Solved

WSUS clients appearing and disappearing

Posted on 2010-11-10
15
867 Views
Last Modified: 2012-05-10
Update Services Version: 3.2.7600.226
Server: Server 2003 Standard, Service Pack 2
Client: Windows XP Professional, Service Pack 3
WU Client Version: wuauclt.exe version 7.4.7600.226

I'm having a strange problem with clients appearing and disappearing from WSUS. After Googling the problem, it seems the most common cause is duplicate SusClientIDs, however in this thread:

http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/c331d314-2f04-4b07-a3fd-878183b8101d

A contributor states:

Upgrade to WSUS 3 SP2, which will cause all WUAgents to upgrade to the v7.4 build, which has built-in code to detect and remediate duplicate SusClientIDs

And as you can see, my machines meet the above requirements.

Have any experts come across another cause for this problem?

Thanks in advance!




0
Comment
Question by:leftcase
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
15 Comments
 
LVL 4

Assisted Solution

by:Pro_
Pro_ earned 150 total points
ID: 34100862
If you have imaged clients see this post too: http://msmvps.com/blogs/athif/archive/2005/09/04/65174.aspx. It includes a script to fix issues caused bu imaged PC's e.g. Ghost
0
 
LVL 2

Author Comment

by:leftcase
ID: 34100885
Thanks for the comment.

I'm not sure it's relevant in this case, as unless I'm misreading the article you have linked to, it seems to be suggesting a solution for the duplicate SusClientIDs issue which is (as I suggested above) supposed to be fixed automatically by WSUS SP3 (which I'm running).
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 350 total points
ID: 34104027
I would run the script regardless, as the script is harmless no matter how many times it gets run.

Put it in a startup script or use psexec to run it

psexec \\* -c -f -s -d \\server\share\AU_Clean_SID.cmd
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 2

Author Comment

by:leftcase
ID: 34104106
Fair enough, I'll give it a go on my WSUS test group tomorrow and see if it clears up the problem. If that works and the duplicate SusClientID issue then I've another thousand or so PCs that probably have the same problem unfortunately!
0
 
LVL 2

Author Comment

by:leftcase
ID: 34104115
Sorry, meant to say 'If that works and it is the duplicate SusClientID issue'
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34104252
The psexec command that I gave you is the easist way run the script on whole domain.

The "*" is a wildcard for whole domain

The "-d" switch is dont wait before moving on to next

0
 
LVL 2

Author Comment

by:leftcase
ID: 34104377
I'll try resetting the SUS ID on the test group tomorrow and let you know how I get on. Thanks again.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34104400
You're welcome, GL
0
 
LVL 2

Author Comment

by:leftcase
ID: 34112510
Unfortunately I can't run psexec on remote PCs at the moment. It looks like the AV might not be happy with psexec/psexesvc using remote pipes.

What I have done however is log onto a selection of PCs and check the SusClientId registry key on each. I don't see any replication in that key, even in machines with sequential numbers from the same image batch. At a guess, I'd say that the fix that Microsoft implimented in the v7.4 build of WUAgent must do regenerate the SuSClientId at first run.

Any other suggestions? :-S
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34112876
From the "More Information" section here:

http://support.microsoft.com/kb/903262

We have added an automatic feature to the Windows Update Agent that is installed on WSUS client computers. This feature can help address this duplicate-SusClientID issue. The feature provides a solution that is added to the client-side Windows Update Agent starting with version 7.0.6000.374. (This version is the client version that was included with WSUS 3.0.)

This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.)

The hardware validation routine is stored as a binary large object in the Susclientidvalidation registry key at the same location as the Susclientid registry value. If the hardware validation routine indicates that all the hardware has changed, a new SusClientID value is generated by the client.

Note The hardware validation routine requires that the client connect to a server that is running Windows Software Update Services 3.0 or a later version of WSUS and not to a server that is running Windows Software Update Services 2.0.




Run the command wuauclt /resetauthorization /detectnow on all your clients
0
 
LVL 2

Author Comment

by:leftcase
ID: 34113055
So the situation seems to be as I suggested in my opening question, that WSUS 3 deals with the problem of duplicate SusClientID's. As we have quite a lot of clients, can you suggest what resetting the authorisation should achieve in the context of the problem?

Thanks again,
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34113290
I should have said to just find a way to run the script on all your clients to ensure the SUSId's get changed.

Put in a startup script until all your clients are in your console. Like I said there is no harm if it runs more than once.

Your issue is kind of a catch22, if your image was imaged after it connected to WSUS and.....

"This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.) "

If your clients are all identical hardware/network adapters this would explain the need to reset the SUSclientID.

This is why it is recommended to sysprep. Again, just run the script and be done with it and I would ensure that your image doesnt have those registry keys before it is deployed.
0
 
LVL 2

Author Comment

by:leftcase
ID: 34113683
I think the point that the MS article is trying to make is that it would check the hardware serial/MAC address etc, rather than the hardware model number. If you take out a network card and replace it with an identical network card the system should recognise that it is a different item of hardware because it has a different hardware ID.  Regenerating the client ID on a change of hardware type (ie. replacing an Intel card with a freecom card) wouldn't make sense really.

I have checked machines that have been reimaged using the same image created with sysprep and they do have different SusclientID's.

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34114505
Well, to address your initial problem..the only way for your clients to be appearing and disappearing is because of a duplicate sid at one point or another. Once all your client machines go thru their hardware validation routine or you run the script it should be remediated.
0
 
LVL 2

Author Comment

by:leftcase
ID: 34115579
Sorry if I come across as a bit of an 'awkward customer' as it were. It's just that if I'm going to deploy a script to as many PCs as I'm going to have to, I want to be entirely sure of what the problem is before I do it :-) I'll let you know how I get on.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question