locked
WSUS Clients Not Reporting RRS feed

  • Question

  • Currently we have WSUS 6.3 running on 2012 R2. We have 3 separate GPOs configured for WSUS (each GPO has a different target group).

    We have 225 computers in our domain of which only 172 are showing up in WSUS. About 10 of the computers that have reported and are listed in WSUS haven't reported in over 90 days.

    I've checked almost all of the computers that aren't showing up in WSUS and they seem to be applying the correct GPO settings, they are able to ping the WSUS server, etc.

    What would be causing so many computers to not show up in WSUS and/or report?
    Wednesday, October 4, 2017 5:25 PM

Answers

  • I ran the server cleanup wizard but am still experiencing the same problem.

    I forgot to mention earlier that this is a fairly new install of WSUS. No updates have been approved yet minus the 7 or so updates that were automatically approved by WSUS. I was going to wait until all of our computers reported before approving updates.

    The problematic computers are in two different groups. The computers are not cloned.

    Any ideas?

    Although it has it's place, the SCW is a joke compared with my script. A new server does not mean that it's optimized!

    If after my script is run you still experience issues, running the following on an affected client will fix it.

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Marked as answer by Eric.Benson Wednesday, March 14, 2018 7:31 PM
    Tuesday, November 7, 2017 3:42 AM

All replies

  • Superseded updates that haven't been declined, proper WSUS maintenance that has not been done, etc.

    My script will fix you up :)

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Proposed as answer by Yan Li_ Tuesday, October 24, 2017 7:49 AM
    Wednesday, October 4, 2017 7:35 PM
  • Hello,

    Whether those problematic computers belong to the same group which applied to same group policy settings? Whether those computers are cloned? 

    Please run server cleanup wizard on your WSUS server. 

    You may look into Windowsupdate.log on them for more information. 

    In addition, here is a blog regarding to troubleshoot this kind of issue, please refer to it:

    https://blogs.technet.microsoft.com/sus/2009/11/17/tips-for-troubleshooting-wsus-agents-that-are-not-reporting-to-the-wsus-server/

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Yan Li_ Tuesday, October 24, 2017 7:49 AM
    Thursday, October 5, 2017 2:57 AM
  • I ran the server cleanup wizard but am still experiencing the same problem.

    I forgot to mention earlier that this is a fairly new install of WSUS. No updates have been approved yet minus the 7 or so updates that were automatically approved by WSUS. I was going to wait until all of our computers reported before approving updates.

    The problematic computers are in two different groups. The computers are not cloned.

    Any ideas?

    Monday, November 6, 2017 6:49 PM
  • I ran the server cleanup wizard but am still experiencing the same problem.

    I forgot to mention earlier that this is a fairly new install of WSUS. No updates have been approved yet minus the 7 or so updates that were automatically approved by WSUS. I was going to wait until all of our computers reported before approving updates.

    The problematic computers are in two different groups. The computers are not cloned.

    Any ideas?

    Although it has it's place, the SCW is a joke compared with my script. A new server does not mean that it's optimized!

    If after my script is run you still experience issues, running the following on an affected client will fix it.

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Marked as answer by Eric.Benson Wednesday, March 14, 2018 7:31 PM
    Tuesday, November 7, 2017 3:42 AM