Troubleshooting WSUS Roaming Client

edanto

I'm trying to set up a particular type of WSUS setup, Roaming Client. In theory, it will allow our laptops to pick up updates from their nearest WSUS server when they travel to a different office. It sounds rather nifty.

Configure WSUS for Roaming Clients
http://technet.microsoft.com/en-us/library/cc708563(v=ws.10).aspx

It's not working properly for me. Clients in 2 particular subnets aren't reporting in to the correct WSUS servers, they are reporting in randomly around the world - even though they aren't roaming.

I'd like to get some extra help to fix this - could anyone recommend a firm or a freelancer that might know this area well? It's A WSUS/DNS issue, I think. WSUS isn't AD-aware.

ressem

[don't have experience with this. Just suggestions]

Looking at the articles...
http://blogs.technet.com/b/networking/archive/2009/04/17/dns-round-robin-and-destination-ip-address-selection.aspx
and
http://support.microsoft.com/default.aspx?scid=kb;EN-US;968920

Windows Vista and Windows Server 2008 have a new TCPIP stack that supports IPV4 and IPv6 natively. This new stack follows RFC 3484 “Default Address Selection for Internet Protocol version 6” for IPV6 and for IPV4 when possible. This RFC attempts to select the closest IP address rather than using DNS round robin’s random selection.

they mention that if the WSUS server is not within the same subnet as the client, then it'll use longest match to choose the server to connect to (assuming that netmask ordering isn't on).

So how closely does the client's binary subnet matches that of the local WSUS server versus the server it's actually connecting to?
I.e. a 10.0.32.x / 24 client will prefer a 10.0.48.x /24 to a 10.0.31.x/24.

Capt'n Midnight

www.wsusoffline.net is a Plan B till you get stuff sorted.


what's the story on proxy usage ?


do each of the local wsus servers have the same name
have you tried setting up an alias for wsus in local DNS and confirmed it works

ipconfig /flushdns when testing too

edanto

Thanks both.

In our case, the WSUS server is on the exact same subnet as the clients - but still those clients are reporting to a server in a different subnet.

When I lookup the hostname (wsus-server) from the client, I'm given a list of IPs from the DNS server, and the WSUS server that I want them to report to is at the top of the list - at least it is when I test it.

We don't have any other DNS issues that we are aware of.

There is a proxy involved- will PM you Cap'n.

edanto

This is fixed now - and it was the proxy.

We have a web filter in place and requests were coming into it for the IIS WSUS site (using a hostname as per the roaming client setup in the link above).

When the web filter asked the DNS server for the IP of that hostname, the DNS server sent back an ordered list of IPs, with the local one in the same subnet at the top of the list. Normal netmask ordering, that the typical Windows clients will understand to mean 'talk to the IP at the top of the list, it's in your subnet'.

Our web filter didn't respect netmask ordering (even though it's vendors say it does) and it was directing those requests all over the world to various WSUS servers. It's been fixed by editing the equivalent of the hosts file on the web filter to direct all requests for that hostname to a specific IP on this subnet.

Thanks for the help Capt'n!