New WSUS server not seeing any computers

I built a new WSUS server two days ago and it has not added any of our computers.  I changed the existing GPO to point to the new server.  I also rebooted all the computers.  It's 2012 R2 VM server on Hyper-V
I'm guessing I've missed a step in the installation.

What should I check?
J.R. SitmanIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check the Windows Update frequency of the client PCs.  
Even though you've rebooted, run "gpupdate /force" from a client.
Run "wuauclt /ShowWUAutoScan" on a client and watch for errors.
Run "wuauclt /r" on a client and then check the WSUS server

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorCommented:
You can check this registry

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.

See if the changes applied
Seth SimmonsSr. Systems AdministratorCommented:
did you put the correct port?
by default, WSUS on 2012 listens on port 8530; 8531 if using SSL
the location URL would thus look like this:

http://wsus-server:8530 or if you use SSL, https://wsus-server:8531
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

J.R. SitmanIT DirectorAuthor Commented:
did gpupdate /force

When I ran wuauclt /ShowWUAutoscan it open the "check for updates"  When I ran wuauclt /r it did not show up on the WSUS server.

On WSUS server if I do a search for a computer, it doesn't find it.

I didn't see and setting to enter a port #.

Registry on one computer still shows the previous WSUS server.  I double checked the GPO and it has the new server.
J.R. SitmanIT DirectorAuthor Commented:
Under the settings for Computers, it has "Use the Update Services console"  is that correct?
Thomas GrassiSystems AdministratorCommented:
Post your gpo info for wsus

Also take a look at the log file on the local computers


Check for errors
Post results
DonNetwork AdministratorCommented:
"Registry on one computer still shows the previous WSUS server.  I double checked the GPO and it has the new server. "

Did you create a new GPO for this new WSUS server, or did you edit the old ??
Seth SimmonsSr. Systems AdministratorCommented:
I didn't see and setting to enter a port #.

it's part of the URL
i provided the example above
you put the port number there the same way you port a port number the URL bar of a browser when it's other than 80 or 443
Not sure on the "use the update services console"  I can't recall seeing that.

Check all of the applied GP to your client by running "gpresult /r" on your client and see if you've possibly got the WSUS configured in two separate GPO.    

Once you've ID'd the correct GPO, just run "gpupdate /force" instead of rebooting to save some time.
DonNetwork AdministratorCommented:
You can also speed up clients reporting by running the following .bat on them


%Windir%\system32\net.exe stop bits
%Windir%\system32\net.exe stop wuauserv
%Windir%\system32\net.exe stop cryptsvc
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
del %WINDIR%\WindowsUpdate.log /S /Q
rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits
%Windir%\system32\net.exe start wuauserv



wuauclt /resetauthorization /detectnow
wuauclt /reportnow

exit /B 0
J.R. SitmanIT DirectorAuthor Commented:
J.R. SitmanIT DirectorAuthor Commented:
when I enter either of the ports I get page cannot be displayed.

Also I don't believe running the bat file will fix anything because the computer settings are still pointed to the previous server.
J.R. SitmanIT DirectorAuthor Commented:
I verified only one WSUS GPO is being deployed to the computer
Seth SimmonsSr. Systems AdministratorCommented:
so when you installed WSUS, you changed the default port to 80 with wsusutil?
J.R. SitmanIT DirectorAuthor Commented:
I don't recall what port I used.  How do I verify and or change?
J.R. SitmanIT DirectorAuthor Commented:
I think I may have found the problem.  I made a new GPO, removed the OU from the old GPO.  From a computer I did gpupdate /force.  It states it was successful, however then it states computer policy could not be updated.  
See attached.   I'll be away from the computer for an hour.
Seth SimmonsSr. Systems AdministratorCommented:
How do I verify and or change?

it's in the wsus2.jpg screenshot you posted earlier (update service and statistics server location)
based on what you are providing, might also be something else going on
check your domain controller replication for any issues
Attached are some screen shots.   The WSUS here is on port 8530 so in the GPO the address is: as you'll see.
WSUS console.   Server set to port 8530.GPO WSUS server location specificationWSUS settings that are touched in GPO.
J.R. SitmanIT DirectorAuthor Commented:
I fixed the problem in post 40914470.  I had a brain fart and the // were backward in the GPO.  
However, I still can't get the the wsus server using http://wsusVM_LA:8530 or it's ip address,

I did verify the port is 8530 based on Lukemo screen shot.  
In the GPO I have only the server name http://WSUSVM_LA.  Also the old server still has WSUS installed.

Additional help is appreciated.
Thomas GrassiSystems AdministratorCommented:
that's why I setup a DNS record for WSUS then the GPO using the DNS record so if you ever change the server you will not need to remember to change any thing

Just food for thought
J.R. SitmanIT DirectorAuthor Commented:
Thanks, but still need help on this.
Thomas GrassiSystems AdministratorCommented:
Lets try this from your computer not the server running WSUS

Start MMC

File >  Add/Remove snap in >  scroll down Available Snap-ins > Select Update Services > OK

Highlight "Update Services"  in right most panel click on Connect to Server

Enter server name  WSUSVM_LA  PORT default is 80 if you setup WSUS as default try 8530

Lets see if you can connect to the WSUS Server  remotely
J.R. SitmanIT DirectorAuthor Commented:
I tried it from my workstation, a DC and a member server.  None of them had "update servces" as a Snap-in
Thomas GrassiSystems AdministratorCommented:
Thomas GrassiSystems AdministratorCommented:
Another thought

Did we ever figure out if the computers are getting the GPO updates correctly?
J.R. SitmanIT DirectorAuthor Commented:
I deleted the new GPO because it was causing an error when I did gpupdate /force.  I activated the old GPO.  So all computers are getting it.  In the old GPO I changes the server to the new server.
Thomas GrassiSystems AdministratorCommented:
Ok now we are back to the original question correct.?

I see in your posting above

That you have 8 computers that have not yet reported.

Is that still true?

Where are the computers in WSUS? Do you manually add them to the Group Pc or Server?

Can we see a screen shot of the groups expanded or are they all unassigned?

also try running this if the GPO is correct now.

wuauclt.exe /resetauthorization /detectnow

J.R. SitmanIT DirectorAuthor Commented:
correct, we are back at the beginning.  the new WSUSVM_LA server has no computers.  I ran the wuauclt.exe on my workstation and nothing displayed.  I'm running it from the run box.  Should I be running it from a command prompt?
Thomas GrassiSystems AdministratorCommented:
yes on each machine not the wsus server

open elevated command prompt run as administrator

wuauclt.exe /resetauthorization /detectnow

If the registry entries are pointing to the correct wsus server the above command will reregister the computer with wsus

Give it a few minutes then from the server in the WSUS console you will find a computer listed under the unassigned computers group

We can talk about how to automate that later if you want
DonNetwork AdministratorCommented:
According to your log, your computers are pointing to http://spcala189
J.R. SitmanIT DirectorAuthor Commented:
I ran the command and also checked the registry.  The correct WSUS server is there, but so far, the server hasn't displayed any computers.  It's been 12 minutes.  I'll be away from computer for an hour or so.  Let me know what you want me to do.
I also checked another computer without running the command and the correct server is there
Thomas GrassiSystems AdministratorCommented:
When you are checking the WSUs Console make sure you do a refresh the console does not update automatically
J.R. SitmanIT DirectorAuthor Commented:
yep, I've done it several times.  It's been an hour now and no computers.
In my 2nd attachment I showed the address for the WSUS server with http://HOST:8530 
Is your GPO set like that?  
Did WSUS work with the previous server?

Try this URL from your client's web browser:
This should be the response:
Client view to WSUS serverReplace HOST with either your DNS name or your IP address.   You could even have a DNS issue where the clients are looking for HOST and it's not resolving, so maybe try the FQDN - HOST.DOMAIN.
J.R. SitmanIT DirectorAuthor Commented:
this is how the GPO is set.  http://WSUSVM_LA.  I can try and change it to the ip.  Would it look like this,
Thomas GrassiSystems AdministratorCommented:
What happens if you ping by the DNS name does that work from the computer?

Ipconfig /all post results
Seth SimmonsSr. Systems AdministratorCommented:
Would it look like this,

yes, that is the example i gave in the beginning
if you did not change the default port, then it runs on port 8530 in 2012
J.R. SitmanIT DirectorAuthor Commented:
I can ping it from my workstation with FQDN, ip or just dns name.  All resolve
J.R. SitmanIT DirectorAuthor Commented:
@Seth, I didn't bother to change it because the information previously in the GPO used just the DNS name.  With that said, "thank you"  they have started to report in to the WSUS server.  I will go through all the help and accept the best answers.

Thanks VERY much to all.
can you post the last few hundred lines of a client's windowsupdate.log file again?
Thomas GrassiSystems AdministratorCommented:
Glad they are now reporting sometimes it takes time

Hope we all helped
J.R. SitmanIT DirectorAuthor Commented:
you all definitely helped
J.R. SitmanIT DirectorAuthor Commented:
Thanks to all for sticking with me.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.