Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 865
  • Last Modified:

WSUS 3.0 - unable to see client pc's in admin console

Hi,

I am trying to set up WSUS for the first time and I have following a Windows manual to the exactly to the letter. I still can't see any client pc's in the administration console?

Please could somebody help me out with this?

Thanks
0
YellowbusTeam
Asked:
YellowbusTeam
  • 9
  • 8
  • 4
  • +3
1 Solution
 
Mike ThomasConsultantCommented:
Have you corrretly configured the group policy settings?
0
 
Mike ThomasConsultantCommented:
it is located @ make sure it is configured and correct

Computer Configuration\Administrative Templates\Windows Components\Windows
Update - "Specify intranet Microsoft update service location".

Enter the http address to your WSUS server, like

http://yourservername
0
 
Donald StewartNetwork AdministratorCommented:
on any client not showing, run from command prompt:


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"


Does your WSUS server show?


Run Clientdiag on a client


http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
YellowbusTeamAuthor Commented:
I have configured all the group policy settings that the manual instructed. I have configured this policy correctly i beleive with 'http://YBTEST2008/selfupdate'. The administration console has found itself but not the other laptop on the domain (only one laptop setup because it is a test domain).
0
 
Mike ThomasConsultantCommented:
It might be a time issue, try rebooting the laptop and checking the policy that dictates how often clients contact the server to look for updates.


0
 
Donald StewartNetwork AdministratorCommented:
It should be only http://YBTEST2008   <<<< remove the "/selfupdate"
0
 
Mike ThomasConsultantCommented:
dstewartjr is correct, it should just be the server name as per my first post.


0
 
Donald StewartNetwork AdministratorCommented:
also if you installed on the custom port than you need to add ":8530"
0
 
YellowbusTeamAuthor Commented:
@ dstewartjr;

When i ran the command it said Error: the system was unable to find the specified registery key or value?

@ mojotech;

It has been running for over 24 hours now so I dont think it is a time issue
0
 
Donald StewartNetwork AdministratorCommented:
That means that it is not properly getting the GPO
0
 
YellowbusTeamAuthor Commented:
how can I make sure it is getting the proper gpo?
0
 
Donald StewartNetwork AdministratorCommented:
it applies to computers...Where are your computers located in relation to your WSUS gpo?
0
 
YellowbusTeamAuthor Commented:
what do you mean by that?
0
 
Donald StewartNetwork AdministratorCommented:
Do you have computers in Active directory located in a OU, or are they in the default "Computers" ?
0
 
YellowbusTeamAuthor Commented:
there are in the default computers
0
 
elbereth21Commented:
Can you tell us where the group policy object is linked? If you are already using Group Policy Management Console, you can check the "Scope" tab of the policy object. Probably the client is simply out of the scope of the policy, since you cannot link a policy to the computer container.
0
 
Donald StewartNetwork AdministratorCommented:
Being in the "Default Computers" container, they will not get any GPO's that you create. This is because you cannot link any GPO's to this container. Create a new OU called "Desktops", move your computers there and then link your WSUS GPO there.
0
 
YellowbusTeamAuthor Commented:
@ elbereth21;

The scope is the whole domain.

@ dstewartjr;

I have created the new OU as 'WSUS' and moved coputers there. what should I do now?

0
 
elbereth21Commented:
Basically, you have to wait for the poplicy to be applied. Check with a client that you can easily reboot, the results of clientDiag (mentioned before)
0
 
Donald StewartNetwork AdministratorCommented:
Gpupdate /force /boot


and the reg query should have no error this time


Reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
0
 
YellowbusTeamAuthor Commented:
the reg query is showing the same error

when i run gpresult that also errors but gpupdate seems to work fine.

I dont really know what im looking for in client diag but the settings for AU were wrong.

I think this is definately now a gp issue with the laptop for some reason refusing to pick up the policy.
0
 
nettek0300Commented:
Assuming you are running XP, go to automatic updates in the control panel and see if the settings are grayed out or if you can change them.  If you are able to change the settings and turn the auto updates off or change download options, then you are not getting the group policy.  The group policy will lock the settings so that they cannot be changed.

Microsoft has some knowledge bulletins on this subject.  Here is one of them:
http://technet.microsoft.com/en-us/library/cc708627(WS.10).aspx

The other issue I have had problems with is when computers are cloned, if the mini-setup is not ran, then WSUS will think that three computers are actually the same computer and it will not show up.

You may want to look at this as well: http://www.experts-exchange.com/Programming/Languages/Scripting/Shell/Batch/Q_22964186.html.

0
 
Donald StewartNetwork AdministratorCommented:
@nettek0300,

The Reg query that I had the OP perform quickly and easily verifies whether the GPO is being applied.

This is also not a DuplicateSid issue, as the client machines arent even getting the group policy to retrieve a SUSClientID in the first place.


@YellowbusTeam

You need to determine why your client machines arent getting the GPO applied.
0
 
elbereth21Commented:
I second dstewartjr comment: you need to understand what is preventing your GPO from being applied. Can you give us any detail on the error you are getting from gpresult. Could it be that "always wait for the network at computer startup and logon" is not selected?
0
 
YellowbusTeamAuthor Commented:
gpresult error;

INFO: The policy object does not exist.

I am at a loose end now how can I manually force the laptop to pick up the policy?
0
 
AdamJurCommented:
if you want to manually change it, from the laptop, logged in as an admin.

Start RUN - gpedit.msc  OK
Browse to Computer Configuration - Adminisrtative Templates - Windows Update

Configure Automatic Updates
Specify Intranet Microsoft Update Service location.

You can configure the other options as needed.

Run a gpupdate /force and reboot.
The client should now report in SUS.

If it still fails to show up in SUS the reporting SID may be a duplicate. If say after 20 minutes it still doesnt show, run this command or create a bath file and run. This will force a new sus id to be created by the host:

net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow




0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 9
  • 8
  • 4
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now