locked
Some WSUS clients are not displayed on WSUS console RRS feed

  • Question

  • Hi,

    we deployed WSUS on Windows Server 2019. The servers (as WSUS clients) get the settings for updates using GPOs in the domain.

    Although some servers have the identical settings, they will not listed in the WSUS console.

    What is the issue here?

    Best regards

    Birdal

    Wednesday, July 31, 2019 7:57 AM

Answers

  • Hi,

    the issue was completely different.

    We use GPO for WSUS groups. It seems so that GPO on the domain level applied too late (3-4 days) to WSUS clients.

    Now they are listed in the WSUS groups on WSUS machine.

    Best regards

    Birdal

    • Marked as answer by _Birdal Friday, October 11, 2019 7:15 AM
    Friday, October 11, 2019 7:14 AM

All replies

  • Hi Birdal,
      

    If these clients use images of the same clone machine, this is likely to cause duplicate update IDs for these clients. If this happens then the first machine with this ID to register gets listed, and all the rest do not. The following steps can be used to solve this problem:
      

    1. Remove the affected devices from the WSUS console.
    2. On the affected clients, run the following command with the promoted CMD:
        
      net stop bits
      net stop wuauserv
      reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
      reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
      reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
      reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
      rd /s /q "C:\WINDOWS\SoftwareDistribution"
      net start bits
      net start wuauserv
      usoclient.exe startscan %For Windows 10%
      wuauclt /resetauthorization /detectnow %For others Windows%

        
    Reply back with the results would be happy to help.
       

    Regards,
    Yic


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 1, 2019 1:54 AM
  • Hi Yic,

    no, the deleting of IDs, service restarts by using this script did not help.

    Only thing it helps, click to check Updates ( 3- 4 times) and then the communication between client and new WSUS servers are there. After the installation of updates on client, the client appears on WSUS console.

    But that is really a very bad workaround. Consider that we have many servers in our enviorment.

    Best regards

    Birdal

    Thursday, August 1, 2019 11:30 AM
  • Only thing it helps, click to check Updates ( 3- 4 times) and then the communication between client and new WSUS servers are there. After the installation of updates on client, the client appears on WSUS console.

    Hi Birdal,
      

    I may have misunderstood what you are experiencing. According to your description, I noticed that you said the behavior of installing updates, so have you approved any updates for these clients? If so, is the problem you are experiencing that these computers are not displayed in the list of computers that need to be updated?
      

    To put it another way, first of all, I want to know if these computers can be found under the "Any" status of the "All Computers" list.
      


       

    If you do not find the computer you mentioned under such screening conditions:
       

    1. Check if the group policy for WSUS has been applied correctly on these computers?
    2. Try to access the WSUS site on these computers:
      > http://WSUSServerFQDN:8530/selfupdate/iuident.cab
      If the WSUS server can connect normally, you should see a File Download window opening.
      If you receive any error, the computer may not connect to the WSUS server.
         

    Reply back with the results would be happy to help.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 2, 2019 2:27 AM
  • As Yic mentioned,

    Running the client side script on the entire set of systems that are not working is the answer. An explanation of why and what each line does is in my blog post here:

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Thursday, August 8, 2019 5:16 AM
  • Hi,

    I was long time not in office.

    I will check it.

    Bye

    Birdal

    Tuesday, October 1, 2019 6:35 AM
  • Hi,

    the issue was completely different.

    We use GPO for WSUS groups. It seems so that GPO on the domain level applied too late (3-4 days) to WSUS clients.

    Now they are listed in the WSUS groups on WSUS machine.

    Best regards

    Birdal

    • Marked as answer by _Birdal Friday, October 11, 2019 7:15 AM
    Friday, October 11, 2019 7:14 AM