Daily Archives: June 21, 2012

Cloned Workstations Not showing in WSUS? Troublshooting WSUS

Did you clone some machines?

You may find that some of the machines that do not show up in Windows Server Update Services (WSUS) just happen to be machines that you cloned? Or a machine broke and you recreated it by cloning another machine?

Other Sympthoms You May Get which have the same fix.

  • Computers randomly disappearing – reappearing into the WSUS console.
  • Computer will receive updates, but not report into the server properly (if at all!).

Why does this happen?

Each computer on a network requires a SID (Security IDentifier), which uniquely describes that computer account to the rest of the Windows network resources – supposedly not as big of an issue with computers in a domain environment as it is with workgroups.  However, it is best to avoid this issue at all costs.

If you clone a PC the OS and such is copied to the new PC, and you change the windows product key, office ect.. The windows SID used by WSUS DOES NOT CHANGE WITH THE PRODUCT KEY CHANGE! :(

The PC you just cloned now has the same SID for WSUS as the original PC, so you can now see why you may be getting any of the afore mentioned sympthoms.

Do I have this Problem? :)

The Microsoft team have a tool called “PsGetSid” the link is below.

http://technet.microsoft.com/en-gb/sysinternals/bb897417.aspx

Run this on the machines you have an issue with and comfirm that you are running duplicate keys first.

It is a great tool to verify the issue.

Run it from CMD Prompt to see the result.

One or Two Machines Cloned?

Just delete the following keys in the registry and reboot the PC

  • HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAccountDomainSid
  • HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdatePingID
  • HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateSusClientId

Then run “PsGetSid” to confirm the SID has changed.

Lots of Machines Cloned?

To get round this you will need to run a script for each machine at logon, there is a guide here http://www.petri.co.il/setting-up-logon-script-through-gpo-windows-server-2008.htm on how to run logon scripts.

 

Once you know how to run a script at logon you will need to compile a script to perform the changes needed to the registry automatically at login by deleting the following keys

  •  HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAccountDomainSid
  • HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdatePingID
  • HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateSusClientId

Using a script when the PC is at Logon means that you will also need to stop services, then delete the keys then start the services again.

Therefore, the script will need to be a little more complex than just a bunch of REG DELETE commands.

I first did a lot of reading up on the issue on various “quality websites” (not everything on the web is useful! or true!)

In the end I used a modified login script per below which I copied into a .txt file and then changed the .txt suffix to .bat which was subsequently ran at logon.

Any way you run the below script at you own risk, no warranty is given or implied for the below script in any way or form!

Please read this script and get an understanding of each stage of the process that the bat file goes through and you will see how it works and so you can even write your own solution, my BAT file was called “FixMy_WSUS.bat”

 

REM ** Start FixMy_WSUS.bat script  Echo This little bat file will stop services, delete the required REG keys, re-register the windows update components, restart the required services. Then initiate windows update detetction cycle.

@echo on

echo stopping Windows Update cpmponents and deleting logs..

net stop wuauserv /y

net stop bits /y

rmdir c:windowsSoftwareDistribution /S /Q

del C:WindowsWindowsUpdate.log /S /Q

echo deleting the registry keys..

REG DELETE “HKLMSoftwareMicrosoftWindowsCurrentVersionWindowsUpdate” /v AccountDomainSid /f

REG DELETE “HKLMSoftwareMicrosoftWindowsCurrentVersionWindowsUpdate” /v PingID /f

REG Delete “HKLMSoftwareMicrosoftWindowsCurrentVersionWindowsUpdate” /v SusClientId /f

REG Delete “HKLMSoftwareMicrosoftWindowsCurrentVersionWindowsUpdate” /v SusClientValidation /f

REG DELETE “HKLMSoftwareMicrosoftWindowsCurrentVersionWindowsUpdateAuto Update” /v LastWaitTimeout /f

REG DELETE “HKLMSoftwareMicrosoftWindowsCurrentVersionWindowsUpdateAuto Update” /v DetectionstartTime /f

REG Delete “HKLMSoftwareMicrosoftWindowsCurrentVersionWindowsUpdateAuto Update” /v NextDetectionTime /f

 

echo re-resistering Windows Update cpmponents..

regsvr32.exe c:windowssystem32wuapi.dll /s

regsvr32.exe c:windowssystem32wups.dll /s

regsvr32.exe c:windowssystem32wuaueng.dll /s

regsvr32.exe c:windowssystem32wucltui.dll /s

regsvr32.exe c:windowssystem32msxml3.dll /s

regsvr32.exe c:windowssystem32wuaueng1.dll /s

regsvr32.exe c:windowssystem32wups2.dll /s

regsvr32.exe c:windowssystem32wuweb.dll /s

 

net start wuauserv /y

net start bits /y

 

echo Initiating Windows Updates detection cycle…

wuauclt.exe /resetauthorization

wuauclt.exe /detectnow

wuauclt.exe /reportnow

@echo off

REM **End FixMy_WSUS.bat script