WSUS Clients being overwritten

[gmail2]

We recently deployed SP2 using WSUS to a satellite office with 25 PC's. However, less than half of them actually got SP2 installed. Today, when I checked WSUS there was only about 5 or 6 PC's in there. I deleted all the computers to let them register again, when I did this, one PC turned up. When I checked back a while later, that PC was gone and another one in it's place. This happened about four times so far. I looks like each PC is overwriting the previous one for some reason. Could this be caused by duplicate SID's? The PC's were imaged, but sysprep was run on them before the image was taken, so they shoudln't have duplicate SID's. Also, if they did, wouldn't this have been an issue before now ... surely it would have caused problems for users logging in? Anybody got any ideas?

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau

 

[markschaefer]

gmail2,

Imaging the workstations creates duplicate SID's. All of the machines have the same SID as far as wsus is concerned now. You could run a script to "get new SID" on each machine to solve the current issue.

Secondly, create a new image for future workstations. The image can be the same, except have the new workstations a member of "WORKGROUP". After the workstation is up and running, then join it to the domain.

Mark

 

[rflora]

Hello,

I actually have exact same problem. I brought up about 15 PC from an image that was created using Symantec LiveState. Only about 3 computers are showing up in WSUS. How can I check to make sure the SID's are not duplicated. And if so, how can i fix this without having to reinstall windows. You mentioned a script to fix this, where can i obtain the script? Thanks, I would really appreciate your help, cas this is driving me nuts!

 

[porkchopexpress]

This shouldn't happen if sysprep was used but it does sound like duplicate SID's i'd try running newsid on a station and see if it sorts it.

http://www.microsoft.com/technet/sysinternals/Security/NewSid.mspx

When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.

 

[rflora]

Thanks for the reply, I will give that a try today. Just a question before I try this. After new ID's are created, would I be required to re-join them to the domain?

 

[porkchopexpress]

You can check to see if you have duplicate SID's using Obj/SID.

http://www.petri.co.il/obj_sid.htm

If they're duplicated then change it with NewSID, you won't have to rejoin or rename your clients (test first as always but i never have).





When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.

 

[rflora]

Hello,

I just changed the SID on one of the XP machines, it takes about an hour but it worked like a charm. One it finished, I ran the wuauclt.exe /detectnow and immediately the machine showed up in WSUS. Thanks for all the help!

 

[porkchopexpress]

It usually takes less than 5 mins but it worked and thats what counts.





When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.

 

[gmail2]

I've gone through all of my machines, and as I suspected, none of them have duplicate SID's (because we ran sysprep before imaging them). Anybody got any other ideas why the clients might be overwriting each other?

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau

 

[rflora]

It wouldn't perhaps be a bad idea to try running the NewSID utility and change the SID on one of the machine, then run wuauclt.exe /detectnow. Have tried that to see if that makes any difference?

 

[porkchopexpress]

It could be the WSUS client ID that has been duplicated as sysprep won't change this but it might be part of the image.


Delete the SusClientID and also the AccountDomainSID. This will require a reboot after the change.

HKLM\Software\Microsoft\Windows\CurrentVersion\Windowsupdate

After boot go to the same registry and check to see if a new SusClientID and AccountDomainSID are there. If not, goto command line and run

wuauclt /resetauthorization /detectnow










When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.

 

[gmail2]

Yea, just before you posted that pork chop, I discovered that on another site ... weird huh !! Anyway, that solved the problem. But now I'm getting more curious ... the SusClientId key is created as soon as a PC connect to any upadte server (even windows update server on the web), however we ALWAYS run windows update before taking an image so I don't understand why this hasn't happened to all of our PC's. We rolled out 12 PC's recently for a new subsidary office that opened and I ran windows update before running sysprep and taking an image. And all the PC's are appearing fine in WSUS. So do you think this means that sysprep is a little them "voliatile" when it comes to what it removes from the registry? I'm opening up a whole new can of worms here

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau

 

[porkchopexpress]

This is why i didn't mention this before as it only happens occasionally for me as well (approx 30 out of 300 PC's last time). I now tend to update the image then delete the SUS ID then run sysprep.

It seems as the SUS ID isn't anything to do with the station SID sysprep doesn't touch it.





When you are the IT director, it's your job to make sure the IT works. If it does work they know already and if it doesn't, they don't want to hear your pathetic excuses.