《本文转自微软大中华区安全组博客文章“WSUS 客户端统统报上来”》

在 WSUS 的管理中,您可能从管理界面上发现,并不是所有客户端都正常上报了。有些客户端虽然能正常拿补丁,但却始终不上报。

这时,请您回想一下,是否这些不上报的客户端的操作系统是通过 Ghost 或者其他系统备份软件来做的,如果是,您可要注意了,原因很可能就是这个复制的系统使用了与原来相同的 SusClientID (请注意,即使您使用 New SID 或者 sysprep 工具来更新操作系统,SusClientID 还是维持不变的)

解决方法如下 (需要在所有有问题的客户端上运行):

1. Click Start, click Run, type cmd in the Open box, and then click OK.

2. At the command prompt, type net stop wuauserv, and then press ENTER.

3. Click Start, click Run, type regedit in the Open box, and then click OK.

4. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

5. In the details pane of Registry Editor, delete the following registry entries:

  • PingID
  • AccountDomainSid
  • SusClientId
  • SusClientIDValidation

Note: Windows Update Agent 3.0 adds the SusClientIDValidation value. This value was released in May 2007. The other registry entries exist in both Windows Update Agent 2.0 and in Windows Update Agent 3.0.

6. Exit Registry Editor.

7. At the command prompt, type net start wuauserv, and then press ENTER.

8. At the command prompt, type wuauclt.exe /resetauthorization /detectnow, and then press ENTER.

9. Wait 10 minutes for a detection cycle to finish.

10. Start the WSUS console to make sure that the clients appear in the WSUS console.

请参考以下知识库文章:

A Windows 2000-based, Windows Server 2003-based, or Windows XP-based computer that was set up by using a Windows 2000, Windows Server 2003, or Windows XP p_w_picpath does not appear in the WSUS console: http://support.microsoft.com/kb/903262

James Yi

微软安全支持专家