Some clients not connecting to WSUS server

Discussion in 'Update Services' started by amanclark, Jan 5, 2006.

  1. amanclark

    amanclark Guest

    Hello All,

    I run 2 WSUS servers for XP clients and Win2K clients at geographically
    remote locations. For the Win2k desktops I deliver the WSUS connection
    settings via zenworks netware group policy, for some of the remote XP
    machines I use the AD policy distribution and for some of the XP laptops
    (where the user is a local admin) I set the local machine policy. This works
    fine at the moment.

    However I've just had a large number of XP laptops come in with a new build
    where all the users have one of the restricted accounts and the local admin
    user has a different account with a unique password. This build seems to be
    unable to connect to the WSUS server as it doesn't show up. I can ping the
    WSUS server via IP and the domain name from the laptops so the link seems to
    be working fine.

    The other thing is that the user configuration policies seem to only have 3
    settings whilst the computer configuration policies have the normal amount of
    settings. I assume this is something to do with the limited user account
    being set up.

    Any idea what I'm doing wrong or what needs to be done to get these clients
    talking to the WSUS server?

    amanclark, Jan 5, 2006
    1. Advertisements

  2. 1. What SP level are these clients?

    2. Is the policy in place? Does the registry key at
    HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate reflect the
    correct application of the desired policy settings?

    3. The most common reason for 'not showing up' is that the client cannot
    communicate with the WSUS server. The most common reasons for not being able
    to communicate with the WSUS server are:
    (a) Absence of the necessary policy configuration to identify the
    WSUS server as the desired target.
    (b) (Mis)configuration of the proxy client or proxy server, when a
    proxy server is located in the path between the client and the WSUS server.

    The -best- diagnostic tool for a non-reporting client is the Client
    Diagnostic Tool. You can download it from Client Diagnostic Tool.EXE

    Post the results here for assistance in analysis.
    Lawrence Garvin \(MVP\), Jan 6, 2006
    1. Advertisements

  3. The absence of the registry key is bona fide evidence that a policy has not
    been properly applied.
    Which is not conclusive, as a status of "PASS" does not eliminate all
    possible errors.
    It would be better to troubleshoot your group policy problems, actually.
    However, in this case, there are no issues with your client configuration.
    Which also means that your inability to find the registry key at

    is -not- because the key is missing.
    Furthemore, the WUA client has successfully updated, and there's no evidence
    that the client cannot communicate with the WSUS Server.

    I'd venture a guess that these systems, which you describe as "a large
    number of XP laptops come in with a new build" were cloned from an
    improperly prepared master image, and you're most likely suffering from the
    duplicated SusClientId problem, which would specifically account for why
    these otherwise apparently perfectly operating clients are not appearing on
    your WSUS server.

    Review this article for further discussion and resolution of this quite
    common issue
    How do I fix the 'SusClientId' problem?
    Lawrence Garvin \(MVP\), Jan 10, 2006
  4. amanclark

    amanclark Guest

    This has indeed fixed the problem. The registry setting was there and I
    stupidly missed it the first time by misreading the key you posted, my
    apologies on that one... Thanks a lot for for time and patience Lawrence.

    I've put 2 and 2 together now and have hopefully got 4 so for posterity I'll
    try to fill in the blanks behind this fault:

    The problem seems to have arisen from the fact that the laptops were
    prepared using an imaging process to create a standard base build.
    Unfortunately the settings for the automatic updating were entered and the
    laptop managed to connect to the server and obtain a SUSclientID before the
    image was generated. This means that every laptop generated after this had an
    identical ID which caused problems when trying to connect to the WSUS server.
    amanclark, Jan 11, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.