Solved

WSUS clients appearing and disappearing

Posted on 2010-11-10
15
861 Views
Last Modified: 2012-05-10
Update Services Version: 3.2.7600.226
Server: Server 2003 Standard, Service Pack 2
Client: Windows XP Professional, Service Pack 3
WU Client Version: wuauclt.exe version 7.4.7600.226

I'm having a strange problem with clients appearing and disappearing from WSUS. After Googling the problem, it seems the most common cause is duplicate SusClientIDs, however in this thread:

http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/c331d314-2f04-4b07-a3fd-878183b8101d

A contributor states:

Upgrade to WSUS 3 SP2, which will cause all WUAgents to upgrade to the v7.4 build, which has built-in code to detect and remediate duplicate SusClientIDs

And as you can see, my machines meet the above requirements.

Have any experts come across another cause for this problem?

Thanks in advance!




0
Comment
Question by:leftcase
  • 8
  • 6
15 Comments
 
LVL 4

Assisted Solution

by:Pro_
Pro_ earned 150 total points
ID: 34100862
If you have imaged clients see this post too: http://msmvps.com/blogs/athif/archive/2005/09/04/65174.aspx. It includes a script to fix issues caused bu imaged PC's e.g. Ghost
0
 
LVL 2

Author Comment

by:leftcase
ID: 34100885
Thanks for the comment.

I'm not sure it's relevant in this case, as unless I'm misreading the article you have linked to, it seems to be suggesting a solution for the duplicate SusClientIDs issue which is (as I suggested above) supposed to be fixed automatically by WSUS SP3 (which I'm running).
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 350 total points
ID: 34104027
I would run the script regardless, as the script is harmless no matter how many times it gets run.

Put it in a startup script or use psexec to run it

psexec \\* -c -f -s -d \\server\share\AU_Clean_SID.cmd
0
 
LVL 2

Author Comment

by:leftcase
ID: 34104106
Fair enough, I'll give it a go on my WSUS test group tomorrow and see if it clears up the problem. If that works and the duplicate SusClientID issue then I've another thousand or so PCs that probably have the same problem unfortunately!
0
 
LVL 2

Author Comment

by:leftcase
ID: 34104115
Sorry, meant to say 'If that works and it is the duplicate SusClientID issue'
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34104252
The psexec command that I gave you is the easist way run the script on whole domain.

The "*" is a wildcard for whole domain

The "-d" switch is dont wait before moving on to next

0
 
LVL 2

Author Comment

by:leftcase
ID: 34104377
I'll try resetting the SUS ID on the test group tomorrow and let you know how I get on. Thanks again.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34104400
You're welcome, GL
0
 
LVL 2

Author Comment

by:leftcase
ID: 34112510
Unfortunately I can't run psexec on remote PCs at the moment. It looks like the AV might not be happy with psexec/psexesvc using remote pipes.

What I have done however is log onto a selection of PCs and check the SusClientId registry key on each. I don't see any replication in that key, even in machines with sequential numbers from the same image batch. At a guess, I'd say that the fix that Microsoft implimented in the v7.4 build of WUAgent must do regenerate the SuSClientId at first run.

Any other suggestions? :-S
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34112876
From the "More Information" section here:

http://support.microsoft.com/kb/903262

We have added an automatic feature to the Windows Update Agent that is installed on WSUS client computers. This feature can help address this duplicate-SusClientID issue. The feature provides a solution that is added to the client-side Windows Update Agent starting with version 7.0.6000.374. (This version is the client version that was included with WSUS 3.0.)

This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.)

The hardware validation routine is stored as a binary large object in the Susclientidvalidation registry key at the same location as the Susclientid registry value. If the hardware validation routine indicates that all the hardware has changed, a new SusClientID value is generated by the client.

Note The hardware validation routine requires that the client connect to a server that is running Windows Software Update Services 3.0 or a later version of WSUS and not to a server that is running Windows Software Update Services 2.0.




Run the command wuauclt /resetauthorization /detectnow on all your clients
0
 
LVL 2

Author Comment

by:leftcase
ID: 34113055
So the situation seems to be as I suggested in my opening question, that WSUS 3 deals with the problem of duplicate SusClientID's. As we have quite a lot of clients, can you suggest what resetting the authorisation should achieve in the context of the problem?

Thanks again,
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34113290
I should have said to just find a way to run the script on all your clients to ensure the SUSId's get changed.

Put in a startup script until all your clients are in your console. Like I said there is no harm if it runs more than once.

Your issue is kind of a catch22, if your image was imaged after it connected to WSUS and.....

"This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.) "

If your clients are all identical hardware/network adapters this would explain the need to reset the SUSclientID.

This is why it is recommended to sysprep. Again, just run the script and be done with it and I would ensure that your image doesnt have those registry keys before it is deployed.
0
 
LVL 2

Author Comment

by:leftcase
ID: 34113683
I think the point that the MS article is trying to make is that it would check the hardware serial/MAC address etc, rather than the hardware model number. If you take out a network card and replace it with an identical network card the system should recognise that it is a different item of hardware because it has a different hardware ID.  Regenerating the client ID on a change of hardware type (ie. replacing an Intel card with a freecom card) wouldn't make sense really.

I have checked machines that have been reimaged using the same image created with sysprep and they do have different SusclientID's.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34114505
Well, to address your initial problem..the only way for your clients to be appearing and disappearing is because of a duplicate sid at one point or another. Once all your client machines go thru their hardware validation routine or you run the script it should be remediated.
0
 
LVL 2

Author Comment

by:leftcase
ID: 34115579
Sorry if I come across as a bit of an 'awkward customer' as it were. It's just that if I'm going to deploy a script to as many PCs as I'm going to have to, I want to be entirely sure of what the problem is before I do it :-) I'll let you know how I get on.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now