locked
AD, WSUS - "No client computers have ever contacted the server." RRS feed

  • Question

  • I installed WSUS on my active directory server and WSUS is downloading updates, but no computers are visible on WSUS interface and in the WSUS logs I can see a message: "No client computers have ever contacted the server.".

    I have configured in my group policy the following parameters:

    • Configure Automatic Updates 
    • Specify intranet Microsoft update service location (http://192.168.0.103:8530). When I try to acces this address I receive an empty page. The port is opened but page is blank. Is this OK?
    • Enable Client Side Targeting - I completed the group name with "Angajati". This group is created in WSUS interface right beneth "Unassigned Computers"

    What should I do next? 

    I went on a client computer (Windows 10) and I tried to check if the client has the right WSUS server propagated as configured in the group policy but I couldn't check it. I tried to read HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate but this register doesn't exist on the client computer. I tried to read "%windir%\WindowsUpdate.log" and I got the message "Windows Update logs are now generated using ETW (Event Tracing for Windows).Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log." I runned the command "PS C:\WINDOWS\system32> Get-WindowsUpdateLog" and got the error "Copy-Item : Cannot find path 'C:\Program Files (x86)\Windows Defender\SymSrv.dll' because it does not exist." 

    I forgot about checking the WSUS server on windows 10 and I tried to remote connect to another computer with windows 8.1 but suprise, is not working, the error is: "To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Remote Desktop Users group have this right". So I entered AD server and added the user to this group but the error is the same.

    This is ridiculous Microsoft. Last time I installed WSUS server was on a 2003 server and worked fine. Now you try to make things better but they don't work at all. 


    Later edit:I read the article from here: Tip: Troubleshoot Problems with the Windows Update Client and found that when I try to acces http://192.168.0.103:8530/iuident.cab I receive a "HTTP Error 404.0 - Not Found". Where could I find more data about this problem?



    Tuesday, May 16, 2017 11:05 AM

Answers

  • Hi Victorqudu,

    >I installed WSUS on my active directory server and WSUS is downloading updates

    It's not recommended to install WSUS role on DC, DC is a critical server, and WSUS is not domain based, you may install WSUS on other servers. (Just not a good practice but WSUS could work on DC.)

    >Specify intranet Microsoft update service location (http://192.168.0.103:8530). When I try to acces this address I receive an empty page. The port is opened but page is blank. Is this OK?

    Please try to visit http://192.168.0.103:8530/ClientWebService/client.asmx check if it is accessible.

    >I tried to read HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate but this register doesn't exist on the client computer.

    It may due to the WSUS GPO is not applied correctly on the clients, please run gpudate /force on the clients.

    So, please check the following things:

    1. Run gpupdate /force on the clients to enable to GPO is applied correctly and the related settings exits in the registry keys;

    2. If the GPO is applied correctly while the clients still not show up in the WSUS console, please ensure the computer group's name is exactly the same in the GPO setting and the WSUS console;

    3. Check the network connection between the WSUS clients and the WSUS server, check if the client could open "client/asmx" file in the WSUS site;

    4. If the above settings are OK while still not work, please reset SUSClientID on the clients:

    1). In cmd, net stop wuauserv

    2). Delete the value in registry key " SusClientId " and "SusClientIDValidation" locates in:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

    3). In cmd, net start wuauserv
         wuauclt.exe /resetauthorization /detectnow

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Victorqedu123 Wednesday, May 17, 2017 6:43 AM
    Wednesday, May 17, 2017 2:54 AM

All replies

  • Hi Victorqudu,

    >I installed WSUS on my active directory server and WSUS is downloading updates

    It's not recommended to install WSUS role on DC, DC is a critical server, and WSUS is not domain based, you may install WSUS on other servers. (Just not a good practice but WSUS could work on DC.)

    >Specify intranet Microsoft update service location (http://192.168.0.103:8530). When I try to acces this address I receive an empty page. The port is opened but page is blank. Is this OK?

    Please try to visit http://192.168.0.103:8530/ClientWebService/client.asmx check if it is accessible.

    >I tried to read HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate but this register doesn't exist on the client computer.

    It may due to the WSUS GPO is not applied correctly on the clients, please run gpudate /force on the clients.

    So, please check the following things:

    1. Run gpupdate /force on the clients to enable to GPO is applied correctly and the related settings exits in the registry keys;

    2. If the GPO is applied correctly while the clients still not show up in the WSUS console, please ensure the computer group's name is exactly the same in the GPO setting and the WSUS console;

    3. Check the network connection between the WSUS clients and the WSUS server, check if the client could open "client/asmx" file in the WSUS site;

    4. If the above settings are OK while still not work, please reset SUSClientID on the clients:

    1). In cmd, net stop wuauserv

    2). Delete the value in registry key " SusClientId " and "SusClientIDValidation" locates in:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

    3). In cmd, net start wuauserv
         wuauclt.exe /resetauthorization /detectnow

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Victorqedu123 Wednesday, May 17, 2017 6:43 AM
    Wednesday, May 17, 2017 2:54 AM
  • This morning I simply found 12 computers in WSUS/"Unassigned Computers" group. I followed your instructions on another computer that has not contacted yet WSUS server and in about 10 minutes I found it in WSUS interface.

    I don't know why all my computers are assigned to the group "Unassigned Computers" because I configured "Enable client-side targeting" with the value "Angajati" but this is not so important.

    Thank you.

    Wednesday, May 17, 2017 6:42 AM
  • Hi Victorqudu,

    >I don't know why all my computers are assigned to the group "Unassigned Computers" because I configured "Enable client-side targeting" with the value "Angajati" but this is not so important.

    This may due to you didn't check "Use Group Policy or registry settings on computers" on the WSUS server>Options>Computers before clients showing up in the WSUS console:

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by AJTek.caMVP Thursday, May 18, 2017 3:56 AM
    Thursday, May 18, 2017 2:14 AM