WSUS Clients Not Connecting
I write a lot about WSUS because I think it is a necessity for any network with Windows servers or clients. It is typically pretty easy to setup but occasionally you will run into some issues. Out of all of the WSUS issues I hear about and directly experience (and trust me, I manage a LOT of WSUS servers) the most common problem I hear is when the computers in a network simply don’t connect to the WSUS server.
Here are a few items which are the most typical causes to this problem:
Lack of Patience
This is the number one overall issue I see. WSUS is built upon a technology that is by no means instant. It takes some time for updates to download, it takes some time for Group Policy Objects to apply, and it takes some time for computer to report in to WSUS in general. That being the case, if you have just installed WSUS and are looking at this article two hours later because computers aren’t reporting in, then you most likely haven’t waited long enough. I generally tell people to wait as long as two days after installing WSUS to start looking into why individual clients aren’t reporting.
Group Policy Issues
One of the simpler problems is that either the Group Policy Object for configuring the automatic update service is not being applied or it is misconfigured. At a minimum, your GPO should be configured so that it points the automatic update service to download from the WSUS server. Make sure you don’t have any typos in this path.
You can make sure that your GPO is being applied to the computer in question by typing GPRESULT into a command prompt on one of the machines in question. Remember, the Group Policy setting for configuring automatic updates is to be applied to computer objects, not users.
Client Requirements
WSUS clients must be Windows 2000 SP3, Windows XP, or Windows Server 2003 in order to take advantage of WSUS. I’ve seen lots of cases where someone would tell me a bunch of their workstations weren’t reporting in and updating only to find out they were Windows 2000 SP2 or something like that.
Imaged/Cloned Computers
In some network most if not all of the workstations were deployed with system images via Acronis, Ghost, or some similar program. If that’s the case, there is a good chance that the WSUS ID, a unique identifier found in the registry of every computer on your network, was not regenerated. These WSUS IDs are generated based upon the SID of a computer. If you configured your image so that it would generate a new SID upon pasting then you likely won’t have this problem, but this step is commonly forgotten. The WSUS ID is stored in these three registry keys:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAccountDomainSid
HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdatePingID
HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateSusClientId
In order to generate a new WSUS ID, you will need to delete these keys on the client machine in question. After doing this, restart the Automatic Update service and run the command “wuauclt.exe /resetauthorization /detectnow. You should see the computer in the WSUS console shortly after that.
This process may seem a bit too manual when you have to perform it on multiple computers, so there is a VB script that can automate this a bit. You can download this script here: http://www.vbshf.com/vbshf/forum/forums/thread-view.asp?tid=199&start=1. You can simply download this script and perform the aforementioned steps remotely by just entering the computer name.
This covers a few of the most common reasons clients don’t report in. Obviously, there is no way to cover every possibly avenue, but hopefully this will eliminate some of the more common possibilities. As always, I respond to direct WSUS questions via e-mail. Also, the WSUS forums over at http://www.wsus.info/ are a great community driven resource for figuring out issues like this.
Cheers for this article! It has sorted my problem with the clients on WSUS.
I have had this WSUS 3.0 sp1 server in place for several months now and it was working great. All of a sudden about a month ago, clients stopped reporting to the server.
On a few clients, I have tried the wuauclt.exe /resetauthorization /detectnow. No computers on the network(only 10) have been imaged via ghost or any type of cloning system. They have all been built manually.
Should I reinstall the WSUS server or is there a fix I can perform on the server itself to get the clients to report? Thanks.
-R
which command is used when the client computers not able to connect to WSUS ?
Dear Sir,
This is Elavarasan, i installed WSUS on DC [AD]. updates, patches, SP all are downloaded on WSUS Server [ Windows server 2003 Enterprise Ed x64 bit ].
But in my WSUS server the Client computers are not showing.
All clients PCs are Windows XP SP1 or higher,
So pl. help me out, how to connect the client computer and updates on it.
Note : All the Clients PCs are in the workgroup [ i.e. abc ] but WSUS Server on DC [ i.e. abc.x.com ]
i am waiting for your reply ASAP
Thanks and Regards
Elavarasan. M.S.
SOME ONE PLEASE HELP ME!!!! I can not connect my client computers to the WSUS server for the last two weeks I have been banging my head and trying to find the answer on one of these forums and nothing seems to be working!!!
Please hit me back if you can help.
Making sure you set your computer listed in correct group or WSUS GPO will not apply it to. Thank you very nice.
Thanks a lot for your really useful piece of advice. You helped me to solve a long-standing problem with 8 computers that we had bought with a preinstalled system in the same time.
Thanks for this great article! I have over a hundred servers to fix and would like to use the VBS script. However, the link above seems to be broken. http://www.vbshf.com/vbshf/forum/forums/thread-view.asp?tid=199&start=1
Is there an alternate location for this?
Thanks so much!