We have over 5000 Windows guests and are fully supported by Microsoft.

I think the issue more surrounds WSUS, rather than the OS itself. Plus the statement below says to me that if your properly sysprep you guests you shouldn't run into this problem

Therefore, this problem affects only virtual machines that run pre-Windows Vista operating systems, or that were not created by using Sysprep.

yes the issue is about WSUS, am I correct that if guest is for WSUS we shouldn't be use clone method? most guest are wk3 not vista

yes, a clone is an exactly copy and therefore your problem. If you are going to clone, ensure the clone is syspreped.

My advise would be to create a "gold image" and then convert it as a template and deploy off that. Setup a customization spec and save it, therefore you are assured if all your syprep files are in the proper location on your vCenter Host, that your guest will be properly deployed and syspreped.

WSUS will not recognize a computer with the same SID as an existing computer in its inventory. That happened to me with a clone I forgot to Sysprep (since Sysprep generates a new SID). Properly sysprepped clones do show up in WSUS for me. You can download a newsid utility (from sysinternals I believe) to generate a new SID after the fact on non-sysprepped clones.

yes, all my clones are syspreped, accroding from MS, when you install a fresh OS, there is an WSUS's client installed as well, so even a proper syspreped there still be an issue with WSUS later, when call microsoft for WSUS relate issue, first thing they ask was, "are you clone the Vm?, using sysprep or newsid?" if those answer are true then they not support. (accroding from my college who seeked support from microsoft for WSUS problem)

i'm tapping out then.

If the guest is properly syspreped there will be no duplicate SIDs, so I would say it's a OS issue, not a VMware issue.

During custumizing we run the following script to get rid of some WSUS related problems with our clones.

-

@echo off

REM ==========================================

REM Delete WSUS identification keys

REM Author: Joerg Behrens <behrens@takenet.de>

REM Date: 11.05.2008

REM Notes:#

REM PingID and AccountDomainSid Keys doesnt

REM exists on every machine

REM Changed:

REM ==========================================

echo "Try to stop Automatic Update Services...."

net stop wuauserv

echo "Deleting the Registy Keys ...."

for %%s in (SusClientId,PingID,AccountDomainSid,SusClientIDValidation) do (

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v %%s /f

)

echo "Start Automatic Update Services and register the client again"

net start wuauserv

wuauclt.exe /resetauthorization /detectnow

-

Regards

Joerg

'Remember if you found this or others answers helpful do not forget to award points by marking an answer as helpful or correct'

thank for the example script, I also been advised to do thescript below as well:-

net stop wuauserv

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f

net start wuauserv

wuauclt /resetauthorization /detectnow

Just discovered this issue as we begin to use WSUS.

Microsoft says when a -reseal operation is done it should take care of this. I have not tested that specifically, but whatever operational method VirtualCenter is issuing to do the guest customization it does NOT include removing the WSUS Client IDs.