Wsus 3 clients not updating

If you are adding Windows 8 or 8.1 systems to a domain that uses WSUS, there is strong posibility that you will see a situation where the client generates an error 800B0001 and refuses to update itself from the WSUS server.The client may appear in in the WSUS console but it will be listed as "Not checked in" and if you run updates from Microsoft's online update service, they go through fine.

wsus 3 clients not updating-3

Some questions to ask yourself: Some symptoms of this may also include computers randomly disappearing/reappearing from/into your WSUS console.

Another symptom is the computer will receive updates, but not report into the server properly (if at all! Each computer on a network requires a SID (Security IDentifier), which uniquely describes that computer account to the rest of the Windows network resources - supposedly not as big of an issue with computers in a domain environment as it is with workgroups.

However, it is best to avoid this issue at all costs.

When WSUS creates its own client ids, they are based off of the original computer SID.

If these are duplicates of other computers (which happens with cloned environments where the aforementioned tools have NOT been run), then you can see how this might be a problem. PASS Winhttp local machine access type Winhttp local machine Proxy.

If you have not run either one of these tools (they are each mutually exclusive), then you will need to delete the WSUS Client ID keys on the affected workstations: HKLM\SOFTWARE\Microsoft\Windows\Current Version\Windows Update\Account Domain Sid HKLM\SOFTWARE\Microsoft\Windows\Current Version\Windows Update\Ping ID HKLM\SOFTWARE\Microsoft\Windows\Current Version\Windows Update\Sus Client Id Stop and start the Automatic Update service, then run '/resetauthorization /detectnow'. PASS Option is from Control Panel Checking Proxy Configuration Checking for winhttp local machine Proxy settings . You should see the computer report into the WSUS server shortly thereafter. You can use this script to do it automatically for you - either a remote workstation or local (you should only need to perform this step once on each affected PC): showtopic=9134 Use ps Get SID from Sysinternals: You can run this against all computers in your domain to discover who has a duplicate SID. You should really then run New SID from Sysinterals on any of the duplicate computers to resolve any potential issues in the future (not to mention the security issues involved with having duplicate SIDS on the network): You don't need to RUN New SID on each computer prior to fixing the duplicate ID issue in WSUS, but it may rear its ugly head later on, so if you can find the time, I would recommend fixing this issue as soon as you can. If you don't see the GPO specified in the output of your GPResult, then you know you need to look to Active Directory as the source of the problem.