Sign in
Microsoft.com
 
Windows Server TechCenter
 
 
 
Windows Server TechCenter > Windows Server Forums > WSUS > Complete Refresh of Client Reporting?
Ask a questionAsk a question
Search Forums:
 

AnswerComplete Refresh of Client Reporting?

  • Monday, November 02, 2009 7:07 PMzachavm Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    My domain where we are using WSUS frequently uses Acronis to to mass deploys of an image.  In this event, WSUS would need to not be influenced by previous reporting of a confirmed install and will need to do a complete new scan to be accurate.  Will WSUS do this on it's own or will I need to delete all the computers and re-add them to my groups when they appear again as unassigned computers? (I have yet to confirm they will even appear again as unassigned computers).  As of now, when I reimage a computer, it's not showing the new status of the updates (I know there are needed ones) even if I run a few command line options like /reportnow or /resetauthorization.
     

Answers

  • Friday, November 06, 2009 7:53 PMzachavm Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote

    First off, thank you to both of you for helping me out with this.  This is wonderful and very helpful information.  Second, after looking at some WSUS documentation and the KB article link posted, it appears that version 7.0xxxx of the update client performs a hardware check and susclientID regeneration if it has changed.  So, all we have to do is update our client on our machines and we're golden.

     

All Replies

  • Monday, November 02, 2009 9:25 PMLawrence GarvinMVP, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    My domain where we are using WSUS frequently uses Acronis to to mass deploys of an image.  In this event, WSUS would need to not be influenced by previous reporting of a confirmed install and will need to do a complete new scan to be accurate.  Will WSUS do this on it's own or will I need to delete all the computers and re-add them to my groups when they appear again as unassigned computers? (I have yet to confirm they will even appear again as unassigned computers).  As of now, when I reimage a computer, it's not showing the new status of the updates (I know there are needed ones) even if I run a few command line options like /reportnow or /resetauthorization.

    If you reimage the same machine with a downlevel image that does not contain a preexisting SusClientID, the newly imaged machine will obtain a new SusClientID (create a duplicate entry for the computer name in the WSUS console), and execute a fresh scan for needed updates, completely independent of what's been previously reported to the WSUS server. The WUAgent does not rely on previously reported information stored in the WSUS database, but may rely on locally stored information (in the client-side WUA datastore).

    If you reimage the machine with a downlevel image that does contain a preexisting SusClientID, you'll first need to remediate the newly deployed image using KB903262, after which the machine will obtain a new SusClientID and behave as described above.

    If you're not getting accurate update information after reimaging, the most likely cause is the duplication of the SusClientID.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
     
  • Monday, November 02, 2009 10:25 PMCitizenRon Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Has Code
    Sign In to Vote
    0
    Sign In to Vote
    Short answer:  On machines you have already imaged, delete the following entries from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate registry key:
    • PingID
    • AccountDomainSid
    • SusClientId
    • SusClientIDValidation
    To prevent this in the future, add the above procedure into your list of things to do before making a master image, or add it to the post-image tasks if Acronis supports that.  You can use the following commands to script the removal:

    REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIdValidation /f

     
  • Friday, November 06, 2009 7:53 PMzachavm Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote

    First off, thank you to both of you for helping me out with this.  This is wonderful and very helpful information.  Second, after looking at some WSUS documentation and the KB article link posted, it appears that version 7.0xxxx of the update client performs a hardware check and susclientID regeneration if it has changed.  So, all we have to do is update our client on our machines and we're golden.