locked
WSUS not showing all client RRS feed

  • Question

  • Hi All,

    I have a problem our WSUS server, or our client computers, when I check the computers in WSUS I don't see all of my computers from the domain.

    I have a GPO, which set the WSUS settings on the clients, and it's work properly, because when I check it on a missing client, I see the wsus settings.

    I tried to delete the following registry keys:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\PingID

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId

    But the problem not solved.

    I checked the computer list every day, and I found an interesting thing.

    For example: One day I see the comp1, comp2, comp4 client and comp3 and comp5 is not showing in wsus. The next day I will see comp2, comp3, comp5 clients and comp2,comp4 not.

    Could you please help me what is the cause of this problem?

    Thank you in advance.

    Thursday, November 1, 2018 9:51 AM

Answers

  • Hi.

    I have seen this caused by Windows servers and clients having the same Security ID (SID).  If they have the same SID then the last one to check in to the WSUS server will show in the list, replacing the last.

    How did you build them - were they cloned?

    If they are Windows clients then be sure to use SysPrep to generate a new SID when deploying them.

    If they are Windows servers, and you are using VMware, make sure you select the "Generate new Security ID (SID)" option when deploying VMs.

    Regards,
    Dave



    • Edited by Dai Webb Thursday, November 1, 2018 10:35 AM
    • Marked as answer by Joels917 Monday, November 5, 2018 1:35 PM
    Thursday, November 1, 2018 10:24 AM

All replies

  • Hi.

    I have seen this caused by Windows servers and clients having the same Security ID (SID).  If they have the same SID then the last one to check in to the WSUS server will show in the list, replacing the last.

    How did you build them - were they cloned?

    If they are Windows clients then be sure to use SysPrep to generate a new SID when deploying them.

    If they are Windows servers, and you are using VMware, make sure you select the "Generate new Security ID (SID)" option when deploying VMs.

    Regards,
    Dave



    • Edited by Dai Webb Thursday, November 1, 2018 10:35 AM
    • Marked as answer by Joels917 Monday, November 5, 2018 1:35 PM
    Thursday, November 1, 2018 10:24 AM
  • Delete the offending computers in the WSUS Console and run the following client side script on each affected client from an Administrative Command Prompt

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

    Then verify your policies with part 4 of my blog series on How to Setup, Manage, and Maintain WSUS - https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-4-creating-your-gpos-for-an-inheritance-setup/.


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, November 2, 2018 4:24 AM
  • Thank you for your help!

    I have checked it, and that is the problem with the clients. The field service use a cloned image and many computers has the same SID.

    • Marked as answer by Joels917 Monday, November 5, 2018 1:35 PM
    • Unmarked as answer by Joels917 Monday, November 5, 2018 1:35 PM
    Monday, November 5, 2018 1:34 PM