Renan Antonio Rodrigues
How to fix clients not showing up in WSUS console, step by step
Updated: Mar 30, 2019
If you are facing problems in your network with clients not been showing up at your
WSUS server console, this post will show in a step by step way, how to troubleshoot the issue.
1 - I am assuming that you are using Group Policies to apply the WSUS settings to your clients, so first of all, check if the WSUS policy was properly applied to computer.
To do that, open the prompt as administrator and run the command: gpresult /r
In the picture above, we can see that the computer has the WSUS GPO properly applied to it, so this is not the issue and you can move ahead.
However, if you haven't seen your GPO in the output, make sure the computer is properly scoped in the GPO Security Filter and the policy is linked to an OU in a way that it could reach the computer object, so you must review your GPO configuration.
2 - Next, once confirmed the GPO has been applied to your client, check the WSUS settings the client is receiving. In this step you want to make sure there is no other GPO in your environment wrongly applying the same settings and so, preceding the correct ones.
To do that, open the prompt as administrator and type:
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Make sure the output shows the correct information for your environment.
So if you confirm that the output is correctly showing the settings you have configured in your GPO, you can move ahead.
If settings showed are not those you have configured, come back to your GPO management and make sure there is no another old Policy applying the same settings. A really nice way to find out which GPO is applying the settings to your client is executing the command: rsop.msc
Find out more about Resultant Set of Policy here.
3 - So far so good? Time to test DNS resolution, to do that execute in a prompt:
All right, no issues with DNS resolution, you were able to resolve the WSUS hostname from your client, move ahead.
Confirm that your client has the correct IP addresses of your DNS servers set up in the NIC properties, if all are good on client side, confirm if the WSUS server has a record type A on your DNS zone, if not, time to add it!!
4 - It's time to test if the communication is allowed from client to server. The default WSUS port used for that 8530, so if you have any different port used in your environment, make sure to use it at this test.
To do that, download the tool called Port Query and open it from your client computer:
The tool is easy to use, just type your WSUS server hostname, or IP address, after, type the WSUS port, and click on Query, as shown above.
If you got an output LISTENING as above, the traffic is allowed and you can move on.
If you got an output FILTERED, your firewall is blocking communication and you must open it.
5 - Ok, none of the above steps were your problem so far? Let's have a look if the Windows Update service is started and correctly set up as Automatic. To do so, type Run, services.msc
If all looks above, you can move on to the next step.
If the Windows Update service is not started, make sure to set up it as Automatic, and start the service.
6 - One more attempt now, would be to reset the registry SusClientID in your client computer. Usually issues like that, could be a result of cloning a virtual machine without executing Sysprep on it, so you could have duplicate IDs on network.
To do that, follow the steps shown at picture below:
Wait two minutes and refresh the WSUS console, the computer client should be listed now.
Right, 95% of all times I have faced this issue, one of the above steps worked for me.
If after to go through all steps, your client computer is still not showing up to WSUS console, it may have a deeper issue on its OS, maybe a virus, or it's missing a service pack. You will need to act on this client using different ways to repair the OS.
Leave me a comment below if none of these steps worked for you, and I will try to help in a case by case manner.