• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Some PCs not contacting WSUS server

Red Squirrel

Red Squirrel

No Lifer
I've started to deploy WSUS to some OUs in our AD and while some PCs are picking it up and have started showing up in WSUS, a lot of PCs arn't picking it up at all. My policy is set to make sure the AU service is started, and I checked, and it is. I let this sit for several days and went through a few reboots of said machines, but for some reason they just don't show up.

What could cause this?

There is a root policy to disable windows updates but it's not enforced, and my policy is enforced. could it be some PCs are still getting the other policy even though mine is set to enforced? That would affect the whole OU though would it? Some of the PCs in said OU are working fine with WSUS.
 
1. Have you run gpupdate /force on the computer not showing up?
2. Have you checked the Automatic Updates applet in Control Panel to see if its greyed out with the correct selected AU options set?
 
AU settings look ok on the client. It's even pointing to the right server. I tried to restart the service, no go.

I tried gpupdate /force and wuauclty /force to no avail. I also made sure the firewall is turned off, though I don't think that would do anything as it's outgoing not incomming. anything else I should check?

I don't have physical access to these PCs which makes this a bit harder.
 
Were the machines created via a network image?

If they were, where they properly syspreped?

Whoot back to 1 post.
 
Yeah they're imaged. We use Desktop Authority, and it seems to have a sysprep feature to it. Is there a way to remotely verify the SID of a machine? I can maybe make sure there are no duplicates. Pretty sure it does change the sid though.
 
Here's something interesting. A machine was physically moved into our department (laptop) to be repaired by the tech, and lo and behold, it shows up now. does WSUS require any special setting on the switches to be enabled? I know there's a setting that is required for our PXE imaging system, I forget what the setting is, it is some kind of broadcast. Does WSUS require a setting like this?
 
RedSquirrel said:
Here's something interesting. A machine was physically moved into our department (laptop) to be repaired by the tech, and lo and behold, it shows up now. does WSUS require any special setting on the switches to be enabled? I know there's a setting that is required for our PXE imaging system, I forget what the setting is, it is some kind of broadcast. Does WSUS require a setting like this?
Click to expand...

No. However it makes me think that the remote machines are having a hard time getting back to the WSUS server. WSUS runs from GPO (as you know) and then uses HTTP requests get files, register etc.

Is there some reason that the WSUS machine would be unreachable from a remote network segment?

PS here we go: Display the SID's

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

You can use that with psexec to remotely access a command line.

Duplicate SID's will make machines appear and disappear from WSUS.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top