+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
Windows Thread, XP SP3 clients and WSUS in Technical; I've deployed quite a few XP SP3 boxes in the last few days and they don't seem to be downloading ...
  1. #1
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74

    XP SP3 clients and WSUS

    I've deployed quite a few XP SP3 boxes in the last few days and they don't seem to be downloading all updates, most have checked in and say that they have downloaded the updates but then don't contact the WSUS again. They show as not connected since the 24th but they have been turned on. As far as i can tell all of the SP2 boxes are fine and the WSUS is working ok.

    These boxes were NOT imaged they were rolled out from a flat WDS install.

    Tried wuauclt.exe /resetauthorization /detectnow on a couple but still nothing.

    Any ideas?

    Cheers.

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    Seems a little strange. I have SP3 clients checking into WSUS and downloading any required updates. Try this script:

    Code:
    @echo off
    TITLE Logistix WSUS Reset Authorisation
    Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following:
    Echo 1.    Stops the wuauserv service
    Echo 2.    Deletes the AccountDomainSid registry key (if it exists)
    Echo 3.    Deletes the PingID registry key (if it exists)
    Echo 4.    Deletes the SusClientId registry key (if it exists)
    Echo 5.    Restarts the wuauserv service
    Echo 6.    Resets the Authorization Cookie
    Echo 6.    More information on http://msmvps.com/Athif
    Pause
    @echo on
    net stop wuauserv
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    Pause

  3. #3
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    It is odd, i've deleted the client id key and deleted it's account from the WSUS server then forced a scan and it appeard again but now shows as not yet reported. I'll check it again in the morning and try that script but it looks like it does what i've tried already.

    Cheers.

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    Are your XP SP3 computer objects located in the correct OU to pick up WSUS policies?

  5. #5
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Yes the OU contained 30 SP2 boxes that have been rebuilt as SP3 the policies are exacty the same as they were and the accounts are in the same OU.

  6. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    I have found in the past that status often doesn't get reported for some hours after it starts talking to the server - sometimes up to 36. It's a PITA.

  7. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    I have found in the past that status often doesn't get reported for some hours after it starts talking to the server
    I would of thought that's because your clients haven't received all WSUS policies as to where to look for updates, if that makes sense? Running gpupdate /force or forcing your workstations to reboot several times should resolve the problem.

    As a recommendation, I always configure WSUS policies on the Default Domain Policy, which does speed things up.

  8. #8

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    21
    Quote Originally Posted by Michael View Post

    As a recommendation, I always configure WSUS policies on the Default Domain Policy, which does speed things up.
    But if you have a large network that means you can only update your clients from a single WSUS server and all at the same time (or within the + / - of how the policy works). I have the WSUS policies running per room / OU to load balance between 2 WSUS servers. Also I like to have different WSUS policies for servers, desktops and laptops.

    Microsofts documentation recommends having a dedicated GPO for WSUS updates and have it applied per OU.

  9. #9
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,101
    Thank Post
    171
    Thanked 44 Times in 37 Posts
    Rep Power
    23
    I had similar problems last week and solved it by reinstalling the windows update agent. Download it here: http://go.microsoft.com/fwlink/?LinkId=43264

    Use the force option when installing:

    WindowsUpdateAgent20-x86.exe /wuforce

  10. Thanks to Jobos from:

    powdarrmonkey (29th July 2008)

  11. #10
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I'll have a look tomorrow it seems unlikely that i would need to reinstall the agent on 30 new built boxes though.

    Cheers all.

  12. #11
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Ok i've tried Michael's script and i've reinstalled the agent but still no joy. If i delete the accounts they still reappear and show as not yet reported so the clients clearly know where to find the WSUS. I can see that SP2 boxes are reporting in and updating as normal.

    Any more ideas?

  13. #12
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I seem to remember posting a couple of weeks ago about an update for Office 2003 SP1 update with a release date of 10/06/3008, this is what caused it apparently. The fix was odd i had to approve it then decline it and then repeat it appears to of worked.

    There is now a KB on the issue.

    http://support.microsoft.com/kb/954960

    http://www.microsoft.com/technet/sec...ry/954960.mspx

    EDIT

    Yes i did post it i remember now WSUS Updates

    .
    Last edited by cookie_monster; 30th July 2008 at 12:30 PM.

  14. Thanks to cookie_monster from:

    powdarrmonkey (30th July 2008)

  15. #13

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Quote Originally Posted by ssiruuk2 View Post
    But if you have a large network that means you can only update your clients from a single WSUS server and all at the same time (or within the + / - of how the policy works). I have the WSUS policies running per room / OU to load balance between 2 WSUS servers. Also I like to have different WSUS policies for servers, desktops and laptops.

    Microsofts documentation recommends having a dedicated GPO for WSUS updates and have it applied per OU.
    As far as the clients care, WSUS is just a web application. There's no reason why you can't load balance multiple WSUS servers behind one IP/Hostname using either a hardware loadbalancing solution or DNS round robin.

    Even so, I agree with you about the GPO comment. One should not needlessly clutter up the Default Domain Policy.

  16. #14

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    But if you have a large network that means you can only update your clients from a single WSUS server and all at the same time (or within the + / - of how the policy works). I have the WSUS policies running per room / OU to load balance between 2 WSUS servers. Also I like to have different WSUS policies for servers, desktops and laptops.

    Microsofts documentation recommends having a dedicated GPO for WSUS updates and have it applied per OU.
    Just because you specify Server A on the Default Domain Policy, you could still specify Server B for a Curriculum OU, Server C for a Staff OU and Server D for Domain Controllers (for example). In each OU you just specify the different server.

    Microsoft's documentation is simply a recommendation. You must have a lot of machines to justify multiple WSUS servers. You could specify groups of computers to check in at different times or use Geoff's alternative method of load balancing.

  17. #15
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,185
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    We have three seperate GPO's that split 500 boxes into three groups the GPO's are attached at OU level. We phase the release of patches so we can pickup issues before every client has installed the updates. We have a test setup as well of course but sometimes issues don't show up straight away. We don't have enough clients to require 2 WSUS boxes so load balancing is not an issue.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Getting WSUS to see clients
    By SYSMAN_MK in forum Windows
    Replies: 18
    Last Post: 4th February 2009, 03:55 PM
  2. Deploy XP SP3 via WSUS
    By Kyle in forum Windows
    Replies: 7
    Last Post: 7th July 2008, 09:55 AM
  3. Approve Windows sp3 wsus
    By ricki in forum Windows
    Replies: 9
    Last Post: 4th June 2008, 06:06 PM
  4. xp sp3 wsus
    By alonebfg in forum Windows
    Replies: 17
    Last Post: 9th May 2008, 12:26 PM
  5. Replies: 3
    Last Post: 21st February 2008, 08:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •