WSUS Clients Not Registering with Server



  • I've got a Server 2012 R2 server that acts as my secondary DC and a WSUS server. I have the GPO setup with the intranet pointing to that server. However, when I got to the WSUS console, there are no machines listed. Am I missing something? Do I need to force the clients to register with WSUS somehow? Every machine has "Managed by system administrator" set under Windows Update...

    Thanks,
    A.J.



  • @ajstringham said:

    I've got a Server 2012 R2 server that acts as my secondary DC and a WSUS server. I have the GPO setup with the intranet pointing to that server. However, when I got to the WSUS console, there are no machines listed. Am I missing something? Do I need to force the clients to register with WSUS somehow? Every machine has "Managed by system administrator" set under Windows Update...

    Thanks,
    A.J.

    Are you using target groups? Can you take a pic of the GPO?



  • Here is how my GPOs are setup. I have about 20 different target groups. Each has its own GPO
    2014-09-16_15-17-42.png



  • Let me grab a screenshot and I'll get back to you. Having issues accessing the console right now.



  • @ajstringham said:

    Let me grab a screenshot and I'll get back to you. Having issues accessing the console right now.

    If you are using Windows 8.1, you can access it directly from Server Manager on your PC



  • @IRJ said:

    @ajstringham said:

    Let me grab a screenshot and I'll get back to you. Having issues accessing the console right now.

    If you are using Windows 8.1, you can access it directly from Server Manager on your PC

    It's on a whole different network. It's a lab network, with a bunch of unique networks.



  • @IRJ said:

    @ajstringham said:

    Let me grab a screenshot and I'll get back to you. Having issues accessing the console right now.

    If you are using Windows 8.1, you can access it directly from Server Manager on your PC

    I am on 8.1 though.



  • If you are using client-site targeting, which it looks like you are doing, you need to do two things:
    (1) Attach this GP to the computer OU you wish the policy to apply
    (2) Manually create that group name on the WSUS server called EW.

    Obviously, you need the physical computers to be part of that OU. If you don't have the EW group setup in WSUS, PCs will never show up in WSUS because by default, only the standard-named ones.



  • @DenisKelley and @IRJ , thanks. I will try these. I uninstalled IE11 on 8.1 because I thought I could go to IE10. Turns out, IE10 is not natively possible on Windows 8.1. I'm having compatibility issues in IE11. I haven't tried compatibility mode yet. Hadn't thought of that for some reason. Gotta reboot on this slow machine, and then I'll try again.



  • @ajstringham

    I realize that you are using new software, but I've always jumped to using WSUS 3.0 Step-by-step guide. It is very good on explanations and how to setup each section properly.



  • Here is my GPO.
    Imgur
    I didn't have client-side targeting turned on or setup. It was still in the default "Not configured". I added a group to WSUS called "Computers" and set that as the group to add it to. I logged out and back in on the key machines but it hasn't registered in WSUS yet. I'll give it 24 hours to see if it registers tonight. Not sure if I'm missing something else. I'm new to WSUS, never setup it up before. Thanks for all the help!



  • @ajstringham
    Read the guide. It is pretty short. You can force it, but once you change a GP or assign it to a User or Group, you'll need to refresh Group Policy unless you wish to wait.



  • @DenisKelley said:

    @ajstringham
    Read the guide. It is pretty short. You can force it, but once you change a GP or assign it to a User or Group, you'll need to refresh Group Policy unless you wish to wait.

    I ran a gpupdate /force on the key machines. Am I missing something?



  • @ajstringham said:

    Here is my GPO.
    Imgur
    I didn't have client-side targeting turned on or setup. It was still in the default "Not configured". I added a group to WSUS called "Computers" and set that as the group to add it to. I logged out and back in on the key machines but it hasn't registered in WSUS yet. I'll give it 24 hours to see if it registers tonight. Not sure if I'm missing something else. I'm new to WSUS, never setup it up before. Thanks for all the help!

    You could always remove that policy and create a new policy and reboot.

    Also setting that up at the top level like that can be an issue. All your servers and DCs will be in the same Target group as client PCs. You probably dont want every update you apply to client PCs applied to your servers.



  • @ajstringham Why do you have so many unnecessary settings? There is no reason for users to receive update notifications since updates are automatically schedule to happen at 3am



  • also your intranet Microsoft Update Service Location is incorrect.

    Look at the example and look how mine is setup with http:// (nevermind mine is blacked out)



  • @IRJ said:

    @ajstringham said:

    Here is my GPO.
    Imgur
    I didn't have client-side targeting turned on or setup. It was still in the default "Not configured". I added a group to WSUS called "Computers" and set that as the group to add it to. I logged out and back in on the key machines but it hasn't registered in WSUS yet. I'll give it 24 hours to see if it registers tonight. Not sure if I'm missing something else. I'm new to WSUS, never setup it up before. Thanks for all the help!

    You could always remove that policy and create a new policy and reboot.

    Also setting that up at the top level like that can be an issue. All your servers and DCs will be in the same Target group as client PCs. You probably dont want every update you apply to client PCs applied to your servers.

    For the sake of the lab, I want all updates going to all endpoints. I know in a prod environment it would be different.



  • @IRJ said:

    @ajstringham Why do you have so many unnecessary settings? There is no reason for users to receive update notifications since updates are automatically schedule to happen at 3am

    I was just playing with the available settings. I had other documentation I was following.



  • @IRJ said:

    also your intranet Microsoft Update Service Location is incorrect.

    Look at the example and look how mine is setup with http:// (nevermind mine is blacked out)

    Didn't realize I needed the http:// I went ahead and added that.



  • There are some troubleshooting tools you can run that will help you narrow the problem down:

    http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx

    Grab the client diagnostics tool and the server diagnostics tool.



  • You should check out the following regarding GPO settings:
    http://community.spiceworks.com/how_to/show/1390-wsus-gpo-settings-for-the-real-world

    With regards to why your computers aren't checking in...well, I have a how-to for that as well!
    http://community.spiceworks.com/how_to/show/91430-wsus-computers-are-not-showing-up-in-the-console-what-s-wrong



  • @Rob-Dunn said:

    You should check out the following regarding GPO settings:
    http://community.spiceworks.com/how_to/show/1390-wsus-gpo-settings-for-the-real-world

    With regards to why your computers aren't checking in...well, I have a how-to for that as well!
    http://community.spiceworks.com/how_to/show/91430-wsus-computers-are-not-showing-up-in-the-console-what-s-wrong

    Thanks Rob. I'll check those out tomorrow!