[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 242
  • Last Modified:

Servers are not added into WSUS server

I checked the WSUS but I did not see some servers in WSUS. I checked the Registry and saw that path

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

WSUS.jpg
I think the path should be like this

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Please assist me with this situation.
Thanks,
0
dongocdung
Asked:
dongocdung
  • 21
  • 17
1 Solution
 
Thomas GrassiSystems AdministratorCommented:
try running these commands

wuauclt /detectnow /reportnow

wuauclt /reauthorization /detectnow


Were they ever on WSUS?
Is this a new installation of the servers?

What OS are the servers

Also check your policy to see how often the computer/server polls the wsus server.

May want to change the polling to every 6 hours or so.
0
 
dongocdungAuthor Commented:
I tried to run those commands above but nothing happened. They were never on WSUS. This is a new installation of the some servers not all. The servers are 2008 R2.
0
 
Thomas GrassiSystems AdministratorCommented:
Can you post the

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

you only showed the

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
0
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

 
dongocdungAuthor Commented:
Here it is.

au
0
 
dongocdungAuthor Commented:
I checked another server and It is.

au2
0
 
Thomas GrassiSystems AdministratorCommented:
Missing some entries.

Here is mine.

AUOptions                                     reg_dword      0x00000003
AutoInstallMinorUpdates            reg_dword      0x00000001
DetectionFrequency                     reg_dword      0x00000006         every six hours
DetectionFrequencyEnabled       reg_dword      0x00000001
IncludeRecommendedUpdates  reg_dword      0x00000001
NoAutoUpdate                              reg_dword      0x00000000
ScheduledInstallDay                     reg_dword      0x00000000
ScheduledInstallTime                   reg_dword      0x00000003
UseWUServer                                 reg_dword      0x00000001
0
 
dongocdungAuthor Commented:
How do I correct it?
0
 
dongocdungAuthor Commented:
I just checked another server which is on Wsus. It has the samething with the one I posted early.

au3
0
 
Thomas GrassiSystems AdministratorCommented:
are you getting the group policy to these servers.

Do you have a policy defined for WSUS ?

try running this gpupdate /force

If not then these entries will not be made.

You can manually enter them but I would create a policy and deploy that policy.

Here is a link for setting the group policy
http://support.microsoft.com/kb/328010
0
 
dongocdungAuthor Commented:
Yes, I have two WSUS policies. Please take a look at some screenshot below.

GPO
0
 
Thomas GrassiSystems AdministratorCommented:
Is this an active directory domain?

use this

Loading policy settings by using Group Policy in Active Directory directory services

To load policy settings by using Group Policy, you must use the Wuau.adm file that describes the new policy settings for the Automatic Updates client. Wuau.adm is automatically installed in the Windows\Inf folder when you install the new Automatic Updates feature.

You can load Windows\Inf\Wuau.adm as an administrative template in Group Policy Object Editor.

To load policy settings by using Group Policy in Active Directory: 1.On an Active Directory domain controller, click Start, and then click Run.
2.Type dsa.msc.
3.Right-click the organizational unit or domain where you want to create the policy, and then click Properties.
4.Click the Group Policy tab, and then click New.
5.Type a name for the policy, and then click Edit.
6.Under Computer Settings, right-click Administrative Templates.
7.Click Add/Remove Templates, and then click Add.
8.Type the name of the Automatic Updates .adm file, for example, type windows_folder\inf\wuau.adm.
9.Click Open.

Set the policy and
then on the server run gpupdate /force
0
 
dongocdungAuthor Commented:
In domain controller 2008, there is not Group Policy tab any more.
0
 
Thomas GrassiSystems AdministratorCommented:
For Windows 2008

The settings are located in the following location in Group Policy Management Editor:
Computer Configuration-->Policies-->Windows Components-->Windows Update
0
 
dongocdungAuthor Commented:
I get lost now.
what do I do the steps you recommended for? Do I do these on servers or domain controllers?

I have two policies already. Do I need to do these steps?
Thanks,
0
 
Thomas GrassiSystems AdministratorCommented:
on the domain controller server.

then follow those steps once the domain policy is created then it will be deployed to all servers and workstations on the domain.

Those policies are local to that computer only
0
 
dongocdungAuthor Commented:
I am confused now. Let me stated my problem again. The two WSUS policies were created in domain controllers already. There are only some servers could not be seen in WSUS. I would like to add these servers into WSUS.
0
 
Thomas GrassiSystems AdministratorCommented:
expand those two policies and lets see what is set
0
 
dongocdungAuthor Commented:
Here they are:
ma
auto
0
 
dongocdungAuthor Commented:
when i tried your steps in GP Editor, I did not see wuau.adm file.

Right click Group Policy -> Edit -> Right click Administrative Template -> Add/Remove Template -> Add
0
 
Thomas GrassiSystems AdministratorCommented:
When I open my Group Policy Manager

See the attached.
gpo.jpg
0
 
dongocdungAuthor Commented:
I think mine is the same

sus
0
 
Thomas GrassiSystems AdministratorCommented:
Yes but your missing the detection frequency entries.

Also this looks like the policy is from the local machine only.

I add Group Policy Management to the Server Manager on My Windows 2008 Server

Then you can see How I drilled down thru the Forest to the Domains then to my domain and then to the Policy.

Once you get the Domain Policy working then it will all fall in place.

Remember you have a local policy on each server and computer When you join a domain then the Domain Policy takes control.

Try using Server Manager and adding the Group Policy Management and see if you can find the domain wsus policy. If not you need to add the wsus policy to the domain policy.
0
 
dongocdungAuthor Commented:
it is not a local policy. Please see the screenshot below:

gp
Do I really need to add the detection frequency entries? I do not think this group policy relates to those servers which are not added into WSUS. Could you please give me more details?

thanks,
0
 
Thomas GrassiSystems AdministratorCommented:
You are looking at Group Policy Objects
Need to be in Domain Policy
On my Display you see how I drill down to the WSUS Policy?

You need to create a WSUS Policy at that level then it will distribute to the network.

right click on your domain name under Domains and then select Create a GPO in this domain and link it here option.

Call it WSUS and follow the steps
0
 
dongocdungAuthor Commented:
We have two group policies and we do not link these group policies to domain. We just link them to specific OU not like in your situation.

gh
ol
0
 
Thomas GrassiSystems AdministratorCommented:
Ok I see now

Do I really need to add the detection frequency entries?   YES

Without this the computers/servers will never detect the wsus server for updates or registrar


Look at this

http://www.infotechguyz.com/server2008/wsus.html
0
 
dongocdungAuthor Commented:
In the article you provided, I did not see it configured detection frequency
0
 
Thomas GrassiSystems AdministratorCommented:
It  was a general article not in detail.

But when you create the domain policy WSUS you will have the options.

You could try on one server by manually add the entries in the registry.

Just add these two

DetectionFrequency                     reg_dword      0x00000006         every six hours
DetectionFrequencyEnabled       reg_dword      0x00000001
0
 
dongocdungAuthor Commented:
As I said early, I only can link the WSUS group policy to the specific OUs not domain.
0
 
Thomas GrassiSystems AdministratorCommented:
Ok did you say that only some servers are not being detected? Or are they all of them?

If it is only some then we need to check to see if they are getting policy updates.

run gpupdate /force

then lets look at the event log see if get any group policy messages
0
 
dongocdungAuthor Commented:
I run gpresult /r on one server and saw WSUS Group policy is applied to it. However, that server is not added in WSUS server.
0
 
Thomas GrassiSystems AdministratorCommented:
Are all the server having the problem on the same lan as the wsus server?

This is your only wsus server right? no down stream wsus servers?

After the group policy applied did you check the registry did any thing change?

I know we looked at the registry entries before but was one of those on a server that is listed in WSUS?

If not can we get a look at a working server and compare to the no working one.

On the failing server clients you can go to %windir%/WindowUpdate.log and this is where the WSUS client log is located.  lets look at that and post here
0
 
dongocdungAuthor Commented:
There is no downstream server. nothing change in registry.  I also run these command to add the server but nothing happened.

net stop wuauserv
regsvr32 /s wuapi.dll
regsvr32 /s wups.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s msxml3.dll
c:
cd %windir%\SoftwareDistribution
rd /s/q DataStore
mkdir DataStore
rd /s/q Download
mkdir Download
net start wuauserv
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop "Windows Update"
net start "Windows Update"
wuauclt /resetauthorization /detectnow
wuauclt /reportnow

I attached the reportingeventlog
ReportingEvents.log
0
 
Thomas GrassiSystems AdministratorCommented:
After reviewing the log I found this error


Windows Update Client failed to detect with error 0x800b0001.

tells us that you have not yet installed KB2720211 onto your WSUS server.

What version is WSUS make sure you have this patch on
0
 
dongocdungAuthor Commented:
I just searched that KB2720211  on WSUS but found nothing. Its version is 3.2.7600.226
I also tried to find the server which was not added into WSUS and found it but could not change membership

hj
0
 
Thomas GrassiSystems AdministratorCommented:
here is the download site for kb2720211

http://www.microsoft.com/en-us/download/details.aspx?id=29999

You will not find it by doing a search unless it is installed.

download and install then lets see what happens.
0
 
dongocdungAuthor Commented:
i will install it on WSUS server tonight and will let you know later.
thanks,
0
 
dongocdungAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 500 points for trgrassijr55's comment #a39681247
Assisted answer: 0 points for dongocdung's comment #a39681106

for the following reason:

run commands
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 21
  • 17
Tackle projects and never again get stuck behind a technical roadblock.
Join Now