A common issue when using a ‘template’ or an OS image that hasn’t been sysprepped is that each client that has the same clientID will appear and disappear from the WSUS console (only 1 client will appear at a time).
A solution to this involves stopping the windows update service (wuauserv), then proceed to remove some Windows Update registry keys such as the following:
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
- SusClientId
- SusClientIdValidation
- PingID
- AccountDomainSid
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
- LastWaitTimeout
- DetectionStartTimeout
- NextDetectionTime
- AUState
Following that, you can remove the SoftwareDistribution folder on the system and then restart the Windows Update service.
Once that has been completed, you need to run the following command to force a check-in to the WSUS server and receive a new clientID and download required updates.
wuauclt /resetauthorization /detectnow command
In reviewing some of my old scripts and functions, I found this function that I have been wanting to put out to the community and always forgot to do so.
Invoke-WSUSClientIDFix allows you to run all of these fix actions against any system, local or remote. This function will first use Stop-Service to stop the Windows Update service on the local or remote system.
Because Remoting may not be enabled in a given environment yet, the registry modifications (local or remote) is done via the [Microsoft.Win32.Registry] type that utilizes the OpenRemoteBaseKey() method to make the connection and then proceeds to remove the wsus client registry values.
Write-Verbose ("{0}: Making remote registry connection to {1} hive"`
-f $Computer, $reghive)
$remotereg = [microsoft.win32.registrykey]::OpenRemoteBaseKey(`
$reghive,$Computer)
Write-Verbose ("{0}: `
Connection to WSUS Client registry keys" -f $Computer)
$wsusreg1 = $remotereg.OpenSubKey(`
'Software\Microsoft\Windows\CurrentVersion\WindowsUpdate',$True)
$wsusreg2 = $remotereg.OpenSubKey(`
'Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update',$True)
#...
If (-Not [string]::IsNullOrEmpty($wsusreg1.GetValue('SusClientId'))) {
If ($PScmdlet.ShouldProcess("SusClientId","Delete Registry Value")) {
$wsusreg1.DeleteValue('SusClientId')
}
}
#...
Following that, I use Remove-Item to clean out the SoftwareDistribution folder. I use Start-Service to start up the Windows Update service prior to the last command. I then make use of the Win32_Process WMI class and its Create() method to spawn a remote process to run the wuauclt /detectnow /resetauthoriation command to check back into the WSUS server.
After dot sourcing the function, I can run it against a system/s to perform the client ID fix on the client so it will communicate properly with the WSUS server.
Invoke-WSUSClientIDFix -Verbose
Download Invoke-WSUSClientIDFix
Give it a run and let me know what you think!
Filed under: powershell, scripts, WSUS Tagged: clientID, Powershell, registry, remote registry, wsus
