locked
Deleted computers still updates, without reporting RRS feed

  • Question

  • Hi.

    I have found that if, by mistake or by choice, a computer is deleted from the concole, it still connects successfully to get the updates selected.

    All this happens in the background with no chance to follow what versions that specific computer has from the WSUS console.

    Also, it doesnt reregister itself when I run a Check for updates unless I at first have run the command wuauclt /ResetAuthorization /ReportNow.

    Another strange behavior is that if I delete the registry value SUSCLientID in the registry and run Check for update all works as if it wasnt deleted. The value doesnt reappear even after an update?

    Is this behavior by design or is this a bug that has a fix?

    Is there any way to force a client to reregister itself to the WSUS server?

    Mikael

    Tuesday, November 11, 2014 4:07 PM

Answers

  • I still have a question about the fact that WSUS allows a "deleted" client or a client with a deleted Registry key value (SUSClientID) to check for and install updates.

    WSUS doesn't allow or not allow anything. If you've configured a client to get updates from a WSUS server it will get updates from that WSUS server until you configure it to NOT get updates from that WSUS server. Pretty simple, actually. :-)

    We have the need to know wich patches are installed on a client.

    If a "deleted" client is allowed to check for and install updates from the WSUS without reporting it anywhere we would experience huge problems in the future.

    This scenario is impossible. A client that gets updates from a WSUS server *always* reports compliance status to that WSUS Server.

    HOWEVER, in the case where you have duplicated SusClientIDs, you just can't see it in the console because of the duplicate SusClientID. Eliminate the problem, and the client will reappear.

    Another question I have regarding the SUSClientID in the registry is when it is set for the first time?

    It is set the very first time the WUAgent communicates with a WSUS server. You can actually see this in the WindowsUpdate.log of a new client.

    Except in the case where you've cloned a machine from an image that already contains a SusClientID (which is how duplicate SusClientIDs get created). In that case, it is "set" at the moment of cloning.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Wednesday, November 12, 2014 5:47 PM
  • Hi Mikael,

    If have deleted the SUSClientID, please use the command below to reset the SUSClientID.

    • net stop wuauserv
    • net stop bits
    • net start wuauserv
    • wuauclt.exe /resetauthorization /detectnow

    After that, please try to update again.

    If the client is still not shown in the console, please post the windowsupdate.log here. It may give some hints.

    Best Regards.



    Steven Lee

    TechNet Community Support


    Wednesday, November 12, 2014 11:42 AM

All replies

  • Hi Mikael,

    If have deleted the SUSClientID, please use the command below to reset the SUSClientID.

    • net stop wuauserv
    • net stop bits
    • net start wuauserv
    • wuauclt.exe /resetauthorization /detectnow

    After that, please try to update again.

    If the client is still not shown in the console, please post the windowsupdate.log here. It may give some hints.

    Best Regards.



    Steven Lee

    TechNet Community Support


    Wednesday, November 12, 2014 11:42 AM
  • Hi Steven and thank you, that fixed the initial problems for me, deleted client in the console and deleted registry key value.

    I still have a question about the fact that WSUS allows a "deleted" client or a client with a deleted Registry key value (SUSClientID) to check for and install updates.

    We have the need to know wich patches are installed on a client.

    If a "deleted" client is allowed to check for and install updates from the WSUS without reporting it anywhere we would experience huge problems in the future.

    Another question I have regarding the SUSClientID in the registry is when it is set for the first time? Is it when the first check for updates are done?

    We use MDT to install clients and dont want to run a update of the client during the installation but want to ensure that the client are connected to the correct WSUS server and TargetGroup, ready to check for installations manually.

    Mikael

    Wednesday, November 12, 2014 3:52 PM
  • If have delete the SUSClientID, please use the command below to reset the SUSClientID.

    • net stop wuauserv
    • net stop bits
    • net start wuauserv
    • wuauclt.exe /resetauthorization /detectnow

    Worthy of note, it's not necessary to stop/start any services to reset the SusClientID; only to run the proper WUAUCLT command.

    It seems to me that Mikael is using an incorrect syntax, which likely accounts for nothing happening.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Wednesday, November 12, 2014 5:43 PM
  • I still have a question about the fact that WSUS allows a "deleted" client or a client with a deleted Registry key value (SUSClientID) to check for and install updates.

    WSUS doesn't allow or not allow anything. If you've configured a client to get updates from a WSUS server it will get updates from that WSUS server until you configure it to NOT get updates from that WSUS server. Pretty simple, actually. :-)

    We have the need to know wich patches are installed on a client.

    If a "deleted" client is allowed to check for and install updates from the WSUS without reporting it anywhere we would experience huge problems in the future.

    This scenario is impossible. A client that gets updates from a WSUS server *always* reports compliance status to that WSUS Server.

    HOWEVER, in the case where you have duplicated SusClientIDs, you just can't see it in the console because of the duplicate SusClientID. Eliminate the problem, and the client will reappear.

    Another question I have regarding the SUSClientID in the registry is when it is set for the first time?

    It is set the very first time the WUAgent communicates with a WSUS server. You can actually see this in the WindowsUpdate.log of a new client.

    Except in the case where you've cloned a machine from an image that already contains a SusClientID (which is how duplicate SusClientIDs get created). In that case, it is "set" at the moment of cloning.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Wednesday, November 12, 2014 5:47 PM