12 Replies Latest reply on Apr 3, 2019 3:33 AM by GanesanG

    Unable to update Vm's with WSUS

    spacemonkey879 Novice

      Hi, (first timer so please be gentle)

       

      We have just deployed a small number of Vm's, which where built from the same template. When we try to deploy our WSUS updates, only one Vm appears and only for a few seconds at a time then randomly changing to another Vm. Which is not allowing us to push the updates out.

      I understand that the problem it pointing at the template build but is there anything else that we might of missed?

       

       

      Cheers

       

       

        • 1. Re: Unable to update Vm's with WSUS
          mittim12 Guru
          User Moderators

          I haven't used WSUS in years so just taking a stab in dark.   Is there some type of unique identifier on the VM that is used by WSUS?    We have used something similar in Symantec where we clear out one of the hardware IDS before creating the golden image.   This way when the image is deployed it creates a unique hardware ID for every VM.    

          1 person found this helpful
          • 2. Re: Unable to update Vm's with WSUS
            Meph1234 Enthusiast

            Hi

             

            Basically what Mattim says.

             

            WSUS uses some SID in the system to identify the machine. To make them all turn up individually in WSUS it would be best to run sysprep on them. I dont know if there is an easier way to do it (probably) but you need the system SID's regenerated.

             

            While this will affect reporting now, updates will still work. WSUS will see machine 2 as machine 1, but it will realise the patches are missing (even though it sent them out to the machine before) and will supply the patches to Machine 2.

            • 3. Re: Unable to update Vm's with WSUS
              spacemonkey879 Novice

              Many thanks for your resoponsors.

               

               

              When we created the gold template, we made sure that sysprep (to what we belived) was installed to the correct postion. So when a new vm booted up, it would get a SID.  (Oh well back to the drawing board.) I suppose there is no other way of making sysprep install individually on each Vm apart from creating a new Gold template and build a new pool of Vm's?

              • 4. Re: Unable to update Vm's with WSUS
                mittim12 Guru
                User Moderators

                If your using linked clones you can utilize Sysprep when deploying the machines but that must be set at pool creation.  If your using full clients you can specify a customization specification that would sysprep each machine as it was built. 

                • 5. Re: Unable to update Vm's with WSUS
                  WaffleSniffer Hot Shot

                  Hi

                   

                  I had this problem a while back, and it wasn't the SID of the OS but the WSUS client ID.  This can be regenerated on each client by doing the following:

                   

                  a. Run regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
                  b. Delete the PingID, SUSClientID and the AccountDomainSID values
                  c. Stop and start the Wuauserv Service
                  d. From the command prompt run: wuauclt /resetauthorization /detectnow

                   

                  Once this is done, the clients should start appearing in the WSUS console  =)

                   

                  Hope this helps


                  Adam

                  2 people found this helpful
                  • 6. Re: Unable to update Vm's with WSUS
                    mittim12 Guru
                    User Moderators

                    Great info Adam.  Can this be done before creating a master image so that it happens automatically upon deployment.  

                    • 7. Re: Unable to update Vm's with WSUS
                      WaffleSniffer Hot Shot

                      Hi

                       

                      Good point, i hadn't really thought of that, I was lazy and just ran it from a batch file... =)

                       

                      I guess you could delete the registry entries without restarting the automatic update service as a last step before converting the VM to a template, however if you ocassionally boot up your template to keep it up to date (as i do...)  then I'd imagine that the client id would get generated then and you'd be back where you sterted!...  I just run a batch file to clear it as part of the inital setup after cloning

                       

                      Hope this helps  =)

                       

                      Adam

                      1 person found this helpful
                      • 8. Re: Unable to update Vm's with WSUS
                        Meph1234 Enthusiast

                        Hi Adam,

                         

                        As the WSUS admin for our company (and apparently not a good one) thats extremely useful to know, i will write that down, thankyou.

                         

                        Spacemonkey,

                         

                        Is this a floating pool, or a pool you will recompose often, or are they full clones? In most setups you would run windows update on the gold image and then disable it before you snapshot and recompose. Then after windows updates you would fire up the gold image, install the patches and then snapshot recompose again.

                         

                        Cheers

                        Phil

                        • 9. Re: Unable to update Vm's with WSUS
                          spacemonkey879 Novice

                          Good Morning,

                           

                          Thanks again for your input, personally am learning some good gen.

                           

                          At the moment we have dedicated pools due to the company size. This is our first larger scale deployment of VM's, so I am expecting some teething problems. With regards to this issue we are waiting for the WSUS dude, who is making sure that they have set up the correct protocol for the updates, plus the group pol's are correct!

                           

                          Regards

                           

                          Chris

                          • 10. Re: Unable to update Vm's with WSUS
                            spacemonkey879 Novice

                            Hi,

                             

                            Thank you Adam for your post as it rectafied the fault. We also had issues with the GP's that didnt help with the

                            issue.

                             

                            Just to note that on our VM's that are in production, it can take upto 24hrs for the WSUS to reconise them.

                             

                            Thanks again to everyone that posted

                             

                            chris

                            • 11. Re: Unable to update Vm's with WSUS
                              vmckenney Lurker

                              This worked great. Thanks for the post! (..You're much easier to communicate with than Lawrence Garvin..)

                               

                              Vince

                              • 12. Re: Unable to update Vm's with WSUS
                                GanesanG Lurker

                                Thanks much for posting!!! It is very helpful for me to fix current environment issues.

                                 

                                Thanks,

                                Ganesan G