WSUS Server multiple instances of computers listed.

pts.
Tags:
DataCenter
Desktops
Management
Microsoft Windows
OS
Patch management
Security
Servers
SQL Server
Tech support
I am very new to the Windows update server (WSUS). I installed and configured the update server and everything seems to be working. I added some settings in my group policy and applied the GP to an OU and went on my way. The clients started to appear in the list of workstations on the WSUS server; so I assumed everything is working great - I began to organize the computers into groups. I now notice that I am having multiple instances of a computer listed. For example, under "Public" I have P1.server.local listed, but I also have three more instances of the same computer listed in the Unassigned Computers list. Any ideas?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Have you setup target groups using the GPO? I’ve seen multiple (albiet, duplicates only) when target groups are used. If you use the target group, don’t move them around manually or they will be recreated when they check in to the server again. Also, if you do wuauclt /resetauthorization /detectnow it will generate a new sid and you’ll get duplicates. To avoid this, run wuauclt /detectnow to check for new updates.

HTH,
Don

Discuss This Question: 15  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Skepticals
    Don, I have not setup targeted groups using Group Policy (that I am aware of). One thing that is different about the computers being duplicated is they are running software called "Deep Freeze" that "freezes" the hard drive. I'm not sure if this has anything to do with it; maybe something is acting weird when I freeze/thaw the computers? I'm not sure where to look or what to do - I could not find detailed information on how the WSUS works. You mention using wuauclt /detectnow. Should I be running this? I have been using a web-based interface to the WSUS for cheking on updates. Sorry, I am new to the WSUS.
    0 pointsBadges:
    report
  • Spadasoe
    If you have a GPO in place, the wuauclt/detectnow tells the machine to check in with the WSUS server and see if updates are needed. A proper GPO will schedule this with a redetection interval (default is 22 hours, I run my every 6 hours). You should not need to browse for updates. That is what WSUS is used for. Check the following link for information regarding multiple entries in the server database. http://wsus.editme.com/WSUSFAQ
    5,130 pointsBadges:
    report
  • SGBotsford
    I played with WSUS for 3 days, and finally gave it up as being in the sledgehammer for gnats category. I have 50 windows boxes, but as they are all clients, they are for all practical purposes identical -- at least as far as winsooze is concernted. I wanted a reasonably fast way to stay on top of the patch situation, without downloading for each individual computer. WSUS is NOT the answer -- I was spending hours and hours and getting nowhere fast. Selecting patches to rollout is the blind leading the blind. Supercedes Superceded, augments, features. Anyway, I have ended up using a system called autopatch. It's what I consider a reasonable compromise: Each month they distribute an update with all the important stuff, and some of the minor stuff. You extract this into a directory. Then you point your computer at that directory, run autopatch. It brings up the selections. The defaults are pretty reasonable. You can go through and select (quite rapidly) and you can save your set to a file. It has an unattended mode. It takes 30 minutes to learn. If, like me, you have ignored all patches since win2k SP4 came out it takes about an hour to do them all. It's free. Best of all, I can take the current patch set home on a CD (I have dialup) and run it there. Recommended. Caveats: I do not run AD.
    0 pointsBadges:
    report
  • Skepticals
    spadasoe, My current GPO settings are as follows: Policy Setting Allow non-administrators to receive update notifications Disabled Configure Automatic Updates Enabled Configure automatic updating: 4 - Auto download and schedule the install The following settings are only required and applicable if 4 is selected. Scheduled install day: 3 - Every Tuesday Scheduled install time: 22:00 Policy Setting Specify intranet Microsoft update service location Enabled Set the intranet update service for detecting updates: http://servername Set the intranet statistics server: http://servername (example: http://IntranetUpd01) All other settings are set to not configured. Is there something I should be doing to avoid the duplicats?
    0 pointsBadges:
    report
  • Swiftd
    I don't use DeepFreeze, but I've heard a lot about it. What's going to happen is when you have the machine up, it'll create the SID the first time it connects to the WSUS server, but it'll be lost when it is either rebooted or it gets the initial image applied again (I don't know if it does this, but you get the idea). You'll need to thaw the images long enough for them to get the SID or run the wuauclt /resetauthorization /detectnow command and then freeze them again. That'll save the SID in the registry for when it gets rebooted. Of course, if you're using DeepFreeze, I don't think using WSUS is going to help with patching your images. It'll undo whatever you've just done when it reboots... Don
    0 pointsBadges:
    report
  • Spadasoe
    I believe deepfreeze is the issue here. It sounds like it is a clientSID issue. Check the following: http://www.wsus.info/forums/index.php?showtopic=6348 http://www.wsus.info/forums/index.php?showtopic=9122 Your GPO looks almost like mine.
    5,130 pointsBadges:
    report
  • Skepticals
    Swiftd, I suspected DeepFreeze to be the problem. I should not have a problem with thawing the workstations long enough to connect to the WSUS server. You mention that a WSUS is useless with deepfreeze because the setting will be lost on a reboot; however, I can schedule a "maintenance" time that will thaw the computer and block access to the local machine at the same time. This will open a window of time that the computers will update and then reboot frozen. (At least it says so) Does the clientSID only need to be created the first time? Will the constant thawing and freezing change this? or once the workstation has a SID, it will have it for good? How do I delete all the current entries? Thank you for all the help.
    0 pointsBadges:
    report
  • Swiftd
    Once the ClientID is created on the thawed machine, it stores it in the registry. It never changes unless you force it to, so you are safe to freeze it again. That's cool that you can thaw the machine and then freeze it again after the updates are applied. That being said, you could do that and your image would be updated with the latest patches. Deleting the duplicate machines is as simple as click on it and selecting "Delete machine" (I believe) in the upper left corner of the page. It'll ask you something in reference to deleting the machine from the WSUS server or deleting the instance of the machine (that duplicate). Remove it from WSUS, thaw the machine, and wait for the new machines to appear in WSUS. You can then freeze them as they are listed in WSUS. A note of caution: WSUS is strange and quirky. I've seen where machines are configured identically to each other. They have literally everything setup the same in GPO and/or manually. One of the machines works fine and the other doesn't. I still haven't figured out why this is the case, but no matter what I've tried, I still cannot get some machines to work properly. Fortunately, it's free so you don't waste your money on it and there's a lot of people out there who use it (support groups), but unfortunately, it needs work still. It's light years better than SUS was, but not as good as any commercial product out there (Patchlink, Altairis, SMS, etc). Plus it patches MS products only... It's definitely not the panacea and you'll probably still spend time patching by hand or using a second product to catch those other applications. It's like Microsoft's apology for making their products insecure... Don
    0 pointsBadges:
    report
  • Skepticals
    Don, Thank you for all your input. I have heard other horror stories about WSUS. I guess I want to feel the pain myself :-) I would like to at least be familiar with it before moving on to another application. We do not have the money for one right now and if I do not suffer now, I won't know the benefit of the new software! Haha. First of all, I will try to resolve the duplicate machines in the list. From there, I will see how WSUS operates. Cross your fingers. Thanks again. J
    0 pointsBadges:
    report
  • Swiftd
    It's definitely hard to beat "free" even if that means some pain. You may also find yourself using WSUS complimented with other products or methods to update the computers (like scripts or GPO deployments). I use WSUS and think it's worth _more_ than you pay for it :), I just wanted you to walk into as an informed user. Happy motoring, Don
    0 pointsBadges:
    report
  • VietBob
    I've only been working with WSUS for a week or two, but it's been working very well for our needs! I've set up several groups, set new patches for all groups to detect, then depending on what the patch is about either my test group or my test group and the less significant group are set to install, the next week if everything seems to be fine I set the remaining groups to install. The DST update has been installed on all clients and servers now; before WSUS I had most clients on Automatic Update and had to manage the updates individually on the more critical clients and servers. One resource you may find helpful is at http://www.wsus.info/forums/ -Bob
    0 pointsBadges:
    report
  • Dwiebesick
    Someone on another list that I am on had the same problem. This is the link to that forum http://mcpmag.com/forums/forum_posts.asp?tid=3321 Could it be duplicate SIDs? dmw
    2,235 pointsBadges:
    report
  • Skepticals
    Thanks for the replies. I will take a look at that web site. My issue has been resolved and the problem was with Deep Freeze. The computers were blocking changes to the registry; so everytime the computers would boot they would reassociate with the WSUS server. I do have an additional problem now. All but one of the computer is listed. I am not sure why this one is different I still need to troubleshoot this. We will see. Thanks again.
    0 pointsBadges:
    report
  • Snirh
    Hi, There is a tool for solving Duplicate SID and Duplicate WSUS ID's on your network. It called DSM (Duplicate SID Monitor), the good thing about it that it will monitor your network all the time and not just the one time you ran the script to solve a problem. Link to the tool:
    report
  • Snirh
    The link... http://www.smart-x.com/?CategoryID=176&ArticleID=97&sng=1
    20 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following