WSUS Clients not checking in

On our ESX server, we deployed a bunch of Windows 2003 clients from a template, using the “Guest Customization” feature. When you do this, you get a new SID, but you don’t get a new SUSClientId. Since all the clients have the same SUSClientId, only one of them can talk to the WSUS server at a time. Looking around the internet, I found many different suggestions on how to fix the issue. I should say I found many suggestions for which reg key to delete. In the end, I only had to delete one. It worked for all ~37 of my machines, but it took two passes. Your mileage may vary.

This can be done on one remote server using psexec. We stop the service, delete the key, start the service and force authorization.

psexec @servers.txt net stop wuauserv
psexec @servers.txt reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
psexec @servers.txt net start wuauserv
psexec @servers.txt wuauclt.exe /resetauthorization /detectnow

Please be aware that you can make your system completely unusable if you break the registry. Make sure you have a full backup of your system. If anything goes wrong, you may end up losing all your data and reinstalling Windows. Microsoft says this “… is not supported by Microsoft. Use this method at your own risk.”