Windows 7 Thread, WSUS GPO Ignored in Technical; I have WSUS setup on a Server 2k8 server with Windows 7 clients.
This is my WSUS GPO:
9th August 2010, 09:46 AM #1
WSUS GPO Ignored
I have WSUS setup on a Server 2k8 server with Windows 7 clients.
This is my WSUS GPO:
None of the clients have appeared in WSUS (been running the domain for a few months now). I can't see anything wrong with the GPO but when I run gpresult /R it reveals that WSUS isn't being applied:
As you can see from the GPO its not empty like its implying.
Anyone know why its not applying?
9th August 2010, 09:51 AM #2
How were the workstations setup? With a image, if so were they sysprep'ed?
9th August 2010, 09:52 AM #3
Change the intranet update server from \\cronus to http://cronus
if that doesn't work, look in the c:\windows\windowsupdate.log on a client
9th August 2010, 10:03 AM #4
FOGed then put on the domain by hand
Originally Posted by p858snake
Done that, still not appearing in WSUS
Originally Posted by pete
9th August 2010, 10:11 AM #5
Did you do anything to fix the numerous different SID entries (Sysprep does more than just the machine SID), since WSUS sorts by SID they need to be unique which is what sysprep (and I don't believe NewSID touches the appropriate ones) does?
Originally Posted by Arcath
9th August 2010, 10:15 AM #6
There is this which I have suffered from in the past on XP machines. Not sure if it's worth having a look at in your case.
9th August 2010, 10:24 AM #7
Are the clients getting the patches or not?
If not, look in the registry for susclientid and delete the key. Then run wuauclt /resetauthorisation /detectnow.
9th August 2010, 01:10 PM #8
did you use port 80 or 8530 when you installed wsus? its worth trying pointing a pc at http://cronus:8530 for both parts in your gpo /localy edited test policy
10th August 2010, 09:47 AM #9
I had a similar problem too... it turned out that it was the SusClientID that was causing the issue (just like Pete suggested). As people have said, its because these values get stuck within the registry when imaging (for example if you update the image from the microsoft website) and as a result you will either see one client appear in the console or nothing atall.
Anyway I dropped this in a batch file and deployed it via GPO. Within no time clients started to appear in the console.
You could even go a step further and add a few lines that create a text file in a share with the computer name so the patch doesnt get applied more than once.
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIdValidation /f
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow
Hope you sort your problem.
10th August 2010, 01:05 PM #10
Doesn't the "net stop wuauserv" need to go first?
By albertwt in forum Windows Server 2000/2003
Last Post: 19th April 2010, 04:32 AM
Last Post: 10th April 2008, 03:12 PM
By adamf in forum Windows
Last Post: 21st February 2008, 09:50 AM
By z4ydi in forum Network and Classroom Management
Last Post: 11th February 2008, 04:12 PM
By Dos_Box in forum Windows
Last Post: 8th November 2006, 10:57 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)