Solved

Computers Not Showing in WSUS

Posted on 2010-09-10
9
669 Views
Last Modified: 2012-05-10
Hi folks!

Got a Windows Server 2003-based Active Directory network with approximately 150 Windows XP Professional Service Pack 3 workstations. I am attempting to implement a WSUS server for our organization.

I have installed WSUS, configured it, and set the group policy (for the entire domain) to point workstations to the server. Thus far, only about 100 of the 150 workstations have appeared in the WSUS management console. The other 50 or so workstations are not showing up.

In an effort to troubleshoot this problem, I have done the following:

1. I have run the "wuauclt.exe /detectnow" and "wuauclt.exe /resetauthorization /detectnow" commands. Neither produces any effect.

2. I have run the WSUS client diagnostic tool. On some workstations, it reports that the UseWUServer value is missing from the registry. However, when I create that registry value (in HKLM\Software\Policies\Microsoft\Wiindows\WindowsUpdate\AU" and set it to a value of 1, the diag tool runs successfully and reports no errors, but the computer still never appears in the server console.

3. I have used the script, posted in other question threads here on EE, to reset the SID and registry key values, and then re-run the "wuauclt.exe /resetauthorization /detectnow" command. Still no change.

4. I have checked the IIS server settings and have verified that the WSUS web site is on the default of port 80 and, therefore, the server address I used in Group Policy is correct.

If anyone could offer any additional suggestions, they would be most appreciated. Thanks!

- Ithizar
0
Comment
Question by:Ithizar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 10

Expert Comment

by:jramsier
ID: 33647350
on one of the machines that is not working (client side) do a "gpresult" and see if that GPO is applied to that device.  If it is filtered then you have a problem with GPO not apply to the device.  Iether way try a "gpupdate /force" on the device.

Also check the registry settings.  here is a link that decribes them, depending on what you set in GPO:
http://technet.microsoft.com/en-us/library/cc708545(WS.10).aspx

Sounds like a GPO issue if they are not in WSUS.
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33647959
download the client diagnostic tools and see where the problem is coming from.

http://technet.microsoft.com/en-us/wsus/bb466192.aspx
0
 

Author Comment

by:Ithizar
ID: 33648044
Thanks, justinyeung. However, did you actually read my post? :) Please see # 2 in my list of things I've tried.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Ithizar
ID: 33648533
jramsier,

gpresult shows that the GPO is being applied to the computer, and updated on a regular basis. Additionally, I ran the "rsop.msc" tool to look at the resultant set of policies, and all of the specific policy settings I had defined, like the use of automatic updates and the location of our WSUS server, were correct.

I have run "gpupdate /force" many times, but did it again just to be safe. Then, I even ran "wuauclt.exe /resetauthorization /detectnow" again. Still no dice.

I checked the link you provided, and basically all the permissions were set correctly. The only thing that was missing is that the ASPNET account did not have access to one registry key. I fixed that. Still no change in behavior.

- Ithizar
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 33648633
"I have installed WSUS, configured it, and set the group policy (for the entire domain) to point workstations to the server. Thus far, only about 100 of the 150 workstations have appeared in the WSUS management console. The other 50 or so workstations are not showing up."

This is a duplicate sid issue
 
 
http://msmvps.com/blogs/athif/pages/66376.aspx

0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33648822
add the following registry key on the machine that is not contact

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUState"=dword:00000002

and then try to reauthorize the machine

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33648904
@justinyeung
 
Group policy configures this registry setting which the author has already stated is correctly being applied.
0
 
LVL 10

Expert Comment

by:jramsier
ID: 33650135
I agree with dstewartjr.  This is very common if you image the machines via Symantec Ghost or other programs.  You will need to recreate the SID on the machines if so.

Use this to check the SIDs:
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

If some are the same use this to fix:
http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33650213
Machine SId and the WSUS SUSclientID are 2 different items.
 
NewSid is retired and will not remedy a WSUS issue.
 
The script in the link I posted will delete the registry locations where the DuplicateSid is located.
Wuauclt /resetauthorization /detectnow will tell the client to retrieve a new SUSClientID.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question