Windows Thread, XP SP3 clients and WSUS in Technical; I've deployed quite a few XP SP3 boxes in the last few days and they don't seem to be downloading ...
29th July 2008, 04:17 PM #1
XP SP3 clients and WSUS
I've deployed quite a few XP SP3 boxes in the last few days and they don't seem to be downloading all updates, most have checked in and say that they have downloaded the updates but then don't contact the WSUS again. They show as not connected since the 24th but they have been turned on. As far as i can tell all of the SP2 boxes are fine and the WSUS is working ok.
These boxes were NOT imaged they were rolled out from a flat WDS install.
Tried wuauclt.exe /resetauthorization /detectnow on a couple but still nothing.
29th July 2008, 05:53 PM #2
Seems a little strange. I have SP3 clients checking into WSUS and downloading any required updates. Try this script:
TITLE Logistix WSUS Reset Authorisation
Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following:
Echo 1. Stops the wuauserv service
Echo 2. Deletes the AccountDomainSid registry key (if it exists)
Echo 3. Deletes the PingID registry key (if it exists)
Echo 4. Deletes the SusClientId registry key (if it exists)
Echo 5. Restarts the wuauserv service
Echo 6. Resets the Authorization Cookie
Echo 6. More information on http://msmvps.com/Athif
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
29th July 2008, 06:25 PM #3
It is odd, i've deleted the client id key and deleted it's account from the WSUS server then forced a scan and it appeard again but now shows as not yet reported. I'll check it again in the morning and try that script but it looks like it does what i've tried already.
29th July 2008, 06:26 PM #4
Are your XP SP3 computer objects located in the correct OU to pick up WSUS policies?
29th July 2008, 06:28 PM #5
Yes the OU contained 30 SP2 boxes that have been rebuilt as SP3 the policies are exacty the same as they were and the accounts are in the same OU.
29th July 2008, 06:37 PM #6
I have found in the past that status often doesn't get reported for some hours after it starts talking to the server - sometimes up to 36. It's a PITA.
29th July 2008, 06:41 PM #7
I would of thought that's because your clients haven't received all WSUS policies as to where to look for updates, if that makes sense? Running gpupdate /force or forcing your workstations to reboot several times should resolve the problem.
I have found in the past that status often doesn't get reported for some hours after it starts talking to the server
As a recommendation, I always configure WSUS policies on the Default Domain Policy, which does speed things up.
29th July 2008, 08:47 PM #8
But if you have a large network that means you can only update your clients from a single WSUS server and all at the same time (or within the + / - of how the policy works). I have the WSUS policies running per room / OU to load balance between 2 WSUS servers. Also I like to have different WSUS policies for servers, desktops and laptops.
Originally Posted by Michael
Microsofts documentation recommends having a dedicated GPO for WSUS updates and have it applied per OU.
29th July 2008, 09:07 PM #9
I had similar problems last week and solved it by reinstalling the windows update agent. Download it here: http://go.microsoft.com/fwlink/?LinkId=43264
Use the force option when installing:
Thanks to Jobos from:
powdarrmonkey (29th July 2008)
29th July 2008, 09:55 PM #10
I'll have a look tomorrow it seems unlikely that i would need to reinstall the agent on 30 new built boxes though.
30th July 2008, 12:09 PM #11
Ok i've tried Michael's script and i've reinstalled the agent but still no joy. If i delete the accounts they still reappear and show as not yet reported so the clients clearly know where to find the WSUS. I can see that SP2 boxes are reporting in and updating as normal.
Any more ideas?
30th July 2008, 01:06 PM #12
I seem to remember posting a couple of weeks ago about an update for Office 2003 SP1 update with a release date of 10/06/3008, this is what caused it apparently. The fix was odd i had to approve it then decline it and then repeat it appears to of worked.
There is now a KB on the issue.
Yes i did post it i remember now WSUS Updates
Last edited by cookie_monster; 30th July 2008 at 01:30 PM.
Thanks to cookie_monster from:
powdarrmonkey (30th July 2008)
30th July 2008, 01:45 PM #13
As far as the clients care, WSUS is just a web application. There's no reason why you can't load balance multiple WSUS servers behind one IP/Hostname using either a hardware loadbalancing solution or DNS round robin.
Originally Posted by ssiruuk2
Even so, I agree with you about the GPO comment. One should not needlessly clutter up the Default Domain Policy.
30th July 2008, 05:14 PM #14
Just because you specify Server A on the Default Domain Policy, you could still specify Server B for a Curriculum OU, Server C for a Staff OU and Server D for Domain Controllers (for example). In each OU you just specify the different server.
But if you have a large network that means you can only update your clients from a single WSUS
server and all at the same time (or within the + / - of how the policy works). I have the WSUS
policies running per room / OU to load balance between 2 WSUS
servers. Also I like to have different WSUS
policies for servers, desktops and laptops.
Microsofts documentation recommends having a dedicated GPO for WSUS
updates and have it applied per OU.
Microsoft's documentation is simply a recommendation. You must have a lot of machines to justify multiple WSUS servers. You could specify groups of computers to check in at different times or use Geoff's alternative method of load balancing.
30th July 2008, 05:19 PM #15
We have three seperate GPO's that split 500 boxes into three groups the GPO's are attached at OU level. We phase the release of patches so we can pickup issues before every client has installed the updates. We have a test setup as well of course but sometimes issues don't show up straight away. We don't have enough clients to require 2 WSUS boxes so load balancing is not an issue.
By SYSMAN_MK in forum Windows
Last Post: 4th February 2009, 04:55 PM
Last Post: 7th July 2008, 10:55 AM
By ricki in forum Windows
Last Post: 4th June 2008, 07:06 PM
By alonebfg in forum Windows
Last Post: 9th May 2008, 01:26 PM
By adamf in forum Windows
Last Post: 21st February 2008, 09:50 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)