WSUS woes and calamities
Two weeks ago I created a thread about issues with WSUS not updating itself or other clients. I hope this isn't a repeat of it because I just installed it on a different server and still not able to push out updates to clients. They report in, tell me the correct IP addresses, what's installed, and other fun facts.
However, if I try to manually update any Win7 or XP workstation, they tell me they are up to date. The latest updates date back from early August. If I check with the WSUS server, it tells me that said machines are missing some 30-60 updates (server 03, 08, XP, 7). Why do the workstations say that they are updated when they clearly aren't?
Have you taken a look at the log files on your clients (%systemroot%\WindowsUpdate.log), there may be some clues as to what is happening (or not!).
I had the opposite problem where only one machine would show up in WSUS but all machines would update. The fix was to delete registry entry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\SusClientId and SusClientIDValidation on all clients. It may be worth trying just to see what happens. If it does work then there is a script at wsus - Client Configuration Checks & Known Issues which will if used as a startup script delete these keys just once.
Auto approve was disabled at first install, forgot about that. Re-enabled it and now to wait for the hours it will take to push it all.
Easy fix = me happy.
We are having a similar problem which I hope someone can help me with.
We have WSUS installed on a server 2003 R2 Standard edition VM.
I recently checked the server and noticed that the server cannot some of our clients but the clients are getting the majority of updates.
Does anyone know how we can get our WSUS server talking to the clients again so I have a more accurate picture of what needs updating on the client end.
I found on edugeek someone having a similar problem but doesnt seem to have worked for me when I have rolled it out as a startup batch file.
the script deletes some old records and reinitialises it back with a WSUS server.
the script is as follows:
Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following:
Echo 1. Stops the wuauserv service
Echo 2. Deletes the AccountDomainSid registry key (if it exists)
Echo 3. Deletes the PingID registry key (if it exists)
Echo 4. Deletes the SusClientId registry key (if it exists)
Echo 5. Restarts the wuauserv service
Echo 6. Resets the Authorization Cookie
Echo 7. More information on PatchAholic...The WSUS Blog!
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi ndowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi ndowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi ndowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
Any help would be greatly appreciated.
Your script does delete the appropriate registry values, but if it is run each time on start up the WSUS server will be getting the machine registering itself fresh after each startup. I don't know if this would confuse WSUS or not. I used a VBS script similar to the one from wsus - Client Configuration Checks & Known Issues, it checks to see if SUSClientIdReset exists in the registry first, if not then the other keys are deleted, otherwise the scripts quits. This way the machine gets a new SUSClientID and then keeps it.