locked
Getting Started with WSUS? RRS feed

  • Question

  • So I am brand new to WSUS and I've been working with it a little bit here and little bit there and I can't seem to get my computer to show up in the management console at all. I have the role installed on the server and I have the policy enabled to allow client side targeting in the local group policy for my test machine and it even has the correct computer group name in the policy editor. What am I doing wrong here? It seems like it should be showing up just fine but it just won't.
    Monday, November 5, 2018 4:49 PM

All replies

  • Hello,
     
    1. Check the connectivity between WSUS and client first. Temporarily shut down the firewall for test.
    2. Double check the WSUS address in the policy, it should like "http://yourwsus:8530".
    3. On the client, browse "http://yourwsus:8530/selfupdate/wuident.cab", you should be prompted to download or open wuident.cab.
    4. Run following script on the client and check the result.
    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    usoclient.exe startscan
     
    It would be very helpful if you could provide some detailed information about your policy or wsus setting.
     
    Best Regards,
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 6, 2018 2:20 AM
  • What details would be helpful? I am new to this and nobody else in the office seems to know much about it either so we're all kind of learning here. Recently we've been doing updates in a much more archaic way, we use Faronics DeepFreeze and we typically just set a thaw schedule and then run the computers through updates from the Faronics console and we're trying to get something more usable and easier to work with for our students, like Intune and we would like to have WSUS working before we migrate over to it.
    Tuesday, November 6, 2018 1:58 PM
  • Hello,
     
    Well, installation and management of WSUS is not difficult. And there is a lot of resource about it online. I find two official article for you.

    Windows Server Update Services (WSUS) 
    https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus

    Deploy Windows 10 updates using Windows Server Update Services (WSUS) 
    https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus
     
    Firstly, you could start with them and check if there is any missing in your environment.

    And then, you could provide some more information about your issue. You can not see any computers in your WSUS console, right? What are the WSUS server version and clients version? How many clients are there in your environment? What is the Group Policies set on your clients? You could upload some screenshots about your policies and Windowsupdate.log on the clients to cloud drive, then paste the link here for further troubleshooting.
     
    And what are the answers or results of the questions listed above? That would be useful. 
     
    Best Regards,
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 7, 2018 8:18 AM
  • Take a look at my 8 part blog series on How to Setup, Manage, and Maintain WSUS - https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/

    The issue looks like GPO Location issues, along with a possible WSUS Option issue ("Use group policy or registry settings on computers" must be selected AFTER the WSUS group is created)


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Thursday, November 8, 2018 5:49 AM
  • Hello,
     
    I noticed that you have not updated the post for a while. Have your issue or question been resolved now? Or is there any update? Please feel free to feedback.
     
    Best Regards,
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 9, 2018 2:59 AM
  • I apologize for the delay, I have some other responsibilities at work that were taking priority over this for a little while. So far I still haven't had any luck getting WSUS to see the computers, I've changed the group policy settings on my local machine to what was suggested in the instructions that you posted but I still haven't had any luck. There was a tech who worked here before me that messed around with the global group policy on our local server and I'm not sure what he may have done because I don't have access to view that one for our Domain. We've run into quite a few problems since he left and apart from rebuilding the entire domain and server structure, I'm not sure what we can do to fix everything.
    Friday, November 9, 2018 2:55 PM
  • From an Administrative Command Prompt on an affected client, run the following:
    gpresult /h gpo.htm

    Investigate using that method - it shows the resultant set of policies applied to that computer - be it local or group policies.


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, November 9, 2018 3:18 PM
  • So I have actually gotten it to show up in my computer group now, but now I can't get it to report its status, wuauclt /reportnow and /detectnow doesn't do anything. Are there specific group policies that pertain to reporting that need to be configured a certain way before it will actually give me a status report?
    Friday, November 9, 2018 7:42 PM
  • /detectnow is deprecated and does not work in Windows 10. Windows 10 has replaced it with: PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow() or UsoClient.exe StartScan

    /reportnow has a special use case and doesn't do anything at any other points in time unless it's within this use case (after /detectnow runs, there's a 20 minute 'cool down' period before it reports back to the WSUS Server. If /reportnow is run within this 20 minute period AND there is something flagged to report, it will report immediately. Otherwise, the detection process will report after 20 minutes regardless - so this is basically useless in almost all cases).

    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, November 9, 2018 8:21 PM
  • Hello,
     
    It's a good news that the clients could show up in the WSUS. However, clients need time to report their status to WSUS especially for at the first time. Have they reported status now?
     
    If not, there may be still some issues in your environment. Have you run the script i provide above? Run it on the clients in the elevated CMD, wait a while and check the result.
     
    If issue persists, we need more details to move on.
     
    1> What the OS version of WSUS server and the clients?
    2> Could you see any error message when you click "check for update" on the clients?
    3> What's the Group Policies applied to the clients? You could get them from "gpresult /h gp.htm" command or “rsop.msc". Upload them to one drive and paste the link here.
    4> And also upload the windowsupdate.log on the clients.
     
    Best Regards,
    Ray
     

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Saturday, November 10, 2018 9:03 AM
  • I left it over the weekend and still not showing anything reported at all. Checking for updates just tells me that my computer is up to date. As I have already stated, the group policies are set to be an exact copy of the group policies in the WSUS guide FROM MICROSOFT. There is nothing but a message telling me that they use a different format in the WindowsUpdate.log file and by looking through the log file (or etl file as it is now) there is nothing of any importance there, just your run of the mill starting an update, processing the updates and ending the update process. I am using Windows 10 1803 on the client computer and Windows Server 2012 R2 Build 9600 on the WSUS server.

    Please... Is there anyone who can give me some actual troubleshooting advice here? I've searched through the log files, I've configured the group policy, and I've secured a connection to the data center server... I just need a hand in troubleshooting, there's nothing I'm going to find in the log files that I haven't already found, there's nothing that I can change in the group policy that's not already an EXACT REPLICA of the Microsoft guide to setting up the Group Policy for WSUS... Please... Before I give up completely on TechNet... Please give me something I can actually use that isn't just the same thing over and over and over again that just leads to more hair being pulled out and no actual troubleshooting help.

    Tuesday, November 13, 2018 4:19 PM
  • there's nothing that I can change in the group policy that's not already an EXACT REPLICA of the Microsoft guide to setting up the Group Policy for WSUS

    Since that's not working for you clearly, ditch that method and look at mine. What have you got to lose? It already isn't working for you.

    First, reinstall WSUS - https://www.ajtek.ca/wsus/how-to-remove-wsus-completely-and-reinstall-it/

    Start at the beginning of the 8 part blog series on How to Setup, Manage, and Maintain WSUS - https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/

    Then when you get to part 4 and 5, delete the existing computers from the WSUS Console and follow the guide EXACTLY for setup of GPOs.

    Run the following client side script on the computers from an Administrative Command Prompt.

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

    And then just let it be for 48 hours.

    Report back results.


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Saturday, November 17, 2018 3:41 AM