November 22, 2010

Why are my VMs are not reporting to WSUS?

We have been deploying VMs in our esx environment using VM templates without any issues. One day however, we discovered that there were quite a few 2000 and 2003 servers not reporting into the WSUS server. No matter how we restarted the windows update services or force detect through commandline, the servers would still not to be detected in WSUS. 

After some troubleshooting, we discovered that only our VMs were having such problems. The physical servers were reporting properly. Furthermore, we discovered they had the same SUSClientId values.

It became clear that it was due to the VMs being deployed from the same few templates that caused this issue. From Microsoft KB903262

The first Windows 2000-based computer, Windows Server 2003-based computer, or Windows XP-based computer that was set up by using a Windows 2000 image, a Windows Server 2003 image, or a Windows XP image appears in the WSUS console. However, the next Windows 2000-based, Windows Server 2003-based, or Windows XP-based computers that are set up by using the same image do not appear. This issue occurs because the first computer that was set up by using one of these images is using the same SusClientID value."

  • VMs are not getting updates from WSUS server, restarting automatic update services does not help
  • WSUS console does not list the VMs

To resolve
  1. command prompt -> net stop wuauserv
  2. regedit -> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
  3. delete the following registries:
    • PingID
    • AccountDomainSid
    • SusClientId
    • SusClientIDValidation
  4. command prompt -> net start wuauserv
  5. command prompt -> wuauclt.exe /resetauthorization /detectnow
  6. wait one or two mins for server to appear in WSUS console

No comments:

Post a Comment