Solved

WSUS Server Not Picking up some of the Servers\Clients on Domain

Posted on 2011-09-07
34
734 Views
Last Modified: 2012-05-12
Hi,

I have recently installed a WSUS Server on our Domain. The Domain Conists of mostly Windows 7 Laptops with a few XP ones knocking around still. The Servers are either Server 2003 or Server 2008R2.

I have editied the Group Policy so it looks to get it's updates from http://ServerName:8530

Some of the Clients and Servers have picked up the WSUS server and have appeared in the Computers Section on WSUS. However there are some Clients and Servers that are not showing up and are not getting updates from the WSUS server. has anybody got any suggestions on how to solve this.

0
Comment
Question by:Contigo1
  • 22
  • 12
34 Comments
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
It looks like the Server is trying to connect to the WSUS Server Is there any sort of Firewall config that needs doing? as I think that might be the problem
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
If some clients are working OK then that would suggest your WSUS server firewall is fine.
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
Also, have a look at this: http://support.microsoft.com/kb/902093
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
Hi Just a little update on this We previously had a WSUS server on a test server so we could evaluate it. All the Computers and Servers were pointed at that WSUS Server using group policy. I then Changed the group policy when we turned the test server off. We are now installing WSUS on a new server.

I have had a look in the registry on one of the servers that is unable to connect and it looks like it is still pointing to the Old WSUS server.

This means that the server is not picking up the changes made to the Group policy.
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
I presume you have forced a policy refresh? (gpupdate /force)
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
yeh I have done a Gpupdate /force on the servers and they still not picking up the change. I have also tried restarting the Servers to see if doing that would refresh the Group Policy.
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
Can you confirm that some devices getting the same updated policy do see WSUS?
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
The Group Policy is the Default Domain Policy so all the machines should be picking it up. Also I have just checked one of the servers that is showing up in WSUS and in the registry it is still pointing to the old server.
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
Some general tips on WSUS based policy issues here: http://www.wsuswiki.com/TroubleshootingGPO - also try this on a machine that doesnt show: wuauclt.exe /resetauthorization /detectnow
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have tried running the command and the computers are still not showing up in the list.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have noticed that it can take a while for the Computers to show up in WSUS so I will keep checking through out the day to see if any appear after doing the command you suggested.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
Overnight it has picked up 2 more servers but is saying that there is no status report. Could this still be that the Server is not connecting to the WSUS Server properly as normaly WSUS has a status report within a few hours at most.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have just done a RSOP on one of the Servers that is not contacting the WSUS Server and it is still pointing towards the Old Wsus server.
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
I would suggest your issue is more policy based than WSUS in that case. Check through this: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
The Group Policy is setup correctly the problem is that it is not registering the change in the policy so is keeping the previous value. I have tried doing gpupdate /force and it still will not pick up the command. The Servers are all in the same ou there is no WMI filtering and Security polices applied to the Group policy.
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
Check this: http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/eff10fab-7ca3-471e-a164-bf7b73a28128/ - once the registry has been cleaned up it may start using the policy settings. Take a backup first if the machine is key!
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:Contigo1
Comment Utility
If I delete the Windows update part of the registery like it suggests in the technet post you have sent me to then if I run a gpupdate /force will this correct the problem? I have exported the current contents will this be a safe enough fall back If i have to re-import the files?
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
Thats what the post suggests. I would try this on a test machine / VM first to check it works correctly. Then ensure you have a backup of the registry branch AND the entire registry just to be sure before doing it on any production machines.Plus any data thats important.

I have not tried this myself before so would recommend caution.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
Ok I will take a full registry backup and a backup of the specific branch. before I delete anything. We have Daily backups of all the important data.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I deleted the registry value and then restarted the machine and done gpupdate /force and it has changed the setting to the same value as it was before. Is it possible that the problem could be an issue with the version numbers of the group policy or somthing like that as it makes no sense why some machines have the correct setting while others dont but they are both using the same group policy
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
You could try creating a new OU, isolating one of the machines in that OU and create a new policy just for Windows update to see if that helps.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have been doing some research and came accross this do you think this could be what is causing the problem?
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
Sorry I forgot to paste in the link. It is now below:

http://technet.microsoft.com/en-us/library/cc786241(WS.10).aspx
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have just looked in the registry on one of the machines that is showing up in the WSUS server and it is still pointing to the old Server.
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
I think we have covered the WSUS side of things fairly well. I would look at the policy side, try the steps in my last comment. It rules out OU / other policy issues. May help isolate the problem. Can’t hurt to check through the steps in your link also.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
Even the machines that are showing up in WSUS when I do an RSOP or check the registry they are also set to the old machine but some how are showing up in the new server.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have added a new OU and then added the Server into the OU and the problem is still there
0
 
LVL 6

Expert Comment

by:ShrCol
Comment Utility
Have you also blocked policy inheritance and created a new linked policy for WSUS?
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
No I can try that now though I will let you know how I get on.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have blocked inheritence but it is still show the default domain policy which is the one with the changes in.
0
 
LVL 1

Author Comment

by:Contigo1
Comment Utility
I have found that AD and the Sysvol are out of sync could this be what is causing the problem? In RSOP I got the following info off one of the machines that is having problems:

AD (116), Sysvol (57)
0
 
LVL 1

Accepted Solution

by:
Contigo1 earned 0 total points
Comment Utility
I have solved the issue now. The problem was with the File Replication between AD and the Sysvol I fixed the replication problem and left it for a few hours. I then changes the WSUS part of the GPO back to not configured and again left it for a bit for all of the servers to pick up the changes. Once they had I went back into the GPO and reconfigured it.

Cheers for your help
0
 
LVL 1

Author Closing Comment

by:Contigo1
Comment Utility
This is what solved the problem
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This comprehensive conference-networking guide will help you prep, practice and pack for success, reach out with purpose and confidence, capitalize on connections, and turn all those new leads into long-term connections.
Email signature management is something that is often overlooked in many organizations or is simply not implemented effectively. Let's take a look at what methods are available for managing this important piece of corporate branding.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now