XP sp2 client not showing up

Discussion in 'Update Services' started by Mike, Jun 8, 2005.

  1. Mike

    Mike Guest

    I have one XP sp2 workstation in our production environment, all the rest
    are 2000 pro. All the 2000 computers are showing up in the WSUS console
    under their respective group. I am using group policy and all computers
    including my XP machine, are in the same OU. I checked the XP's window
    update log and am not seeing any communication with the WSUS server. I was
    able to connect the the WSUS server via a web browser to the two cab files.
    I also have the Windows Firewall turned off on this XP machine. The
    detection interval is setr for every 1 hour for the GP on that OU. Anything
    else I can check on this XP machine?
     
    Mike, Jun 8, 2005
    #1
    1. Advertisements

  2. I finally found an answer out there. And it worked. Thank you Sergei

    To give credit, here is the link with the text at the bottom.
    http://techrepublic.com.com/5208-6247-0.html?forumID=12&threadID=157166&messageID=1663085

    Hi all

    I also trap to this problem. After deep Internet investigation I found only
    one solution that eliminate this problem. Author recommended run following
    command.

    sc sdset wuauserv
    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSW
    LOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

    Unfortunately this settings does not work on next day. I assumed that this
    problem occured as a result of an GPO was applied everyday in my network. I
    compare results of

    sc sdshow wuauserv

    in both cases: when problem occured and with worked one. I found that only
    one chanhge is enough for success.

    Bad Security descriptor:
    D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCDCLCSWRPWP
    DTLOCRSDRCWDWO;;;SY)

    Worked one:
    D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)
    (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)

    As you can see difference is only in one permission. I think new version of
    wuauserv required "Authenticated User" with read permission not "Interactive
    User".

    To solve this problem I use GPMC snap-in and find the place where this
    permissions can be added. In my case it was Default Domain Security policy.


    Start->Administrative Tools->Active Directory Users and Computers->Right
    Click on domain -> Select Properties-> Select Group Policy

    In Group Policy Snap-in open folowing
    Computer Configuration -> Windows Settings -> Security Settings -> System
    Services

    Select Service named Authomatic Updates and click properties.

    Click Edit Security and Just add Authenticated Users with read permissions
    to Group or user names.

    Don't forget run gpupdate on your target computer.

    Have fun

    Sergei Podnos

    Tech Dept Manager
    MIIK Ltd.
    Microsoft Certified Partner
    Kharkiv
    Ukraine
     
    Michael J. Davis, Jun 8, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.