Solved

WSUS 3.0 - unable to see client pc's in admin console

Posted on 2010-09-02
26
857 Views
Last Modified: 2013-11-05
Hi,

I am trying to set up WSUS for the first time and I have following a Windows manual to the exactly to the letter. I still can't see any client pc's in the administration console?

Please could somebody help me out with this?

Thanks
0
Comment
Question by:YellowbusTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
  • 4
  • +3
26 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587182
Have you corrretly configured the group policy settings?
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587207
it is located @ make sure it is configured and correct

Computer Configuration\Administrative Templates\Windows Components\Windows
Update - "Specify intranet Microsoft update service location".

Enter the http address to your WSUS server, like

http://yourservername
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587424
on any client not showing, run from command prompt:


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"


Does your WSUS server show?


Run Clientdiag on a client


http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:YellowbusTeam
ID: 33587437
I have configured all the group policy settings that the manual instructed. I have configured this policy correctly i beleive with 'http://YBTEST2008/selfupdate'. The administration console has found itself but not the other laptop on the domain (only one laptop setup because it is a test domain).
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587460
It might be a time issue, try rebooting the laptop and checking the policy that dictates how often clients contact the server to look for updates.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587481
It should be only http://YBTEST2008   <<<< remove the "/selfupdate"
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33587538
dstewartjr is correct, it should just be the server name as per my first post.


0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587585
also if you installed on the custom port than you need to add ":8530"
0
 

Author Comment

by:YellowbusTeam
ID: 33587895
@ dstewartjr;

When i ran the command it said Error: the system was unable to find the specified registery key or value?

@ mojotech;

It has been running for over 24 hours now so I dont think it is a time issue
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33587995
That means that it is not properly getting the GPO
0
 

Author Comment

by:YellowbusTeam
ID: 33588074
how can I make sure it is getting the proper gpo?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33588132
it applies to computers...Where are your computers located in relation to your WSUS gpo?
0
 

Author Comment

by:YellowbusTeam
ID: 33588167
what do you mean by that?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33588197
Do you have computers in Active directory located in a OU, or are they in the default "Computers" ?
0
 

Author Comment

by:YellowbusTeam
ID: 33588215
there are in the default computers
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33594829
Can you tell us where the group policy object is linked? If you are already using Group Policy Management Console, you can check the "Scope" tab of the policy object. Probably the client is simply out of the scope of the policy, since you cannot link a policy to the computer container.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 33595631
Being in the "Default Computers" container, they will not get any GPO's that you create. This is because you cannot link any GPO's to this container. Create a new OU called "Desktops", move your computers there and then link your WSUS GPO there.
0
 

Author Comment

by:YellowbusTeam
ID: 33596508
@ elbereth21;

The scope is the whole domain.

@ dstewartjr;

I have created the new OU as 'WSUS' and moved coputers there. what should I do now?

0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33596740
Basically, you have to wait for the poplicy to be applied. Check with a client that you can easily reboot, the results of clientDiag (mentioned before)
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33596760
Gpupdate /force /boot


and the reg query should have no error this time


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
0
 

Author Comment

by:YellowbusTeam
ID: 33597535
the reg query is showing the same error

when i run gpresult that also errors but gpupdate seems to work fine.

I dont really know what im looking for in client diag but the settings for AU were wrong.

I think this is definately now a gp issue with the laptop for some reason refusing to pick up the policy.
0
 
LVL 6

Expert Comment

by:nettek0300
ID: 33597743
Assuming you are running XP, go to automatic updates in the control panel and see if the settings are grayed out or if you can change them.  If you are able to change the settings and turn the auto updates off or change download options, then you are not getting the group policy.  The group policy will lock the settings so that they cannot be changed.

Microsoft has some knowledge bulletins on this subject.  Here is one of them:
http://technet.microsoft.com/en-us/library/cc708627(WS.10).aspx

The other issue I have had problems with is when computers are cloned, if the mini-setup is not ran, then WSUS will think that three computers are actually the same computer and it will not show up.

You may want to look at this as well: http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_22964186.html.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33597828
@nettek0300,

The Reg query that I had the OP perform quickly and easily verifies whether the GPO is being applied.

This is also not a DuplicateSid issue, as the client machines arent even getting the group policy to retrieve a SUSClientID in the first place.


@YellowbusTeam

You need to determine why your client machines arent getting the GPO applied.
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 33611779
I second dstewartjr comment: you need to understand what is preventing your GPO from being applied. Can you give us any detail on the error you are getting from gpresult. Could it be that "always wait for the network at computer startup and logon" is not selected?
0
 

Author Comment

by:YellowbusTeam
ID: 33612215
gpresult error;

INFO: The policy object does not exist.

I am at a loose end now how can I manually force the laptop to pick up the policy?
0
 
LVL 5

Expert Comment

by:AdamJur
ID: 33853074
if you want to manually change it, from the laptop, logged in as an admin.

Start RUN - gpedit.msc  OK
Browse to Computer Configuration - Adminisrtative Templates - Windows Update

Configure Automatic Updates
Specify Intranet Microsoft Update Service location.

You can configure the other options as needed.

Run a gpupdate /force and reboot.
The client should now report in SUS.

If it still fails to show up in SUS the reporting SID may be a duplicate. If say after 20 minutes it still doesnt show, run this command or create a bath file and run. This will force a new sus id to be created by the host:

net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow




0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question