+ Post New Thread
Results 1 to 10 of 10
Windows 7 Thread, WSUS GPO Ignored in Technical; I have WSUS setup on a Server 2k8 server with Windows 7 clients. This is my WSUS GPO: wsusgpo.png None ...
  1. #1
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74

    WSUS GPO Ignored

    I have WSUS setup on a Server 2k8 server with Windows 7 clients.

    This is my WSUS GPO:

    wsusgpo.png

    None of the clients have appeared in WSUS (been running the domain for a few months now). I can't see anything wrong with the GPO but when I run gpresult /R it reveals that WSUS isn't being applied:

    wsuscmd.png

    As you can see from the GPO its not empty like its implying.

    Anyone know why its not applying?

  2. #2
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    How were the workstations setup? With a image, if so were they sysprep'ed?

  3. #3


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,630
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Change the intranet update server from \\cronus to http://cronus

    if that doesn't work, look in the c:\windows\windowsupdate.log on a client

  4. #4
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    Quote Originally Posted by p858snake View Post
    How were the workstations setup? With a image, if so were they sysprep'ed?
    FOGed then put on the domain by hand

    Quote Originally Posted by pete View Post
    Change the intranet update server from \\cronus to http://cronus

    if that doesn't work, look in the c:\windows\windowsupdate.log on a client
    Done that, still not appearing in WSUS

  5. #5
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    Quote Originally Posted by Arcath View Post
    FOGed then put on the domain by hand
    Did you do anything to fix the numerous different SID entries (Sysprep does more than just the machine SID), since WSUS sorts by SID they need to be unique which is what sysprep (and I don't believe NewSID touches the appropriate ones) does?

  6. #6

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,676
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    45
    There is this which I have suffered from in the past on XP machines. Not sure if it's worth having a look at in your case.

  7. #7


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,630
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Are the clients getting the patches or not?

    If not, look in the registry for susclientid and delete the key. Then run wuauclt /resetauthorisation /detectnow.

  8. #8


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,583
    Thank Post
    228
    Thanked 855 Times in 734 Posts
    Rep Power
    295
    did you use port 80 or 8530 when you installed wsus? its worth trying pointing a pc at http://cronus:8530 for both parts in your gpo /localy edited test policy

  9. #9
    craigg's Avatar
    Join Date
    Feb 2008
    Location
    Birmingham, UK
    Posts
    175
    Thank Post
    15
    Thanked 9 Times in 6 Posts
    Rep Power
    15
    I had a similar problem too... it turned out that it was the SusClientID that was causing the issue (just like Pete suggested). As people have said, its because these values get stuck within the registry when imaging (for example if you update the image from the microsoft website) and as a result you will either see one client appear in the console or nothing atall.

    Anyway I dropped this in a batch file and deployed it via GPO. Within no time clients started to appear in the console.

    Code:
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIdValidation /f
    
    net stop wuauserv
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    You could even go a step further and add a few lines that create a text file in a share with the computer name so the patch doesnt get applied more than once.

    Hope you sort your problem.

  10. #10

    Join Date
    Nov 2007
    Location
    Rotherham
    Posts
    1,676
    Thank Post
    122
    Thanked 126 Times in 102 Posts
    Rep Power
    45
    Doesn't the "net stop wuauserv" need to go first?

SHARE:
+ Post New Thread

Similar Threads

  1. GPO or WSUS ? For deploying Powershell 2.0 automatically in my domain ?
    By albertwt in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 19th April 2010, 03:32 AM
  2. WSUS - small question regarding GPO's
    By DanW in forum Windows
    Replies: 4
    Last Post: 10th April 2008, 02:12 PM
  3. Replies: 3
    Last Post: 21st February 2008, 08:50 AM
  4. WSUS gpo problem
    By z4ydi in forum Network and Classroom Management
    Replies: 7
    Last Post: 11th February 2008, 03:12 PM
  5. Replies: 1
    Last Post: 8th November 2006, 09:57 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •