locked
WSUS client issue RRS feed

  • Question

  • I have two questions:

    1) Which way is better to change WSUS server --migrate  from the old one to a new one or build a brand new one and deploy directly from the new server to the client

    2) Is there a  powershell script to remove all SUSID from all PCs' registry --300 PCs . I found a few powershell scripts but it didn't work well.

    Thanks!

    Tim


    • Edited by Tim8990 Wednesday, February 4, 2015 10:52 PM
    Wednesday, February 4, 2015 10:51 PM

Answers

  • I deleted SUSIDs in registry and reboot the PCs but they won't show up in the new WSUS console.

    Not really much here to go on, but I'm going to take a stab in the dark based on the cause for the majority of such observations in the past few years. I'll take a wild guess that your old WSUS server was WSUS v3 and installed on port 80, and your new WSUS server is WSUS v6 (and thus installed on port 8530), and when you updated the GPO, you did not add the port extension to the URL.

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, February 5, 2015 7:36 PM
  • 1) Which way is better to change WSUS server --migrate from the old one to a new one or build a brand new one and deploy directly from the new server to the client

    It truly depends on the vintage and health of the existing WSUS server. If the existing WSUS server has been WELL maintained, then it's much simply to replicate the existing server to a new system. However, if the existing WSUS server has been in service for a long time (so has updates for product no longer needed), or has not been well maintained, then quite often it's more effective to build a new server from scratch.

    2) Is there a powershell script to remove all SUSID from all PCs' registry --300 PCs. I found a few powershell scripts but it didn't work well.

    I'm not personally aware of any, but as you note, you've found some. How well they work is always the second question. If they exist, then you do have a starting place. It might be that the best approach is to "fix" what doesn't work well.

    I will also note that you can fix this problem using a simple startup script. All you need is two REG DELETE statements, and some methodology to ensure the script only runs once per client. Load up the startup script via GPO, set the Client Detection Frequency to 4 hours for a day, and figure out how to force a restart so the startup script runs.

    But it doesn't even require a PowerShell script. The meat of the task is in the two REG DELETE statements, and you can do that with a simple script, PSEXEC, and a list of machine names. Once the two registry values are deleted, the client will automatically regenerate a new SusClientID at the next regularly scheduled detection interva -- or, you could force that by including a wuauclt /resetauthorization /detectnow in your script.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, February 5, 2015 1:00 AM

All replies

  • 1) Which way is better to change WSUS server --migrate from the old one to a new one or build a brand new one and deploy directly from the new server to the client

    It truly depends on the vintage and health of the existing WSUS server. If the existing WSUS server has been WELL maintained, then it's much simply to replicate the existing server to a new system. However, if the existing WSUS server has been in service for a long time (so has updates for product no longer needed), or has not been well maintained, then quite often it's more effective to build a new server from scratch.

    2) Is there a powershell script to remove all SUSID from all PCs' registry --300 PCs. I found a few powershell scripts but it didn't work well.

    I'm not personally aware of any, but as you note, you've found some. How well they work is always the second question. If they exist, then you do have a starting place. It might be that the best approach is to "fix" what doesn't work well.

    I will also note that you can fix this problem using a simple startup script. All you need is two REG DELETE statements, and some methodology to ensure the script only runs once per client. Load up the startup script via GPO, set the Client Detection Frequency to 4 hours for a day, and figure out how to force a restart so the startup script runs.

    But it doesn't even require a PowerShell script. The meat of the task is in the two REG DELETE statements, and you can do that with a simple script, PSEXEC, and a list of machine names. Once the two registry values are deleted, the client will automatically regenerate a new SusClientID at the next regularly scheduled detection interva -- or, you could force that by including a wuauclt /resetauthorization /detectnow in your script.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, February 5, 2015 1:00 AM
  • Thank you, Lawrence for your good advise.

    We decided to go with a new install. I did some test on  few PCs:

    I changed GPO to map the new server . The only place in GPO  to change is "specify intranet MS update service location".

    I deleted SUSIDs in  registry and reboot the PCs but they won't show up in the new WSUS console. 

    any advise is appreciated.

    Thursday, February 5, 2015 5:10 PM
  • I deleted SUSIDs in registry and reboot the PCs but they won't show up in the new WSUS console.

    Not really much here to go on, but I'm going to take a stab in the dark based on the cause for the majority of such observations in the past few years. I'll take a wild guess that your old WSUS server was WSUS v3 and installed on port 80, and your new WSUS server is WSUS v6 (and thus installed on port 8530), and when you updated the GPO, you did not add the port extension to the URL.

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Thursday, February 5, 2015 7:36 PM