WSUS - This computer has not yet contacted

Soldato
Joined
18 May 2010
Posts
22,301
Location
London
Wonder if someone with more experience can cast their eye on the following error log.

Recently reinstalled the WSUS as it was broke and non functional.

It's up and running now. And the clients are indeed checking in.

However the majority of them show up with the ! symbol and the message "This computer has not yet contacted".

I've patched the WSUS with this update which I found through a Google search on this issue.

However I dont think it has solved the problem.

When I run: wuauclt /detectnow form a client machine and then view the C:\Windows\WindowsUpdate.log I get the following messages:


2016-06-02 12:18:05:521 296 146c AU AU received policy change subscription event
2016-06-02 12:19:02:796 296 106c AU Triggering AU detection through DetectNow API
2016-06-02 12:19:02:796 296 106c AU Triggering Online detection (non-interactive)
2016-06-02 12:19:02:796 296 146c AU #############
2016-06-02 12:19:02:796 296 146c AU ## START ## AU: Search for updates
2016-06-02 12:19:02:796 296 146c AU #########
2016-06-02 12:19:02:811 296 146c AU <<## SUBMITTED ## AU: Search for updates [CallId = {4FCB0B73-CCD8-4144-8103-809DD91D29B3}]
2016-06-02 12:19:02:811 296 be0 Agent *************
2016-06-02 12:19:02:811 296 be0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2016-06-02 12:19:02:811 296 be0 Agent *********
2016-06-02 12:19:02:811 296 be0 Agent * Online = Yes; Ignore download priority = No
2016-06-02 12:19:02:811 296 be0 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2016-06-02 12:19:02:811 296 be0 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2016-06-02 12:19:02:811 296 be0 Agent * Search Scope = {Machine}
2016-06-02 12:19:02:982 296 be0 Setup Checking for agent SelfUpdate
2016-06-02 12:19:02:982 296 be0 Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
2016-06-02 12:19:10:235 296 be0 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2016-06-02 12:19:10:250 296 be0 Misc Microsoft signed: Yes
2016-06-02 12:19:10:312 296 be0 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2016-06-02 12:19:10:343 296 be0 Misc Microsoft signed: Yes
2016-06-02 12:19:10:359 296 be0 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2016-06-02 12:19:10:359 296 be0 Misc Microsoft signed: Yes
2016-06-02 12:19:10:468 296 be0 Setup Determining whether a new setup handler needs to be downloaded
2016-06-02 12:19:10:468 296 be0 Setup SelfUpdate handler is not found. It will be downloaded
2016-06-02 12:19:10:468 296 be0 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2016-06-02 12:19:11:710 296 be0 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2016-06-02 12:19:11:710 296 be0 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2016-06-02 12:19:11:741 296 be0 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2016-06-02 12:19:11:741 296 be0 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2016-06-02 12:19:11:772 296 be0 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2016-06-02 12:19:11:772 296 be0 Setup SelfUpdate check completed. SelfUpdate is NOT required.
2016-06-02 12:19:13:838 296 be0 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2016-06-02 12:19:13:838 296 be0 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.office.companyname.com/ClientWebService/client.asmx
2016-06-02 12:19:14:102 296 be0 PT WARNING: Cached cookie has expired or new PID is available
2016-06-02 12:19:14:102 296 be0 PT Initializing simple targeting cookie, clientId = b5455598-5ed9-43bc-9865-f80a88194cfd, target group = Desktops, DNS name = wg-0007.office.companyname.com
2016-06-02 12:19:14:102 296 be0 PT Server URL = http://wsus.office.companyname.com/SimpleAuthWebService/SimpleAuth.asmx
2016-06-02 12:19:14:288 296 be0 PT WARNING: GetCookie failure, error = 0x8024400D, soap client error = 7, soap error code = 300, HTTP status code = 200
2016-06-02 12:19:14:288 296 be0 PT WARNING: SOAP Fault: 0x00012c
2016-06-02 12:19:14:288 296 be0 PT WARNING: faultstring:Fault occurred
2016-06-02 12:19:14:288 296 be0 PT WARNING: ErrorCode:ConfigChanged(2)
2016-06-02 12:19:14:288 296 be0 PT WARNING: Message:(null)
2016-06-02 12:19:14:288 296 be0 PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2016-06-02 12:19:14:288 296 be0 PT WARNING: ID:f8f080a8-1324-415c-b18a-6b5d22a19699
2016-06-02 12:19:14:319 296 be0 PT WARNING: Cached cookie has expired or new PID is available
2016-06-02 12:19:14:319 296 be0 PT Initializing simple targeting cookie, clientId = b5455598-5ed9-43bc-9865-f80a88194cfd, target group = Desktops, DNS name = wg-0007.office.companyname.com
2016-06-02 12:19:14:319 296 be0 PT Server URL = http://wsus.office.companyname.com/SimpleAuthWebService/SimpleAuth.asmx
2016-06-02 12:20:26:938 296 be0 PT WARNING: Exceeded max server round trips: 0x80244010
2016-06-02 12:20:26:938 296 be0 PT WARNING: Sync of Updates: 0x80244010
2016-06-02 12:20:26:938 296 be0 PT WARNING: SyncServerUpdatesInternal failed: 0x80244010
2016-06-02 12:20:26:938 296 be0 Agent * WARNING: Failed to synchronize, error = 0x80244010
2016-06-02 12:20:27:094 296 be0 Agent * WARNING: Exit code = 0x80244010
2016-06-02 12:20:27:094 296 be0 Agent *********
2016-06-02 12:20:27:094 296 be0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2016-06-02 12:20:27:094 296 be0 Agent *************
2016-06-02 12:20:27:094 296 be0 Agent WARNING: WU client failed Searching for update with error 0x80244010
2016-06-02 12:20:27:140 296 10c AU >>## RESUMED ## AU: Search for updates [CallId = {4FCB0B73-CCD8-4144-8103-809DD91D29B3}]
2016-06-02 12:20:27:140 296 10c AU # WARNING: Search callback failed, result = 0x80244010
2016-06-02 12:20:27:140 296 10c AU # WARNING: Failed to find updates with error code 80244010
2016-06-02 12:20:27:140 296 10c AU #########
2016-06-02 12:20:27:140 296 10c AU ## END ## AU: Search for updates [CallId = {4FCB0B73-CCD8-4144-8103-809DD91D29B3}]
2016-06-02 12:20:27:140 296 10c AU #############
2016-06-02 12:20:27:140 296 10c AU Successfully wrote event for AU health state:0
2016-06-02 12:20:27:140 296 10c AU AU setting next detection timeout to 2016-06-02 16:20:27
2016-06-02 12:20:27:140 296 10c AU Successfully wrote event for AU health state:0
2016-06-02 12:20:27:140 296 10c AU Successfully wrote event for AU health state:0
2016-06-02 12:20:32:079 296 be0 Report REPORT EVENT: {4EA6F424-A36F-41AC-AFD9-6127DF6EFD09} 2016-06-02 12:20:27:094+0100 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244010 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80244010.
2016-06-02 12:20:32:110 296 be0 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2016-06-02 12:20:32:110 296 be0 Report WER Report sent: 7.6.7600.256 0x80244010 00000000-0000-0000-0000-000000000000 Scan 101 Managed
2016-06-02 12:20:32:110 296 be0 Report CWERReporter finishing event handling. (00000000)
 
Last edited:
Associate
Joined
3 Oct 2007
Posts
795
Try running wuauclt /resetauthorization /detectnow on one of the clients.

As you've reinstalled WSUS I wonder if the clients need to properly reregister with the new install, that command should do it
 
Soldato
OP
Joined
18 May 2010
Posts
22,301
Location
London
Try running wuauclt /resetauthorization /detectnow on one of the clients.

As you've reinstalled WSUS I wonder if the clients need to properly reregister with the new install, that command should do it

Cool.

Well I ran the above and still no joy.


2016-06-02 14:25:20:893 296 15f8 AU Triggering AU detection through DetectNow API
2016-06-02 14:25:20:893 296 15f8 AU Triggering Online detection (non-interactive)
2016-06-02 14:25:20:893 296 146c AU #############
2016-06-02 14:25:20:893 296 146c AU ## START ## AU: Search for updates
2016-06-02 14:25:20:893 296 146c AU #########
2016-06-02 14:25:20:893 296 146c AU <<## SUBMITTED ## AU: Search for updates [CallId = {A2DBD5BB-11F9-4592-93C1-6430ACAA0015}]
2016-06-02 14:25:20:893 296 12a4 Agent *************
2016-06-02 14:25:20:893 296 12a4 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2016-06-02 14:25:20:893 296 12a4 Agent *********
2016-06-02 14:25:20:893 296 12a4 Agent * Online = Yes; Ignore download priority = No
2016-06-02 14:25:20:893 296 12a4 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2016-06-02 14:25:20:893 296 12a4 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2016-06-02 14:25:20:893 296 12a4 Agent * Search Scope = {Machine}
2016-06-02 14:25:20:940 296 12a4 Setup Checking for agent SelfUpdate
2016-06-02 14:25:20:940 296 12a4 Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
2016-06-02 14:25:20:940 296 12a4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2016-06-02 14:25:20:956 296 12a4 Misc Microsoft signed: Yes
2016-06-02 14:25:27:846 296 12a4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2016-06-02 14:25:27:861 296 12a4 Misc Microsoft signed: Yes
2016-06-02 14:25:27:877 296 12a4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2016-06-02 14:25:27:877 296 12a4 Misc Microsoft signed: Yes
2016-06-02 14:25:27:892 296 12a4 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2016-06-02 14:25:27:892 296 12a4 Misc Microsoft signed: Yes
2016-06-02 14:25:27:955 296 12a4 Setup Determining whether a new setup handler needs to be downloaded
2016-06-02 14:25:27:955 296 12a4 Setup SelfUpdate handler is not found. It will be downloaded
2016-06-02 14:25:27:955 296 12a4 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2016-06-02 14:25:49:046 296 12a4 Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2016-06-02 14:25:49:046 296 12a4 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2016-06-02 14:25:49:061 296 12a4 Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2016-06-02 14:25:49:061 296 12a4 Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2016-06-02 14:25:49:093 296 12a4 Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2016-06-02 14:25:49:093 296 12a4 Setup SelfUpdate check completed. SelfUpdate is NOT required.
2016-06-02 14:25:49:747 296 12a4 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2016-06-02 14:25:49:747 296 12a4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.office.company.com/ClientWebService/client.asmx
2016-06-02 14:25:49:841 296 12a4 PT WARNING: Cached cookie has expired or new PID is available
2016-06-02 14:25:49:841 296 12a4 PT Initializing simple targeting cookie, clientId = b5455598-5ed9-43bc-9865-f80a88194cfd, target group = Desktops, DNS name = wg-0007.office.company.com
2016-06-02 14:25:49:841 296 12a4 PT Server URL = http://wsus.office.company.com/SimpleAuthWebService/SimpleAuth.asmx
2016-06-02 14:26:47:534 296 12a4 PT WARNING: Exceeded max server round trips: 0x80244010
2016-06-02 14:26:47:534 296 12a4 PT WARNING: Sync of Updates: 0x80244010
2016-06-02 14:26:47:534 296 12a4 PT WARNING: SyncServerUpdatesInternal failed: 0x80244010
2016-06-02 14:26:47:534 296 12a4 Agent * WARNING: Failed to synchronize, error = 0x80244010
2016-06-02 14:26:47:534 296 12a4 Agent * WARNING: Exit code = 0x80244010
2016-06-02 14:26:47:534 296 12a4 Agent *********
2016-06-02 14:26:47:534 296 12a4 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2016-06-02 14:26:47:534 296 12a4 Agent *************
2016-06-02 14:26:47:534 296 12a4 Agent WARNING: WU client failed Searching for update with error 0x80244010
2016-06-02 14:26:47:565 296 1720 AU >>## RESUMED ## AU: Search for updates [CallId = {A2DBD5BB-11F9-4592-93C1-6430ACAA0015}]
2016-06-02 14:26:47:565 296 1720 AU # WARNING: Search callback failed, result = 0x80244010
2016-06-02 14:26:47:565 296 1720 AU # WARNING: Failed to find updates with error code 80244010
2016-06-02 14:26:47:565 296 1720 AU #########
2016-06-02 14:26:47:565 296 1720 AU ## END ## AU: Search for updates [CallId = {A2DBD5BB-11F9-4592-93C1-6430ACAA0015}]
2016-06-02 14:26:47:565 296 1720 AU #############
2016-06-02 14:26:47:565 296 1720 AU Successfully wrote event for AU health state:0
2016-06-02 14:26:47:565 296 1720 AU AU setting next detection timeout to 2016-06-02 18:26:47
2016-06-02 14:26:47:565 296 1720 AU Successfully wrote event for AU health state:0
2016-06-02 14:26:47:565 296 1720 AU Successfully wrote event for AU health state:0
2016-06-02 14:26:52:537 296 12a4 Report REPORT EVENT: {EF8D724D-D5C5-4875-BCAB-71D56994A7B1} 2016-06-02 14:26:47:534+0100 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80244010 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80244010.
2016-06-02 14:26:52:553 296 12a4 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2016-06-02 14:26:52:553 296 12a4 Report WER Report sent: 7.6.7600.256 0x80244010 00000000-0000-0000-0000-000000000000 Scan 101 Managed
2016-06-02 14:26:52:553 296 12a4 Report CWERReporter finishing event handling. (00000000)
2016-06-02 14:28:40:596 296 12a4 PT WARNING: Cached cookie has expired or new PID is available
2016-06-02 14:28:40:596 296 12a4 PT Initializing simple targeting cookie, clientId = b5455598-5ed9-43bc-9865-f80a88194cfd, target group = Desktops, DNS name = wg-0007.office.company.com
2016-06-02 14:28:40:596 296 12a4 PT Server URL = http://wsus.office.company.com/SimpleAuthWebService/SimpleAuth.asmx
2016-06-02 14:28:40:674 296 12a4 Report Uploading 1 events using cached cookie, reporting URL = http://wsus.office.company.com/ReportingWebService/ReportingWebService.asmx
2016-06-02 14:28:40:674 296 12a4 Report Reporter successfully uploaded 1 events.
 

GDL

GDL

Associate
Joined
10 Sep 2014
Posts
430
Location
UK
Reset the clients SoftwareDistrubution Folder.

Stop the update service
Rename that folder) C:\Windows\Software.....
Start the service.

Watch the log with something like CCMTrace.
Then run: wuauclt \resetauthorization \detectnow
 

ryu

ryu

Associate
Joined
25 Oct 2002
Posts
1,039
After re-installation was WSUS empty and by checking in you mean they started to reappear i.e. freshly re-registering? or did it appear to keep the complete list of clients from their prior registrations?

Are the problematic clients showing up and the stats have not updated suggesting they have x amount (all) updates with no status?

Try deleting the client directly out of WSUS and then running:

wuauclt /resetauthorization

on the client and waiting 30 minutes or so, if you haven't done so already
 
Last edited:
Soldato
Joined
18 Oct 2002
Posts
4,521
What OS are the clients?
What OS is the WSUS role configured on?
How is Group Policy configured for WSUS, if at all?

Here's a basic batch file and registry entry that I've used for years to reset problematic WSUS clients. Put the registry file in your netlogon share in the path referenced in the bat file (or amend as necessary).

Batch File (General client):
Code:
net stop wuauserv

regedit /s "%logonserver%\netlogon\ResetWSUS\wsus.reg"

@echo off

cls

net start wuauserv

wuauclt /resetauthorization /detectnow

Batch File (Windows 2012+ Clients):
Code:
net stop wuauserv

regedit /s "%logonserver%\netlogon\ResetWSUS\wsus.reg"
echo 'y'|rd /s %windir%\softwaredistribution\ 

@echo off

cls

net start wuauserv

wuauclt /resetauthorization /detectnow

Registry File:
Code:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]

Just to reiterate, the above should be run on your clients, not WSUS server.

If your WSUS server is 2008 R2, also install this hotfix:

http://support.microsoft.com/kb/2734608

It's nothing spectacular, and already well documented on the web, but it has worked for me in most cases. If it works for one client, use GP to run the batch file across all machines (if it is an issue for all clients, as your post suggests).

Edit: Added a batch specifically for W10 clients. This is not mine as you can see from the code, but it also works a charm.

Code:
@echo off

:: Created by: Shawn Brink
:: http://www.tenforums.com
:: Tutorial: http://www.tenforums.com/tutorials/24742-windows-update-reset-windows-10-a.html


set b=0

:bits
set /a b=%b%+1
if %b% equ 3 (
   goto end1
) 
net stop bits
echo Checking the bits service status.
sc query bits | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto bits 
) 
goto loop2

:end1
cls
echo.
echo Cannot reset Windows Update since "Background Intelligent Transfer Service" (bits) service failed to stop.
echo.
pause
goto Start


:loop2
set w=0

:wuauserv
set /a w=%w%+1
if %w% equ 3 (
   goto end2
) 
net stop wuauserv
echo Checking the wuauserv service status.
sc query wuauserv | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto wuauserv 
) 
goto loop3

:end2
cls
echo.
echo Cannot reset Windows Update since "Windows Update" (wuauserv) service failed to stop.
echo.
pause
goto Start



:loop3
set app=0

:appidsvc
set /a app=%app%+1
if %app% equ 3 (
   goto end3
) 
net stop appidsvc
echo Checking the appidsvc service status.
sc query appidsvc | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto appidsvc 
) 
goto loop4

:end3
cls
echo.
echo Cannot reset Windows Update since "Application Identity" (appidsvc) service failed to stop.
echo.
pause
goto Start


:loop4
set c=0

:cryptsvc
set /a c=%c%+1
if %c% equ 3 (
   goto end4
) 
net stop cryptsvc
echo Checking the cryptsvc service status.
sc query cryptsvc | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto cryptsvc 
) 
goto Reset

:end4
cls
echo.
echo Cannot reset Windows Update since "Cryptographic Services" (cryptsvc) service failed to stop.
echo.
pause
goto Start


:Reset
Ipconfig /flushdns
del /s /q /f "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" 

cd /d %windir%\system32

if exist "%SYSTEMROOT%\winsxs\pending.xml.bak" del /s /q /f "%SYSTEMROOT%\winsxs\pending.xml.bak" 
if exist "%SYSTEMROOT%\winsxs\pending.xml" ( 
    takeown /f "%SYSTEMROOT%\winsxs\pending.xml" 
    attrib -r -s -h /s /d "%SYSTEMROOT%\winsxs\pending.xml" 
    ren "%SYSTEMROOT%\winsxs\pending.xml" pending.xml.bak 
) 
  
if exist "%SYSTEMROOT%\SoftwareDistribution.bak" rmdir /s /q "%SYSTEMROOT%\SoftwareDistribution.bak"
if exist "%SYSTEMROOT%\SoftwareDistribution" ( 
    attrib -r -s -h /s /d "%SYSTEMROOT%\SoftwareDistribution" 
    ren "%SYSTEMROOT%\SoftwareDistribution" SoftwareDistribution.bak 
) 
 
if exist "%SYSTEMROOT%\system32\Catroot2.bak" rmdir /s /q "%SYSTEMROOT%\system32\Catroot2.bak" 
if exist "%SYSTEMROOT%\system32\Catroot2" ( 
    attrib -r -s -h /s /d "%SYSTEMROOT%\system32\Catroot2" 
    ren "%SYSTEMROOT%\system32\Catroot2" Catroot2.bak 
) 
  
if exist "%SYSTEMROOT%\WindowsUpdate.log.bak" del /s /q /f "%SYSTEMROOT%\WindowsUpdate.log.bak" 
if exist "%SYSTEMROOT%\WindowsUpdate.log" ( 
    attrib -r -s -h /s /d "%SYSTEMROOT%\WindowsUpdate.log" 
    ren "%SYSTEMROOT%\WindowsUpdate.log" WindowsUpdate.log.bak 
) 
  
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

regsvr32.exe /s atl.dll 
regsvr32.exe /s urlmon.dll 
regsvr32.exe /s mshtml.dll 
regsvr32.exe /s shdocvw.dll 
regsvr32.exe /s browseui.dll 
regsvr32.exe /s jscript.dll 
regsvr32.exe /s vbscript.dll 
regsvr32.exe /s scrrun.dll 
regsvr32.exe /s msxml.dll 
regsvr32.exe /s msxml3.dll 
regsvr32.exe /s msxml6.dll 
regsvr32.exe /s actxprxy.dll 
regsvr32.exe /s softpub.dll 
regsvr32.exe /s wintrust.dll 
regsvr32.exe /s dssenh.dll 
regsvr32.exe /s rsaenh.dll 
regsvr32.exe /s gpkcsp.dll 
regsvr32.exe /s sccbase.dll 
regsvr32.exe /s slbcsp.dll 
regsvr32.exe /s cryptdlg.dll 
regsvr32.exe /s oleaut32.dll 
regsvr32.exe /s ole32.dll 
regsvr32.exe /s shell32.dll 
regsvr32.exe /s initpki.dll 
regsvr32.exe /s wuapi.dll 
regsvr32.exe /s wuaueng.dll 
regsvr32.exe /s wuaueng1.dll 
regsvr32.exe /s wucltui.dll 
regsvr32.exe /s wups.dll 
regsvr32.exe /s wups2.dll 
regsvr32.exe /s wuweb.dll 
regsvr32.exe /s qmgr.dll 
regsvr32.exe /s qmgrprxy.dll 
regsvr32.exe /s wucltux.dll 
regsvr32.exe /s muweb.dll 
regsvr32.exe /s wuwebv.dll
regsvr32 /s wudriver.dll
netsh winsock reset
netsh winsock reset proxy

:Start
net start bits
net start wuauserv
net start appidsvc
net start cryptsvc
 
Last edited:
Soldato
OP
Joined
18 May 2010
Posts
22,301
Location
London
After re-installation was WSUS empty and by checking in you mean they started to reappear i.e. freshly re-registering? or did it appear to keep the complete list of clients from their prior registrations?

Are the problematic clients showing up and the stats have not updated suggesting they have x amount (all) updates with no status?

Try deleting the client directly out of WSUS and then running:

wuauclt /resetauthorization

on the client and waiting 30 minutes or so, if you haven't done so already


OK so I came in to this job about a month ago. Previously they had some outsourcing company come in once a week to sort out their IT needs. Not much maintenance got done.

The state I found the network in was bad. The WSUS server was operational, but on a disk that was practically 100% full. I don't think it had been serving any updates to the clients for a while.

I first tried to migrate the WSUS to another disk. I managed to migrate the data and re link the SQL server, but alas it broke in transfer.

I then reinstalled the WSUS and it is now operational.

I went through the usual steps accepting the defaults. The machines on the network just appeared in the WSUS. Presumably the GPO was still working and the machines where checking in with the WSUS.

The network is 90% Win 7 with a few other Win 10 clients.

In the WSUS the clients show up with an ! mark and the message "This computer has not yet contacted".

When I manually run a sync I get the messages I posted in my previous posts.

I'm using a Win 10 and when I choose to do an update against the WSUS server it finds nothing. When I choose search on line, it goes and finds updates.

I'm not feeling well today so I might not look at this issue until Monday.

Thanks
 
Soldato
OP
Joined
18 May 2010
Posts
22,301
Location
London
What OS are the clients?
What OS is the WSUS role configured on?
How is Group Policy configured for WSUS, if at all?

Here's a basic batch file and registry entry that I've used for years to reset problematic WSUS clients. Put the registry file in your netlogon share in the path referenced in the bat file (or amend as necessary).

Batch File (General client):
Code:
net stop wuauserv

regedit /s "%logonserver%\netlogon\ResetWSUS\wsus.reg"

@echo off

cls

net start wuauserv

wuauclt /resetauthorization /detectnow

Batch File (Windows 2012+ Clients):
Code:
net stop wuauserv

regedit /s "%logonserver%\netlogon\ResetWSUS\wsus.reg"
echo 'y'|rd /s %windir%\softwaredistribution\ 

@echo off

cls

net start wuauserv

wuauclt /resetauthorization /detectnow

Registry File:
Code:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]

Just to reiterate, the above should be run on your clients, not WSUS server.

If your WSUS server is 2008 R2, also install this hotfix:

http://support.microsoft.com/kb/2734608

It's nothing spectacular, and already well documented on the web, but it has worked for me in most cases. If it works for one client, use GP to run the batch file across all machines (if it is an issue for all clients, as your post suggests).

Edit: Added a batch specifically for W10 clients. This is not mine as you can see from the code, but it also works a charm.

Code:
@echo off

:: Created by: Shawn Brink
:: http://www.tenforums.com
:: Tutorial: http://www.tenforums.com/tutorials/24742-windows-update-reset-windows-10-a.html


set b=0

:bits
set /a b=%b%+1
if %b% equ 3 (
   goto end1
) 
net stop bits
echo Checking the bits service status.
sc query bits | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto bits 
) 
goto loop2

:end1
cls
echo.
echo Cannot reset Windows Update since "Background Intelligent Transfer Service" (bits) service failed to stop.
echo.
pause
goto Start


:loop2
set w=0

:wuauserv
set /a w=%w%+1
if %w% equ 3 (
   goto end2
) 
net stop wuauserv
echo Checking the wuauserv service status.
sc query wuauserv | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto wuauserv 
) 
goto loop3

:end2
cls
echo.
echo Cannot reset Windows Update since "Windows Update" (wuauserv) service failed to stop.
echo.
pause
goto Start



:loop3
set app=0

:appidsvc
set /a app=%app%+1
if %app% equ 3 (
   goto end3
) 
net stop appidsvc
echo Checking the appidsvc service status.
sc query appidsvc | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto appidsvc 
) 
goto loop4

:end3
cls
echo.
echo Cannot reset Windows Update since "Application Identity" (appidsvc) service failed to stop.
echo.
pause
goto Start


:loop4
set c=0

:cryptsvc
set /a c=%c%+1
if %c% equ 3 (
   goto end4
) 
net stop cryptsvc
echo Checking the cryptsvc service status.
sc query cryptsvc | findstr /I /C:"STOPPED" 
if not %errorlevel%==0 ( 
    goto cryptsvc 
) 
goto Reset

:end4
cls
echo.
echo Cannot reset Windows Update since "Cryptographic Services" (cryptsvc) service failed to stop.
echo.
pause
goto Start


:Reset
Ipconfig /flushdns
del /s /q /f "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" 

cd /d %windir%\system32

if exist "%SYSTEMROOT%\winsxs\pending.xml.bak" del /s /q /f "%SYSTEMROOT%\winsxs\pending.xml.bak" 
if exist "%SYSTEMROOT%\winsxs\pending.xml" ( 
    takeown /f "%SYSTEMROOT%\winsxs\pending.xml" 
    attrib -r -s -h /s /d "%SYSTEMROOT%\winsxs\pending.xml" 
    ren "%SYSTEMROOT%\winsxs\pending.xml" pending.xml.bak 
) 
  
if exist "%SYSTEMROOT%\SoftwareDistribution.bak" rmdir /s /q "%SYSTEMROOT%\SoftwareDistribution.bak"
if exist "%SYSTEMROOT%\SoftwareDistribution" ( 
    attrib -r -s -h /s /d "%SYSTEMROOT%\SoftwareDistribution" 
    ren "%SYSTEMROOT%\SoftwareDistribution" SoftwareDistribution.bak 
) 
 
if exist "%SYSTEMROOT%\system32\Catroot2.bak" rmdir /s /q "%SYSTEMROOT%\system32\Catroot2.bak" 
if exist "%SYSTEMROOT%\system32\Catroot2" ( 
    attrib -r -s -h /s /d "%SYSTEMROOT%\system32\Catroot2" 
    ren "%SYSTEMROOT%\system32\Catroot2" Catroot2.bak 
) 
  
if exist "%SYSTEMROOT%\WindowsUpdate.log.bak" del /s /q /f "%SYSTEMROOT%\WindowsUpdate.log.bak" 
if exist "%SYSTEMROOT%\WindowsUpdate.log" ( 
    attrib -r -s -h /s /d "%SYSTEMROOT%\WindowsUpdate.log" 
    ren "%SYSTEMROOT%\WindowsUpdate.log" WindowsUpdate.log.bak 
) 
  
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

regsvr32.exe /s atl.dll 
regsvr32.exe /s urlmon.dll 
regsvr32.exe /s mshtml.dll 
regsvr32.exe /s shdocvw.dll 
regsvr32.exe /s browseui.dll 
regsvr32.exe /s jscript.dll 
regsvr32.exe /s vbscript.dll 
regsvr32.exe /s scrrun.dll 
regsvr32.exe /s msxml.dll 
regsvr32.exe /s msxml3.dll 
regsvr32.exe /s msxml6.dll 
regsvr32.exe /s actxprxy.dll 
regsvr32.exe /s softpub.dll 
regsvr32.exe /s wintrust.dll 
regsvr32.exe /s dssenh.dll 
regsvr32.exe /s rsaenh.dll 
regsvr32.exe /s gpkcsp.dll 
regsvr32.exe /s sccbase.dll 
regsvr32.exe /s slbcsp.dll 
regsvr32.exe /s cryptdlg.dll 
regsvr32.exe /s oleaut32.dll 
regsvr32.exe /s ole32.dll 
regsvr32.exe /s shell32.dll 
regsvr32.exe /s initpki.dll 
regsvr32.exe /s wuapi.dll 
regsvr32.exe /s wuaueng.dll 
regsvr32.exe /s wuaueng1.dll 
regsvr32.exe /s wucltui.dll 
regsvr32.exe /s wups.dll 
regsvr32.exe /s wups2.dll 
regsvr32.exe /s wuweb.dll 
regsvr32.exe /s qmgr.dll 
regsvr32.exe /s qmgrprxy.dll 
regsvr32.exe /s wucltux.dll 
regsvr32.exe /s muweb.dll 
regsvr32.exe /s wuwebv.dll
regsvr32 /s wudriver.dll
netsh winsock reset
netsh winsock reset proxy

:Start
net start bits
net start wuauserv
net start appidsvc
net start cryptsvc

Thanks I will take a look at this on Monday.
 
Soldato
Joined
31 Dec 2007
Posts
13,616
Location
The TARDIS, Wakefield, UK
We had the same problem it occured when a local WSUS server was removed and all the devices were migrated to the centralised WSUS. Basically it couldnt cope with the additional devices connected to it. It was overloaded.

So say you have 100 PC's if your GPO is set have the WSUS service all these PC's at the same time via a single GPO and your WSUS is only set to allow 75 then 25 fail to connect to the server.

Its actually more than this the figures are examples but you get my meaning and I forget the parameters that govern this I`m at home and not well either so I cant think straight but thats basically it. I found it on Microsoft website you have to increase something cant remember what but if its at a maximum all you can do is create another WSUS server and link the two together so you have a master and slave so to speak or you can try and create more than one WSUS GPO so your machines are serviced at different times (although this didnt always work). In the end it was sorted out by adding another WSUS server.

Also this link might help too http://trentent.blogspot.co.uk/2016/03/wsus-clients-fail-with-warning-exceeded.html (the comments too at the end for the KB's)

Basically its not the clients its the WSUS. This is why its so hard to diagnose because you think oh the PC's cant connect so it must be them. Its not. I seem to recall the info you need is in the event viewer on the PC or the server. Sorry for being a bit hazy but hope it helps.

Oh also make sure BITS is set on the WSUS Server to trickle the updates out something like 100k we used worked a treat or it will just consume all the network bandwidth. Google it there is a parameter in IIS I think. Again brain funky.
 
Last edited:
Soldato
OP
Joined
18 May 2010
Posts
22,301
Location
London
I've uploaded a screen shoot of what I can see in the WSUS.

screenshot.jpg


So clearly the GPO is working the clients are talking to the WSUS server, but no updates are being pushed to the clients.

You can also see the ! mark and the Installed/Not Applicable Percentage is high for some a low for others.

Your also see that there are 5 clients at the bottom that don't have ! marks so presumably mean they are communicating, except they are 0% Installed/Not Applicable.

My PC which is a Win 10 when I do a search for updates it doesn't find anything. If I check the box that says check online it will find stuff.

I'll look in to the above stuff you guys have posted.

Thanks
 
Last edited:
Soldato
Joined
31 Dec 2007
Posts
13,616
Location
The TARDIS, Wakefield, UK
98+% and a ! usually means the client has the windows updates but needs user intervention, either to click the Install button on Windows updates or needs a reboot.
100% would then therefore mean the client is fully up to date and rebooted. So it looks like your windows clients are upto date they just need a reboot. 98+% is therefore a good thing!
A good column to have is the number of updates outstanding.

Dont forget that if a client has received windows updates before being added to WSUS the level of updates it will show will be different that was installed via WSUS as it will have already had some done over the internet.

I guess looking at the screenshot you reinstalled 31/05 it looks like the 0% ones havent communicated with the WSUS.

Also the number of updates 14000+ probably means your WSUS is download updates for products you dont actually have on your network. You need to go through your product list and untick any you dont have. When I first took over ours at work when I started it was downloading Win 2000 and MS Works updates ! IE updates is a good one to remove make sure it only does the ones for the browser you have as if its all ticked you get IE6/7 updates too.

Also look into superceeded updates. This is where MS release an update that negates the need for a previous update to be used. You will find this saves gigs of space.

Just to give you an idea we had 150 Pc's, 8 servers, Windows 2008, MS Office 2010, Windows 7 Pro and after I streamlined the product list the total updates our WSUS had was around 7000. Thats why I think your 14000 is too high.

As for Win 10 have you looked in your update tree to see what updates have been downloaded.

also how are you approving updates ? Manually or automatically in the options ? I preferred to do it manually because I liked the hands on control but not everyone does it that way.
Also run the cleanup wizard in options at least once a week.
 
Last edited:
Soldato
OP
Joined
18 May 2010
Posts
22,301
Location
London
98+% and a ! usually means the client has the windows updates but needs user intervention, either to click the Install button on Windows updates or needs a reboot.
100% would then therefore mean the client is fully up to date and rebooted. So it looks like your windows clients are upto date they just need a reboot. 98+% is therefore a good thing!
A good column to have is the number of updates outstanding.

Dont forget that if a client has received windows updates before being added to WSUS the level of updates it will show will be different that was installed via WSUS as it will have already had some done over the internet.

I guess looking at the screenshot you reinstalled 31/05 it looks like the 0% ones havent communicated with the WSUS.

Also the number of updates 14000+ probably means your WSUS is download updates for products you dont actually have on your network. You need to go through your product list and untick any you dont have. When I first took over ours at work when I started it was downloading Win 2000 and MS Works updates ! IE updates is a good one to remove make sure it only does the ones for the browser you have as if its all ticked you get IE6/7 updates too.

Also look into superceeded updates. This is where MS release an update that negates the need for a previous update to be used. You will find this saves gigs of space.

Just to give you an idea we had 150 Pc's, 8 servers, Windows 2008, MS Office 2010, Windows 7 Pro and after I streamlined the product list the total updates our WSUS had was around 7000. Thats why I think your 14000 is too high.

As for Win 10 have you looked in your update tree to see what updates have been downloaded.

also how are you approving updates ? Manually or automatically in the options ? I preferred to do it manually because I liked the hands on control but not everyone does it that way.
Also run the cleanup wizard in options at least once a week.

I've gone through the 'Products and Classifications' and removed all the unnecessary stuff.

However I logged on to one of our clients which is showing up as ! and 0% Installed/Not Applicable to see if you were on to something when you said the machine might be waiting for user intervention.

Unfortunately there wasn't a shutdown and install updates option on the client.

My client is a Win 10 Enterprise x64 machine (the one highlighted below)

It shows that there is 3 updates that need applying. But if I do a manual check for updates it doesn't find anything. If I check the box that says check online it will go and download them.

See image below.

Screenshot.jpg
 
Last edited:
Soldato
OP
Joined
18 May 2010
Posts
22,301
Location
London
We had the same problem it occured when a local WSUS server was removed and all the devices were migrated to the centralised WSUS. Basically it couldnt cope with the additional devices connected to it. It was overloaded.

So say you have 100 PC's if your GPO is set have the WSUS service all these PC's at the same time via a single GPO and your WSUS is only set to allow 75 then 25 fail to connect to the server.

Its actually more than this the figures are examples but you get my meaning and I forget the parameters that govern this I`m at home and not well either so I cant think straight but thats basically it. I found it on Microsoft website you have to increase something cant remember what but if its at a maximum all you can do is create another WSUS server and link the two together so you have a master and slave so to speak or you can try and create more than one WSUS GPO so your machines are serviced at different times (although this didnt always work). In the end it was sorted out by adding another WSUS server.

Also this link might help too http://trentent.blogspot.co.uk/2016/03/wsus-clients-fail-with-warning-exceeded.html (the comments too at the end for the KB's)

Basically its not the clients its the WSUS. This is why its so hard to diagnose because you think oh the PC's cant connect so it must be them. Its not. I seem to recall the info you need is in the event viewer on the PC or the server. Sorry for being a bit hazy but hope it helps.

Oh also make sure BITS is set on the WSUS Server to trickle the updates out something like 100k we used worked a treat or it will just consume all the network bandwidth. Google it there is a parameter in IIS I think. Again brain funky.

I had a look at this. Do you know if the mentioned KB are safe to install?

This one looks recent.

The only problem this relates to Win Server 2008 R2. The server the WSUS is running on is a:

Windows Server Standard
Copyright 2007 Microsoft Corporation.
Service Pack 2

Microsoft Windows [Version 6.0.6002]

Not sure if that update applies.
 
Soldato
Joined
31 Dec 2007
Posts
13,616
Location
The TARDIS, Wakefield, UK
I've gone through the 'Products and Classifications' and removed all the unnecessary stuff.

However I logged on to one of our clients which is showing up as ! and 0% Installed/Not Applicable to see if you were on to something when you said the machine might be waiting for user intervention.

Unfortunately there wasn't a shutdown and install updates option on the client.

My client is a Win 10 Enterprise x64 machine (the one highlighted below)

It shows that there is 3 updates that need applying. But if I do a manual check for updates it doesn't find anything. If I check the box that says check online it will go and download them.

See image below.

Screenshot.jpg

I would say that your WSUS isnt updated properly as Win 10 machines show as Win 10 not Vista on ours. This could be the problem.

So on the client what did it say when you went into Windows Updates ? Post the screenshot.

Also easy way to tell if your client is connected is go into Windows Updates settings and it will say something like "some of these settings are controlled by your System Administrator" on Windows 7 or I think it says 'Some settings are managed by your organization' on Windows 10

Also did you reboot this machine as that might be wise.

Just to check you have approved the updates for the Desktop group ?

I had a look at this. Do you know if the mentioned KB are safe to install?

This one looks recent.

The only problem this relates to Win Server 2008 R2. The server the WSUS is running on is a:

Windows Server Standard
Copyright 2007 Microsoft Corporation.
Service Pack 2

Microsoft Windows [Version 6.0.6002]

Not sure if that update applies.

No it wont you have Windows 2008 Standard.
 
Last edited:
Soldato
OP
Joined
18 May 2010
Posts
22,301
Location
London
I would say that your WSUS isnt updated properly as Win 10 machines show as Win 10 not Vista on ours. This could be the problem.

So on the client what did it say when you went into Windows Updates ? Post the screenshot.

Also easy way to tell if your client is connected is go into Windows Updates settings and it will say something like "some of these settings are controlled by your System Administrator" on Windows 7 or I think it says 'Some settings are managed by your organization' on Windows 10

Also did you reboot this machine as that might be wise.

Just to check you have approved the updates for the Desktop group ?



No it wont you have Windows 2008 Standard.

I downloaded the wsus setup file only last week. It's must be the latest version of it?

During the install one of the classifications is Win 10 updates. Even now if I go in to the classifications shows Win 10.

Out of about 60 machines only 4 of them are currently Win 10. The rest are Win 7.

On my win 1`0 machine it does say 'Some settings are managed by your organization'.

On this Win 7 machine I'm currently running Windows update. It says the most recent check for updates was 20/05/2016.

---

Hmm

So I got the below error on a Win 7 machine when I ran the update. Does in did look like this issue

win7.jpg


I'm pretty sure I have approved the updates for the Desktop group but I will have another look.

Thanks

This is what I have for the approved section:

approved.jpg
 
Last edited:
Back
Top Bottom