locked
WSUS Registration RRS feed

  • Question

  • windows server 2008 servers not registering in win 2012 wsus server
    Tuesday, May 15, 2018 5:14 PM

Answers

  • Installed updates:  KB2734608, KB3159398  and followed guidelines here:

      https://rialtus.livejournal.com/161268.html 

    All of the 2008r2 servers are now pulling updates but most are not showing in the WSUS computer group (2008).  The 2012 and 2008 servers have their own OU's.  My GPO settings in both my 2008 and 2012 policies are identical with winning GPO verified in RSoP.   Nice to get the updates but any thoughts on how to populate the 2008 servers in my WSUS Computer group?  Thanks for any help here.

    • Marked as answer by Adino749 Wednesday, May 16, 2018 9:15 PM
    Wednesday, May 16, 2018 3:28 PM
  • Thanks Adam,

    I deleted the SUSClientID from HKLM\Software\Microsoft\Windows\CurrentVersion\Windowsupdate , rebooted and ran the following elevated command :

    wuauclt.exe /resetauthorization /detectnow 

    ***It took ~ an hour but populated in my designated group.  Thanks for the input!


    • Marked as answer by Adino749 Wednesday, May 16, 2018 9:14 PM
    Wednesday, May 16, 2018 8:10 PM

All replies

  • Most of the time this is GPO driven for the WSUS Server URL. 

    Try to download the WSUS iuident CAB file from the client.

    http://server.domain.local:8530/selfupdate/iuident.cab
    https://server.domain.local:8531/selfupdate/iuident.cab

    or try to browse to

    http://server.domain.local:8530/ClientWebService/client.asmx
    https://server.domain.local:8531/ClientWebService/client.asmx

    If you can download it or browse to it, that's the port/url to use in your GPO. If you can't, check firewall settings and port settings.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Tuesday, May 15, 2018 6:01 PM
  • Hi,

    Did the windows server 2008 servers in a same OU?
    If so, did you have link the wsus gpo for this OU?

    Meanwhile, are there other GPOs link to this OU and also configure the windows update options?

    Finally, you could run gpupdate /force and then run RSOP.MSC on the windows server 2008 to confirm that it has received this policy.

    Refresh the WSUS console.


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 16, 2018 3:07 AM
  • Installed updates:  KB2734608, KB3159398  and followed guidelines here:

      https://rialtus.livejournal.com/161268.html 

    All of the 2008r2 servers are now pulling updates but most are not showing in the WSUS computer group (2008).  The 2012 and 2008 servers have their own OU's.  My GPO settings in both my 2008 and 2012 policies are identical with winning GPO verified in RSoP.   Nice to get the updates but any thoughts on how to populate the 2008 servers in my WSUS Computer group?  Thanks for any help here.

    • Marked as answer by Adino749 Wednesday, May 16, 2018 9:15 PM
    Wednesday, May 16, 2018 3:28 PM
  • Do you have "Use Group Policy or Registry Settings on computers" on?

    And do you have the GPO specifying the Groups?



    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Wednesday, May 16, 2018 4:21 PM
  • Yes, a promising solution found here:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Windowsupdate
    AccountDomainSID
    SusClientID

    "After that, reboot the machine. When the Automatic Updates service starts, it will notice that it has no SUSClientID. It will connect to the defined server, and be issued a new SUSClientID"

    ***testing now and will reboot server and update the thread.

    Wednesday, May 16, 2018 5:28 PM
  • Best to run the full Client Side Script from an Admin Command prompt

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

    But it still won't do anything if your GPOs are incorrect.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    • Proposed as answer by AJTek.caMVP Wednesday, May 16, 2018 8:27 PM
    Wednesday, May 16, 2018 5:50 PM
  • Thanks Adam,

    I deleted the SUSClientID from HKLM\Software\Microsoft\Windows\CurrentVersion\Windowsupdate , rebooted and ran the following elevated command :

    wuauclt.exe /resetauthorization /detectnow 

    ***It took ~ an hour but populated in my designated group.  Thanks for the input!


    • Marked as answer by Adino749 Wednesday, May 16, 2018 9:14 PM
    Wednesday, May 16, 2018 8:10 PM