There was much debate when that blog was published. Sysprep has nearly 100 providers registered with it as I recall. They each handle make some component of Windows unique. While the SID component might be up for debate, there are countless other things that need it.
From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Wednesday, August 5, 2015 9:02 AM To: [email protected] Subject: Re: [NTSysADM] Fwd: Win 2012 client registration problems to WSUS v3 Win 2008 server On Wed, Aug 5, 2015 at 11:47 AM, Webster <[email protected]<mailto:[email protected]>> wrote: I am new to building and maintaining ESXi in my lab (ESXi 6.0.0b) but I never got the sysprep part of the VMware stuff to work for Win81 or Server 2012+ (haven't tried Win10 yet). I learned to manually run sysprep instead. Mark Russinovich says it isn't necessary to generate a new SID .. http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx if anyone would know, you'd think it would be him. Or Mark Minasi, maybe. About sysprepping, tho - when I create a new VM from a template, I do see it apply sysprep. You can tell - you power it up for the first time, wait 1 minute, it will automatically reboot, saying "Applying image customizations". I haven't needed to run sysprep on 2012 manually. And only now have I had to delete the SUS client ID manually. Specifically, these 2 keys: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIdValidation /f These 2: REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f came back and said "Unable to find the specified key". This was on Win2012 R2. Webster ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Michael Leone <[email protected]<mailto:[email protected]>> Sent: Wednesday, August 5, 2015 10:33 AM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Fwd: Win 2012 client registration problems to WSUS v3 Win 2008 server They are VMs, created form a VMware Template. It runs sysprep as part of the creation process, yes (or is supposed to, maybe the sysprepping isn't working for Win2012). On Wed, Aug 5, 2015 at 10:55 AM, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: Were these boxes cloned from one another? http://blogs.technet.com/b/csstwplatform/archive/2012/05/28/wsus-script-to-delete-duplicate-sid-created-by-disk-imaging-disk-cloning.aspx That was it, yes. The first 2 deletes failed, saying key doesn't exist, but the 3rd one passed, and do a "resetauthorization" and "detectnow" did work, and all showed up properly. Not sure what is different in my Win2012 template as opposed to my Win2008 template (only the Win2012 VMs showed a problem, not the Win2008 VMs), but I can dig into that, and make it a point to run this script as part of the rollout process. Thanks ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… On Wed, Aug 5, 2015 at 10:35 AM, Michael Leone <[email protected]<mailto:[email protected]>> wrote: I have a WSUS v3.2.7600.226 server, running on Win 2008 R2. It has 150+ clients, including some Win 2012 R2 clients. All has been working fine for a few years. Now I am seeing an odd problem. Yesterday I created 2 new Win 2012 R2 clients, and Group Policy set them to use the WSUS server, as usual. But the odd thing: Only 1 client at a time shows up, they both won't show at the same time. Here's what I mean: 2 clients, SERVER8 and SERVER9. Neither was showing up in the "All Computers" group, so I went to each, restarted the BITS and Windows Update service, and issued a "wuauclt /resetauthorization /detectnow". This is what I usually do for Win 2008 R2 clients, who are having problems communicating with the WSUS server. So I did that on SERVER8, and it then showed up in WSUS. I then did the same on SERVER9. Oddly, SERVER8 then disappeared from WSUS, and SERVER9 showed up. It's like I can have one or the other, but not both at the same time. :-) DNS is correct, each shows the proper IP address (when it does show up). I see nothing in the Windows Event Logs of the WSUS server. I don't see any errors in the WindowsUpdate.log file of the server. And I see no errors in that file on the clients - in fact, I see things like "4 updates detected", but nothing after to indicate why it's dropping off the list. Ideas? Where to go next?
