Home > WSUS > HOWTO: Resolve missing systems from WSUS console

HOWTO: Resolve missing systems from WSUS console

Recently I ran into an issue where our WSUS server is not showing all expected systems in the console.  Upon investigation of the systems individually, it is verified that the correct GPO is being applied, the correct WSUS settings exist, etc.  However, the computer does not show up in any reporting.  The most likely reason for this is a duplicate SID, likely resulting from a lack of SysPrep when the machine was originally created.


This is at least one of the blogs that identifies how to resolve this, that I have used in the past.  By removing the WSUS registry keys, the system will check in with WSUS and obtain new ID’s.   One can then restart the local Windows Update service, and force it to redetect, and you should see it in the WSUS console.


An option to help automate the process is to use a batch file like the one shown below (from the link above)


@echo off

Echo This batch file will do the following:

Echo .

Echo Stop the wuauserv service

Echo Delete the AccountDomainSid registry key (if it exists)

Echo Delete the PingID registry key (if it exists)

Echo Delete the SusClientId registry key (if it exists)

Echo Delete the SusClientIDValidation registry key (if it exists)

Echo Delete the SoftwareDistribution folder

Echo Delete the Windows Update log file

Echo Restart the wuauserv service

Echo Resets the Authorization Cookie

Echo .

rem pause

@echo on

net stop wuauserv

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f

cd %SystemRoot%

del /Q SoftwareDistribution

del WindowsUpdate.log

net start wuauserv

wuauclt /resetauthorization /detectnow

===== RESET_WSUS.BAT END =====

This will stop the Windows Update service, remove the applicable REG keys, remove the existing SoftwareDistribution folder (where Windows Updates stores the downloaded files – and doesn’t purge them after installation, so is perfectly safe to delete, as it will repopulate as required), remove the Windows Update log, start the Windows Update service, and then tell the Windows Update client to check in with WSUS.  

After running this, on the WSUS server, you should start to see previously ‘missing’ computers show up in the Unassigned Computers section:


If you wish to automate the process across all systems, I would recommend using PSexec to push out the batch file to all systems in the domain.  Save the file somewhere shared, such as an ADMIN server in a share reachable by the user you will run PSexec with (eg: \\FSRVTSTADMIN1\E$\ADMIN\BIN\RESET_WSUS.BAT)


Use the command line:


Where the options are:

\\*         = enumerate and run against all domain computers

-D          = Detach the process and run in the background

-c          = Copy the batch file locally

-h          = run with highest permissions (avoiding most UAC prompts)

-f          = force the copy of the file, even if a previous copy exists – you may have updated the batch file

\\….      = the full UNC path to the batch file

When the process completes, press REFRESH on the UNASSIGNED COMPUTERS section of the WSUS console and watch for systems to populate.  Note that it will take some time for them to scan for needed patches, and show a “Last Status Report”. 

Systems that are already present, will get a new WSUS ID, but because their computer name object already exists, they will retain whatever WSUS group memberships they had prior, without any issue. 

Categories: WSUS
  1. No comments yet.
  1. March 18, 2014 at 7:01 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: