WSUS: Force Registration of Clients That Are Not Showing Up

Filed under: Quick Code — Written by Chrissy on Wednesday, December 13th, 2006 @ 9:18 am

I setup a WSUS server in a test lab and the results of client machines registering themselves with the WSUS server were flaky; especially if they weren't on the same domain as the WSUS server. One of my cloned machines was having trouble until I changed the SID with NewSID from Microsoft. The others didn't appear to have any duplicate SID problems but having them appear in the WSUS administration webpage was still a challenge.

Looking around the web, I found a variety of suggestions to fix the problem; most of them involved changing the registry. Here's a compiled list of those changes:

net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUState /f
net start wuauserv

That looked very promising, but it didn't solve my problem. I was so frustrated until I found this command: wuauclt /resetauthorization /detectnow. Running that on the clients that failed to show up in WSUS worked every single time and it even worked on computers that weren't on the same domain as the WSUS server. Awesome.

5 Comments   -
  • Comment by Tim | January 2, 2007 @ 2:29 pm

    I have an issue similar to this however all of my client computers are in the same domain. I've got approximately 15 boxes that are not showing up on the Admin page for WSUS however when you go into the local logs for each client you can see that they are obtaining updates and applying them on a regular basis.

    It dawned on me after reading your post that these machines all may have some sort of corrupt/duplicate SID as they were all imaged from a program that we have since stopped using due to so many HAL issues.

    Regardless of our "issues" with the imaging software, it has bothered me for over a month that some clients have not shown up yet on our WSUS. It looks like the NewSID may fix this and I just wanted to say thanks for pointing out this little program available from Microsoft.

    I'll post again if this fixes our issue.

    Cheers

    Tim

  • Comment by Chrissy | January 2, 2007 @ 2:51 pm

    Looking forward to your response, Tim!

  • Comment by Tim | January 5, 2007 @ 11:04 am

    Cajun,

    Well newSID worked like a charm. The boxes I've been able to run the program on have all shown up on our admin page now.

    Again thanks for posting about this fine little program, if I hadn't stumbled across your blog I'd probably still be scratching my head over the problem.

    Plus now I can make recommendations in the future to my colleagues about what to do if we run across this again.

  • Comment by Mike | October 1, 2007 @ 1:37 am

    This web site has the answer for fixing your susclientid. The problem may be your susclientid from using the same image.

  • Comment by Mike | October 1, 2007 @ 1:37 am

    http://rialtus.livejournal.com/161268.html

RSS feed for comments on this post. TrackBack URL

Leave your comment