Solved

Computers Not Showing in WSUS

Posted on 2010-09-10
9
656 Views
Last Modified: 2012-05-10
Hi folks!

Got a Windows Server 2003-based Active Directory network with approximately 150 Windows XP Professional Service Pack 3 workstations. I am attempting to implement a WSUS server for our organization.

I have installed WSUS, configured it, and set the group policy (for the entire domain) to point workstations to the server. Thus far, only about 100 of the 150 workstations have appeared in the WSUS management console. The other 50 or so workstations are not showing up.

In an effort to troubleshoot this problem, I have done the following:

1. I have run the "wuauclt.exe /detectnow" and "wuauclt.exe /resetauthorization /detectnow" commands. Neither produces any effect.

2. I have run the WSUS client diagnostic tool. On some workstations, it reports that the UseWUServer value is missing from the registry. However, when I create that registry value (in HKLM\Software\Policies\Microsoft\Wiindows\WindowsUpdate\AU" and set it to a value of 1, the diag tool runs successfully and reports no errors, but the computer still never appears in the server console.

3. I have used the script, posted in other question threads here on EE, to reset the SID and registry key values, and then re-run the "wuauclt.exe /resetauthorization /detectnow" command. Still no change.

4. I have checked the IIS server settings and have verified that the WSUS web site is on the default of port 80 and, therefore, the server address I used in Group Policy is correct.

If anyone could offer any additional suggestions, they would be most appreciated. Thanks!

- Ithizar
0
Comment
Question by:Ithizar
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 10

Expert Comment

by:jramsier
ID: 33647350
on one of the machines that is not working (client side) do a "gpresult" and see if that GPO is applied to that device.  If it is filtered then you have a problem with GPO not apply to the device.  Iether way try a "gpupdate /force" on the device.

Also check the registry settings.  here is a link that decribes them, depending on what you set in GPO:
http://technet.microsoft.com/en-us/library/cc708545(WS.10).aspx

Sounds like a GPO issue if they are not in WSUS.
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33647959
download the client diagnostic tools and see where the problem is coming from.

http://technet.microsoft.com/en-us/wsus/bb466192.aspx
0
 

Author Comment

by:Ithizar
ID: 33648044
Thanks, justinyeung. However, did you actually read my post? :) Please see # 2 in my list of things I've tried.
0
 

Author Comment

by:Ithizar
ID: 33648533
jramsier,

gpresult shows that the GPO is being applied to the computer, and updated on a regular basis. Additionally, I ran the "rsop.msc" tool to look at the resultant set of policies, and all of the specific policy settings I had defined, like the use of automatic updates and the location of our WSUS server, were correct.

I have run "gpupdate /force" many times, but did it again just to be safe. Then, I even ran "wuauclt.exe /resetauthorization /detectnow" again. Still no dice.

I checked the link you provided, and basically all the permissions were set correctly. The only thing that was missing is that the ASPNET account did not have access to one registry key. I fixed that. Still no change in behavior.

- Ithizar
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 33648633
"I have installed WSUS, configured it, and set the group policy (for the entire domain) to point workstations to the server. Thus far, only about 100 of the 150 workstations have appeared in the WSUS management console. The other 50 or so workstations are not showing up."

This is a duplicate sid issue
 
 
http://msmvps.com/blogs/athif/pages/66376.aspx

0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33648822
add the following registry key on the machine that is not contact

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUState"=dword:00000002

and then try to reauthorize the machine

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33648904
@justinyeung
 
Group policy configures this registry setting which the author has already stated is correctly being applied.
0
 
LVL 10

Expert Comment

by:jramsier
ID: 33650135
I agree with dstewartjr.  This is very common if you image the machines via Symantec Ghost or other programs.  You will need to recreate the SID on the machines if so.

Use this to check the SIDs:
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

If some are the same use this to fix:
http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33650213
Machine SId and the WSUS SUSclientID are 2 different items.
 
NewSid is retired and will not remedy a WSUS issue.
 
The script in the link I posted will delete the registry locations where the DuplicateSid is located.
Wuauclt /resetauthorization /detectnow will tell the client to retrieve a new SUSClientID.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now