Windows Client(s) not ‘appearing’ in WSUS

KB ID 0000591 

Problem

Before you start troubleshooting clients, how long have you waited? I usually setup and configure WSUS up at the start of a job, then leave it alone for a few DAYS, before I start worrying.

Here are the steps I usually follow to get the machines listed in the WSUS management console.

Solution

Before doing anything further, simply try running the following two PowerShell commands, (on the problem client,) and then waiting for a few hours;

[box]

$updateSession = new-object -com "Microsoft.Update.Session"; $updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates

wuauclt /reportnow

[/box]

 

 

1. Assuming you are deploying your WSUS settings by GPO, make sure the machine in question is actually trying to apply the policy, you can do this by running rsop.msc like so:

Or by running gpresult /R from command line

Note: If you cannot see Computer Policy / Computer Settings, i.e. you can only see user settings, then you are probably not running the command window as ‘Administrator’ (Locate cmd.exe > right click > Run as Administrator).

2. If you are enforcing by GPO, or directly via registry edit, your next step is to check that the registry entries exist. Start > In the Search/Run box type regedit {Enter}. Navigate to:

[box]HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows > WindowsUpdate[/box]

3. Start > In the Search/Run box type services.msc {enter} Locate the Windows Update service and ensure it is running.

4. Then locate the Background Intelligent Transfer Service and make sure that’s also running.

5. To make sure the client can see the WSUS website, open a browser window, and navigate to http://{name-of-the-wsus-server}/iuident.cab and make sure you can open/download the file.

6. If all the above is OK, you can try forcing a registration with the following command;

[box]wuauclt /detectnow[/box]

7. All update events are being logged, you can find the log at c:windowsWindowsUpdate open the file with notepad.

8. Scroll all the way to the end, then work upwards looking for errors.

9. Sometimes if you image a machine (Or clone a VM) it keeps it’s unique update ID, if this happens then the first machine with this ID to register gets listed, and all the rest do not. To find out if this is your problem, locate and stop the Windows update service on an affected client.

10. Open the registry Editor and navigate to:

[box]HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > WindowsUpdate[/box]

Locate and delete the SusClientId entry.

11. Restart the Windows Update service and run the following two commands:

[box]wuauclt /resetauthorization /detectnow<br /> wuauclt /reportnow [/box]

Update 16/06/15

Received via Email from Patrick Mauger:

You can add an incorrect binding in IIS to the site WSUS Administration.

You need to add a binding for port 80, because the only ports configured are 8530 and 8531.

Related Articles, References, Credits, or External Links

Windows Server Update Services – Install and Configure (2008 R2)

WSUS Install Error – ‘The update could not be found. There may be a network connection issue.

Message ID 6600: sms wsus configuration manager failed to configure upstream server

WSUS Install Error on Windows Server 2008 R2

Error sqlservr.exe is using too much memory

KB ID 0000190 

Problem

Seen on SBS 2008 with WSUS.

The Windows internal database (the one used by WSUS) has no memory reservation limit, so it can use as much as it wants, this is a BAD thing!

Your server will struggle because the following consumes to much memory.

SQL/MSSQL$MICROSOFT##SSEE

Solution

1. Click Start > In the search/run box type CMD {enter}.

2. At command line issue the following commands,

    1. [box]
sqlcmd -S .pipemssql$microsoft##sseesqlquery -E
sp_configure ’show advanced options’, 1;
reconfigure;
go
sp_configure ‘max server memory’, 512;
reconfigure;
go
exit
[/box]

Related Articles, References, Credits, or External Links

NA

Windows Server Update Services – Install and Configure

KB ID 0000592

Problem

Windows Server Update Service or WSUS, (previously called SUS Software Update Services) was an additional download that you could use to let one or more servers in your organisation handle the updates for your Windows clients and Microsoft applications.

With Server 2008 R2, it is now included as a server ‘role’ rather than a download. It’s a great tool for centrally managing and reporting on your network’s update status, and if you do not allow your clients web access, lets you update them without punching holes in your firewall. Also it saves all your clients pulling their updates from Microsoft, and hammering your internet connection.

Solution

WSUS Prerequisites

Before you start, make sure the server you are going to use is fully updated. You will also need 6GB (Approx) to hold the updates.

Step 1 Add and Configure the Windows Server Update Services Role

1. On the WSUS Server run the ServerManager (CompMgmtLauncher.exe) > Roles > Add Role > If you see the “Before you begin page” click Next > Select “Windows Server update Services” > At this point if IIS is not installed it will ask to add the required role service > Let it do so > Next.

2. Next > Next > Next > Install > During the install the WSUS Setup Wizard will start > Next > Accept the EULA > Next > Specify a location to store the updates > Next.

3. You can choose an existing Database or click next to install and use SQL Express > Choose your web site settings > Next.

Note: The default setting will install and configure web services on TCP Port 80 (http). If you have another service or program using that port you will have a problem, (i.e. a program that uses Apache web server, or UPS software that has a management console on port 80, etc). If you choose the second option it will set the site up on TCP port 8530 for http and 8531 for https.

4. Next > Finish > Now the configuration wizard will open > Next > Next > If you are going to pull your updates from another WSUS server enter it here > If not click Next > If you need to enter proxy server details do so > Next > Click “Start Connecting” (this can take a while > Next.

5. Select the languages you want to download > Next > Select the products you would like to download updates for > Next.

6. Select the ‘Classifications’ (types of update) you want to serve > Next > Set your sync schedule (I usually do this once a day) > Next.

7. Next > Finish > Close.

Step 2 Group Policy Settings for WSUS Clients.

Remember these policies are Computer Policies NOT User Policies, you need to link the GPO to your computers, If you link it to an OU containing users nothing will happen!

1. On a domain controller > Start > Administrative Tools > Group Policy Management > Locate the OU containing your computers > Right click and create a new GPO.

2. Give the GPO a name > The Edit the new GPO > Navigate to:

3. Edit the settings on the right to suit your requirements. > Close the group policy editor Window, (to see what settings I usually set see the video above).

4. You clients will get these settings next time they boot, after a maximum of two hours, or after you run “gpupdate /force” on them.

5. If you check your clients you will see their Windows Update settings are now “Grayed Out”

Step 3 Configure Windows Server Update Services.

1. WAIT a while before returning to the WSUS server to configure it, (I typically wait a few days). Assuming your computers are now appearing in the “Computers Section” you need to either manually approve the updates or set them to automatically update.

If your computers fail to ‘appear” see Windows Client(s) not ‘appearing’ in WSUS

2. If you want to simply “Auto approve” all new updates then navigate to Options > Automatic approvals > And Select the “Default Automatic Update Rule” > Click the Hyperlinks in the rule to edit them > Apply > Run Rule > Select ‘Yes’ to save and run.

3. If you want to create computer groups and roll out updates in a more staged manner, you can create different computer groups, and add your computers to those groups.

4. If you want to manually approve updates navigate to Updates > All updates > Select the “Unapproved” updates > Right Click > Approve > Select your computer groups as appropriate.

Note: You can select mass select the updates by holding down Shift, or individually by selecting them while pressing Ctrl.

Related Articles, References, Credits, or External Links

Windows Client(s) not ‘appearing’ in WSUS

WSUS Install Error – ‘The update could not be found. There may be a network connection issue.’

Message ID 6600: sms wsus configuration manager failed to configure upstream server

WSUS Install Error on Windows Server 2008 R2