Solved

Servers are not added into WSUS server

Posted on 2013-11-25
38
215 Views
Last Modified: 2016-02-21
I checked the WSUS but I did not see some servers in WSUS. I checked the Registry and saw that path

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

WSUS.jpg
I think the path should be like this

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Please assist me with this situation.
Thanks,
0
Comment
Question by:dongocdung
  • 21
  • 17
38 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39674664
try running these commands

wuauclt /detectnow /reportnow

wuauclt /reauthorization /detectnow


Were they ever on WSUS?
Is this a new installation of the servers?

What OS are the servers

Also check your policy to see how often the computer/server polls the wsus server.

May want to change the polling to every 6 hours or so.
0
 

Author Comment

by:dongocdung
ID: 39674710
I tried to run those commands above but nothing happened. They were never on WSUS. This is a new installation of the some servers not all. The servers are 2008 R2.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39674760
Can you post the

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

you only showed the

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
0
 

Author Comment

by:dongocdung
ID: 39674816
Here it is.

au
0
 

Author Comment

by:dongocdung
ID: 39674833
I checked another server and It is.

au2
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39674865
Missing some entries.

Here is mine.

AUOptions                                     reg_dword      0x00000003
AutoInstallMinorUpdates            reg_dword      0x00000001
DetectionFrequency                     reg_dword      0x00000006         every six hours
DetectionFrequencyEnabled       reg_dword      0x00000001
IncludeRecommendedUpdates  reg_dword      0x00000001
NoAutoUpdate                              reg_dword      0x00000000
ScheduledInstallDay                     reg_dword      0x00000000
ScheduledInstallTime                   reg_dword      0x00000003
UseWUServer                                 reg_dword      0x00000001
0
 

Author Comment

by:dongocdung
ID: 39674894
How do I correct it?
0
 

Author Comment

by:dongocdung
ID: 39674909
I just checked another server which is on Wsus. It has the samething with the one I posted early.

au3
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39674961
are you getting the group policy to these servers.

Do you have a policy defined for WSUS ?

try running this gpupdate /force

If not then these entries will not be made.

You can manually enter them but I would create a policy and deploy that policy.

Here is a link for setting the group policy
http://support.microsoft.com/kb/328010
0
 

Author Comment

by:dongocdung
ID: 39675015
Yes, I have two WSUS policies. Please take a look at some screenshot below.

GPO
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675085
Is this an active directory domain?

use this

Loading policy settings by using Group Policy in Active Directory directory services

To load policy settings by using Group Policy, you must use the Wuau.adm file that describes the new policy settings for the Automatic Updates client. Wuau.adm is automatically installed in the Windows\Inf folder when you install the new Automatic Updates feature.

You can load Windows\Inf\Wuau.adm as an administrative template in Group Policy Object Editor.

To load policy settings by using Group Policy in Active Directory: 1.On an Active Directory domain controller, click Start, and then click Run.
2.Type dsa.msc.
3.Right-click the organizational unit or domain where you want to create the policy, and then click Properties.
4.Click the Group Policy tab, and then click New.
5.Type a name for the policy, and then click Edit.
6.Under Computer Settings, right-click Administrative Templates.
7.Click Add/Remove Templates, and then click Add.
8.Type the name of the Automatic Updates .adm file, for example, type windows_folder\inf\wuau.adm.
9.Click Open.

Set the policy and
then on the server run gpupdate /force
0
 

Author Comment

by:dongocdung
ID: 39675139
In domain controller 2008, there is not Group Policy tab any more.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675150
For Windows 2008

The settings are located in the following location in Group Policy Management Editor:
Computer Configuration-->Policies-->Windows Components-->Windows Update
0
 

Author Comment

by:dongocdung
ID: 39675173
I get lost now.
what do I do the steps you recommended for? Do I do these on servers or domain controllers?

I have two policies already. Do I need to do these steps?
Thanks,
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675184
on the domain controller server.

then follow those steps once the domain policy is created then it will be deployed to all servers and workstations on the domain.

Those policies are local to that computer only
0
 

Author Comment

by:dongocdung
ID: 39675398
I am confused now. Let me stated my problem again. The two WSUS policies were created in domain controllers already. There are only some servers could not be seen in WSUS. I would like to add these servers into WSUS.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675402
expand those two policies and lets see what is set
0
 

Author Comment

by:dongocdung
ID: 39675443
Here they are:
ma
auto
0
 

Author Comment

by:dongocdung
ID: 39675457
when i tried your steps in GP Editor, I did not see wuau.adm file.

Right click Group Policy -> Edit -> Right click Administrative Template -> Add/Remove Template -> Add
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675573
When I open my Group Policy Manager

See the attached.
gpo.jpg
0
 

Author Comment

by:dongocdung
ID: 39675585
I think mine is the same

sus
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675638
Yes but your missing the detection frequency entries.

Also this looks like the policy is from the local machine only.

I add Group Policy Management to the Server Manager on My Windows 2008 Server

Then you can see How I drilled down thru the Forest to the Domains then to my domain and then to the Policy.

Once you get the Domain Policy working then it will all fall in place.

Remember you have a local policy on each server and computer When you join a domain then the Domain Policy takes control.

Try using Server Manager and adding the Group Policy Management and see if you can find the domain wsus policy. If not you need to add the wsus policy to the domain policy.
0
 

Author Comment

by:dongocdung
ID: 39675692
it is not a local policy. Please see the screenshot below:

gp
Do I really need to add the detection frequency entries? I do not think this group policy relates to those servers which are not added into WSUS. Could you please give me more details?

thanks,
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675772
You are looking at Group Policy Objects
Need to be in Domain Policy
On my Display you see how I drill down to the WSUS Policy?

You need to create a WSUS Policy at that level then it will distribute to the network.

right click on your domain name under Domains and then select Create a GPO in this domain and link it here option.

Call it WSUS and follow the steps
0
 

Author Comment

by:dongocdung
ID: 39675793
We have two group policies and we do not link these group policies to domain. We just link them to specific OU not like in your situation.

gh
ol
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675818
Ok I see now

Do I really need to add the detection frequency entries?   YES

Without this the computers/servers will never detect the wsus server for updates or registrar


Look at this

http://www.infotechguyz.com/server2008/wsus.html
0
 

Author Comment

by:dongocdung
ID: 39675874
In the article you provided, I did not see it configured detection frequency
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39675901
It  was a general article not in detail.

But when you create the domain policy WSUS you will have the options.

You could try on one server by manually add the entries in the registry.

Just add these two

DetectionFrequency                     reg_dword      0x00000006         every six hours
DetectionFrequencyEnabled       reg_dword      0x00000001
0
 

Author Comment

by:dongocdung
ID: 39676116
As I said early, I only can link the WSUS group policy to the specific OUs not domain.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39676626
Ok did you say that only some servers are not being detected? Or are they all of them?

If it is only some then we need to check to see if they are getting policy updates.

run gpupdate /force

then lets look at the event log see if get any group policy messages
0
 

Author Comment

by:dongocdung
ID: 39678715
I run gpresult /r on one server and saw WSUS Group policy is applied to it. However, that server is not added in WSUS server.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39678729
Are all the server having the problem on the same lan as the wsus server?

This is your only wsus server right? no down stream wsus servers?

After the group policy applied did you check the registry did any thing change?

I know we looked at the registry entries before but was one of those on a server that is listed in WSUS?

If not can we get a look at a working server and compare to the no working one.

On the failing server clients you can go to %windir%/WindowUpdate.log and this is where the WSUS client log is located.  lets look at that and post here
0
 

Author Comment

by:dongocdung
ID: 39681106
There is no downstream server. nothing change in registry.  I also run these command to add the server but nothing happened.

net stop wuauserv
regsvr32 /s wuapi.dll
regsvr32 /s wups.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s msxml3.dll
c:
cd %windir%\SoftwareDistribution
rd /s/q DataStore
mkdir DataStore
rd /s/q Download
mkdir Download
net start wuauserv
rem Fixes problem with client machines not showing up on the server due to imaging method
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
cls
@echo Triggering detection after resetting WSUS client identity
net stop "Windows Update"
net start "Windows Update"
wuauclt /resetauthorization /detectnow
wuauclt /reportnow

I attached the reportingeventlog
ReportingEvents.log
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681161
After reviewing the log I found this error


Windows Update Client failed to detect with error 0x800b0001.

tells us that you have not yet installed KB2720211 onto your WSUS server.

What version is WSUS make sure you have this patch on
0
 

Author Comment

by:dongocdung
ID: 39681227
I just searched that KB2720211  on WSUS but found nothing. Its version is 3.2.7600.226
I also tried to find the server which was not added into WSUS and found it but could not change membership

hj
0
 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 500 total points
ID: 39681247
here is the download site for kb2720211

http://www.microsoft.com/en-us/download/details.aspx?id=29999

You will not find it by doing a search unless it is installed.

download and install then lets see what happens.
0
 

Author Comment

by:dongocdung
ID: 39681252
i will install it on WSUS server tonight and will let you know later.
thanks,
0
 

Author Comment

by:dongocdung
ID: 39690156
I've requested that this question be closed as follows:

Accepted answer: 500 points for trgrassijr55's comment #a39681247
Assisted answer: 0 points for dongocdung's comment #a39681106

for the following reason:

run commands
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now