Al seguente link ho trovato una guida davvero ben fatta che riporto integralmente in seguito.
Troubleshooting Client Setup
In some cases, AU clients do not show up in WSUS Administration console, and thus never receive updates from WSUS. There are several reasons why this can happen.
The first thing to establish is the settings that the client is using. To do this, run the following command:
Reg query “HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate” /s
Ensure server and port number shown in the output exist and are correct. Typos in these settings can be the cause of your problem.
Next check whether WSUS is installed on Default Website. If client policies point to the default web site for updating, check that WUS is also installed in Default Website. If you have installed WUS on a different port run the script %Program Files%\MicrosoftWindowsUpdate\Services\”SetupInstallSelfupdateOnPort80.vbs.
Also, use the clientdiag tool from the RC (download this from the WSUS Beta Site) to see what other errors there might be.
If other computers are checking in fine but you have one or more that aren’t, check a couple relevant text logs for clues. There’s the main windows update log at %systemroot%\WindowsUpdate.log (WindowsUpdate all one word) and another log covering individual component updates at %systemroot%\SoftwareDistribution\ReportingEvents.log I found a handy page that has a list of error messages with some plain english messages. You’ll want to check that out at http://perso.wanadoo.fr/doc.jm/WU5-ERR.htm
I had one computer not checking in and found errors like this in the ReportingEvents.log:
Windows failed to install the following update with error 0x800703e3: Automatic Updates.
and in WindowsUpdate.log I saw:
start delayed initialization of WU client
Loading inf file D:\WINDOWS\SoftwareDistribution\SelfUpdate\wusetup.inf
Required Version for binary D:\WINDOWS\system32\cdm.dll is: 5,8,0,2339
Binary: D:\WINDOWS\system32\cdm.dll: Target version: 5.5.3790.2182 Required: 220.127.116.119
Required Version for binary D:\WINDOWS\system32\iuengine.dll is: 5,8,0,2339
Binary: D:\WINDOWS\system32\iuengine.dll: Target version: 5.4.3790.2182 Required: 18.104.22.1689
WU client failed Searching for update with error 0x8024001b
ISusInternal API CClientCallRecorder::DisconnectCall succeeds
Starting File operations for section cdm
InstallUpdatedBinaries failed with error 0x800703e3
A quick visit to the beta v6 windowsupdate site updated the WU client and everything just started working from my local WSUS after that. You can force the client to restart the AU process by doing:
pskill wuauclt [or use task manager; I’m unsure if this step is neccesary or good]
net stop “Automatic Updates”
net start “Automatic Updates”
If client machines do not have web access, download the full file Windows Update Client agent Agent from
WindowsUpdateAgent20-x86.exe /wuforce /quiet to install it remotely.
Add /norestart if you’re doing it during the day (my clients didn’t need a reboot, but ya never know).
If you’re seeing error 0x8024400A and are running WSUS on Win2K3 SP1 it might be an IIS bug that’s causing it. A hotfix is available. See: http://support.microsoft.com/Default.aspx?id=898708
I personally had success via a “shotgun” aproach suggested by ctobio on the wsus.info forums. I’ve consolidated the operations into a batch file form here, suitable for running remotely:
REM Stop the Automatic Updates service
net stop wuauserv
REM Stop the Windows Management Instrumentation service
net stop winmgmt
REM Backup ReportingEvents.log. Then, delete the contents of
REM %systemroot%\SoftwareDistribution and
copy %systemroot%\softwaredistribution\reportingevents.log %homedrive%\
del /f /q %systemroot%\softwaredistribution\*.*
move %homedrive%\reportingevents.log %systemroot%\softwaredistribution
REM Delete SusClientID and AccountDomainSid keys from
reg delete %WU_KEY% /v SusClientID
reg delete %WU_KEY% /v AccountDomainSid
REM Start the Automatic Updates service
net start wuauserv
REM Start the Windows Management Instrumentation service
net start winmgmt
REM Force a group policy update
REM Roll the WU Client…
wuauclt /resetauthorization /detectnow
After you do this, you will have to delete the old and now spurious computer account in the WSUS admin interface. Delete the old computer that shows a status of not having checked in for so many days. Leave the account that’s never checked in. This new account will be checking in and that should be reflected after a little while in the admin interface. You’ll also have to move the new account into the proper group where the old one was. Monitor the WindowsUpdate.log in %systemroot% on that client machine to ensure that it’s grabbing updates again.
If a client appears in the admin console but all the updates are flagged “unknown” the system cannot determine which updates are needed or installed. Multiple errors similar to the following may appear in the client’s Application event log:
Event Type: Error
Event Source: ESENT
Event Category: General
Event ID: 427
Time: 10:51:44 AM
wuaueng.dll (1280) The database engine could not access the file called C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log.
Additionally the following error may appear once around the time of the first occurrence of the above error:
Event Type: Error
Event Source: ESENT
Event Category: Logging/Recovery
Event ID: 413
Time: 2:46:16 PM
wuaueng.dll (1280) Unable to create the log. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
To resolve this problem, stop the Automatic Updates service on the affected client, delete %windir%\SoftwareDistribution\DataStore\Logs\edb.log and restart the service.
[I couldn’t find any record of this error at Microsoft or anywhere else.]
The following registry location can be useful to see what state the client is in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUState This will have one of the following values
- 0—initial 24-hour timeout (Automatic Updates doesn’t run until 24 hours after it first detects an Internet connection.)
- 1—waiting for the user to run Automatic Updates
- 2—detection pending
- 3—download pending (Automatic Updates is waiting for the user to accept the predownloaded prompt.)
- 4—download in progress
- 5—install pending
- 6—install complete
- 8—reboot pending (Updates that require a reboot were installed, but the reboot was declined. Automatic Updates won’t do anything until this value is cleared and a reboot occurs.)
Last Modified 11/04/06 22.39