Are you facing issues in your network with clients not showing up in your WSUS server console? This post provides you with a step by step guide on how to troubleshoot the issue.
Troubleshooting
Step 1. Assuming that you are using Group Policies to apply the WSUS settings to your clients, and it has been correctly applied to the computer.
Running the following command will show you if your GPO is in place.
Open the prompt as administrator and run the command: gpresult /r.
In the picture above, we can see that the computer has the WSUS GPO correctly applied to it, so this is not the issue, and you can move ahead to Step 2. In this instance, our GPO is named GPO_WSUS_DR
If your GPO did not appear in the output, make sure the computer is inside of the correct OU where the group policy is applied, to ensure that the GPO reaches the computer object.
Step 2. Once confirmed that the GPO is correctly applied to your client, check which WSUS settings the client is receiving. In this step, you want to make sure that there is no other GPO in your environment incorrectly applying the same settings and so, superseding the correct GPO settings.
To do that, open the command prompt as administrator and type: reg query HKLMSOFTWAREPoliciesMicrosoftWindowsWindowsUpdate
Make sure the output shows the correct information for your environment.
If you confirm that the output is correctly showing the settings you have configured in your GPO, you can move ahead to Step 3.
If the settings shown are not those you have configured, go back to your GPO management, and make sure there is no other policy applying the same settings. A recommended way is to find out which GPO applies the settings to your client is by running: rsop.msc
Step 3 – So far so good? Next, it’s time to test DNS resolution, to do that execute the following in a command prompt:
nslookup <your-wsus-servername>
If there are no issues with DNS resolution and you were able to resolve the WSUS hostname from your client, move ahead to Step 4.
Incorrect result? Confirm that your client has the correct IP addresses of your DNS servers set up in the NIC properties, if all are good on client-side, confirm if the WSUS server has an A record in your DNS zone, if not, it’s time to add it!!
Step 4 – Now it’s time to test if the communication is allowed from the client to the WSUS server. The default WSUS port used for the connection is 8530, so if you have any different port set in your environment, make sure to use the relevant port at this stage of troubleshooting.
To do that, download the tool called Port Query and open it from your client computer:
The tool is easy to use, just type your WSUS server hostname, or IP address, and the WSUS port, and click on Query, as shown above.
If you get an output of “LISTENING” as above, the traffic is allowed and you can move on to Step 5.
If you get an output of “FILTERED”, your firewall is blocking communication and you must open it to allow the traffic through.
Step 5 – Ok, so none of the above steps fixed your problem? Let’s have a look if the Windows Update service is started and correctly set up as Automatic on your client. To do so, run services.msc and check the status of the Windows Update service.
If all looks the same as above, you can move on to the next step. If the Windows Update service is not started, make sure to set it to Automatic, and start the service.
Step 6 – The last option would be to reset the registry SusClientID in your client computer. Often this type of issue can be a result of cloning a virtual machine without executing Sysprep on it, so you could have duplicate IDs in your network.
To do that, follow the steps shown in the picture below:
Wait two minutes and refresh the WSUS console, the computer client should be listed now.
Still not working?
Right, 95% of all times I have faced this issue, one of the above steps have worked for me.
If after going through all the steps, your client computer is still not showing up in the WSUS console, it may have a deeper issue in its OS. There may be a virus, or it is missing a service pack. You will need to treat this client using different methods to repair the OS.
Credits
Renan Rodrigues | LinkedIn
Tutorials