Link to home
Start Free TrialLog in
Avatar of Contigo1
Contigo1

asked on

WSUS Server Not Picking up some of the Servers\Clients on Domain

Hi,

I have recently installed a WSUS Server on our Domain. The Domain Conists of mostly Windows 7 Laptops with a few XP ones knocking around still. The Servers are either Server 2003 or Server 2008R2.

I have editied the Group Policy so it looks to get it's updates from http://ServerName:8530

Some of the Clients and Servers have picked up the WSUS server and have appeared in the Computers Section on WSUS. However there are some Clients and Servers that are not showing up and are not getting updates from the WSUS server. has anybody got any suggestions on how to solve this.

Avatar of ShrCol
ShrCol
Flag of United Kingdom of Great Britain and Northern Ireland image

Avatar of Contigo1
Contigo1

ASKER

It looks like the Server is trying to connect to the WSUS Server Is there any sort of Firewall config that needs doing? as I think that might be the problem
If some clients are working OK then that would suggest your WSUS server firewall is fine.
Hi Just a little update on this We previously had a WSUS server on a test server so we could evaluate it. All the Computers and Servers were pointed at that WSUS Server using group policy. I then Changed the group policy when we turned the test server off. We are now installing WSUS on a new server.

I have had a look in the registry on one of the servers that is unable to connect and it looks like it is still pointing to the Old WSUS server.

This means that the server is not picking up the changes made to the Group policy.
I presume you have forced a policy refresh? (gpupdate /force)
yeh I have done a Gpupdate /force on the servers and they still not picking up the change. I have also tried restarting the Servers to see if doing that would refresh the Group Policy.
Can you confirm that some devices getting the same updated policy do see WSUS?
The Group Policy is the Default Domain Policy so all the machines should be picking it up. Also I have just checked one of the servers that is showing up in WSUS and in the registry it is still pointing to the old server.
Some general tips on WSUS based policy issues here: http://www.wsuswiki.com/TroubleshootingGPO - also try this on a machine that doesnt show: wuauclt.exe /resetauthorization /detectnow
I have tried running the command and the computers are still not showing up in the list.
I have noticed that it can take a while for the Computers to show up in WSUS so I will keep checking through out the day to see if any appear after doing the command you suggested.
Overnight it has picked up 2 more servers but is saying that there is no status report. Could this still be that the Server is not connecting to the WSUS Server properly as normaly WSUS has a status report within a few hours at most.
I have just done a RSOP on one of the Servers that is not contacting the WSUS Server and it is still pointing towards the Old Wsus server.
I would suggest your issue is more policy based than WSUS in that case. Check through this: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx
The Group Policy is setup correctly the problem is that it is not registering the change in the policy so is keeping the previous value. I have tried doing gpupdate /force and it still will not pick up the command. The Servers are all in the same ou there is no WMI filtering and Security polices applied to the Group policy.
Check this: http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/eff10fab-7ca3-471e-a164-bf7b73a28128/ - once the registry has been cleaned up it may start using the policy settings. Take a backup first if the machine is key!
If I delete the Windows update part of the registery like it suggests in the technet post you have sent me to then if I run a gpupdate /force will this correct the problem? I have exported the current contents will this be a safe enough fall back If i have to re-import the files?
Thats what the post suggests. I would try this on a test machine / VM first to check it works correctly. Then ensure you have a backup of the registry branch AND the entire registry just to be sure before doing it on any production machines.Plus any data thats important.

I have not tried this myself before so would recommend caution.
Ok I will take a full registry backup and a backup of the specific branch. before I delete anything. We have Daily backups of all the important data.
I deleted the registry value and then restarted the machine and done gpupdate /force and it has changed the setting to the same value as it was before. Is it possible that the problem could be an issue with the version numbers of the group policy or somthing like that as it makes no sense why some machines have the correct setting while others dont but they are both using the same group policy
You could try creating a new OU, isolating one of the machines in that OU and create a new policy just for Windows update to see if that helps.
I have been doing some research and came accross this do you think this could be what is causing the problem?
Sorry I forgot to paste in the link. It is now below:

http://technet.microsoft.com/en-us/library/cc786241(WS.10).aspx
I have just looked in the registry on one of the machines that is showing up in the WSUS server and it is still pointing to the old Server.
I think we have covered the WSUS side of things fairly well. I would look at the policy side, try the steps in my last comment. It rules out OU / other policy issues. May help isolate the problem. Can’t hurt to check through the steps in your link also.
Even the machines that are showing up in WSUS when I do an RSOP or check the registry they are also set to the old machine but some how are showing up in the new server.
I have added a new OU and then added the Server into the OU and the problem is still there
Have you also blocked policy inheritance and created a new linked policy for WSUS?
No I can try that now though I will let you know how I get on.
I have blocked inheritence but it is still show the default domain policy which is the one with the changes in.
I have found that AD and the Sysvol are out of sync could this be what is causing the problem? In RSOP I got the following info off one of the machines that is having problems:

AD (116), Sysvol (57)
ASKER CERTIFIED SOLUTION
Avatar of Contigo1
Contigo1

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This is what solved the problem