locked
second WSUS i don't see compter RRS feed

  • Question

  • hello ;

    in my scénario i have two sites , one is operate with WSUS , and the other site is work with another server wsus and i have one domain name , so when i created a gpo for the second site expand Computers node i can't see them , so do youhave any idea ?


    • Edited by Said TALBI Tuesday, September 12, 2017 9:06 AM Urgent
    Tuesday, September 12, 2017 8:56 AM

All replies

  • the two server with authonomous .
    • Edited by Said TALBI Tuesday, September 12, 2017 9:59 AM
    Tuesday, September 12, 2017 9:59 AM
  • HI,

    Can you check if the computers in a remote site getting gpo? Run this on client computer

    gpresult /R /Scope:computer

    If not run these 3 commands on client machine and refresh the WSUS computer group. It can take a little bit

    gpupdate /force
    
    wuauclt /resetauthorization /detectnow
    
    wuauclt /reportnow

    On the client machine open regedit and browse to the following

    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate] 

    Check if you see WUServer and WUStatus Server pointing to your second WSUS

    ------------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.

    nedimmehic.org



    • Edited by Nedim Mehic Tuesday, September 12, 2017 10:45 AM
    Tuesday, September 12, 2017 10:40 AM
  • You should also check the connectivity between client to server.

    Regards,
    Sandeep Poonia
    Please verify the answer if it helps you.

    Tuesday, September 12, 2017 10:53 AM
  • hello 

    when i verfy the register i can't find the \WindowsUpdate .

    gpupdate reuturn me a error LDAP 

    and when i have do this cmd 

    gpresult /R /Scope:computer 

    




    • Edited by Said TALBI Tuesday, September 12, 2017 4:35 PM Urgent
    Tuesday, September 12, 2017 11:17 AM
  • Hi ,

    Please try to use command " gpresult /h c:\test.html " to generate an html file to check the configuration .

    If the Group Policy was applied , please try to connect to the port of WSUS server .

    (such as , using command " telnet x.x.x.x 8530 " )

     

    Also please try to open the following URL to see if it works :

    http://localhost:8530/ClientWebService/client.asmx

    (Please change the "localhost" to FQDN/IP of WSUS server  )

     

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Said TALBI Thursday, September 14, 2017 3:07 PM
    • Unmarked as answer by Said TALBI Thursday, September 14, 2017 3:08 PM
    Wednesday, September 13, 2017 9:09 AM
  • hello ,

    can you help in my scénario i have two sites with one domain .

    the first sites with WSUS is autom is OK (config computer with GPO)

    in the second site i have installed the WSUS but in the Computer i can see them (GPO automun)

    Have You an idea whats the best sénario for instalation ?


    • Edited by Said TALBI Thursday, September 14, 2017 3:07 PM Urgent !!!!
    Thursday, September 14, 2017 3:07 PM
  • telnet x.x.x.x 8530  Is OK

    http://localhost:8530/ClientWebService/client.asmx Is Ok

    Thursday, September 14, 2017 3:08 PM
  • You should not be getting LDAP errors. Are both sites setup in AD Sites and Services? Are they in the same IP Range or different subnets (should be different subnets if at all possible).

    Proper domain controller DNS setup is vital for Active Directory to work properly. Best practice dictates that each domain controller should be setup with a different DNS server as it's preferred DNS server, and and the loopback address (127.0.0.1) as it's alternate DNS server. If you have more than 2 DNS servers in your domain or forest, you should setup a pattern whereby they all have different primary DNS partners, so that each server is used as someone else's primary.

    If you have just 2 DC's

    DC1: 192.168.1.2
    DC2: 192.168.1.3

    Then

    DC 1 Static DNS should be: Preferred: 192.168.1.3 Alternate: 127.0.0.1
    DC 2 Static DNS should be: Preferred: 192.168.1.2. Alternate: 127.0.0.1

    If you have 3 or more DC's

    DC1: 192.168.1.2
    DC2: 192.168.1.3
    DC3: 192.168.1.4

    Then

    DC 1 Static DNS should be: Preferred: 192.168.1.3 Alternate: 127.0.0.1
    DC 2 Static DNS should be: Preferred: 192.168.1.4. Alternate: 127.0.0.1
    DC 3 Static DNS should be: Preferred: 192.168.1.2. Alternate: 127.0.0.1


    If you have more than one site, rely on AD Sites and Services to ensure replication occurs between the sites. If possible, do not point one site's DC's DNS to the other site's DNS. Each site should have two DC's, each having the other DC's IP as the preferred DNS all within the same site.

    This is done to ensure that each DC can find its replication partners.  Also, a server will reboot faster if an already up and running DC is providing DNS.

    Why should you use 127.0.0.1 vs. the IP of the server?

    127.0.0.1 is not just a different ip address to the machine ip address, it's a different interface as well. 127.0.0.1 should not be seen on the local network. It's a special internal IP address for the loopback adapter. The IP of the server on the other hand is assigned to the network adapter.

    Either/or will work, however best practice is to use the local loopback 127.0.0.1 as the IP will never change. Another reason is that using the local loopback does not initiate the network adapter drivers as it is a different interface adapter card

    Think of it as a different interface. A different network card.


    https://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx

    http://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-an-ad-domain-controller-and-why


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, September 14, 2017 4:51 PM
  • Hi,

    I'd like to check the current state of that issue .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 17, 2017 3:27 PM