Recently I had an issue with my Wsus server. I had to reinstall the software while keeping my old database. I noticed that some of my clients wouldn’t populate in the wsus server. They all seemed to be getting updates though. My first thought was to force the client to check in by running the following on the client machine.

wuauclt.exe /detectnow

Usually that would cause a client to detect the settings it got from the Group Policy I have set up. Then something really odd happened. The “missing” client would show up for a moment or two when I refreshed the wsus console, then dissapear again. The total device count in the wsus console would not increment.

After some banging around I found that I needed to reset the authorization on the client. My guess is that when I reinstalled the Wsus console some of the clients had invalid IDs.

The fix goes like this:
Remove the Registry value for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
-SusClientId
-SusClientIdValidation
Restart the Automatic Updates service (wuauserv)
Run

wuauclt.exe /resetauthorization /detectnow

from the command line

This solved my issue by re-adding the clients to the Wsus server. problem solved, right? Hardly! I had about 80 of these to do. I’ve been doing some powershell scripting with Steve over at MindOfRoot. I thought this would be a good chance to try writting a script on my own. What I came up with is clumsy and even spits out some errors but works like a charm. Feel free to post comments about how to clean it up.

#* Filename: DelRegValuesRemote.ps1
#*=====================================================================
#* Created: [3-31-10]
#* Author: Tim Lemmers
#* 
#
#*=====================================================================
#get the remote computer name from User input
$Srv = Read-Host "Type Machine name"

#define registry location
$key = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

#set registry hive HKLM
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key,$true)

#show the server and values found from the registry
Write-Host
Write-host "Server name"
Write-host "------"
$Srv
Write-Host
Write-Host "Values Before Delete"
Write-Host "------"
Foreach($val in $regKey.GetValueNames()){$val}
Read-Host “Press enter to continue”

#Delete the values found above
Foreach($val in $regKey.GetValueNames()){$regKey.DeleteValue($val)}

#show values after deletion to make sure they are gone
Write-Host
Write-Host "Values After Delete"
Write-Host "------"
Foreach($val in $regKey.GetValueNames()){$val}

#Restart the automatic updates service
(Get-WmiObject -computer $Srv Win32_Service -Filter "Name='wuauserv'").InvokeMethod("StopService",$null)
#pause a moment to let snarky services stop - I'm not sure this is needed
Start-Sleep -s 4

(Get-WmiObject -computer $Srv Win32_Service -Filter "Name='wuauserv'").InvokeMethod("StartService",$null)

cmd /c psexec.exe \\$Srv -d C:\windows\system32\wuauclt.exe /resetauthorization /detectnow

Write-Host “This AU client will now check for the Updates on the Local WSUS Server.”
Read-Host “Press enter to continue”