Handful of WSUS clients started contacting wrong server port.

Discussion in 'Update Services' started by Justin Reckner, Feb 20, 2009.

  1. I set up a WSUS server a few weeks ago. Currently 125 machines look to it to
    download updates. Everything is working fine, except for with 6 or so
    machines. These 6 machines are for some reason trying to contact the server
    on port 8530, when our WSUS server is on port 80. I have no idea why these
    few machines are attempting to use port 8530. They initially did contact &
    report to the WSUS on port 80, as they sucessfully downloaded and reported
    for the first week or so. Then all of a sudden stopped. Only after I looked
    into the client side windowsupdate.log file did I notice they were using the
    incorrect port.

    How can I force them to use port 80 again? I am using Group Policy to
    distribute theWU/WSUS settings.

    Thanks in advance,
    Justin
     
    Justin Reckner, Feb 20, 2009
    #1
    1. Advertisements

  2. Well, the most likely cause is that they're either getting a different
    policy applied, or they're not getting the desired policy applied.
    Verify all of your policies are properly configured.
    Verify the correct policies are linked to the OU(s) containing these six
    machines.
    Verify that there is no security filtering in place.
    Verify that these six machines actually belong to the intended OU.

    Refresh Group Policy on the client and then use gpresult or rsop to verify
    the policies being applied. If the value is still incorrect, use rsop to
    determine where that setting is coming from.



    --
    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)

    MS WSUS Website: http://www.microsoft.com/wsus
    My Websites: http://www.onsitechsolutions.com;
    http://wsusinfo.onsitechsolutions.com
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
     
    Lawrence Garvin \(MVP\), Feb 22, 2009
    #2
    1. Advertisements

  3. Thanks for the reply. I used gpresult & rsop to verify all policies are
    being applied as should be, and that no policies are conflicting in any way.
    From what I can tell, everything looks good and is as intended.

    I went into local computer policy on one of the machines and manually
    pointed it towards our WSUS server and it started communicating just fine. I
    removed the local policies I had configured, restarted the machine, and it
    stopped communicating with the WSUS server again.

    I then decided to dig through the registry and see what values were in
    there. I assumed they would be the same as whatever I set in group policy,
    but sure enough the WSUS server in the registry was set to use port 8530. I
    deleted the keys, refreshed group policy, rebooted the machine, and now
    everything works. Double checked the registry and the port 8530 reference
    was gone as it should be. Unfortunately, I have no idea how or why that
    happened - but at least I know how to fix it now.

    Thanks for pointing me in the right direction,
    Justin
     
    Justin Reckner, Feb 23, 2009
    #3
  4. An observation that confirms my first theory -- somethin' ain't right.

    Yet another piece of evidence indicating that the group policy is not
    configured correctly, not applied correctly, or is conflicting with another
    group policy.

    The question, then, is: Why wasn't group policy properly refreshing
    automatically? It would appear that your forced policy refresh properly
    updated the registry.

    One possibility is that the ACLs on the registry keys had been modified and
    the process that handles policy refreshes could not overwrite the keys. Your
    deletion of the keys would have destroyed any such ACLs, allowing the policy
    refresh to create new keys with the correct ACLs.

    Another possiblity is that the auto-refresh is not running correctly. At a
    minimum I'd suggest verifying that policies are properly refreshing every 90
    minutes as they should be. Test this by changing a benign value in your
    policy (e.g. the restart or reprompt delays), and verifying that the
    registry is properly updated within 2 hours.

    --
    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)

    MS WSUS Website: http://www.microsoft.com/wsus
    My Websites: http://www.onsitechsolutions.com;
    http://wsusinfo.onsitechsolutions.com
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
     
    Lawrence Garvin \(MVP\), Feb 23, 2009
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.