locked
WSUS not picking up or checking in clients RRS feed

  • Question

  • Hello All,

    Recently I started working for a new organization who has a WSUS that is not functioning properly.  Long story short it looks like WSUS is not discovering new clients (which are administered by Group Policy on AD) and clients that are forcibly checked-in (manually) check-in only once and don’t check-in again.

    After some searching it appears that Microsoft in their infinite wisdom do not remove Windows Update reg values from cloned clients (which is the case here), so you have to remove them on your host machine before you use it as an image.  Unfortunately, it is too late and all the machine are already re-imaged and at their respective desks.

    So what I started with was manually removing the reg values from a clients forcing the machine to re-check in with WSUS, results are the client will be picked up once by WSUS and then it will never be re-checked again.

    I wanted to know if anyone else has these kind of problems and if so what did they do to rectify them?

    Please see image below regarding the machine check-in times.  Highlighted machine is my one which hasn't checked in as you can see in line with some other machines.

    Any help would be appreciated.

    Many thanks

    S14v



    • Edited by S14v Friday, October 16, 2015 1:29 PM
    Friday, October 16, 2015 1:16 PM

All replies

  • This helped Me...

    http://blogs.technet.com/b/sus/archive/2009/05/05/resolving-the-duplicate-susclientid-issue-or-why-don-t-all-my-clients-show-up-in-the-wsus-console.aspx

    Friday, October 16, 2015 2:14 PM
  • Hi,

    If you have reset SUSClientID on the clients and the issue persists, please check if the WSUS server has been updated to the latest version.

    WSUS 3.0 (SP2):     Build 3.2.7600.226
    WSUS 3.0 (SP2) + KB2720211:     Build 3.2.7600.251
    WSUS 3.0 (SP2) + KB2734608:     Build 3.2.7600.256
    WSUS 3.0 (SP2) + KB2828185:     Build 3.2.7600.262
    WSUS 3.0 (SP2) + KB2938066:     Build 3.2.7600.274

    Best Regards.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, October 19, 2015 9:29 AM
  • Hello RobScarffe,

    Thank you for your answer to the question.  I tried running the script in this link but unfortunately it didn't work.  I also tried running a script that was left in the comment section of this link and that didn't work either. Essentially the machines did not check-in after 24 hours after running these scripts.

    I think I may have several issues with the WSUS, one of them is most likely that the cloned machines have not had their reg entries removed as a part of imaging procedure (which I believe I have identified to be true).

    However, when I force the check-in for one of the machines that have had one of the identical reg values from clone host (and now have had that value removed manually) it checks in fine, however if I leave it for 24 hours or more it does not re-check back form the initial sync with WSUS. 

    This leads me to think there may be another problem in line with this one.  Maybe with IIS or SQL database.  However, after reading through Microsoft setup blurb they suggest not to mess around with the SQL database as you may do inadvertent damage that may not be recognisable until further down the line.

    I checked the ISS settings and they all seem to correspond to the Microsoft outlined spec, so I am struggling to think what may be causing this.

    Many thanks,

    S14v

    Monday, October 19, 2015 2:54 PM
  • Hello Steven_Lee0510,

    Thank you for your help, I did try to remove reg values but that only fixes things temporarily as the machines do not re-sync with WSUS on daily basis.

    Thank you for the version numbers of WSUS, that is very useful, I did notice that I seem to have a base build so will definitely try to update to the latest version of the patch.

    I will let you know if that has worked.

    Many thanks

    S14v 

    Monday, October 19, 2015 2:57 PM
  • What O/S is WSUS running on?

    wuauclt /resetauthorization has worked for me in the past - the time it didn't was when newly built clients suddenly stopped reporting in no matter what we did, in the end it turned out we were missing an update to WSUS on the server, installed that and they all started reporting in again.

    I'm scrabbling round looking for the update but can't find the KB at the moment (super helpful I know)

    *** UPDATE - hit submit and find the right KB moments later! https://support.microsoft.com/en-gb/kb/2720211

    • Edited by warden976 Monday, October 19, 2015 3:02 PM
    Monday, October 19, 2015 3:00 PM
  • Hello warden978,

    I am running on fully patched Server 2008 R2. I had a look at this update already and apparently this damages the SQL database & WSUS when you install it.  There were loads of people complaining that after running this update they could not get their WSUS running again.

    Here is one of the fix articles for this KB I came across:  http://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx

    Here are few with issues and complaints around this patch.

    http://blogs.technet.com/b/sbs/archive/2012/07/27/known-issues-after-installing-wsus-update-kb2720211.aspx

    https://community.spiceworks.com/topic/239337-kb2720211-destroy-your-wsus-try-this

    https://thwack.solarwinds.com/thread/49725

    I have really given up on this server as it was taking too long to troubleshoot and started a new server from scratch. I have now a clean server install but this 211 patch seems to be more trouble then its worth.

    Thank you for your help and suggestions,

    Regards

    S14v

    Thursday, October 22, 2015 1:36 PM