Solved

WSUS - Computers showing Not Yet Reported

Posted on 2016-10-31
13
27 Views
Last Modified: 2016-11-06
I have set up a WSUS server on a Windows Server 2008 R2 32 bit.  The install went fine.  I created a GPO on my Domain Server with automatic updates.  I have about 350 computers spread across the state in 16 different sites.  Most of the computers are showing up on WSUS but only about 325 are showing the status of Not yet Reported.  I noticed that when I set it up the update process for the computers is very slow.  I set my computers to register through Update Services console instead of Group Policy, I don't know if that makes a difference or not. I don't know why some computers are reporting a status just fine and others are not.

the group of people with computers that are in my building, I had them restart their computers to see if it would register.  I have seen so much information on here, but my concern that it is fine for working with computers in your facilities, but most of these are 1 to 2 hours away from me and I would have to remote into everyone to run some of the scripts that I have seen on here.  Is there a simpler way to do this.

I have even considered reinstalling everything, but I have to start the automatic updates by Wednesday of this week.
0
Comment
Question by:Salonge
  • 7
  • 3
  • 2
  • +1
13 Comments
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 167 total points
ID: 41867011
what is the network speed to these other sites?  how long has it been since it said 'not yet reported'?
it would take a little time for it to update but should show in the console in less than a half hour or so depending on the speed between sites.  to force a check from the command line, use wuauclt /detectnow.

as far as the computer groups go, the GPO is what matters the most.  the computer groups in the wsus console are for organizing systems for display purposes.  if you changed to using GPO instead of the console, then you need to create computer groups that match the names of the 'client-side target' value in the GPO.

for the remote systems, i use psexec from sysinternals.  i can run a command remotely from the command line so if i wanted to run wuauclt i can do it from my machine (assuming you have admin rights on the remote system).

you should also look at the value of the check frequency in the GPO.  it might be configured to not check very often.
0
 
LVL 20

Assisted Solution

by:Radhakrishnan Rajayyan
Radhakrishnan Rajayyan earned 167 total points
ID: 41867046
Hi,

Since it's 2008 R2, you need to install some other updates (WSUS 3 SP2, an update for wsus etc) onto the WSUS server. This will help to identify and client machines and detect the updates.

https://support.microsoft.com/en-in/kb/2720211
https://support.microsoft.com/en-in/kb/2828185
https://support.microsoft.com/en-in/kb/2938066

Thanks
0
 

Author Comment

by:Salonge
ID: 41867142
Thanks.

I ran all the updates and still no change.

Seth - What is the syntax to use with PsExec to put this command on all of my remote computers.
0
 

Author Comment

by:Salonge
ID: 41867326
I have psexec installed and trying to run that wuauclt / detectnow or reportnow commmand and it doesn't work.  It says that the system cannot find the file specified.
0
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 166 total points
ID: 41867362
Hello,

To force computers to report to the wsus server with PSEXEC use this(PCLIST.txt is the list of computer names one per line):

PSEXEC.exe @PCLIST.txt wuauclt /repornow

If any computer can not report to WSUS then check connectivity with PING and TELNET from the client to the WSUS TCP port (typically 80 or 8530).

Once the computers are reporting to the wsus server you can let them update as needed. Please read my article for a script to launch Windows Updates installation.

To use it with PSEXEC, copy the VBS script to the Netlogon folder on any domain controller, then run it with this line from your Administration computer:

PSEXEC -User Admin -Password MyPassword -h cscript.exe /nologo \\my.domain.name\netlogon\doupdate.vbs /nr
0
 

Author Comment

by:Salonge
ID: 41867369
Hector2016

Can I use the wild card PSEXEC \\* wuauclt /reportnow?  I have over 300 computer reading with the status of Not yet reporting.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Salonge
ID: 41867476
Okay, I was able to run the psexec on several computers.  Why is it that several of my computers that are showing as not yet reported, I am unable to ping them from the WSUS server.  Why is this showing up in the console if the WSUS cannot contact the computer?
0
 
LVL 7

Expert Comment

by:Hector2016
ID: 41868156
Yes, you can use the \\* option.

It is probably due to some firewall or application control feature on those computers, that is blocking you to ping them and blocking the Windows Update Client to connect to your WSUS server.

Did you try TELNET from the failing clients to the WSUS TCP port. Example, TELNET MyWSUS 8530 That should response with a black screen. Then press CTRL+C and you must see something like this:

Testing WSUS with TELNET
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 41868382
I am unable to ping them from the WSUS server

sounds like a network or firewall issue somewhere and there is only partial communication
0
 

Author Comment

by:Salonge
ID: 41868415
Nothing was working, so I did a reinstall, reconfigured my GPO with the updated adm for Server 2008.  I will let you know if it works this time.
0
 
LVL 7

Assisted Solution

by:Hector2016
Hector2016 earned 166 total points
ID: 41868622
You can use the Solarwind free WSUS diag tool (Requires .Net) to verify a few things in the client configuration. Just download and run it, it is very useful.

http://www.solarwinds.com/products/freetools/diagnostic-tool-for-wsus-agent.aspx
0
 

Accepted Solution

by:
Salonge earned 0 total points
ID: 41869026
Thank you all for your assistance.  I uninstalled everything and reinstalled it.  I ran the one update instead of 3 and it is working like a charm.  The computers are registering and the updates downloaded.  Thank you all for your assistance and will give you credit for assisting me with this.
0
 

Author Closing Comment

by:Salonge
ID: 41876014
I had to reinstall everything and it worked fine.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now