Solved

WSUS Server Not Picking up some of the Servers\Clients on Domain

Posted on 2011-09-07
34
747 Views
Last Modified: 2012-05-12
Hi,

I have recently installed a WSUS Server on our Domain. The Domain Conists of mostly Windows 7 Laptops with a few XP ones knocking around still. The Servers are either Server 2003 or Server 2008R2.

I have editied the Group Policy so it looks to get it's updates from http://ServerName:8530

Some of the Clients and Servers have picked up the WSUS server and have appeared in the Computers Section on WSUS. However there are some Clients and Servers that are not showing up and are not getting updates from the WSUS server. has anybody got any suggestions on how to solve this.

0
Comment
Question by:Contigo1
  • 22
  • 12
34 Comments
 
LVL 6

Expert Comment

by:ShrCol
ID: 36494491
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36494523
It looks like the Server is trying to connect to the WSUS Server Is there any sort of Firewall config that needs doing? as I think that might be the problem
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36494529
If some clients are working OK then that would suggest your WSUS server firewall is fine.
0
How our DevOps Team Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 6

Expert Comment

by:ShrCol
ID: 36494549
Also, have a look at this: http://support.microsoft.com/kb/902093
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36494589
Hi Just a little update on this We previously had a WSUS server on a test server so we could evaluate it. All the Computers and Servers were pointed at that WSUS Server using group policy. I then Changed the group policy when we turned the test server off. We are now installing WSUS on a new server.

I have had a look in the registry on one of the servers that is unable to connect and it looks like it is still pointing to the Old WSUS server.

This means that the server is not picking up the changes made to the Group policy.
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36494606
I presume you have forced a policy refresh? (gpupdate /force)
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36494633
yeh I have done a Gpupdate /force on the servers and they still not picking up the change. I have also tried restarting the Servers to see if doing that would refresh the Group Policy.
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36494643
Can you confirm that some devices getting the same updated policy do see WSUS?
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36494717
The Group Policy is the Default Domain Policy so all the machines should be picking it up. Also I have just checked one of the servers that is showing up in WSUS and in the registry it is still pointing to the old server.
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36494806
Some general tips on WSUS based policy issues here: http://www.wsuswiki.com/TroubleshootingGPO - also try this on a machine that doesnt show: wuauclt.exe /resetauthorization /detectnow
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36495388
I have tried running the command and the computers are still not showing up in the list.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36495723
I have noticed that it can take a while for the Computers to show up in WSUS so I will keep checking through out the day to see if any appear after doing the command you suggested.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36501061
Overnight it has picked up 2 more servers but is saying that there is no status report. Could this still be that the Server is not connecting to the WSUS Server properly as normaly WSUS has a status report within a few hours at most.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36502032
I have just done a RSOP on one of the Servers that is not contacting the WSUS Server and it is still pointing towards the Old Wsus server.
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36502114
I would suggest your issue is more policy based than WSUS in that case. Check through this: http://technet.microsoft.com/en-us/library/cc720539%28WS.10%29.aspx
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36503426
The Group Policy is setup correctly the problem is that it is not registering the change in the policy so is keeping the previous value. I have tried doing gpupdate /force and it still will not pick up the command. The Servers are all in the same ou there is no WMI filtering and Security polices applied to the Group policy.
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36510164
Check this: http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/eff10fab-7ca3-471e-a164-bf7b73a28128/ - once the registry has been cleaned up it may start using the policy settings. Take a backup first if the machine is key!
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36511010
If I delete the Windows update part of the registery like it suggests in the technet post you have sent me to then if I run a gpupdate /force will this correct the problem? I have exported the current contents will this be a safe enough fall back If i have to re-import the files?
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36521264
Thats what the post suggests. I would try this on a test machine / VM first to check it works correctly. Then ensure you have a backup of the registry branch AND the entire registry just to be sure before doing it on any production machines.Plus any data thats important.

I have not tried this myself before so would recommend caution.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36521517
Ok I will take a full registry backup and a backup of the specific branch. before I delete anything. We have Daily backups of all the important data.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36521656
I deleted the registry value and then restarted the machine and done gpupdate /force and it has changed the setting to the same value as it was before. Is it possible that the problem could be an issue with the version numbers of the group policy or somthing like that as it makes no sense why some machines have the correct setting while others dont but they are both using the same group policy
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36521705
You could try creating a new OU, isolating one of the machines in that OU and create a new policy just for Windows update to see if that helps.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36521762
I have been doing some research and came accross this do you think this could be what is causing the problem?
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36521764
Sorry I forgot to paste in the link. It is now below:

http://technet.microsoft.com/en-us/library/cc786241(WS.10).aspx
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36521784
I have just looked in the registry on one of the machines that is showing up in the WSUS server and it is still pointing to the old Server.
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36521816
I think we have covered the WSUS side of things fairly well. I would look at the policy side, try the steps in my last comment. It rules out OU / other policy issues. May help isolate the problem. Can’t hurt to check through the steps in your link also.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36521823
Even the machines that are showing up in WSUS when I do an RSOP or check the registry they are also set to the old machine but some how are showing up in the new server.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36522301
I have added a new OU and then added the Server into the OU and the problem is still there
0
 
LVL 6

Expert Comment

by:ShrCol
ID: 36522323
Have you also blocked policy inheritance and created a new linked policy for WSUS?
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36522346
No I can try that now though I will let you know how I get on.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36522385
I have blocked inheritence but it is still show the default domain policy which is the one with the changes in.
0
 
LVL 1

Author Comment

by:Contigo1
ID: 36528834
I have found that AD and the Sysvol are out of sync could this be what is causing the problem? In RSOP I got the following info off one of the machines that is having problems:

AD (116), Sysvol (57)
0
 
LVL 1

Accepted Solution

by:
Contigo1 earned 0 total points
ID: 36536011
I have solved the issue now. The problem was with the File Replication between AD and the Sysvol I fixed the replication problem and left it for a few hours. I then changes the WSUS part of the GPO back to not configured and again left it for a bit for all of the servers to pick up the changes. Once they had I went back into the GPO and reconfigured it.

Cheers for your help
0
 
LVL 1

Author Closing Comment

by:Contigo1
ID: 36558746
This is what solved the problem
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
Why pager replacement is still an issue OnPage has what some might call a “hate/hate” relationship with pagers. Not much room for love. As we see it, pagers are an antiquated bit of technology. Pagers are dinosaurs which, like most dinosaurs, sho…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question