Please help!!!

If i cant add wsus clients by specifying http://wsus or http://(IP of the wsus) what can I do to get it to work.

Some people I added with http://wsus and others with the IP when it didnt work.

But there are some machines that just do not work!!! btw all have XP...

Please help, job on the line!!!

Thanks
Failure is a stepping stone to success...

Comments

  • EssendonEssendon Member Posts: 4,548 ■■■■■■■■■■
    Try changing the port numbers. WSUS defaults to using port 80, so if your using that port for something else, say Exchange, things could get screwy.
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
  • EssendonEssendon Member Posts: 4,548 ■■■■■■■■■■
    Not sure why you havent tried using Group Policy to deploy it. Just wondering.
    NSX, NSX, more NSX..

    Blog >> http://virtual10.com
  • undomielundomiel Member Posts: 2,818
    Grab the wsus client diagnostics from here: Microsoft Windows Server Update Services Tools and Utilities

    That should help give you some clues as to what is going on.

    wsus - Troubleshooting Client Setup

    That gives another list of helpful suggestions. I've found that normally if the client diags come back ok then updating the client usually does the trick.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • ClaymooreClaymoore Member Posts: 1,637
    I would also suggest using the FQDN of your WSUS server when you add the address in Group Policy. Instead of http://wsus you should use http://wsus.domain.local in the server address. If you just rely on single name resolution, too many things can go wrong between domain suffix, default suffix search order, WINS, and broadcast name resolution - its safer to just use the FQDN.
  • ClaymooreClaymoore Member Posts: 1,637
    But there are some machines that just do not work!!! btw all have XP...

    Please help, job on the line!!!

    http://www.techexams.net/forums/70-290-windows-2003-server/39859-windows-server-update-services.html
    I remember you - you work at an ISP in PNG and are trying to provide update services to your subscribers. No group policy, and no centralized management, so this is going to be difficult if we can only use .reg files to fix this.

    IF all of your WSUS settings are correct - server, port, installation settings - then we may have another problem, and that problem is trust.

    Are you requiring HTTPS to connect to your WSUS server?
    If so are you using a certificate from a trusted authority or is it self-signed?
    Do your subscriber PCs trust your domain/server?

    PCs trust windowsupdate.com by default and WSUS clients trust the WSUS server because they are members of the same domain, but they may not trust your WSUS server and thus ignore the updates. We might be able to fix this (it would certainly be easier with group policy) but the registry edit would need to be tested. What I am about to propose is pure theory and I have never actually tried it so testing is a must.

    Internet Explorer security zones are defined in the registry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones with the different zone numbers representing Local Intranet, Trusted Sites, Internet, etc. Zone 2 is the Trusted Sites zone.

    The Domains are defined under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains in a weird sort of hierarchy. For example, www.techexams.net appears as HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\techexams.net\www in the registry. Under that key is a DWORD value named http with a value of 2. That puts http : // www. techexams .net in my Trusted Sites list - the 2 value maps to zone 2. You can also have DWORD values for https or * for all protocols.

    Try creating a Reg file with the setting HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.local\wsus with a DWORD value for the appropriate protocol (http, https, * - whatever) and a value of 2. TEST that reg file to see if it does add you server to the trusted sites list and finally allows WSUS downloads from your server to proceed.

    If that works, then you can deploy the reg file the same way you deployed the WSUS reg file. Hopefully this will keep you from facing a tribal council.
  • rossonieri#1rossonieri#1 Member Posts: 800
    claymore wrote
    trying to provide update services to your subscribers. No group policy, and no centralized management

    wait, are you saying that david wants to push the wsus policy to pcs that dont even belong to his domain?

    well, IMHO - your second line here :
    Do your subscriber PCs trust your domain/server?

    could explain the answer - for the time being.
    its interesting stuff - i'd like to know how it goes.
    the More I know, that is more and More I dont know.
  • First of all, Thanks Guys for all the support!!!

    Now, down to business. I have the wsus.reg file working fine. I think what Claymoore mentioned about the trust is what I have to work on next (I am doing this and testing it now). Thanks Claymoore, will post when I get it working.

    Essendon, I can do this using group policy for my local domain at work, but what I need to do is provide a way for my ISP customers to grab the updates from a server in my country so that i minimize the traffic coming from the windows update server in the US. This is why I have resorted to making generic reg entries that change certain settings on a clients machine to get the updates 'locally'

    Undomiel I have downloaded the diagnosis files you pointed me to. I will use this, in conjunction with the registry editing suggestions from Claymoore to hopefully get this working.

    Rossonieri#1 I will post when I get it working, don't worry about that.

    Thanks again guys!!!
    Failure is a stepping stone to success...
Sign In or Register to comment.