Today I got to debug a problem that caused several Windows machines of varying version to not register in, connect with, or acknowledge the existence of the WSUS server despite Group Policy's Resultant Set of Policy wizard telling me that all the policies are configured correctly. After some digging in the registry, I discovered that one client (the one I was doing all the diagnostics on) didn't have any mention of the WSUS configuration in the Policies registry key.
Somehow, Group Policy got faked out by the WSUS administrative template and didn't update the appropriate registry settings even after gpupdate /force or a reboot. The solution for the one client was to rename/remove the HKLM/Software/Microsoft/Windows/CurrentVersion/Policies key and, run gpupdate, and then reboot the machine. That fix is pretty inconvenient, and I'm hoping I don't have to make a GP startup script to perform it. Further investigation will be performed, but this is a reasonable solution if you have only a few exhibiting the problem. (I have around 40.)
No comments:
Post a Comment