Computers Not Showing in WSUS

Hi folks!

Got a Windows Server 2003-based Active Directory network with approximately 150 Windows XP Professional Service Pack 3 workstations. I am attempting to implement a WSUS server for our organization.

I have installed WSUS, configured it, and set the group policy (for the entire domain) to point workstations to the server. Thus far, only about 100 of the 150 workstations have appeared in the WSUS management console. The other 50 or so workstations are not showing up.

In an effort to troubleshoot this problem, I have done the following:

1. I have run the "wuauclt.exe /detectnow" and "wuauclt.exe /resetauthorization /detectnow" commands. Neither produces any effect.

2. I have run the WSUS client diagnostic tool. On some workstations, it reports that the UseWUServer value is missing from the registry. However, when I create that registry value (in HKLM\Software\Policies\Microsoft\Wiindows\WindowsUpdate\AU" and set it to a value of 1, the diag tool runs successfully and reports no errors, but the computer still never appears in the server console.

3. I have used the script, posted in other question threads here on EE, to reset the SID and registry key values, and then re-run the "wuauclt.exe /resetauthorization /detectnow" command. Still no change.

4. I have checked the IIS server settings and have verified that the WSUS web site is on the default of port 80 and, therefore, the server address I used in Group Policy is correct.

If anyone could offer any additional suggestions, they would be most appreciated. Thanks!

- Ithizar
IthizarAsked:
Who is Participating?
 
DonConnect With a Mentor Network AdministratorCommented:
"I have installed WSUS, configured it, and set the group policy (for the entire domain) to point workstations to the server. Thus far, only about 100 of the 150 workstations have appeared in the WSUS management console. The other 50 or so workstations are not showing up."

This is a duplicate sid issue
 
 
http://msmvps.com/blogs/athif/pages/66376.aspx

0
 
jramsierCommented:
on one of the machines that is not working (client side) do a "gpresult" and see if that GPO is applied to that device.  If it is filtered then you have a problem with GPO not apply to the device.  Iether way try a "gpupdate /force" on the device.

Also check the registry settings.  here is a link that decribes them, depending on what you set in GPO:
http://technet.microsoft.com/en-us/library/cc708545(WS.10).aspx

Sounds like a GPO issue if they are not in WSUS.
0
 
Justin YeungSenior Systems EngineerCommented:
download the client diagnostic tools and see where the problem is coming from.

http://technet.microsoft.com/en-us/wsus/bb466192.aspx
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
IthizarAuthor Commented:
Thanks, justinyeung. However, did you actually read my post? :) Please see # 2 in my list of things I've tried.
0
 
IthizarAuthor Commented:
jramsier,

gpresult shows that the GPO is being applied to the computer, and updated on a regular basis. Additionally, I ran the "rsop.msc" tool to look at the resultant set of policies, and all of the specific policy settings I had defined, like the use of automatic updates and the location of our WSUS server, were correct.

I have run "gpupdate /force" many times, but did it again just to be safe. Then, I even ran "wuauclt.exe /resetauthorization /detectnow" again. Still no dice.

I checked the link you provided, and basically all the permissions were set correctly. The only thing that was missing is that the ASPNET account did not have access to one registry key. I fixed that. Still no change in behavior.

- Ithizar
0
 
Justin YeungSenior Systems EngineerCommented:
add the following registry key on the machine that is not contact

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUState"=dword:00000002

and then try to reauthorize the machine

0
 
DonNetwork AdministratorCommented:
@justinyeung
 
Group policy configures this registry setting which the author has already stated is correctly being applied.
0
 
jramsierCommented:
I agree with dstewartjr.  This is very common if you image the machines via Symantec Ghost or other programs.  You will need to recreate the SID on the machines if so.

Use this to check the SIDs:
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

If some are the same use this to fix:
http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
0
 
DonNetwork AdministratorCommented:
Machine SId and the WSUS SUSclientID are 2 different items.
 
NewSid is retired and will not remedy a WSUS issue.
 
The script in the link I posted will delete the registry locations where the DuplicateSid is located.
Wuauclt /resetauthorization /detectnow will tell the client to retrieve a new SUSClientID.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.