spacemonkey879
Contributor
Contributor

Unable to update Vm's with WSUS

Jump to solution

Hi,Smiley Happy (first timer so please be gentle)

We have just deployed a small number of Vm's, which where built from the same template. When we try to deploy our WSUS updates, only one Vm appears and only for a few seconds at a time then randomly changing to another Vm. Which is not allowing us to push the updates out.

I understand that the problem it pointing at the template build but is there anything else that we might of missed?

Cheers

:smileygrin:

Tags (1)
1 Solution

Accepted Solutions
WaffleSniffer
Enthusiast
Enthusiast

Hi

I had this problem a while back, and it wasn't the SID of the OS but the WSUS client ID.  This can be regenerated on each client by doing the following:

a. Run regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
b. Delete the PingID, SUSClientID and the AccountDomainSID values
c. Stop and start the Wuauserv Service
d. From the command prompt run: wuauclt /resetauthorization /detectnow

Once this is done, the clients should start appearing in the WSUS console  😃

Hope this helps


Adam

View solution in original post

12 Replies
mittim12
Immortal
Immortal

I haven't used WSUS in years so just taking a stab in dark.   Is there some type of unique identifier on the VM that is used by WSUS?    We have used something similar in Symantec where we clear out one of the hardware IDS before creating the golden image.   This way when the image is deployed it creates a unique hardware ID for every VM.    

Meph1234
Enthusiast
Enthusiast

Hi

Basically what Mattim says.

WSUS uses some SID in the system to identify the machine. To make them all turn up individually in WSUS it would be best to run sysprep on them. I dont know if there is an easier way to do it (probably) but you need the system SID's regenerated.

While this will affect reporting now, updates will still work. WSUS will see machine 2 as machine 1, but it will realise the patches are missing (even though it sent them out to the machine before) and will supply the patches to Machine 2.

VCA4-DT
0 Kudos
spacemonkey879
Contributor
Contributor

Many thanks for your resoponsors.

When we created the gold template, we made sure that sysprep (to what we belived) was installed to the correct postion. So when a new vm booted up, it would get a SID.  (Oh well back to the drawing board.) I suppose there is no other way of making sysprep install individually on each Vm apart from creating a new Gold template and build a new pool of Vm's?

0 Kudos
mittim12
Immortal
Immortal

If your using linked clones you can utilize Sysprep when deploying the machines but that must be set at pool creation.  If your using full clients you can specify a customization specification that would sysprep each machine as it was built. 

0 Kudos
WaffleSniffer
Enthusiast
Enthusiast

Hi

I had this problem a while back, and it wasn't the SID of the OS but the WSUS client ID.  This can be regenerated on each client by doing the following:

a. Run regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
b. Delete the PingID, SUSClientID and the AccountDomainSID values
c. Stop and start the Wuauserv Service
d. From the command prompt run: wuauclt /resetauthorization /detectnow

Once this is done, the clients should start appearing in the WSUS console  😃

Hope this helps


Adam

mittim12
Immortal
Immortal

Great info Adam.  Can this be done before creating a master image so that it happens automatically upon deployment.  

0 Kudos
WaffleSniffer
Enthusiast
Enthusiast

Hi

Good point, i hadn't really thought of that, I was lazy and just ran it from a batch file... 😃

I guess you could delete the registry entries without restarting the automatic update service as a last step before converting the VM to a template, however if you ocassionally boot up your template to keep it up to date (as i do...)  then I'd imagine that the client id would get generated then and you'd be back where you sterted!...  I just run a batch file to clear it as part of the inital setup after cloning

Hope this helps  😃

Adam

Meph1234
Enthusiast
Enthusiast

Hi Adam,

As the WSUS admin for our company (and apparently not a good one) thats extremely useful to know, i will write that down, thankyou.

Spacemonkey,

Is this a floating pool, or a pool you will recompose often, or are they full clones? In most setups you would run windows update on the gold image and then disable it before you snapshot and recompose. Then after windows updates you would fire up the gold image, install the patches and then snapshot recompose again.

Cheers

Phil

VCA4-DT
0 Kudos
spacemonkey879
Contributor
Contributor

Good Morning,

Thanks again for your input, personally am learning some good gen.

At the moment we have dedicated pools due to the company size. This is our first larger scale deployment of VM's, so I am expecting some teething problems. With regards to this issue we are waiting for the WSUS dude, who is making sure that they have set up the correct protocol for the updates, plus the group pol's are correct!

Regards

Chris

0 Kudos
spacemonkey879
Contributor
Contributor

Hi,

Thank you Adam for your post as it rectafied the fault. We also had issues with the GP's that didnt help with the

issue.

Just to note that on our VM's that are in production, it can take upto 24hrs for the WSUS to reconise them.

Thanks again to everyone that posted

chris

0 Kudos
vmckenney
Contributor
Contributor

This worked great. Thanks for the post! (..You're much easier to communicate with than Lawrence Garvin..)

Vince

0 Kudos
GanesanG
Contributor
Contributor

Thanks much for posting!!! It is very helpful for me to fix current environment issues.

Thanks,

Ganesan G

0 Kudos