WSUS GPO Ignored
I have WSUS setup on a Server 2k8 server with Windows 7 clients.
This is my WSUS GPO:
None of the clients have appeared in WSUS (been running the domain for a few months now). I can't see anything wrong with the GPO but when I run gpresult /R it reveals that WSUS isn't being applied:
As you can see from the GPO its not empty like its implying.
Anyone know why its not applying?
How were the workstations setup? With a image, if so were they sysprep'ed?
Change the intranet update server from \\cronus to http://cronus
if that doesn't work, look in the c:\windows\windowsupdate.log on a client
FOGed then put on the domain by hand
Originally Posted by p858snake
Done that, still not appearing in WSUS
Originally Posted by pete
Did you do anything to fix the numerous different SID entries (Sysprep does more than just the machine SID), since WSUS sorts by SID they need to be unique which is what sysprep (and I don't believe NewSID touches the appropriate ones) does?
Originally Posted by Arcath
There is this which I have suffered from in the past on XP machines. Not sure if it's worth having a look at in your case.
Are the clients getting the patches or not?
If not, look in the registry for susclientid and delete the key. Then run wuauclt /resetauthorisation /detectnow.
did you use port 80 or 8530 when you installed wsus? its worth trying pointing a pc at http://cronus:8530 for both parts in your gpo /localy edited test policy
I had a similar problem too... it turned out that it was the SusClientID that was causing the issue (just like Pete suggested). As people have said, its because these values get stuck within the registry when imaging (for example if you update the image from the microsoft website) and as a result you will either see one client appear in the console or nothing atall.
Anyway I dropped this in a batch file and deployed it via GPO. Within no time clients started to appear in the console.
You could even go a step further and add a few lines that create a text file in a share with the computer name so the patch doesnt get applied more than once.
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIdValidation /f
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow
Hope you sort your problem.
Doesn't the "net stop wuauserv" need to go first?