WSUS clients can't find updates

1

I've installed WSUS on a Windows server 2012 R2 and configured the workstations and clients via Group Policy to install updates automatically from WSUS. The servers are detected by WSUS and report to the WSUS server. In the WSUS server I can see that the server is missing 53 updates. I approved those updates yesterday for the Computer Group containing the server. But if I'm searching for updates on the server it doesn't find any updates. What I've checked so far:

  • server is detected by the WSUS server
  • server is contacting and reporting to the WSUS server
  • Updates needed are approved for the computer group containing the server(Name of the Computer Group: "Prod_01")
  • GPO is applied correctly
  • Tried multiple times these commands without any impact: wuauclt /resetauthorization /detectnow /reportnow

If I look into windowsupdate.log I can see the following:

2015-01-06  08:34:36:715      12    1508    Setup   Checking for agent SelfUpdate
2015-01-06  08:34:36:808      12    1508    Setup   Client version: Core: 7.6.7600.320  Aux: 7.6.7600.320
2015-01-06  08:34:36:824      12    1508    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2015-01-06  08:34:36:840      12    1508    Misc     Microsoft signed: NA
2015-01-06  08:34:36:840      12    1508    Misc    WARNING: Cab does not contain correct inner CAB file.
2015-01-06  08:34:36:840      12    1508    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2015-01-06  08:34:36:855      12    1508    Misc     Microsoft signed: NA
2015-01-06  08:34:36:855      12    1508    Setup   Wuident for the managed service is valid but not quorum-signed. Skipping selfupdate.
2015-01-06  08:34:36:855      12    1508    Setup   Skipping SelfUpdate check based on the /SKIP directive in wuident
2015-01-06  08:34:36:855      12    1508    Setup   SelfUpdate check completed.  SelfUpdate is NOT required.
2015-01-06  08:34:38:462      12    1508    PT  +++++++++++  PT: Synchronizing server updates  +++++++++++
2015-01-06  08:34:38:462      12    1508    PT    + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.schule.local:8530/ClientWebService/client.asmx
2015-01-06  08:34:38:571      12    1508    PT  WARNING: Cached cookie has expired or new PID is available
2015-01-06  08:34:38:571      12    1508    PT  Initializing simple targeting cookie, clientId = 0c4aed4f-6c60-46a0-b29b-f2080ea315c1, target group = , DNS name = wsus-server
2015-01-06  08:34:38:571      12    1508    PT    Server URL = http://wsus.schule.local:8530/SimpleAuthWebService/SimpleAuth.asmx
2015-01-06  08:34:53:844      12    1508    Agent     * Found 0 updates and 76 categories in search; evaluated appl. rules of 699 out of 1392 deployed entities
2015-01-06  08:34:53:844      12    1508    Agent   *********
2015-01-06  08:34:53:844      12    1508    Agent   **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2015-01-06  08:34:53:844      12    1508    Agent   *************
2015-01-06  08:34:53:859      12    16b4    AU  >>##  RESUMED  ## AU: Search for updates [CallId = {95840C02-E405-419D-9DA4-260BC14AA845}]
2015-01-06  08:34:53:859      12    16b4    AU    # 0 updates detected
2015-01-06  08:34:53:875      12    16b4    AU  #########
2015-01-06  08:34:53:875      12    16b4    AU  ##  END  ##  AU: Search for updates [CallId = {95840C02-E405-419D-9DA4-260BC14AA845}]
2015-01-06  08:34:53:875      12    16b4    AU  #############
2015-01-06  08:34:53:875      12    16b4    AU  Successfully wrote event for AU health state:0
2015-01-06  08:34:53:875      12    16b4    AU  Featured notifications is disabled.
2015-01-06  08:34:53:875      12    16b4    AU  AU setting next detection timeout to 2015-01-06 10:20:45
2015-01-06  08:34:53:875      12    16b4    AU  Setting AU scheduled install time to 2015-01-11 01:00:00
2015-01-06  08:34:53:875      12    16b4    AU  Successfully wrote event for AU health state:0
2015-01-06  08:34:53:875      12    16b4    AU  Successfully wrote event for AU health state:0
2015-01-06  08:34:58:851      12    1508    Report  REPORT EVENT: {73BBAB28-58E9-45AC-B910-731F8958C456}    2015-01-06 08:34:53:844+0100    1   147 101 {00000000-0000-0000-0000-000000000000}  0   0   AutomaticUpdates    Success Software Synchronization    Windows Update Client successfully detected 0 updates.

At Line 12 I can see that the client is connecting to the correct WSUS server, but at line 14 the "target group" is empty and should be "Prod_01". So can anybody explain me what I'm doing wrong or why the Target Group doesn't get updated for at least 24 Hours now ?

windows-server-2012
windows
wsus
windows-update
asked on Server Fault Jan 6, 2015 by SaintCore

3 Answers

1

As I see a cookie warning, please follow the step there to resync; http://support.microsoft.com/kb/903262 (cloned machine ?)

Quoted from the KB;

Click Start, click Run, type cmd in the Open box, and then click OK.
At the command prompt, type net stop wuauserv, and then press ENTER.
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
In the details pane of Registry Editor, delete the following registry entries:
    PingID
    AccountDomainSid
    SusClientId
    SusClientIDValidation
Note Windows Update Agent 3.0 adds the SusClientIDValidation value. This value was released in May 2007. The other registry entries

exist in both Windows Update Agent 2.0 and in Windows Update Agent 3.0. Exit Registry Editor. At the command prompt, type net start wuauserv, and then press ENTER. At the command prompt, type wuauclt.exe /resetauthorization /detectnow, and then press ENTER. Wait 10 minutes for a detection cycle to finish. Start the WSUS console to make sure that the clients appear in the WSUS console.

answered on Server Fault Jan 6, 2015 by yagmoth555
1

After another day I was able to "resolve" the problem, but to be honest there wasn't a real problem. The WSUS server was just still downloading the updates and if they aren't already downloaded, the clients won't recognize the Updates. Everything is working fine now.

Anyway thanks for your contribution.

answered on Server Fault Jan 8, 2015 by SaintCore
0

In my experience, it takes a while for WSUS clients to detect changes, but it should have detected them within 25 hours, IMHO.

You could try:

  1. Turn off the WSUS Client service
  2. Rename the SoftwareDistribution folder something like SoftwareDistribution-back
  3. Turn the WSUS Client service back on
  4. Run wuauclt /resetauthorization /detectnow

That should convince the server to download its configuration again, which should hopefully make the server detect updates.

answered on Server Fault Jan 6, 2015 by Katherine Villyard

User contributions licensed under CC BY-SA 3.0