Link to home
Start Free TrialLog in
Avatar of dongocdung
dongocdung

asked on

Servers are not added into WSUS server

I checked the WSUS but I did not see some servers in WSUS. I checked the Registry and saw that path

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

User generated image
I think the path should be like this

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Please assist me with this situation.
Thanks,
Avatar of Member_2_6492660_1
Member_2_6492660_1
Flag of United States of America image

try running these commands

wuauclt /detectnow /reportnow

wuauclt /reauthorization /detectnow


Were they ever on WSUS?
Is this a new installation of the servers?

What OS are the servers

Also check your policy to see how often the computer/server polls the wsus server.

May want to change the polling to every 6 hours or so.
Avatar of dongocdung
dongocdung

ASKER

I tried to run those commands above but nothing happened. They were never on WSUS. This is a new installation of the some servers not all. The servers are 2008 R2.
Can you post the

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

you only showed the

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
Here it is.

User generated image
I checked another server and It is.

User generated image
Missing some entries.

Here is mine.

AUOptions                                     reg_dword      0x00000003
AutoInstallMinorUpdates            reg_dword      0x00000001
DetectionFrequency                     reg_dword      0x00000006         every six hours
DetectionFrequencyEnabled       reg_dword      0x00000001
IncludeRecommendedUpdates  reg_dword      0x00000001
NoAutoUpdate                              reg_dword      0x00000000
ScheduledInstallDay                     reg_dword      0x00000000
ScheduledInstallTime                   reg_dword      0x00000003
UseWUServer                                 reg_dword      0x00000001
How do I correct it?
I just checked another server which is on Wsus. It has the samething with the one I posted early.

User generated image
are you getting the group policy to these servers.

Do you have a policy defined for WSUS ?

try running this gpupdate /force

If not then these entries will not be made.

You can manually enter them but I would create a policy and deploy that policy.

Here is a link for setting the group policy
http://support.microsoft.com/kb/328010
Yes, I have two WSUS policies. Please take a look at some screenshot below.

User generated image
Is this an active directory domain?

use this

Loading policy settings by using Group Policy in Active Directory directory services

To load policy settings by using Group Policy, you must use the Wuau.adm file that describes the new policy settings for the Automatic Updates client. Wuau.adm is automatically installed in the Windows\Inf folder when you install the new Automatic Updates feature.

You can load Windows\Inf\Wuau.adm as an administrative template in Group Policy Object Editor.

To load policy settings by using Group Policy in Active Directory: 1.On an Active Directory domain controller, click Start, and then click Run.
2.Type dsa.msc.
3.Right-click the organizational unit or domain where you want to create the policy, and then click Properties.
4.Click the Group Policy tab, and then click New.
5.Type a name for the policy, and then click Edit.
6.Under Computer Settings, right-click Administrative Templates.
7.Click Add/Remove Templates, and then click Add.
8.Type the name of the Automatic Updates .adm file, for example, type windows_folder\inf\wuau.adm.
9.Click Open.

Set the policy and
then on the server run gpupdate /force
In domain controller 2008, there is not Group Policy tab any more.
For Windows 2008

The settings are located in the following location in Group Policy Management Editor:
Computer Configuration-->Policies-->Windows Components-->Windows Update
I get lost now.
what do I do the steps you recommended for? Do I do these on servers or domain controllers?

I have two policies already. Do I need to do these steps?
Thanks,
on the domain controller server.

then follow those steps once the domain policy is created then it will be deployed to all servers and workstations on the domain.

Those policies are local to that computer only
I am confused now. Let me stated my problem again. The two WSUS policies were created in domain controllers already. There are only some servers could not be seen in WSUS. I would like to add these servers into WSUS.
expand those two policies and lets see what is set
Here they are:
User generated image
User generated image
when i tried your steps in GP Editor, I did not see wuau.adm file.

Right click Group Policy -> Edit -> Right click Administrative Template -> Add/Remove Template -> Add
When I open my Group Policy Manager

See the attached.
gpo.jpg
I think mine is the same

User generated image
Yes but your missing the detection frequency entries.

Also this looks like the policy is from the local machine only.

I add Group Policy Management to the Server Manager on My Windows 2008 Server

Then you can see How I drilled down thru the Forest to the Domains then to my domain and then to the Policy.

Once you get the Domain Policy working then it will all fall in place.

Remember you have a local policy on each server and computer When you join a domain then the Domain Policy takes control.

Try using Server Manager and adding the Group Policy Management and see if you can find the domain wsus policy. If not you need to add the wsus policy to the domain policy.
it is not a local policy. Please see the screenshot below:

User generated image
Do I really need to add the detection frequency entries? I do not think this group policy relates to those servers which are not added into WSUS. Could you please give me more details?

thanks,
You are looking at Group Policy Objects
Need to be in Domain Policy
On my Display you see how I drill down to the WSUS Policy?

You need to create a WSUS Policy at that level then it will distribute to the network.

right click on your domain name under Domains and then select Create a GPO in this domain and link it here option.

Call it WSUS and follow the steps
We have two group policies and we do not link these group policies to domain. We just link them to specific OU not like in your situation.

User generated image
User generated image
Ok I see now

Do I really need to add the detection frequency entries?   YES

Without this the computers/servers will never detect the wsus server for updates or registrar


Look at this

http://www.infotechguyz.com/server2008/wsus.html
In the article you provided, I did not see it configured detection frequency
It  was a general article not in detail.

But when you create the domain policy WSUS you will have the options.

You could try on one server by manually add the entries in the registry.

Just add these two

DetectionFrequency                     reg_dword      0x00000006         every six hours
DetectionFrequencyEnabled       reg_dword      0x00000001
As I said early, I only can link the WSUS group policy to the specific OUs not domain.
Ok did you say that only some servers are not being detected? Or are they all of them?

If it is only some then we need to check to see if they are getting policy updates.

run gpupdate /force

then lets look at the event log see if get any group policy messages
I run gpresult /r on one server and saw WSUS Group policy is applied to it. However, that server is not added in WSUS server.
Are all the server having the problem on the same lan as the wsus server?

This is your only wsus server right? no down stream wsus servers?

After the group policy applied did you check the registry did any thing change?

I know we looked at the registry entries before but was one of those on a server that is listed in WSUS?

If not can we get a look at a working server and compare to the no working one.

On the failing server clients you can go to %windir%/WindowUpdate.log and this is where the WSUS client log is located.  lets look at that and post here
There is no downstream server. nothing change in registry.  I also run these command to add the server but nothing happened.

net stop wuauserv
regsvr32 /s wuapi.dll
regsvr32 /s wups.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s msxml3.dll
c:
cd %windir%\SoftwareDistribution
rd /s/q DataStore
mkdir DataStore
rd /s/q Download
mkdir Download
net start wuauserv
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop "Windows Update"
net start "Windows Update"
wuauclt /resetauthorization /detectnow
wuauclt /reportnow

I attached the reportingeventlog
ReportingEvents.log
After reviewing the log I found this error


Windows Update Client failed to detect with error 0x800b0001.

tells us that you have not yet installed KB2720211 onto your WSUS server.

What version is WSUS make sure you have this patch on
I just searched that KB2720211  on WSUS but found nothing. Its version is 3.2.7600.226
I also tried to find the server which was not added into WSUS and found it but could not change membership

User generated image
ASKER CERTIFIED SOLUTION
Avatar of Member_2_6492660_1
Member_2_6492660_1
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
i will install it on WSUS server tonight and will let you know later.
thanks,
I've requested that this question be closed as follows:

Accepted answer: 500 points for trgrassijr55's comment #a39681247
Assisted answer: 0 points for dongocdung's comment #a39681106

for the following reason:

run commands