WSUS Server Not Picking up some of the Servers\Clients on Domain

Hi,

I have recently installed a WSUS Server on our Domain. The Domain Conists of mostly Windows 7 Laptops with a few XP ones knocking around still. The Servers are either Server 2003 or Server 2008R2.

I have editied the Group Policy so it looks to get it's updates from http://ServerName:8530

Some of the Clients and Servers have picked up the WSUS server and have appeared in the Computers Section on WSUS. However there are some Clients and Servers that are not showing up and are not getting updates from the WSUS server. has anybody got any suggestions on how to solve this.

LVL 1
Contigo1Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Contigo1Connect With a Mentor Author Commented:
I have solved the issue now. The problem was with the File Replication between AD and the Sysvol I fixed the replication problem and left it for a few hours. I then changes the WSUS part of the GPO back to not configured and again left it for a bit for all of the servers to pick up the changes. Once they had I went back into the GPO and reconfigured it.

Cheers for your help
0
 
Contigo1Author Commented:
It looks like the Server is trying to connect to the WSUS Server Is there any sort of Firewall config that needs doing? as I think that might be the problem
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
ShrColCommented:
If some clients are working OK then that would suggest your WSUS server firewall is fine.
0
 
ShrColCommented:
Also, have a look at this: http://support.microsoft.com/kb/902093
0
 
Contigo1Author Commented:
Hi Just a little update on this We previously had a WSUS server on a test server so we could evaluate it. All the Computers and Servers were pointed at that WSUS Server using group policy. I then Changed the group policy when we turned the test server off. We are now installing WSUS on a new server.

I have had a look in the registry on one of the servers that is unable to connect and it looks like it is still pointing to the Old WSUS server.

This means that the server is not picking up the changes made to the Group policy.
0
 
ShrColCommented:
I presume you have forced a policy refresh? (gpupdate /force)
0
 
Contigo1Author Commented:
yeh I have done a Gpupdate /force on the servers and they still not picking up the change. I have also tried restarting the Servers to see if doing that would refresh the Group Policy.
0
 
ShrColCommented:
Can you confirm that some devices getting the same updated policy do see WSUS?
0
 
Contigo1Author Commented:
The Group Policy is the Default Domain Policy so all the machines should be picking it up. Also I have just checked one of the servers that is showing up in WSUS and in the registry it is still pointing to the old server.
0
 
ShrColCommented:
Some general tips on WSUS based policy issues here: http://www.wsuswiki.com/TroubleshootingGPO - also try this on a machine that doesnt show: wuauclt.exe /resetauthorization /detectnow
0
 
Contigo1Author Commented:
I have tried running the command and the computers are still not showing up in the list.
0
 
Contigo1Author Commented:
I have noticed that it can take a while for the Computers to show up in WSUS so I will keep checking through out the day to see if any appear after doing the command you suggested.
0
 
Contigo1Author Commented:
Overnight it has picked up 2 more servers but is saying that there is no status report. Could this still be that the Server is not connecting to the WSUS Server properly as normaly WSUS has a status report within a few hours at most.
0
 
Contigo1Author Commented:
I have just done a RSOP on one of the Servers that is not contacting the WSUS Server and it is still pointing towards the Old Wsus server.
0
 
ShrColCommented:
I would suggest your issue is more policy based than WSUS in that case. Check through this: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx
0
 
Contigo1Author Commented:
The Group Policy is setup correctly the problem is that it is not registering the change in the policy so is keeping the previous value. I have tried doing gpupdate /force and it still will not pick up the command. The Servers are all in the same ou there is no WMI filtering and Security polices applied to the Group policy.
0
 
ShrColCommented:
Check this: http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/eff10fab-7ca3-471e-a164-bf7b73a28128/ - once the registry has been cleaned up it may start using the policy settings. Take a backup first if the machine is key!
0
 
Contigo1Author Commented:
If I delete the Windows update part of the registery like it suggests in the technet post you have sent me to then if I run a gpupdate /force will this correct the problem? I have exported the current contents will this be a safe enough fall back If i have to re-import the files?
0
 
ShrColCommented:
Thats what the post suggests. I would try this on a test machine / VM first to check it works correctly. Then ensure you have a backup of the registry branch AND the entire registry just to be sure before doing it on any production machines.Plus any data thats important.

I have not tried this myself before so would recommend caution.
0
 
Contigo1Author Commented:
Ok I will take a full registry backup and a backup of the specific branch. before I delete anything. We have Daily backups of all the important data.
0
 
Contigo1Author Commented:
I deleted the registry value and then restarted the machine and done gpupdate /force and it has changed the setting to the same value as it was before. Is it possible that the problem could be an issue with the version numbers of the group policy or somthing like that as it makes no sense why some machines have the correct setting while others dont but they are both using the same group policy
0
 
ShrColCommented:
You could try creating a new OU, isolating one of the machines in that OU and create a new policy just for Windows update to see if that helps.
0
 
Contigo1Author Commented:
I have been doing some research and came accross this do you think this could be what is causing the problem?
0
 
Contigo1Author Commented:
Sorry I forgot to paste in the link. It is now below:

http://technet.microsoft.com/en-us/library/cc786241(WS.10).aspx
0
 
Contigo1Author Commented:
I have just looked in the registry on one of the machines that is showing up in the WSUS server and it is still pointing to the old Server.
0
 
ShrColCommented:
I think we have covered the WSUS side of things fairly well. I would look at the policy side, try the steps in my last comment. It rules out OU / other policy issues. May help isolate the problem. Can’t hurt to check through the steps in your link also.
0
 
Contigo1Author Commented:
Even the machines that are showing up in WSUS when I do an RSOP or check the registry they are also set to the old machine but some how are showing up in the new server.
0
 
Contigo1Author Commented:
I have added a new OU and then added the Server into the OU and the problem is still there
0
 
ShrColCommented:
Have you also blocked policy inheritance and created a new linked policy for WSUS?
0
 
Contigo1Author Commented:
No I can try that now though I will let you know how I get on.
0
 
Contigo1Author Commented:
I have blocked inheritence but it is still show the default domain policy which is the one with the changes in.
0
 
Contigo1Author Commented:
I have found that AD and the Sysvol are out of sync could this be what is causing the problem? In RSOP I got the following info off one of the machines that is having problems:

AD (116), Sysvol (57)
0
 
Contigo1Author Commented:
This is what solved the problem
0
All Courses

From novice to tech pro — start learning today.