Condividi tramite

Resolving the duplicate SUSClientID issue, or “Why don’t all my clients show up in the WSUS console?”

  • Articolo

image

A common issue we seem to get calls on again and again is the issue where a customer has WSUS configured but when he or she goes to the admin console some clients appear and others do not.  You may even notice that it seems to change on a random basis, where today some clients appear and others don’t, and then tomorrow the ones that were there yesterday are now gone and the ones that were missing have now appeared. 

So what’s going on?  99% of the time this happens because the clients in question have duplicate SUSClientID values.  This can happen for a couple different reasons (see KB903262 for one example) but either way, duplicate SUSClientID values are likely the problem.

Fortunately the fix is pretty painless:

1. Create a batch file named ResetSUSClientID.bat using the text below:

Rem - Batch script to delete duplicate SusClientIDs
Rem - Implement this script as a "Startup" or "Logon" script
Rem - Script creates an output file called %Systemdrive%\SUSClientID.log
Rem - If the %Systemdrive%\SUSClientID.log is already present, then the script simply exits

@Echo off
if exist %systemdrive%\SUSClientID.log goto end
net stop wuauserv
net stop bits
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f > %systemdrive%\SUSClientID.log 2>&1
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f >> %systemdrive%\SUSClientID.log 2>&1
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f >> %systemdrive%\SUSClientID.log 2>&1
net start wuauserv
wuauclt.exe /resetauthorization /detectnow
:end
exit

 

2. Run this script directly on the problem client, or copy the batch file to a domain share and create a Domain/OU level GPO to launch it as Startup or Logon script on the affected clients:

clip_image002

That’s it. 

Note that several days after doing this there may be some WSUS client computers that will show up in the WSUS Console as not having checked in for xx amount of days.  This is because the old SUSClientIds are no longer there and are not checking in.  If you start seeing this, run the Server cleanup wizard in order to clean old records but remember that it may take up to 90 days to clean all records completely.

J.C. Hornbeck | Manageability Knowledge Engineer

Special thanks to Joao Madureira and Greg Cottingham for contributing to this article.

Comments

  • Anonymous
    January 01, 2003
    Thanks ,Nice idea to think
  • Anonymous
    January 01, 2003
    I know this is an old post, but could you please clear something up for me?  I noticed that you stopped the bits service, but did not restart it.  Should the bits service be restarted when the wuauserv service is started?Thanks.
  • Anonymous
    January 01, 2003
    Hi,There is a tool for solving Duplicate SID and Duplicate WSUS ID's on your network.It called DSM (Duplicate SID Monitor), the good thing about it that it will monitor your network all the time and not just the one time you ran the script to solve a problem.Link to the tool: http://www.smart-x.com/?CategoryID=176&ArticleID=97&sng=1
  • Anonymous
    January 01, 2003
    Thanks ,Nice idea to think
  • Anonymous
    October 06, 2010
    The BITS Service is normally set to manual and is started by other processes or services "on demand" .So it is not neccessary to restart the BITS service as the AU service will invoke it when it is needed.
  • Anonymous
    February 15, 2011
    Brilliant article, the batch file resolved this annoying issue, thank you a lot!
  • Anonymous
    March 19, 2012
    Should I delete the log file before running the bat file. I tried it on machines where log file already exists and it does not do anything but if I delete the log file then the batch runs okay.
  • Anonymous
    October 12, 2012
    Is this needed on Windows XP and 2000 or also on Vista/7/8?
  • Anonymous
    February 12, 2013
    I am a 1 man IT shop so after realizing that i had done this, I was extremely happy to find your step-by-step instructions J.C. There are a lot of people that try to help others out here in the IT world but don't take into consideration the various levels of expertise. I truly appreciate you making my life a lot easier. Tested the script and it works great!
  • Anonymous
    April 12, 2013
    The comment has been removed
  • Anonymous
    September 28, 2014
    Nice idea! This is the answer I was looking for. Thanks.