Win Server 2016 WSUS 處理客戶端無法更新

5811次阅读
尚無留言

我們部署 Windows Server 2016 WSUS(流程如下圖)

Win Server 2016 WSUS 處理客戶端無法更新


Win Server 2016 WSUS 處理客戶端無法更新


WSUS 需要確認你的客戶端 SID 與 SUSClientId

WSUS = Windows Server Update Services(Windows Server 更新服務)
SID = Security Identifier(安全標識符)
sysprep = 系統準備功能

根據大師的說法,當我們在做批量 OS 的時候,會因為 SID 相同,而無法獲得 Windows update 服務等問題,而更悲催的是運行 Sysprep 工具后,它是不會,不會,不會重置 SUSClientId,SUSClientId 類似與 SID,不過是用於 Windows update Service 的!不知道是吖三搞笑呢,還是 Bug 10 搞笑,又或者是一開始就是一個局?而 sysprep 的開發者是否有想過這個問題?可能覺得吧,反正都要加 AD 又或者是從零開始安裝系統,所以是不存在這個問題的!


Bug 10 的解決方法相對簡單,提供大神腳本(以下內容另存為 BAT)

:: ================================================================================== 
:: NAME:    Reset WSUS Client ID. 
:: AUTHOR:    Manuel Gil. 
:: ================================================================================== 
 
echo off 
title Reset WSUS Client ID. 
color 17 
 
cls 
ver 
echo.Reset WSUS Client ID. 
echo. 
 
echo.    The methods inside this tool modify files and registry settings. 
echo.    While you are tested and tend to work, We not take responsibility for 
echo.    the use of this tool. 
echo. 
echo.    This tool is provided without warranty. Any damage caused is your 
echo.    own responsibility. 
echo. 
echo.    As well, batch files are almost always flagged by anti-virus, feel free 
echo.    to review the code if you're unsure. 
echo. 
 
choice /c YN /n /m "Do you want to continue with this process? (Y/N)" 
if %errorlevel% EQU 2 goto :eof 
 
echo.Canceling the Windows Update process. 
echo. 
 
taskkill /im wuauclt.exe /f 
 
echo.Stopping the Windows Update services. 
echo. 
 
net stop bits 
net stop wuauserv 
net stop appidsvc 
net stop cryptsvc 
 
echo.Checking the services status. 
echo. 
 
sc query bits | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 echo Failed to stop the bits service. & pause & goto :eof 
 
sc query wuauserv | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 echo Failed to stop the wuauserv service. & pause & goto :eof 
 
sc query appidsvc | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 sc query appidsvc | findstr /I /C:"OpenService FAILED 1060" 
if %errorlevel% NEQ 0 echo Failed to stop the appidsvc service. & pause & goto :eof 
 
sc query cryptsvc | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 echo Failed to stop the cryptsvc service. & pause & goto :eof 
 
echo.Deleting the qmgr*.dat files. 
echo. 
 
del /s /q /f "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" 
del /s /q /f "%ALLUSERSPROFILE%\Microsoft\Network\Downloader\qmgr*.dat" 
 
echo.Renaming the softare distribution folders backup copies. 
echo. 
 
rmdir /s /q "%SYSTEMROOT%\SoftwareDistribution.bak" 
ren "%SYSTEMROOT%\SoftwareDistribution" SoftwareDistribution.bak 
if exist "%SYSTEMROOT%\SoftwareDistribution" echo Failed to rename the SoftwareDistribution folder.  & pause & goto :eof 
 
rmdir /s /q "%SYSTEMROOT%\system32\Catroot2.bak" 
ren "%SYSTEMROOT%\system32\Catroot2" Catroot2.bak 
 
del /s /q /f "%SYSTEMROOT%\winsxs\pending.xml.bak" 
ren "%SYSTEMROOT%\winsxs\pending.xml" pending.xml.bak 
 
del /s /q /f "%SYSTEMROOT%\WindowsUpdate.log.bak" 
ren "%SYSTEMROOT%\WindowsUpdate.log" WindowsUpdate.log.bak 
 
echo.Reset the BITS service and the Windows Update service to the default security descriptor. 
echo. 
 
sc.exe sdset wuauserv D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;WD) 
sc.exe sdset bits D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;WD) 
sc.exe sdset cryptsvc D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;WD) 
sc.exe sdset trustedinstaller D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;WD) 
 
echo.Reregister the BITS files and the Windows Update files. 
echo. 
 
regsvr32.exe /s atl.dll 
regsvr32.exe /s urlmon.dll 
regsvr32.exe /s mshtml.dll 
regsvr32.exe /s shdocvw.dll 
regsvr32.exe /s browseui.dll 
regsvr32.exe /s jscript.dll 
regsvr32.exe /s vbscript.dll 
regsvr32.exe /s scrrun.dll 
regsvr32.exe /s msxml.dll 
regsvr32.exe /s msxml3.dll 
regsvr32.exe /s msxml6.dll 
regsvr32.exe /s actxprxy.dll 
regsvr32.exe /s softpub.dll 
regsvr32.exe /s wintrust.dll 
regsvr32.exe /s dssenh.dll 
regsvr32.exe /s rsaenh.dll 
regsvr32.exe /s gpkcsp.dll 
regsvr32.exe /s sccbase.dll 
regsvr32.exe /s slbcsp.dll 
regsvr32.exe /s cryptdlg.dll 
regsvr32.exe /s oleaut32.dll 
regsvr32.exe /s ole32.dll 
regsvr32.exe /s shell32.dll 
regsvr32.exe /s initpki.dll 
regsvr32.exe /s wuapi.dll 
regsvr32.exe /s wuaueng.dll 
regsvr32.exe /s wuaueng1.dll 
regsvr32.exe /s wucltui.dll 
regsvr32.exe /s wups.dll 
regsvr32.exe /s wups2.dll 
regsvr32.exe /s wuweb.dll 
regsvr32.exe /s qmgr.dll 
regsvr32.exe /s qmgrprxy.dll 
regsvr32.exe /s wucltux.dll 
regsvr32.exe /s muweb.dll 
regsvr32.exe /s wuwebv.dll 
 
 
echo.Deleting values in the Registry. 
echo. 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f 
 
echo.Resetting Winsock and WinHTTP Proxy. 
echo. 
 
netsh winsock reset 
netsh winhttp reset proxy 
 
echo.Resetting the services as automatics. 
echo. 
 
sc.exe config wuauserv start= auto 
sc.exe config bits start= delayed-auto 
sc.exe config cryptsvc start= auto 
sc.exe config TrustedInstaller start= demand 
sc.exe config DcomLaunch start= auto 
 
echo.Starting the Windows Update services. 
echo. 
 
net start bits 
net start wuauserv 
net start appidsvc 
net start cryptsvc 
net start DcomLaunch 
 
echo.Forcing updates. 
echo. 
wuauclt.exe /resetauthorization /detectnow 
 
echo.The operation completed successfully. 
echo.Please reboot your computer. 
pause 
goto :eof

Win7 處理方法僅供參考

停用
wuauserv service
打開註冊表:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
刪除鍵值:
PingID、SUSClientID、AccountDomainSID
重啟
wuauserv service(如果重啟服務沒有新的 SUSClientID , 重啟電腦)
CMD 運行
wuauclt /resetauthorization /detectnow
Windows update server 刷新客戶端
wuauclt /detectnow


請戳:微硬社區大神賜招

請戳:大神重置工具,需安裝

正文完
文章赞赏 謝謝支持
post-qrcode
 0
Implementer
版权声明:本站原创文章,由 Implementer 于2020-05-22发表,共计5556字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
選擇比努力更重要!