dongocdung
asked on
Servers are not added into WSUS server
I checked the WSUS but I did not see some servers in WSUS. I checked the Registry and saw that path
HKEY_LOCAL_MACHINE\Softwar e\Policies \Microsoft \Windows\W indowsUpda te
I think the path should be like this
HKEY_LOCAL_MACHINE\Softwar e\Policies \Microsoft \Windows\W indowsUpda te\AU
Please assist me with this situation.
Thanks,
HKEY_LOCAL_MACHINE\Softwar
I think the path should be like this
HKEY_LOCAL_MACHINE\Softwar
Please assist me with this situation.
Thanks,
ASKER
I tried to run those commands above but nothing happened. They were never on WSUS. This is a new installation of the some servers not all. The servers are 2008 R2.
Can you post the
HKEY_LOCAL_MACHINE\Softwar e\Policies \Microsoft \Windows\W indowsUpda te\AU
you only showed the
HKEY_LOCAL_MACHINE\Softwar e\Policies \Microsoft \Windows\W indowsUpda te
HKEY_LOCAL_MACHINE\Softwar
you only showed the
HKEY_LOCAL_MACHINE\Softwar
Missing some entries.
Here is mine.
AUOptions reg_dword 0x00000003
AutoInstallMinorUpdates reg_dword 0x00000001
DetectionFrequency reg_dword 0x00000006 every six hours
DetectionFrequencyEnabled reg_dword 0x00000001
IncludeRecommendedUpdates reg_dword 0x00000001
NoAutoUpdate reg_dword 0x00000000
ScheduledInstallDay reg_dword 0x00000000
ScheduledInstallTime reg_dword 0x00000003
UseWUServer reg_dword 0x00000001
Here is mine.
AUOptions reg_dword 0x00000003
AutoInstallMinorUpdates reg_dword 0x00000001
DetectionFrequency reg_dword 0x00000006 every six hours
DetectionFrequencyEnabled reg_dword 0x00000001
IncludeRecommendedUpdates reg_dword 0x00000001
NoAutoUpdate reg_dword 0x00000000
ScheduledInstallDay reg_dword 0x00000000
ScheduledInstallTime reg_dword 0x00000003
UseWUServer reg_dword 0x00000001
ASKER
How do I correct it?
ASKER
are you getting the group policy to these servers.
Do you have a policy defined for WSUS ?
try running this gpupdate /force
If not then these entries will not be made.
You can manually enter them but I would create a policy and deploy that policy.
Here is a link for setting the group policy
http://support.microsoft.com/kb/328010
Do you have a policy defined for WSUS ?
try running this gpupdate /force
If not then these entries will not be made.
You can manually enter them but I would create a policy and deploy that policy.
Here is a link for setting the group policy
http://support.microsoft.com/kb/328010
Is this an active directory domain?
use this
Loading policy settings by using Group Policy in Active Directory directory services
To load policy settings by using Group Policy, you must use the Wuau.adm file that describes the new policy settings for the Automatic Updates client. Wuau.adm is automatically installed in the Windows\Inf folder when you install the new Automatic Updates feature.
You can load Windows\Inf\Wuau.adm as an administrative template in Group Policy Object Editor.
To load policy settings by using Group Policy in Active Directory: 1.On an Active Directory domain controller, click Start, and then click Run.
2.Type dsa.msc.
3.Right-click the organizational unit or domain where you want to create the policy, and then click Properties.
4.Click the Group Policy tab, and then click New.
5.Type a name for the policy, and then click Edit.
6.Under Computer Settings, right-click Administrative Templates.
7.Click Add/Remove Templates, and then click Add.
8.Type the name of the Automatic Updates .adm file, for example, type windows_folder\inf\wuau.ad m.
9.Click Open.
Set the policy and
then on the server run gpupdate /force
use this
Loading policy settings by using Group Policy in Active Directory directory services
To load policy settings by using Group Policy, you must use the Wuau.adm file that describes the new policy settings for the Automatic Updates client. Wuau.adm is automatically installed in the Windows\Inf folder when you install the new Automatic Updates feature.
You can load Windows\Inf\Wuau.adm as an administrative template in Group Policy Object Editor.
To load policy settings by using Group Policy in Active Directory: 1.On an Active Directory domain controller, click Start, and then click Run.
2.Type dsa.msc.
3.Right-click the organizational unit or domain where you want to create the policy, and then click Properties.
4.Click the Group Policy tab, and then click New.
5.Type a name for the policy, and then click Edit.
6.Under Computer Settings, right-click Administrative Templates.
7.Click Add/Remove Templates, and then click Add.
8.Type the name of the Automatic Updates .adm file, for example, type windows_folder\inf\wuau.ad
9.Click Open.
Set the policy and
then on the server run gpupdate /force
ASKER
In domain controller 2008, there is not Group Policy tab any more.
For Windows 2008
The settings are located in the following location in Group Policy Management Editor:
Computer Configuration-->Policies-- >Windows Components-->Windows Update
The settings are located in the following location in Group Policy Management Editor:
Computer Configuration-->Policies--
ASKER
I get lost now.
what do I do the steps you recommended for? Do I do these on servers or domain controllers?
I have two policies already. Do I need to do these steps?
Thanks,
what do I do the steps you recommended for? Do I do these on servers or domain controllers?
I have two policies already. Do I need to do these steps?
Thanks,
on the domain controller server.
then follow those steps once the domain policy is created then it will be deployed to all servers and workstations on the domain.
Those policies are local to that computer only
then follow those steps once the domain policy is created then it will be deployed to all servers and workstations on the domain.
Those policies are local to that computer only
ASKER
I am confused now. Let me stated my problem again. The two WSUS policies were created in domain controllers already. There are only some servers could not be seen in WSUS. I would like to add these servers into WSUS.
expand those two policies and lets see what is set
ASKER
when i tried your steps in GP Editor, I did not see wuau.adm file.
Right click Group Policy -> Edit -> Right click Administrative Template -> Add/Remove Template -> Add
Right click Group Policy -> Edit -> Right click Administrative Template -> Add/Remove Template -> Add
Yes but your missing the detection frequency entries.
Also this looks like the policy is from the local machine only.
I add Group Policy Management to the Server Manager on My Windows 2008 Server
Then you can see How I drilled down thru the Forest to the Domains then to my domain and then to the Policy.
Once you get the Domain Policy working then it will all fall in place.
Remember you have a local policy on each server and computer When you join a domain then the Domain Policy takes control.
Try using Server Manager and adding the Group Policy Management and see if you can find the domain wsus policy. If not you need to add the wsus policy to the domain policy.
Also this looks like the policy is from the local machine only.
I add Group Policy Management to the Server Manager on My Windows 2008 Server
Then you can see How I drilled down thru the Forest to the Domains then to my domain and then to the Policy.
Once you get the Domain Policy working then it will all fall in place.
Remember you have a local policy on each server and computer When you join a domain then the Domain Policy takes control.
Try using Server Manager and adding the Group Policy Management and see if you can find the domain wsus policy. If not you need to add the wsus policy to the domain policy.
ASKER
You are looking at Group Policy Objects
Need to be in Domain Policy
On my Display you see how I drill down to the WSUS Policy?
You need to create a WSUS Policy at that level then it will distribute to the network.
right click on your domain name under Domains and then select Create a GPO in this domain and link it here option.
Call it WSUS and follow the steps
Need to be in Domain Policy
On my Display you see how I drill down to the WSUS Policy?
You need to create a WSUS Policy at that level then it will distribute to the network.
right click on your domain name under Domains and then select Create a GPO in this domain and link it here option.
Call it WSUS and follow the steps
ASKER
Ok I see now
Do I really need to add the detection frequency entries? YES
Without this the computers/servers will never detect the wsus server for updates or registrar
Look at this
http://www.infotechguyz.com/server2008/wsus.html
Do I really need to add the detection frequency entries? YES
Without this the computers/servers will never detect the wsus server for updates or registrar
Look at this
http://www.infotechguyz.com/server2008/wsus.html
ASKER
In the article you provided, I did not see it configured detection frequency
It was a general article not in detail.
But when you create the domain policy WSUS you will have the options.
You could try on one server by manually add the entries in the registry.
Just add these two
DetectionFrequency reg_dword 0x00000006 every six hours
DetectionFrequencyEnabled reg_dword 0x00000001
But when you create the domain policy WSUS you will have the options.
You could try on one server by manually add the entries in the registry.
Just add these two
DetectionFrequency reg_dword 0x00000006 every six hours
DetectionFrequencyEnabled reg_dword 0x00000001
ASKER
As I said early, I only can link the WSUS group policy to the specific OUs not domain.
Ok did you say that only some servers are not being detected? Or are they all of them?
If it is only some then we need to check to see if they are getting policy updates.
run gpupdate /force
then lets look at the event log see if get any group policy messages
If it is only some then we need to check to see if they are getting policy updates.
run gpupdate /force
then lets look at the event log see if get any group policy messages
ASKER
I run gpresult /r on one server and saw WSUS Group policy is applied to it. However, that server is not added in WSUS server.
Are all the server having the problem on the same lan as the wsus server?
This is your only wsus server right? no down stream wsus servers?
After the group policy applied did you check the registry did any thing change?
I know we looked at the registry entries before but was one of those on a server that is listed in WSUS?
If not can we get a look at a working server and compare to the no working one.
On the failing server clients you can go to %windir%/WindowUpdate.log and this is where the WSUS client log is located. lets look at that and post here
This is your only wsus server right? no down stream wsus servers?
After the group policy applied did you check the registry did any thing change?
I know we looked at the registry entries before but was one of those on a server that is listed in WSUS?
If not can we get a look at a working server and compare to the no working one.
On the failing server clients you can go to %windir%/WindowUpdate.log and this is where the WSUS client log is located. lets look at that and post here
ASKER
There is no downstream server. nothing change in registry. I also run these command to add the server but nothing happened.
net stop wuauserv
regsvr32 /s wuapi.dll
regsvr32 /s wups.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s msxml3.dll
c:
cd %windir%\SoftwareDistribut ion
rd /s/q DataStore
mkdir DataStore
rd /s/q Download
mkdir Download
net start wuauserv
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Wi ndows\Curr entVersion \WindowsUp date /v SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop "Windows Update"
net start "Windows Update"
wuauclt /resetauthorization /detectnow
wuauclt /reportnow
I attached the reportingeventlog
ReportingEvents.log
net stop wuauserv
regsvr32 /s wuapi.dll
regsvr32 /s wups.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s msxml3.dll
c:
cd %windir%\SoftwareDistribut
rd /s/q DataStore
mkdir DataStore
rd /s/q Download
mkdir Download
net start wuauserv
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete HKLM\SOFTWARE\Microsoft\Wi
reg delete HKLM\SOFTWARE\Microsoft\Wi
cls
@echo Triggering detection after resetting WSUS client identity
net stop "Windows Update"
net start "Windows Update"
wuauclt /resetauthorization /detectnow
wuauclt /reportnow
I attached the reportingeventlog
ReportingEvents.log
After reviewing the log I found this error
Windows Update Client failed to detect with error 0x800b0001.
tells us that you have not yet installed KB2720211 onto your WSUS server.
What version is WSUS make sure you have this patch on
Windows Update Client failed to detect with error 0x800b0001.
tells us that you have not yet installed KB2720211 onto your WSUS server.
What version is WSUS make sure you have this patch on
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i will install it on WSUS server tonight and will let you know later.
thanks,
thanks,
ASKER
I've requested that this question be closed as follows:
Accepted answer: 500 points for trgrassijr55's comment #a39681247
Assisted answer: 0 points for dongocdung's comment #a39681106
for the following reason:
run commands
Accepted answer: 500 points for trgrassijr55's comment #a39681247
Assisted answer: 0 points for dongocdung's comment #a39681106
for the following reason:
run commands
wuauclt /detectnow /reportnow
wuauclt /reauthorization /detectnow
Were they ever on WSUS?
Is this a new installation of the servers?
What OS are the servers
Also check your policy to see how often the computer/server polls the wsus server.
May want to change the polling to every 6 hours or so.