Server not Appearing in WSUS Console

Background

In this post I will explain how I solved my problem when I had a server missing in wsus console.

I had just set up a new WSUS Server for a customer and deployed the GPO settings. The GPO contained the basic settings required to configure the clients, like servername, computer group and what update schedule to follow. Even though all settings were correct only some servers appeared in the console.

After some thorough troubleshooting I was sure that the GPO settings were correct but I still had the same issue. I had a feeling that something was wrong when I saw that a server in the console required updates but after signing on to the server and checking for updates, none were required.

This lead me into the registry to verify that the GPO had actually been applied on the server. The path to the values are HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate.

This is here I found the cause of the problem. I took note of the GUID vailue for SusClientId on the server and compared it to another server that was supposed to show in WSUS.
I immediately noticed that both had the same ID!

This caused an issue, where the first servers name would show up in the console, but it was actually the server that registered last that was being updated, showing up as the first one. Quite confusing!

Cause

In my case this was caused by a template being used to create the virtual machines using System Center Virtual Machine Manager. These values were present in the template even though the reference machine had run sysprep correctly.

The Process

Once we know that this is the cause of the problem we can easily fix it using a few lines and the command prompt. We need to stop the Windows Update service, delete the registry keys related to Windows Update agent on the server and re-register the server with WSUS.

net stop wuauserv 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f  
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f 
net start wuauserv 
wuauclt.exe /resetauthorization /detectnow 

This will do the following:

Stop the Windows Update service
Delete the PingID value, if it’s present
Delete the AccountDomainSid value, if it’s present
Delete the SusClientID value
Delete the SusClientIDValidation value
Start the Windows Update service
Re-register the server with WSUS

The server you ran this on should appear in the WSUS console shortly and start receiving updates from WSUS and report status.

Conclusion

This solution is a great place to start when troubleshooting WSUS and clients, if you are certain that your GPOs and configuration is correct.

To solve this for future VMs we had to create a new reference machine to use for template, but running the five first lines before doing the sysprep, to make sure that the SusClientId was removed.

I hope this helps you out!


Leave a Reply

Your email address will not be published. Required fields are marked *