Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

WSUS - Computers showing Not Yet Reported

Posted on 2016-10-31
13
Medium Priority
?
5,487 Views
Last Modified: 2016-11-06
I have set up a WSUS server on a Windows Server 2008 R2 32 bit.  The install went fine.  I created a GPO on my Domain Server with automatic updates.  I have about 350 computers spread across the state in 16 different sites.  Most of the computers are showing up on WSUS but only about 325 are showing the status of Not yet Reported.  I noticed that when I set it up the update process for the computers is very slow.  I set my computers to register through Update Services console instead of Group Policy, I don't know if that makes a difference or not. I don't know why some computers are reporting a status just fine and others are not.

the group of people with computers that are in my building, I had them restart their computers to see if it would register.  I have seen so much information on here, but my concern that it is fine for working with computers in your facilities, but most of these are 1 to 2 hours away from me and I would have to remote into everyone to run some of the scripts that I have seen on here.  Is there a simpler way to do this.

I have even considered reinstalling everything, but I have to start the automatic updates by Wednesday of this week.
0
Comment
Question by:Salonge
  • 7
  • 3
  • 2
  • +1
13 Comments
 
LVL 36

Assisted Solution

by:Seth Simmons
Seth Simmons earned 668 total points
ID: 41867011
what is the network speed to these other sites?  how long has it been since it said 'not yet reported'?
it would take a little time for it to update but should show in the console in less than a half hour or so depending on the speed between sites.  to force a check from the command line, use wuauclt /detectnow.

as far as the computer groups go, the GPO is what matters the most.  the computer groups in the wsus console are for organizing systems for display purposes.  if you changed to using GPO instead of the console, then you need to create computer groups that match the names of the 'client-side target' value in the GPO.

for the remote systems, i use psexec from sysinternals.  i can run a command remotely from the command line so if i wanted to run wuauclt i can do it from my machine (assuming you have admin rights on the remote system).

you should also look at the value of the check frequency in the GPO.  it might be configured to not check very often.
0
 
LVL 24

Assisted Solution

by:Radhakrishnan R
Radhakrishnan R earned 668 total points
ID: 41867046
Hi,

Since it's 2008 R2, you need to install some other updates (WSUS 3 SP2, an update for wsus etc) onto the WSUS server. This will help to identify and client machines and detect the updates.

https://support.microsoft.com/en-in/kb/2720211
https://support.microsoft.com/en-in/kb/2828185
https://support.microsoft.com/en-in/kb/2938066

Thanks
0
 

Author Comment

by:Salonge
ID: 41867142
Thanks.

I ran all the updates and still no change.

Seth - What is the syntax to use with PsExec to put this command on all of my remote computers.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 

Author Comment

by:Salonge
ID: 41867326
I have psexec installed and trying to run that wuauclt / detectnow or reportnow commmand and it doesn't work.  It says that the system cannot find the file specified.
0
 
LVL 8

Assisted Solution

by:Hector2016
Hector2016 earned 664 total points
ID: 41867362
Hello,

To force computers to report to the wsus server with PSEXEC use this(PCLIST.txt is the list of computer names one per line):

PSEXEC.exe @PCLIST.txt wuauclt /repornow

If any computer can not report to WSUS then check connectivity with PING and TELNET from the client to the WSUS TCP port (typically 80 or 8530).

Once the computers are reporting to the wsus server you can let them update as needed. Please read my article for a script to launch Windows Updates installation.

To use it with PSEXEC, copy the VBS script to the Netlogon folder on any domain controller, then run it with this line from your Administration computer:

PSEXEC -User Admin -Password MyPassword -h cscript.exe /nologo \\my.domain.name\netlogon\doupdate.vbs /nr
0
 

Author Comment

by:Salonge
ID: 41867369
Hector2016

Can I use the wild card PSEXEC \\* wuauclt /reportnow?  I have over 300 computer reading with the status of Not yet reporting.
0
 

Author Comment

by:Salonge
ID: 41867476
Okay, I was able to run the psexec on several computers.  Why is it that several of my computers that are showing as not yet reported, I am unable to ping them from the WSUS server.  Why is this showing up in the console if the WSUS cannot contact the computer?
0
 
LVL 8

Expert Comment

by:Hector2016
ID: 41868156
Yes, you can use the \\* option.

It is probably due to some firewall or application control feature on those computers, that is blocking you to ping them and blocking the Windows Update Client to connect to your WSUS server.

Did you try TELNET from the failing clients to the WSUS TCP port. Example, TELNET MyWSUS 8530 That should response with a black screen. Then press CTRL+C and you must see something like this:

Testing WSUS with TELNET
0
 
LVL 36

Expert Comment

by:Seth Simmons
ID: 41868382
I am unable to ping them from the WSUS server

sounds like a network or firewall issue somewhere and there is only partial communication
0
 

Author Comment

by:Salonge
ID: 41868415
Nothing was working, so I did a reinstall, reconfigured my GPO with the updated adm for Server 2008.  I will let you know if it works this time.
0
 
LVL 8

Assisted Solution

by:Hector2016
Hector2016 earned 664 total points
ID: 41868622
You can use the Solarwind free WSUS diag tool (Requires .Net) to verify a few things in the client configuration. Just download and run it, it is very useful.

http://www.solarwinds.com/products/freetools/diagnostic-tool-for-wsus-agent.aspx
0
 

Accepted Solution

by:
Salonge earned 0 total points
ID: 41869026
Thank you all for your assistance.  I uninstalled everything and reinstalled it.  I ran the one update instead of 3 and it is working like a charm.  The computers are registering and the updates downloaded.  Thank you all for your assistance and will give you credit for assisting me with this.
0
 

Author Closing Comment

by:Salonge
ID: 41876014
I had to reinstall everything and it worked fine.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question