1 person found this helpful
I haven't used WSUS in years so just taking a stab in dark. Is there some type of unique identifier on the VM that is used by WSUS? We have used something similar in Symantec where we clear out one of the hardware IDS before creating the golden image. This way when the image is deployed it creates a unique hardware ID for every VM.
Basically what Mattim says.
WSUS uses some SID in the system to identify the machine. To make them all turn up individually in WSUS it would be best to run sysprep on them. I dont know if there is an easier way to do it (probably) but you need the system SID's regenerated.
While this will affect reporting now, updates will still work. WSUS will see machine 2 as machine 1, but it will realise the patches are missing (even though it sent them out to the machine before) and will supply the patches to Machine 2.
Many thanks for your resoponsors.
When we created the gold template, we made sure that sysprep (to what we belived) was installed to the correct postion. So when a new vm booted up, it would get a SID. (Oh well back to the drawing board.) I suppose there is no other way of making sysprep install individually on each Vm apart from creating a new Gold template and build a new pool of Vm's?
If your using linked clones you can utilize Sysprep when deploying the machines but that must be set at pool creation. If your using full clients you can specify a customization specification that would sysprep each machine as it was built.
2 people found this helpful
I had this problem a while back, and it wasn't the SID of the OS but the WSUS client ID. This can be regenerated on each client by doing the following:
a. Run regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
b. Delete the PingID, SUSClientID and the AccountDomainSID values
c. Stop and start the Wuauserv Service
d. From the command prompt run: wuauclt /resetauthorization /detectnow
Once this is done, the clients should start appearing in the WSUS console =)
Hope this helps
Great info Adam. Can this be done before creating a master image so that it happens automatically upon deployment.
1 person found this helpful
Good point, i hadn't really thought of that, I was lazy and just ran it from a batch file... =)
I guess you could delete the registry entries without restarting the automatic update service as a last step before converting the VM to a template, however if you ocassionally boot up your template to keep it up to date (as i do...) then I'd imagine that the client id would get generated then and you'd be back where you sterted!... I just run a batch file to clear it as part of the inital setup after cloning
Hope this helps =)
As the WSUS admin for our company (and apparently not a good one) thats extremely useful to know, i will write that down, thankyou.
Is this a floating pool, or a pool you will recompose often, or are they full clones? In most setups you would run windows update on the gold image and then disable it before you snapshot and recompose. Then after windows updates you would fire up the gold image, install the patches and then snapshot recompose again.
Thanks again for your input, personally am learning some good gen.
At the moment we have dedicated pools due to the company size. This is our first larger scale deployment of VM's, so I am expecting some teething problems. With regards to this issue we are waiting for the WSUS dude, who is making sure that they have set up the correct protocol for the updates, plus the group pol's are correct!
Thank you Adam for your post as it rectafied the fault. We also had issues with the GP's that didnt help with the
Just to note that on our VM's that are in production, it can take upto 24hrs for the WSUS to reconise them.
Thanks again to everyone that posted
This worked great. Thanks for the post! (..You're much easier to communicate with than Lawrence Garvin..)
Thanks much for posting!!! It is very helpful for me to fix current environment issues.