Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tuesday, October 28, 2008 10:48 PM
I have a network with approx. 120 machines on it and WSUS only reports 90. The machines that are not reported in WSUS are in the proper OU so they are getting the Group Policy they should to tell the machines to call the WSUS server. I login to each workstation and type in CLI wuauclt.exe /detectnow and then the machine appears in the WSUS console, but then the amount of machines in the list does not, so I do a comparison of the list of machines before I run this command on an offending machine and after and I find that the machine that I just typed in the command replaces a machine in the list with a machine that had the command ran on it recently. DO you have any suggestions for this issue so I can track all the machines updates in WSUS more effectivly. Thanks.
Thursday, October 30, 2008 5:16 PM ✅Answered | 11 votes
This is caused because those 30 machines are "clones" of 30 other (or more) machines already reporting,
and have duplicated SusClientID values.
Please delete the "SusClientID" and "SusClientIDValidation" registry values in the key
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
and then restart the Automatic Updates service.
You'll need to perform this at each of the clients that are not appearing in the console until all 120 appear individually.
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
Thursday, October 30, 2008 7:52 AM
Hi,
I'd like to suggest you install WSUS SP1:
Download details: Windows Server Update Services 3.0 SP1
If you have patched your WSUS 3.0 with SP1, Please check the IIS for the virtual directory "selfupdate" under WSUS Adminitrator website.
If it did not exists, please manually create the vitural directory(the default local path should be C:\Program Files\Update Services\Selfupdate) in IIS and giving it anonymous access.
Then restart the Windows Update Service.
Hope this helps.
Thursday, October 30, 2008 4:04 PM
I appreciate the prompt response, Though my WSUS is already at SP1 and I did check to see if that Virtual directory existed and it did and it is pointing at the path you specified. So Given these facts, I need additional advice, as this problem is occurring even under the recommendations you have specified since these reccomendations were already applied when the problem began. I eagerly await furthur help. Thanks to all.
Friday, October 31, 2008 8:08 PM
That took care of it, Thanks so much. I didn't have to go to each machine either I just created a wmic script and I did everything remotely. But it works. Thanks again.
Wednesday, November 12, 2008 9:19 PM
I am having the same issue and we're about to run the reg edits on our 300+ computers. I am currently only able to view 67 of the computers in the console. The question I have is; as I go thought and delete the registry setting, shouldn't I begin to see the number of computers on the console growing from 67 to 300+??
Friday, November 14, 2008 4:47 PM
Yes. As you delete the reg keys and the detection is run on each client, that client will then create a new ID entry in the database, which will result in the addition of a new computer to your reporting.
This, of course, assumes that duplicate SusClientIDs is your only issue,
or that it's your actual issue to begin with.
There are several reasons why machines may not be reporting. The key component of this ID question is that the number of computers in the reporting screen is limited, but that the actual machines reporting is ever-changing. Be sure that this is your actual scenario, and not that you simply have 233 machines that have data communications failures for other reasons.
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
Wednesday, February 24, 2010 9:08 PM
Is there an automated way to apply this to all machines in the domain so that all computers will require a new ID?
Thursday, February 25, 2010 6:28 PM | 1 vote
Is there an automated way to apply this to all machines in the domain so that all computers will require a new ID?
Upgrade to WSUS 3 SP2, which will cause all WUAgents to upgrade to the v7.4 build, which has built-in code to detect and remediate duplicate SusClientIDs.Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
Monday, March 1, 2010 10:50 PM
Thank you! However, I've realized that I'm currently running, Version 5.2 (build 3790.srv03-sp2-gdr.090805-1438 : Service Pack2)
Should I still run the upgrade?
Tuesday, March 2, 2010 10:59 PM
Thank you! However, I've realized that I'm currently running, Version 5.2 (build 3790.srv03-sp2-gdr.090805-1438 : Service Pack2)
Should I still run the upgrade?
Please do not confuse the version of your Windows Server 2003 Operating System with the version of Windows Server Update Services.Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
Monday, March 8, 2010 3:18 PM
I am having the same issue, but when I try to run the Reg fix, I actually see the computers that were responding disappear. So instead of my count going up like I'd expect from the registry fix, my count actually went down. I also saw that the SusClientIDs came back as I'd expect after restarting the service. Now it looks like I'm missing a group of servers. It looks like they are actually talking to the GPO and WSUS, but they aren't showing up in WSUS. Any ideas? I'm at a loss.
By the way, I'm running WSUS 3 SP2.
Thanks,
Mike
Monday, March 8, 2010 4:00 PM
I am having the same issue, but when I try to run the Reg fix, I actually see the computers that were responding disappear. So instead of my count going up like I'd expect from the registry fix, my count actually went down.
This suggests that something you're doing in your "reg fix" is breaking the functionality of the WUAgent and now it's not reporting at all.
Standard diagnostics apply:
On x86 machines, run the Client Diagnostic Tool to verify the client can communicate with the WSUS server.
On x64 machines, or where Step #1 produced no useful information on x86 machines, inspect the WindowsUpdate.log to determine the actual behavior of the WUAgent.Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
Tuesday, June 8, 2010 5:53 PM
I am having the same issue, the disappearing computers, when I delete the "SusClientID" and "SusClientIDValidation" registry values the computers still do not show up.
On a few I deleted the entire WindowsUpdate and that has worked for all but one of the computers in my test lab. Does deleting the entire Windows Update tree cause other problems I am not aware of?
Is there a way to forcibly add a computer to WSUS?
Tuesday, June 8, 2010 7:43 PM
I am having the same issue, the disappearing computers, when I delete the "SusClientID" and "SusClientIDValidation" registry values the computers still do not show up.
On a few I deleted the entire WindowsUpdate and that has worked for all but one of the computers in my test lab.
Then presumably duplicate SusClientIDs is not your problem.
I would suggest starting a NEW thread describing YOUR problem and we'll apply the appropriate analysis to YOUR problem, rather than trying to pigeonhole this two year old thread which applies to an entirely diifferent version of the product onto your situation -- which hasn't even properly identified the *problem* as of yet.
Does deleting the entire Windows Update tree cause other problems I am not aware of?
Hard to say; there is insufficient information describing your environment to determine whether deleting a registry key will or will not have any significant impact on your environment, and I'm in no position to evaluate what you are or are not aware of with regard to the functionality of the WSUS and Windows Update Agent.
For further analysis, start a new thread -- since this is apparently a NEW issue -- and provide the details of your particular situation and environment.
Is there a way to forcibly add a computer to WSUS?
No.Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
Wednesday, October 27, 2010 1:17 PM
This is caused because those 30 machines are "clones" of 30 other (or more) machines already reporting,
and have duplicated SusClientID values.Please delete the "SusClientID" and "SusClientIDValidation" registry values in the key
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
and then restart the Automatic Updates service.You'll need to perform this at each of the clients that are not appearing in the console until all 120 appear individually.
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
We are having this problem as well, despite being told that WSUS 3 SP2's self update should generate a new ClientID automatically. Our VM's are sysprepped, shouldn't that clear the ID's out?
Wednesday, October 27, 2010 5:09 PM | 1 vote
Our VM's are sysprepped, shouldn't that clear the ID's out?
No. Sysprep clears out SYSTEM IDs; the SusClientID is an APPLICATION ID outside the scope of sysprep.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
Wednesday, October 27, 2010 5:26 PM
So then the fault lies with WSUS 3 sp2 for not identifying duplicate ID's. We have added a script to our sysprep procedures to remove the registry settings and restart automatic updates, which seems to be working.
Thanks for letting me know that, I was under the impression that registry settings and software that was specific to the PC was cleaned out during Sysprep. We will have to be more careful.
Thursday, October 28, 2010 3:42 PM
So then the fault lies with WSUS 3 sp2 for not identifying duplicate ID's.
Not really. The ID is a client-side identifier. It's a primary key in the database. It is impossible for WSUS to identify a 'duplicate' ID, it assumes the computer reporting with a given ID is the computer that belongs to that ID. The fault, if any, lies with the admin who prepared the image by not being familiar with the steps necessary to prepare that image. As noted, because sysprep only removes SYSTEM identification values; any APPLICATION values need to be removed by other means. If WU/MU/WSUS was used to prepare an image, then the installation of those tools needs to be 'undone' in order to ensure the image is pristine.
We have added a script to our sysprep procedures to remove the registry settings and restart automatic updates, which seems to be working.
Excellent. That is exactly what should be done.Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
Tuesday, March 13, 2012 3:48 PM
Thank you so much for this!
Regards
Nabil Saez
Tuesday, January 24, 2017 4:13 PM
Thank you very much.
Also I fond the script below as well, I copied it in a batch file and run it as administrator on my clients. after few minutes all of them appear on the WSUS 2012 server.
REG Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
REG Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIdValidation /f
REG Add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUServer /t REG_SZ /d
http://SERVERNAME HERE:8530 /F
REG Add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUStatusServer /t REG_SZ /d http:// SERVERNAME HERE /F
gpupdate
net stop wuauserv /y
net stop BITS /y
rd C:\WINDOWS\SoftwareDistribution /s/Qdel"c:\windows\windowsupdate.log"
regsvr32 WUAPI.DLL /s
regsvr32 WUAUENG.DLL /s
regsvr32 WUAUENG1.DLL /s
regsvr32 ATL.DLL /s
regsvr32 WUCLTUI.DLL /s
regsvr32 WUPS.DLL /s
regsvr32 WUPS2.DLL /s
regsvr32 WUWEB.DLL /s
regsvr32 msxml3.dll /s
net start wuauserv /y
wuauclt.exe /DetectNow /ResetAuthorization /ReportNow /UpdateNow /ScanNow
Ref:
https://community.spiceworks.com/scripts/show/613-cloned-machines-not-reporting-into-wsus-server