+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 53
  1. aoe
    aoe is offline
    Member
    Join Date
    Jan 2008
    Posts
    32

    Certifications
    A+, MCP
    #1

    Default WSUS 3.0 won't list computers & gpo not being applied?

    I have installed WSUS on my dc.
    I have configured a gpo to point to the wsus server and applied it to the correct ou.
    I then go to the client computer and run gpupdate /force and then gpresult and the WSUS gpo is not being applied?

    Any ideas why this is happening? Is there more to it if the gpo is not being applied correctly?
    Thanks for the help.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #2

    Default Re: WSUS 3.0 won't list computers & gpo not being applie

    Quote Originally Posted by aoe
    I have installed WSUS on my dc.
    I have configured a gpo to point to the wsus server and applied it to the correct ou.
    I then go to the client computer and run gpupdate /force and then gpresult and the WSUS gpo is not being applied?

    Any ideas why this is happening? Is there more to it if the gpo is not being applied correctly?
    Thanks for the help.
    gpupdate /force should be run on the DC to update / enforce the Policy on the clients if I am not mistaken.
    Reply With Quote Quote  

  4. aoe
    aoe is offline
    Member
    Join Date
    Jan 2008
    Posts
    32

    Certifications
    A+, MCP
    #3

    Default Re: WSUS 3.0 won't list computers & gpo not being applie

    Quote Originally Posted by nazzeem
    Quote Originally Posted by aoe
    I have installed WSUS on my dc.
    I have configured a gpo to point to the wsus server and applied it to the correct ou.
    I then go to the client computer and run gpupdate /force and then gpresult and the WSUS gpo is not being applied?

    Any ideas why this is happening? Is there more to it if the gpo is not being applied correctly?
    Thanks for the help.
    gpupdate /force should be run on the DC to update / enforce the Policy on the clients if I am not mistaken.
    I have done that multiple times, then run gpresult and the policies are not being applied for some reason?

    The reason this is a big issue to me is due to what i have heard about the 291 and wsus questions and if i can't assign a computer through gpo, i don't feel like i have a grasp of it?

    Thanks for the help.
    Reply With Quote Quote  

  5. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #4

    Default Check if other policies is applied

    Check whether other policies is applied to the domain computers e.g "strong password policy" etc. If this works then maybe you could try to rejoin the workstation with the domain. I am also studying WSUS for 291. So I might not have a solution for you.

    But I what I would do is:

    1.) Make sure the workstation is joined properly with the domain, and rejoin it if required.

    2.) Check if other policies is applied to the workstation.

    3.) Check if these keys exesits in the workstations registry:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate]
    "WUServer"="http://your-wsus-server"
    "WUStatusServer"="http://http://your-wsus-server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU]
    "UseWUServer"=dword:00000001

    4.) Run the command "wuauclt /detectnow" from command prompt to force your workstation to search for WSUS servers.

    5.) Check the workstations %windir% for the WindowsUpdate.log file and check in it for * WSUS server: <NULL> and * WSUS status server: <NULL>. Check if it points to your WSUS Server.

    There are probably other things you can do as well.
    Reply With Quote Quote  

  6. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #5

    Default Re: WSUS 3.0 won't list computers & gpo not being applie

    Quote Originally Posted by nazzeem
    Quote Originally Posted by aoe
    I have installed WSUS on my dc.
    I have configured a gpo to point to the wsus server and applied it to the correct ou.
    I then go to the client computer and run gpupdate /force and then gpresult and the WSUS gpo is not being applied?

    Any ideas why this is happening? Is there more to it if the gpo is not being applied correctly?
    Thanks for the help.
    gpupdate /force should be run on the DC to update / enforce the Policy on the clients if I am not mistaken.
    Although I have seen others state this before, I haven't seen it from a KB or other MS source. Can someone show me where MS states that running gpupdate on the DC actually forces an update on clients? To my knowledge, you must run gpupdate on whatever computer you want the updates to take effect. This means you should run gpupdate on the clients individually, not the server.

    Someone correct me if I am wrong, with references please.
    Reply With Quote Quote  

  7. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #6

    Default GPUPDATE

    From my experience. When you make changes to a policy, it will not take effect immediatly. When you run gpupdate /force, the policies is applied immediatly to all clients on the domain. This will have the same efect as rebooting the client PC. I do not agree with your statement that the command has to be run on all the client pc`s. Imagine you have one PDC on the domain and 569 workstations. Which admin will run the command on all the workstations. Not me thank you very much.

    Please post the correct solution for this issue when you find it. We might learn something for our 70-290 here.
    Reply With Quote Quote  

  8. ROFL-Copter pilot snadam's Avatar
    Join Date
    Dec 2006
    Location
    AZ
    Posts
    2,235

    Certifications
    JNCIP-SEC, JNCIS-SEC, JNCIA-JunOS, CCNA, CCENT, MCSE 2003, MCSA 2003, MCP, Network+, Security+
    #7

    Default Re: WSUS 3.0 won't list computers & gpo not being applie

    Quote Originally Posted by sprkymrk

    Although I have seen others state this before, I haven't seen it from a KB or other MS source. Can someone show me where MS states that running gpupdate on the DC actually forces an update on clients? To my knowledge, you must run gpupdate on whatever computer you want the updates to take effect. This means you should run gpupdate on the clients individually, not the server.

    Someone correct me if I am wrong, with references please.

    I am also curious...
    Reply With Quote Quote  

  9. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #8

    Default Re: GPUPDATE

    Quote Originally Posted by nazzeem
    From my experience. When you make changes to a policy, it will not take effect immediatly. When you run gpupdate /force, the policies is applied immediatly to all clients on the domain. This will have the same efect as rebooting the client PC. I do not agree with your statement that the command has to be run on all the client pc`s. Imagine you have one PDC on the domain and 569 workstations. Which admin will run the command on all the workstations. Not me thank you very much..
    Running gpupdate updates the policy on the computer on which it is run. Group Policy has automatic update intervals (90 minutes +1-30 minutes unless changed) which is why an admin doesn't need to run gpupdate on 569 clients - he just waits for the automatic update interval. The gpupdate command is for special circumstances. If you have a KB article or something I'd appreciate the reference. So far every KB article I have found states that you run gpupdate on the client you are trouble shooting.
    Reply With Quote Quote  

  10. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #9

    Default Found this info on gpupdate at MS Technet & Google

    Running "gpupdate /force" on the domain controller will download the latest Group Policy settings to client computers.

    http://www.microsoft.com/technet/sec.../xpsgapxb.mspx

    Some info on gpupdate with WSUS
    http://www.wsus.info/forums/lofivers...php?t7861.html

    And heres Google
    http://www.google.co.za/search?sourc...%2Fforce&meta=
    Reply With Quote Quote  

  11. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #10

    Default Re: GPUPDATE

    Quote Originally Posted by sprkymrk
    Quote Originally Posted by nazzeem
    From my experience. When you make changes to a policy, it will not take effect immediatly. When you run gpupdate /force, the policies is applied immediatly to all clients on the domain. This will have the same efect as rebooting the client PC. I do not agree with your statement that the command has to be run on all the client pc`s. Imagine you have one PDC on the domain and 569 workstations. Which admin will run the command on all the workstations. Not me thank you very much..
    Running gpupdate updates the policy on the computer on which it is run. Group Policy has automatic update intervals (90 minutes +1-30 minutes unless changed) which is why an admin doesn't need to run gpupdate on 569 clients - he just waits for the automatic update interval. The gpupdate command is for special circumstances. If you have a KB article or something I'd appreciate the reference. So far every KB article I have found states that you run gpupdate on the client you are trouble shooting.
    Sorry for the confusion. This was just from my experience that when I change something in the Domain Default Policy and want it to take effect immediatly, I run the gpupdate /force command. Then I check one or two of the client machines to see if the policy was applied. It normally is and then I assume it was applied to the rest of the client machines as well.
    Reply With Quote Quote  

  12. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #11

    Default Re: Found this info on gpupdate at MS Technet & Google

    Quote Originally Posted by nazzeem
    Running "gpupdate /force" on the domain controller will download the latest Group Policy settings to client computers.

    http://www.microsoft.com/technet/sec.../xpsgapxb.mspx

    Some info on gpupdate with WSUS
    http://www.wsus.info/forums/lofivers...php?t7861.html

    And heres Google
    http://www.google.co.za/search?sourc...%2Fforce&meta=
    I see "7.


    Execute gpupdate /force on the domain controller to download the latest Group Policy settings."

    In the first link you provided. Which should mean that they are just asking you to update the group policy settings on the domain controller.

    I hope you aren't taking this offensively by the way, I am just curious about this as well.
    Reply With Quote Quote  

  13. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #12
    No problem, I am all for learning something new. Your first link is a bit unclear - read it in it's context of having just made changes to the domain structure itself (adding OU's and such) - it doesn't actually say that it updates the clients. Then in the very next chapter it states that you must run gpupdate on the clients.

    I am checking your other links now, thanks.
    Reply With Quote Quote  

  14. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #13
    To the author of the topic, make sure that your policy as been Link Enabled (by seeing a check mark beside the name).
    Reply With Quote Quote  

  15. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #14

    Default Re: Found this info on gpupdate at MS Technet & Google

    Quote Originally Posted by Mishra
    Quote Originally Posted by nazzeem
    Running "gpupdate /force" on the domain controller will download the latest Group Policy settings to client computers.

    http://www.microsoft.com/technet/sec.../xpsgapxb.mspx

    Some info on gpupdate with WSUS
    http://www.wsus.info/forums/lofivers...php?t7861.html

    And heres Google
    http://www.google.co.za/search?sourc...%2Fforce&meta=
    I see "7.


    Execute gpupdate /force on the domain controller to download the latest Group Policy settings."

    In the first link you provided. Which should mean that they are just asking you to update the group policy settings on the domain controller.

    I hope you aren't taking this offensively by the way, I am just curious about this as well.
    I am here to learn and I need to pass 70-290 first time. So no offence taken.
    Reply With Quote Quote  

  16. aoe
    aoe is offline
    Member
    Join Date
    Jan 2008
    Posts
    32

    Certifications
    A+, MCP
    #15

    Default Re: Check if other policies is applied

    Quote Originally Posted by nazzeem
    Check whether other policies is applied to the domain computers e.g "strong password policy" etc. If this works then maybe you could try to rejoin the workstation with the domain. I am also studying WSUS for 291. So I might not have a solution for you.

    But I what I would do is:

    1.) Make sure the workstation is joined properly with the domain, and rejoin it if required.

    I demoted and then rejoined the domain yesterday and nothing

    2.) Check if other policies is applied to the workstation.

    The only one showing applied when gpresult is called is Default Domain Policy

    3.) Check if these keys exesits in the workstations registry:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate]
    "WUServer"="http://your-wsus-server"
    "WUStatusServer"="http://http://your-wsus-server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU]
    "UseWUServer"=dword:00000001

    These keys do not exist.

    4.) Run the command "wuauclt /detectnow" from command prompt to force your workstation to search for WSUS servers.

    I did that and nothing

    5.) Check the workstations %windir% for the WindowsUpdate.log file and check in it for * WSUS server: <NULL> and * WSUS status server: <NULL>. Check if it points to your WSUS Server.

    Server is not listed

    There are probably other things you can do as well.


    Thanks for the replies...
    Reply With Quote Quote  

  17. ROFL-Copter pilot snadam's Avatar
    Join Date
    Dec 2006
    Location
    AZ
    Posts
    2,235

    Certifications
    JNCIP-SEC, JNCIS-SEC, JNCIA-JunOS, CCNA, CCENT, MCSE 2003, MCSA 2003, MCP, Network+, Security+
    #16

    Default Re: Found this info on gpupdate at MS Technet & Google

    Quote Originally Posted by Mishra
    I see "7.


    Execute gpupdate /force on the domain controller to download the latest Group Policy settings."

    In the first link you provided. Which should mean that they are just asking you to update the group policy settings on the domain controller.

    I hope you aren't taking this offensively by the way, I am just curious about this as well.


    I also saw that. It clearly states where you run it and what happens...Im really surprised there is very little press on this seeming that its quite a handy piece of time-saving info!
    Reply With Quote Quote  

  18. aoe
    aoe is offline
    Member
    Join Date
    Jan 2008
    Posts
    32

    Certifications
    A+, MCP
    #17
    Quote Originally Posted by Mishra
    To the author of the topic, make sure that your policy as been Link Enabled (by seeing a check mark beside the name).
    Yes link is enabled.
    Thanks
    Reply With Quote Quote  

  19. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #18
    A Description of the Group Policy Update Utility

    I would think if you could simply execute gpupdate on a DC to initiate updates on all downlevel clients it would say so in the above link. It does not make any mention of such though.

    Refresh Group Policy settings with GPUpdate.exe

    The gpupdate command refreshes local and Active Directory–based Group Policy settings, including security settings on the computer from where it is run.
    Just a couple of many examples I have found. I have still never seen a single article specifically stating that running it on a DC will update clients.

    I am still okay with being proven wrong, if someone has a good link.
    Reply With Quote Quote  

  20. MIPS processor please Mishra's Avatar
    Join Date
    Feb 2007
    Location
    Ashburn, VA
    Posts
    2,468

    Certifications
    MCSA:2012, MCITP:EA/SA, MCSE 2003, MCTS: Vista, VCP4, AAS
    #19
    Quote Originally Posted by aoe
    Quote Originally Posted by Mishra
    To the author of the topic, make sure that your policy as been Link Enabled (by seeing a check mark beside the name).
    Yes link is enabled.
    Thanks
    Are you using the GPMC?

    A couple of screenshots from the GPMC might help us find a problem quicker if you are willing.
    Reply With Quote Quote  

  21. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #20

    Default Re: Found this info on gpupdate at MS Technet & Google

    Quote Originally Posted by snadam
    Quote Originally Posted by Mishra
    I see "7.


    Execute gpupdate /force on the domain controller to download the latest Group Policy settings."

    In the first link you provided. Which should mean that they are just asking you to update the group policy settings on the domain controller.

    I hope you aren't taking this offensively by the way, I am just curious about this as well.


    I also saw that. It clearly states where you run it and what happens...Im really surprised there is very little press on this seeming that its quite a handy piece of time-saving info!
    I don't think it's clear at all - see my other post.
    Reply With Quote Quote  

  22. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #21

    Default Keys must exist

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate]
    "WUServer"="http://your-wsus-server"
    "WUStatusServer"="http://http://your-wsus-server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU]
    "UseWUServer"=dword:00000001

    These keys must exist in the client machine registry else the pc wil NOT update from WSUS. Just today I updated a machine not belonging to the domain by just adding those registry keys and running the command "wuauclt /detectnow". You will not see anything after running the command. When adding the keys manually, the PC have to be rebooted first.

    I am installing & configurating WSUS 3.0 with SP1 on one of our clients SBS2003 Servers as we speak. Will let you know how it went.
    Reply With Quote Quote  

  23. aoe
    aoe is offline
    Member
    Join Date
    Jan 2008
    Posts
    32

    Certifications
    A+, MCP
    #22

    Default Re: Keys must exist

    Quote Originally Posted by nazzeem
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate]
    "WUServer"="http://your-wsus-server"
    "WUStatusServer"="http://http://your-wsus-server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU]
    "UseWUServer"=dword:00000001

    These keys must exist in the client machine registry else the pc wil NOT update from WSUS. Just today I updated a machine not belonging to the domain by just adding those registry keys and running the command "wuauclt /detectnow". You will not see anything after running the command. When adding the keys manually, the PC have to be rebooted first.

    I am installing & configurating WSUS 3.0 with SP1 on one of our clients SBS2003 Servers as we speak. Will let you know how it went.
    I can try that to see if it fixes the WSUS problem. But then i am left with a problem as to why the GPO settings are not being accepted?
    Reply With Quote Quote  

  24. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #23

    Default Re: Keys must exist

    Quote Originally Posted by aoe
    Quote Originally Posted by nazzeem
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate]
    "WUServer"="http://your-wsus-server"
    "WUStatusServer"="http://http://your-wsus-server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU]
    "UseWUServer"=dword:00000001

    These keys must exist in the client machine registry else the pc wil NOT update from WSUS. Just today I updated a machine not belonging to the domain by just adding those registry keys and running the command "wuauclt /detectnow". You will not see anything after running the command. When adding the keys manually, the PC have to be rebooted first.

    I am installing & configurating WSUS 3.0 with SP1 on one of our clients SBS2003 Servers as we speak. Will let you know how it went.
    I can try that to see if it fixes the WSUS problem. But then i am left with a problem as to why the GPO settings are not being accepted?
    Okay, dumb question - are the computers in question located in the OU to which the GPO is applied? You didn't apply the GPO to the default Computers container, did you?

    Can you apply the WSUS settings directly to the Default Domain Policy and see if it works then?
    Reply With Quote Quote  

  25. Member
    Join Date
    Feb 2008
    Location
    South Africa
    Posts
    33

    Certifications
    MCP (70-270, 70-290)
    #24

    Default Re: Keys must exist

    Quote Originally Posted by aoe
    Quote Originally Posted by nazzeem
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate]
    "WUServer"="http://your-wsus-server"
    "WUStatusServer"="http://http://your-wsus-server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU]
    "UseWUServer"=dword:00000001

    These keys must exist in the client machine registry else the pc wil NOT update from WSUS. Just today I updated a machine not belonging to the domain by just adding those registry keys and running the command "wuauclt /detectnow". You will not see anything after running the command. When adding the keys manually, the PC have to be rebooted first.

    I am installing & configurating WSUS 3.0 with SP1 on one of our clients SBS2003 Servers as we speak. Will let you know how it went.
    I can try that to see if it fixes the WSUS problem. But then i am left with a problem as to why the GPO settings are not being accepted?
    Like I said before, check to see if other policies are applied to the workstation? In your Default Domain Policy, change the policy for e.g "Complex Password", do a gpupdate /force on the DC and check the policy is applied to the workstation?
    Reply With Quote Quote  

  26. aoe
    aoe is offline
    Member
    Join Date
    Jan 2008
    Posts
    32

    Certifications
    A+, MCP
    #25

    Default Re: Keys must exist

    Quote Originally Posted by aoe
    Quote Originally Posted by nazzeem
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate]
    "WUServer"="http://your-wsus-server"
    "WUStatusServer"="http://http://your-wsus-server"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU]
    "UseWUServer"=dword:00000001

    These keys must exist in the client machine registry else the pc wil NOT update from WSUS. Just today I updated a machine not belonging to the domain by just adding those registry keys and running the command "wuauclt /detectnow". You will not see anything after running the command. When adding the keys manually, the PC have to be rebooted first.

    I am installing & configurating WSUS 3.0 with SP1 on one of our clients SBS2003 Servers as we speak. Will let you know how it went.
    I can try that to see if it fixes the WSUS problem. But then i am left with a problem as to why the GPO settings are not being accepted?
    Ok that fixed the WSUS issues. Computer is now listed in unassigned computers. So the issue is why is the gpo not being applied?
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks