reason refusing to pick up the policy.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 33597743
Assuming you are running XP, go to automatic updates in the control panel and see if the settings are grayed out or if you can change them.  If you are able to change the settings and turn the auto updates off or change download options, then you are not getting the group policy.  The group policy will lock the settings so that they cannot be changed.

Microsoft has some knowledge bulletins on this subject.  Here is one of them:
http://technet.microsoft.com/en-us/library/cc708627(WS.10).aspx

The other issue I have had problems with is when computers are cloned, if the mini-setup is not ran, then WSUS will think that three computers are actually the same computer and it will not show up.

You may want to look at this as well: http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_22964186.html.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33597828
@nettek0300,

The Reg query that I had the OP perform quickly and easily verifies whether the GPO is being applied.

This is also not a DuplicateSid issue, as the client machines arent even getting the group policy to retrieve a SUSClientID in the first place.


@YellowbusTeam

You need to determine why your client machines arent getting the GPO applied.
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33611779
I second dstewartjr comment: you need to understand what is preventing your GPO from being applied. Can you give us any detail on the error you are getting from gpresult. Could it be that "always wait for the network at computer startup and logon" is not selected?
0
 

Author Comment

by:YellowbusTeam
ID: 33612215
gpresult error;

INFO: The policy object does not exist.

I am at a loose end now how can I manually force the laptop to pick up the policy?
0
 
LVL 5

Expert Comment

by:AdamJur
ID: 33853074
if you want to manually change it, from the laptop, logged in as an admin.

Start RUN - gpedit.msc  OK
Browse to Computer Configuration - Adminisrtative Templates - Windows Update

Configure Automatic Updates
Specify Intranet Microsoft Update Service location.

You can configure the other options as needed.

Run a gpupdate /force and reboot.
The client should now report in SUS.

If it still fails to show up in SUS the reporting SID may be a duplicate. If say after 20 minutes it still doesnt show, run this command or create a bath file and run. This will force a new sus id to be created by the host:

net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow




0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question