asked on
WSUS clients appearing and disappearing
Update Services Version: 3.2.7600.226
Server: Server 2003 Standard, Service Pack 2
Client: Windows XP Professional, Service Pack 3
WU Client Version: wuauclt.exe version 7.4.7600.226
I'm having a strange problem with clients appearing and disappearing from WSUS. After Googling the problem, it seems the most common cause is duplicate SusClientIDs, however in this thread:
http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/c331d314-2f04-4b07-a3fd-878183b8101d
A contributor states:
And as you can see, my machines meet the above requirements.
Have any experts come across another cause for this problem?
Thanks in advance!
Server: Server 2003 Standard, Service Pack 2
Client: Windows XP Professional, Service Pack 3
WU Client Version: wuauclt.exe version 7.4.7600.226
I'm having a strange problem with clients appearing and disappearing from WSUS. After Googling the problem, it seems the most common cause is duplicate SusClientIDs, however in this thread:
http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/c331d314-2f04-4b07-a3fd-878183b8101d
A contributor states:
Upgrade to WSUS 3 SP2, which will cause all WUAgents to upgrade to the v7.4 build, which has built-in code to detect and remediate duplicate SusClientIDs
And as you can see, my machines meet the above requirements.
Have any experts come across another cause for this problem?
Thanks in advance!
Windows Server 2003
Last Comment
leftcase
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Fair enough, I'll give it a go on my WSUS test group tomorrow and see if it clears up the problem. If that works and the duplicate SusClientID issue then I've another thousand or so PCs that probably have the same problem unfortunately!
ASKER
Sorry, meant to say 'If that works and it is the duplicate SusClientID issue'
The psexec command that I gave you is the easist way run the script on whole domain.
The "*" is a wildcard for whole domain
The "-d" switch is dont wait before moving on to next
The "*" is a wildcard for whole domain
The "-d" switch is dont wait before moving on to next
ASKER
I'll try resetting the SUS ID on the test group tomorrow and let you know how I get on. Thanks again.
You're welcome, GL
ASKER
Unfortunately I can't run psexec on remote PCs at the moment. It looks like the AV might not be happy with psexec/psexesvc using remote pipes.
What I have done however is log onto a selection of PCs and check the SusClientId registry key on each. I don't see any replication in that key, even in machines with sequential numbers from the same image batch. At a guess, I'd say that the fix that Microsoft implimented in the v7.4 build of WUAgent must do regenerate the SuSClientId at first run.
Any other suggestions? :-S
What I have done however is log onto a selection of PCs and check the SusClientId registry key on each. I don't see any replication in that key, even in machines with sequential numbers from the same image batch. At a guess, I'd say that the fix that Microsoft implimented in the v7.4 build of WUAgent must do regenerate the SuSClientId at first run.
Any other suggestions? :-S
From the "More Information" section here:
http://support.microsoft.com/kb/903262
We have added an automatic feature to the Windows Update Agent that is installed on WSUS client computers. This feature can help address this duplicate-SusClientID issue. The feature provides a solution that is added to the client-side Windows Update Agent starting with version 7.0.6000.374. (This version is the client version that was included with WSUS 3.0.)
This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.)
The hardware validation routine is stored as a binary large object in the Susclientidvalidation registry key at the same location as the Susclientid registry value. If the hardware validation routine indicates that all the hardware has changed, a new SusClientID value is generated by the client.
Note The hardware validation routine requires that the client connect to a server that is running Windows Software Update Services 3.0 or a later version of WSUS and not to a server that is running Windows Software Update Services 2.0.
Run the command wuauclt /resetauthorization /detectnow on all your clients
http://support.microsoft.com/kb/903262
We have added an automatic feature to the Windows Update Agent that is installed on WSUS client computers. This feature can help address this duplicate-SusClientID issue. The feature provides a solution that is added to the client-side Windows Update Agent starting with version 7.0.6000.374. (This version is the client version that was included with WSUS 3.0.)
This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.)
The hardware validation routine is stored as a binary large object in the Susclientidvalidation registry key at the same location as the Susclientid registry value. If the hardware validation routine indicates that all the hardware has changed, a new SusClientID value is generated by the client.
Note The hardware validation routine requires that the client connect to a server that is running Windows Software Update Services 3.0 or a later version of WSUS and not to a server that is running Windows Software Update Services 2.0.
Run the command wuauclt /resetauthorization /detectnow on all your clients
ASKER
So the situation seems to be as I suggested in my opening question, that WSUS 3 deals with the problem of duplicate SusClientID's. As we have quite a lot of clients, can you suggest what resetting the authorisation should achieve in the context of the problem?
Thanks again,
Thanks again,
I should have said to just find a way to run the script on all your clients to ensure the SUSId's get changed.
Put in a startup script until all your clients are in your console. Like I said there is no harm if it runs more than once.
Your issue is kind of a catch22, if your image was imaged after it connected to WSUS and.....
"This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.) "
If your clients are all identical hardware/network adapters this would explain the need to reset the SUSclientID.
This is why it is recommended to sysprep. Again, just run the script and be done with it and I would ensure that your image doesnt have those registry keys before it is deployed.
Put in a startup script until all your clients are in your console. Like I said there is no harm if it runs more than once.
Your issue is kind of a catch22, if your image was imaged after it connected to WSUS and.....
"This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.) "
If your clients are all identical hardware/network adapters this would explain the need to reset the SUSclientID.
This is why it is recommended to sysprep. Again, just run the script and be done with it and I would ensure that your image doesnt have those registry keys before it is deployed.
ASKER
I think the point that the MS article is trying to make is that it would check the hardware serial/MAC address etc, rather than the hardware model number. If you take out a network card and replace it with an identical network card the system should recognise that it is a different item of hardware because it has a different hardware ID. Regenerating the client ID on a change of hardware type (ie. replacing an Intel card with a freecom card) wouldn't make sense really.
I have checked machines that have been reimaged using the same image created with sysprep and they do have different SusclientID's.
I have checked machines that have been reimaged using the same image created with sysprep and they do have different SusclientID's.
Well, to address your initial problem..the only way for your clients to be appearing and disappearing is because of a duplicate sid at one point or another. Once all your client machines go thru their hardware validation routine or you run the script it should be remediated.
ASKER
Sorry if I come across as a bit of an 'awkward customer' as it were. It's just that if I'm going to deploy a script to as many PCs as I'm going to have to, I want to be entirely sure of what the problem is before I do it :-) I'll let you know how I get on.
I'm not sure it's relevant in this case, as unless I'm misreading the article you have linked to, it seems to be suggesting a solution for the duplicate SusClientIDs issue which is (as I suggested above) supposed to be fixed automatically by WSUS SP3 (which I'm running).