Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

WSUS Duplicate SIDs

Posted on 2014-03-14
6
Medium Priority
?
2,130 Views
Last Modified: 2016-02-20
Guys, I've put numerous posts out regarding this and kind of need this explaining as Google posts are confusing me.

We have 100 PCs on the domain and due to previous images being used and sysprep not being either run or completed it seems that we have around 700 PCs with duplicate PC SIDs.

I understand that there is a PC SID and a different SUS SID, I used PSGetSID to give me the PC SID and dropped into the registry to find the SUS SID.

Both of these are different, however, the PC SID on my PC is a duplicate picked up by LANSweeper. I have run the 'duplicate SID' .bat file which I believe has changed the SUS SID but I need to know the following.

My PC SID is the same (duplicated with the other 699 others). but I'm sure my SUS SID is different now I've changed it (running the duplicate script).

Will my WSUS server use the SUS SID to identify the nodes, and if so is the SUS SID tagged to the PC SID? If it is tagged will a duplicate PC SID impact the new SUS SID?

Hope this makes sense as I don't want to throw the duplicate SID script over GPO to 700 PCs if it isn't going to work.
0
Comment
Question by:CTCRM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:ZabagaR
ID: 39930398
It can vary depending on the version of WSUS server and client you use.
If it's remotely up to date, it'd be using WSUS Server 3.0 NOT 2.0.
If you use the WSUS Client that comes with WSUS server 3.0, you're better off as well.

If you are up to date (3.0) with WSUS versions:

...Then SUsClientID is what is important.  That's because with the later (3.0) releases of WSUS, there a "Susclientidvalidation" registry who's registry data is based on your PC's hardware. If your hardware changes (i.e. a machine has been cloned), the SusClientIDvalidation doesn't match up and WSUS knows the machine was cloned, and knows to generate the machine a new unique SusClientID and new Susclientidvalidation. Got it?

Although, I wouldn't want all my PCs to have the same machine SID, it doesn't have to be unique for WSUS to work properly.

Here's a clip from M$:

"We have added an automatic feature to the Windows Update Agent that is installed on WSUS client computers. This feature can help address this duplicate-SusClientID issue. The feature provides a solution that is added to the client-side Windows Update Agent starting with version 7.0.6000.374. (This version is the client version that was included with WSUS 3.0.)

This solution uses a hardware validation routine to determine whether the current client hardware has changed since the SUSClientID value was created. (This hardware includes network adapters and hard disks.)

The hardware validation routine is stored as a binary large object in the Susclientidvalidation registry key at the same location as the Susclientid registry value. If the hardware validation routine indicates that all the hardware has changed, a new SusClientID value is generated by the client. "
0
 
LVL 2

Author Comment

by:CTCRM
ID: 39933875
I'm currently running WSUS 3.0 on a 2k8 R2 box which should be quite up to date.

So is it safe to say that if I run the duplicate sid .bat file that stops WSUS Client services, generates a new susclient sid and then restarts the services over GPO to all my troubled clients this would resolve the issue?
0
 
LVL 15

Expert Comment

by:ZabagaR
ID: 39934137
I'm fairly certain that would work fine. While I usually sysprep my cloned machines to wipe the SID, some are flat out clones with the same SID and WSUS is fine after re-generating the susclient id.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 47

Expert Comment

by:Donald Stewart
ID: 39934316
WSUS SID and PC SID have nothing to do with each other!!!
0
 
LVL 15

Accepted Solution

by:
ZabagaR earned 900 total points
ID: 39934472
We already established that WSUS SID and PC SID have nothing to do with each-other,
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 39936385
Thanks, I'm going to incorporate the duplicatesid.bat file into a GPO login script for the 700 troubled PCs, then re-discover clients from the WSUS server.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question