Forum Discussion

SergTheGreat's avatar
SergTheGreat
Copper Contributor
Oct 23, 2024

Workstations stopped sending reports to WSUS

A month ago, domain WU-clients stopped sending reports to the WSUS server. However, the search/receipt of updates by clients is performed normally (both manually and scheduled). So, if an update is approved on WSUS, it is installed on the workstation. 

Re-registering the WU-client (cleaning "SoftwareDistribution" folder and "WindowsUpdate" registry branch) didn't help. The problem is only with workstations (MS Windows 10), servers continue to send reports regularly.

WSUS

2 Replies

  • kyazaferr's avatar
    kyazaferr
    MCT
    Nov 13, 2024

    First, ensure that the Windows Update service is running properly on the workstations. You can do this by:

    • Press Win + R, type services.msc, and press Enter.
    • Look for the Windows Update service and ensure it is Running. If it's not, right-click on it and select Start.

    2. Check Event Viewer for Errors

    Check the Event Viewer on one of the affected workstations for any relevant error messages regarding Windows Update or WSUS. Specifically, look in the Application and System logs under:

    • Event Viewer > Applications and Services Logs > Microsoft > Windows > WindowsUpdateClient
    • Event Viewer > Windows Logs > System

    You might find errors related to failed reporting or connectivity issues with WSUS.

    3. Group Policy Configuration

    Ensure the Group Policy settings related to Windows Update are configured correctly for the workstations. Sometimes, the policy for reporting can become misconfigured.

    • Run gpedit.msc on one of the workstations and verify the following settings under Computer Configuration > Administrative Templates > Windows Components > Windows Update:
      • Configure Automatic Updates: Should be set to "Enabled" and set according to your preferred schedule.
      • Specify intranet Microsoft update service location: Ensure this points to your WSUS server (e.g., http://<wsus_server>:8530).
      • Enable Client-Side Targeting (if used): Ensure this is configured correctly, as it controls reporting back to the WSUS server.

    If the policy settings are correct, run the following command on one of the affected workstations to force the policy update:

    gpupdate /force

    Check for WSUS Connection Issues

    It’s possible that there is a network or communication issue between the workstations and the WSUS server. Verify the following:

    • Ping the WSUS server from one of the affected workstations to confirm network connectivity.
    • Ensure that the correct ports (e.g., TCP 8530 for HTTP or 8531 for HTTPS) are not being blocked by a firewall or other network restrictions on the workstations.

    You can also run the following command to see if the workstation is able to reach the WSUS server:

    wuauclt /detectnow

    This command forces the client to check in with the WSUS server. Check the WSUS console to see if the report shows up.

    5. Reset Windows Update Components

    If re-registering the Windows Update client didn't work, try resetting the Windows Update components manually. You can do this using the following steps:

    • Open an elevated Command Prompt (right-click > Run as Administrator).
    • Run the following commands to stop the Windows Update services and clear the cache
    • net stop wuauserv
      net stop bits
      net stop cryptsvc
      ren %windir%\SoftwareDistribution SoftwareDistribution.old
      ren %windir%\System32\catroot2 catroot2.old
      net start wuauserv
      net start bits
      net start cryptsvc

    • Check WSUS Configuration

      • Verify that your WSUS server is configured to accept reports from workstations. Sometimes, a change in WSUS configuration could prevent certain clients from reporting.
      • On the WSUS server, open the WSUS Console and go to Options. Ensure that the Client Settings and Reporting settings are correct for workstations.

      7. Check Client-Side Targeting (Optional)

      If you're using Client-Side Targeting in WSUS, verify that the workstations are assigned to the correct update group.

      • Open Group Policy Management and ensure the Client-Side Targeting policy is applied to the workstations.
      • In GPMC, navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update, and check that Enable Client-Side Targeting is enabled and configured with the correct target group.

      Run the following command to force a report to WSUS from the workstation:

    • Check Firewall Settings

      Sometimes, workstations may not be able to report back to WSUS if there is a firewall blocking the connection. Ensure that any local or network firewalls are not blocking the necessary ports (usually port 8530 for HTTP and port 8531 for HTTPS).

      9. Check WSUS Logs

      If none of the above steps resolve the issue, check the WSUS logs on the server side:

      • On the WSUS server, check the WSUS event logs (Event Viewer > Applications and Services Logs > Microsoft > Windows > WSUS).
      • Look for any errors or warnings related to failed reports from clients.

      Conclusion

      In summary, you should:

      1. Ensure that Group Policy settings are correct.
      2. Check the WSUS server configuration and connectivity.
      3. Reset the Windows Update components on the workstations.
      4. Ensure that the firewall and networking rules are not blocking communication between the workstations and WSUS.
    • SergTheGreat's avatar
      SergTheGreat
      Copper Contributor
      Nov 14, 2024

      kyazaferr, thank you for expanded answer! I've already done many steps, but some of 'em looks useful. I'll definitely try 'em.

Resources