We had a problem whereby new Windows Server 2012 R2 servers would not show up in WSUS, which by the way is on a disconnected network. The issue had to do with the deployment of a VMware OVA template for new Windows Server 2012 R2 virtual machines. What we discovered was the SusClientId registry entry was the same for each system. Therefore, all virtual machines created from this template shared the same authorization ID.
This caused a situation whereby each new server would overwrite the other, such that the last server to communicate was the one that showed up in WSUS. For example, we had 12 servers but only one was showing up in WSUS at a time. Despite this, the servers were still getting updates. Below are the sequence of steps needed to resolve this issue so the Windows 2012 R2 Servers can create a unique SusClientId and authenticate with WSUS.
Log into the Server that is not registering with WSUS as an administrator. Open regedit and delete the following key:
The next set of commands will generate a new unique SusClientId key within the registry and associate this server to that ID within WSUS. Open a command prompt with administrative rights and type the following:
- net stop wuauserv
- net start wuauserv
- wuauclt /resetauthorization /detectnow
Open up Windows Update and check for new updates. This will start the update process to authorize and check WSUS for updates. At this point, the server will register with WSUS. You will need to do this for each system that was created from the image or OVA template. If you want, you can open up regedit and verify a new SusClientId was created. If the system still won’t show up in WSUS, then it could be related to a Group Policy setting being pushed to the servers.