Troubleshooting Silent Clients using WSUS

I had the “Silent Clients” warning in System Center this morning, and thought the information in the Resolutions section was excellent.

I try most of these steps when troubleshooting automatic updates, but there was a few new ones I’ve not used to date.

Here’s the complete list:

Summary

Clients should check in with the server on a regular basis for updates.

Resolutions

Client computers are not reporting status to the WSUS server.

Possible resolutions include:

Review the application event log and resolve any issues related to the IIS, SQL, and WSUS server.

Check connectivity from the client computer to the WSUS server and debug any issue found.

Open a command window.
Verify the client computer has a valid IP address: type ipconfig /all
Verify the client computer can reach the WSUS server: type ping <:server name or IP address>
Verify the client computer can reach the WSUS HTTP server: type http:///selfupdate/iuident.cab. This will return with the option to download the cab file.
Verify that the Automatic Update (AU) client is running: type net start wuauserv
Verify the AU client is configured properly: type Reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
If the reg query returns an error, the AU Group Policy has not been sent to this client computer or the client computer has not been configured for a non-domain environment. This has to be corrected before the next step. See http://go.microsoft.com/fwlink/?LinkID=41777.
Verify WUServer and WUStatusServer are pointing to the WSUS server and port number (for example, http:///)

Reset the Automatic Updates client by stopping the Automatic Updates client service and forcing a reset.

Open a command window.
Type Reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Verify WUServer and WUStatusServer are pointing to the WSUS server and port number (for example, http:///)
Type gpupdate /force (if client machine is configured via domain policy).
Type wuauclt.exe /resetauthorization /detectnow
Wait 10 minutes for a detection cycle to finish before verification.
Open the file <windir>\SoftwareDistribution\ReportingEvents.log in a text editor.
Check the latest entry in the log file for “Success Software Synchronization Agent has finished detecting items.”

Additional Information

Verify client computer and server status

Check the server

Open a command window.
Type cd <WSUSInstallDir>\Tools
Type wsusutil checkhealth
Type eventvwr
Review the Application log for the most recent events from source Windows Server Update Services and event id 10010.

Go to the client computer and do the following

Open the <windir>\SoftwareDistribution\ReportingEvents.log file in a text editor.
Check the latest entry in the log file for “Success Software Synchronization. The agent has finished detecting items.”