Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Troubleshooting WSUS Roaming Client

  • 17-05-2012 11:41am
    #1
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭


    I'm trying to set up a particular type of WSUS setup, Roaming Client. In theory, it will allow our laptops to pick up updates from their nearest WSUS server when they travel to a different office. It sounds rather nifty.

    Configure WSUS for Roaming Clients
    http://technet.microsoft.com/en-us/library/cc708563(v=ws.10).aspx

    It's not working properly for me. Clients in 2 particular subnets aren't reporting in to the correct WSUS servers, they are reporting in randomly around the world - even though they aren't roaming.

    I'd like to get some extra help to fix this - could anyone recommend a firm or a freelancer that might know this area well? It's A WSUS/DNS issue, I think. WSUS isn't AD-aware.


Comments

  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    [don't have experience with this. Just suggestions]

    Looking at the articles...
    http://blogs.technet.com/b/networking/archive/2009/04/17/dns-round-robin-and-destination-ip-address-selection.aspx
    and
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;968920
    Windows Vista and Windows Server 2008 have a new TCPIP stack that supports IPV4 and IPv6 natively. This new stack follows RFC 3484 “Default Address Selection for Internet Protocol version 6” for IPV6 and for IPV4 when possible. This RFC attempts to select the closest IP address rather than using DNS round robin’s random selection.
    they mention that if the WSUS server is not within the same subnet as the client, then it'll use longest match to choose the server to connect to (assuming that netmask ordering isn't on).

    So how closely does the client's binary subnet matches that of the local WSUS server versus the server it's actually connecting to?
    I.e. a 10.0.32.x / 24 client will prefer a 10.0.48.x /24 to a 10.0.31.x/24.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,563 Mod ✭✭✭✭Capt'n Midnight


    www.wsusoffline.net is a Plan B till you get stuff sorted.


    what's the story on proxy usage ?


    do each of the local wsus servers have the same name
    have you tried setting up an alias for wsus in local DNS and confirmed it works

    ipconfig /flushdns when testing too


  • Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    Thanks both.

    In our case, the WSUS server is on the exact same subnet as the clients - but still those clients are reporting to a server in a different subnet.

    When I lookup the hostname (wsus-server) from the client, I'm given a list of IPs from the DNS server, and the WSUS server that I want them to report to is at the top of the list - at least it is when I test it.

    We don't have any other DNS issues that we are aware of.

    There is a proxy involved- will PM you Cap'n.


  • Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    This is fixed now - and it was the proxy.

    We have a web filter in place and requests were coming into it for the IIS WSUS site (using a hostname as per the roaming client setup in the link above).

    When the web filter asked the DNS server for the IP of that hostname, the DNS server sent back an ordered list of IPs, with the local one in the same subnet at the top of the list. Normal netmask ordering, that the typical Windows clients will understand to mean 'talk to the IP at the top of the list, it's in your subnet'.

    Our web filter didn't respect netmask ordering (even though it's vendors say it does) and it was directing those requests all over the world to various WSUS servers. It's been fixed by editing the equivalent of the hosts file on the web filter to direct all requests for that hostname to a specific IP on this subnet.

    Thanks for the help Capt'n!


Advertisement