Clients not showing, but getting updates?

Discussion in 'Update Services' started by JB, Oct 4, 2005.

  1. JB

    JB Guest

    I only have 54 of my 500+ computers showing in my WSUS server console. I have
    setup GP properly, as evidenced by the 54, I have the server set to NOT use
    client-side targeting so they should all show up as "Unassigned".

    I also have been told that 2 machines which do not show in the console have
    definitely pulled updates from this server, as they are Office Updates.

    The OS on the server is W2k, all other parameters are in line with

    Any ideas?
    JB, Oct 4, 2005
    1. Advertisements

  2. Are these 500+ computers (particularly the missing 446) clones of the same
    Lawrence Garvin, Oct 4, 2005
    1. Advertisements

  3. JB

    JB Guest

    Intersting that you should ask! We DO use Symantec Ghost so, in theory, the
    answer is yes, but some of the showing machines are using common images.

    For instance, we have one image for the IBM laptops, one for the Dell
    desktops and one for the Fujitsu tablets. The machines that show are a mix of
    these images, as are the ones not showing.

    That being said, where are you going with this?
    JB, Oct 4, 2005
  4. The single most common cause of these symptoms....

    Groups of your clients have identical SusClientId values, caused by being
    cloned from a common image, which contained a SusClientId value (and was not
    sysprepped with the -reseal option).

    The 'fix' is to delete the three values (SusClientId, AccountDomainSid, and
    PingId) found in the registry key

    and then restart the Automatic Updates service, WAIT 20 minutes for the AU
    service start to trigger a detection cycle, which will generate a new
    SusClientId (very important), and then force a detection cycle using
    'wuauclt /detectnow', which will then push the status reports to the WSUS
    server using the newly obtained SusClientId.

    If you do a search on this newsgroup for the keyword 'SusClientId' you'll
    find threads referencing a script written by Torgier Bakken (MVP Scripting -
    Norway), which will allow you to 'fix' this problem across all 500+ of your
    systems. If Torgeir is reading this thread (and he probably is), I imagine
    he'll post the links to the scripts within a few hours of this post.
    Lawrence Garvin, Oct 4, 2005
  5. Hi,

    If the computers are in an Active Directory domain:

    You can do it in a computer startup script (with a GPO) that runs as
    part of the boot up process (before the user logs in). It runs under
    the system context and has admin rights.

    The VBScript below will only delete the values once even if the script
    is run multiple times, by setting a registry marker.

    Set oShell = CreateObject("WScript.Shell")

    sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

    ' suppress error in case values does not exist
    On Error Resume Next

    ' check for marker
    sIDDeleted = oShell.RegRead( sRegKey & "\IDDeleted")

    ' to be sure values is only deleted once, test on marker
    If sIDDeleted <> "yes" Then
    ' delete values
    oShell.RegDelete sRegKey & "\AccountDomainSid"
    oShell.RegDelete sRegKey & "\PingID"
    oShell.RegDelete sRegKey & "\SusClientId"

    ' Stop and start the Automatic updates service
    oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
    oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True

    ' Run wuauclt.exe with resetauthorization
    sCmd = "%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
    oShell.Run sCmd, 0, True

    ' create marker
    oShell.RegWrite sRegKey & "\IDDeleted", "yes"
    End If

    WSH 5.6 documentation (local help file) can be downloaded from here
    if you haven't got it already:

    Torgeir Bakken \(MVP\), Oct 5, 2005
  6. JB

    JB Guest

    Excuse my ignorance, I do not script at all, my boss writes 'em I just

    Am I correct in my understanding: I copy this text and make a GP to run it
    before user logon. That's it? Really? LOL
    JB, Oct 5, 2005
  7. Hi,

    Yes, just put the text in a .vbs file and assign it as a logon script
    if the users are local admins, or assign it to a computer startup
    script (with a GPO) if they are not.

    Frequently Asked Questions About Logon Scripts

    Most of the things mentioned in the link above is relevant for computer
    startup scripts as well (see Q/A 9 "What about Logoff, Startup, and
    Shutdown scripts in Group Policy?").
    Torgeir Bakken \(MVP\), Oct 5, 2005
  8. JB

    jb Guest

    SWEET! Worked like a dream for my test machine. Now onto testing the rest of

    Thanks a bunch!
    jb, Oct 5, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.