WSUS Clients not reporting to correct client side targetting

HI all, i have a large number of computers that were placed in a temporary client side group so that i could update them separately. I have since removed the group and placed the computers in a new group and set a new target. Some of the clinets have switched to the new client side target, yet quite a few have moved out of the old group and in to unassigned. They seem to be stuck here. I have refreshed group policy even done a wsus reset on the client. Any ideas how i can force them into the relevant client group. Thanks
LVL 15
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rastoiWindows DTS expertCommented:
after you have new registry entry deployed (either manual, scripted or via GPO) you need to restart Windows update service on client and trigger registration wuauclt /resetauthorization /detectnow
in some cases (to start from scratch) is needed to delete computer record on WSUS server and/or remove client ID from its registry key HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate (values SUSClientID and SusClientIdValidation).
To verify configuration, can you provide one of the failing client content of HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate ?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cwstad2Author Commented:
Hi Rastoi, i have this script that resets all but its still an issue


%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
del %WINDIR%\WindowsUpdate.log /S /Q
rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv



wuauclt /resetauthorization /detectnow
wuauclt /reportnow
rastoiWindows DTS expertCommented:
your script is not cleaning up  SusClientIdValidation value and does not touch groups nor client side targeting setting nor wsus server address.
that is why I asked you for real current content of failing client registry windowsupdate policy entries.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

cwstad2Author Commented:
Hi i cant connect to the remote registry but i have ran a script that delets and reregistrs. I also deleted from unassigned. i ran the script and it comes back into the unassigned computers. any ideas?
rastoiWindows DTS expertCommented:
if they are in unasign group, then just move them to proper group on wsus server and try wuauclt /detectnow and wuauclt /reportnow on client. if client side targeting is removed from server it should work
cwstad2Author Commented:
Hi Rastoi, unless i am missing something the GPO that that assigns the client side targetting should take care of this. I believe there is no way to move them any other way?
rastoiWindows DTS expertCommented:
if you have correct group naming in gpo then yes. but again, you cannot troubleshoot until you don't know what in fact client gets. I have no further idea here unless you provide some more facts.
cwstad2Author Commented:
All seems ok as other computers are reportig into the group. It just a few that have the issue.
cwstad2Author Commented:
Hi thanks for your help. I have resolved the issue.  Did a remote reboot now reporting in to correct client side target
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.