locked
New Windows 10 1607 LTSB Image won't Report to WSUS Server RRS feed

  • Question

  • As you see in the title, I have a new Win10 1607 Enterprise LTSB image that won't report into our WSUS server. The server is 2012 R2 and has other VM's with the same 1607 LTSB image that report into it. It's built off the same template as other VM's but won't report in and pull updates. The server can see the machine, but nothing I've tried has worked to get it to report. I've tried installing the latest cumulative, recreating the Software Distribution folder, windows update troubleshooter, resetting the winsock catalog, and a few other things. In the past I had issues getting other 1607 LTSB machines to report in but after making a few changes to the IIS that I saw suggested on a forum post such as switching the service unavailable response to tcp level, upping the failure interval to 30 minutes, and the max failures to 60, they started reporting in. Any help would be appreciated.

    Jonah

    Thursday, October 12, 2017 12:32 PM

All replies

  • Also the error code that we receive on the image is always 0x8024401c

    Jonah

    Thursday, October 12, 2017 4:03 PM
  • First, my script usually takes care of non-reporting issues along with other things. Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.

    Second, if they're still having issues after 48 hours after running my script, run the following on them in an Admin cmd prompt.

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow

    And since it's Windows 10, after, do a check for updates on the client (or let it auto-check when it's scheduled).


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Friday, October 13, 2017 1:08 AM
  • Hi Jonah,

    First , please try to connect that computer to internet to see if it gets updates from MS successfully.

    If it does, I'd suggest you click " check updates " then run the following command to check windows update log :

    Get-WindowsUpdateLog

    https://blogs.technet.microsoft.com/charlesa_us/2015/08/06/windows-10-windowsupdate-log-and-how-to-view-it-with-powershell-or-tracefmt-exe/

    If there is any clue ,please post it here .

    In addition , I'd also suggest you try to reset windows update components for that client to see if the issue persists :

    https://support.microsoft.com/en-sg/help/971058/how-do-i-reset-windows-update-components

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Elton_Ji Wednesday, October 18, 2017 1:55 AM
    Sunday, October 15, 2017 1:41 PM