Printable View
Right have installed WSUS on a W2K3 box. Talks to MS fine, Synchronizes ok. Problem is clients not being detected.
Have setup a GPO which is being applied fine.
Server install was on port 8530
Can access WSUSAdmin from client fine.
Setting for Auto Update server are http://%ServerName%
So what am I missing guys? Im guessing its the http:// address that is wrong?
Any Ideas?
you need to put the port in too.
Correct. Also if you have any clients with old versions of the update client installed (WinXP SP1 or earlier, Win2k, Win2k server) then you will need to install the client update software on the default website. There is a vbs script included with the wsus install to do this.
Done the above but still no joy.
The setting are only enabled in the computer section of the GPO, should they be set in the user section aswell? The docs didn't mention it.
You'll be fine with just the computer settings.
What does the client diagnostics tool think? Does it come up with errors?
Does the BITS service have a proxy set? It needs to be disabled for WSUS.
Client Diag give the following error
VerifyWUServerURL() failed with hr=0x801901f7
(null)
Current setting is
Checking Connection to WSUS/SUS Server
WUServer = http://server:8530
WUStatusServer = http://server:8530
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
this will save you some time it is ascript forces its elf to check server instead of waiting
russ
whats the output from 'proxycfg' on a client?
is dns functioning? What happens if you put in the ip address instead of the server name?
Is the website running? Can you telnet to the server:8530 ok?
WSUS can see the workstation :D
Ran proxycfg -d on the client to remove the setting that had been entered previously to enable windows update to run.
Ran the script provided by russ and now WSUS sees the client. Just need to wait for it to update its status report.
Many thanks Geoff + Russ, you are my heros of the day! (hummmm there is an idea)
I have to say this site is getting better and better each day :D
Great Idea SYS_MAN!
I completely agree, the sites getting better and better everyday!
-Kev
Thought so. Had that problem here not so long ago. It might be worth putting it in your WSUS GPO as a computer startup script. :)Quote:
Ran proxycfg -d on the client to remove the setting that had been entered previously to enable windows update to run.
Also while we're at it. Do you set your machines to download and install updates? If you do you need to make a GPO for your Domain controllers thats set to download and notify. If you don't you'll find your domain controllers get rebooted by windows update. Not terribly helpful IMHO.
I have used these scripts. One if or a GPO, it checks for the reg settings, deletes them, leaves a marker so it only does it once. After using this all the machines showed up in WSUS instead of only 65%
Also included is a script to run on a pc manually so you can try it out.
When I migrated from SUS to WSUS I also initially had problems getting all my clients to appear. I gave it 24 hours, but it made no difference. In the end I did some research on Google and the problem was due to duplicate SIDs. Don't ask me how this happened!
I fixed this problem a long time ago and I believe the key I had to delete was in:
HKLM > Software > Microsoft > Windows > Current Version > WindowsUpdate
There should be a key called SUSClientId. Delete the value of the key, reboot the machine then either wait for the scheduled update time (specified by yourself) or force an update (as mentioned above). When the client synchronises with your WSUS server, it should generate a new unique value. Hopefully your clients should then start appearing correctly in WSUS.
Assuming the new update client is installed (ie, its a SP2 machine, you installed the update manually or the machine has updated from Windows Update recently) you can change the SUSClientId with the following command line:
You can also combine it with the above command line option to force and update and do both.Code:wuauclt.exe /resetauthorization
Code:wuauclt.exe /resetauthorization /detectnow