Re: Removing ONLY Duplicate SUSClientID Entries

118 views
Skip to first unread message

Torgeir Bakken (MVP)

unread,
Jul 28, 2005, 2:11:29 PM7/28/05
to
[cross posting to microsoft.public.softwareupdatesvcs to get the
post into the Google newsgroup archive]

Todd Oliver wrote:

> Seems to be a common thread among postings here, but I have a
> possible new twist to add. I would like to figure out a way to
> not only remove duplicate SUSClientID values from the registries
> of my machines, but to FIRST run a test to see if one already
> exists throughout my enterprise. That way I don't have to worry
> about deleting the IDs of clients that are properly reporting
> their status to the WSUS server, and ONLY remove those that are
> definitely duplicated on multiple machines. Does anyone have any
> good ideas about how this might be accomplished via vbscript?
>
> (snip)
Hi,

Yes, the script I have posted earlier have the downside that it deleted
the SusClientId once on all computers, with the result that you got a
lot of discontinued computer entries in the WSUS report.

Below is a VBScript that will only delete the registry values if it
detects that another computer already is using the same SusClientId.

Note that the account the script runs under (computer account if used
in a computer startup script or user account if used in a logon script)
needs to have rights to create files in the common network share/folder
that the script uses.

It will be created one file for each SusClientId, using the SusClientId
as file name (with .txt as file extension name). Inside this file you
will find the computer name that uses this SusClientId.

If the script does not find a file name that corresponds to the
computer's SusClientId value, it will create this file, and put the
computer name inside it (the computer name part is just for logging
purpose, it is in no way used by the script later on). In this
situation the computers SusClientId value is not changed.

If the script finds the file, it is a sign that another computer is
using this SusClientId value. In this situation the registry values
are deleted, and an entry containing the current time/date and
computer name will be added to a central logging file.

Also note that the script also creates a registry marker so in will run
only once. This to save time later on during computer startup or logon,
as well as it removes the need for script code doing any checking for
what specific computer is using the SusClientId. This means that it is
IMPORTANT that you have the write access to the reporting share/folder
properly in place before you deploy the script.

You can run the script as a computer startup script (with a GPO) that
runs as part of the boot up process (before the user logs in). It runs
under the system context and has admin rights. Or you can run it in a
logon script, as long as the users have local administrator rights.

You need to adjust the path in the sFolderPath variable to fit your
environment.


Here is the script:

'--------------------8<----------------------

' Folder that the script needs create/write access to, one file for
' each SusClientId will be created.
sFolderPath = "\\server\share\folder"

' Path and name of file where the script will log the name
' of the computers where the SusClientId is deleted by the script.
' This script is for administrator information only, it's content is
' not used by the script in any way.
' Using _ as first character in the name will cause it to be
' listed first in Explorer
sLogFilePath = sFolderPath & "\_ClientIdResetLog.txt"

Const OpenAsASCII = 0
Const OverwriteIfExist = -1
Const ForAppending = 8

Set oShell = CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oWshNetwork = CreateObject("WScript.Network")

sRegKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

' Suppress error in case values does not exist
On Error Resume Next

' Check for registry marker
sIDChecked = oShell.RegRead(sRegKey & "\ClientIdChecked")
Err.Clear

' To be sure the script is run only once, test on marker
If sIDChecked <> "yes" Then

SusClientId = "" ' init value
sSusClientId = oShell.RegRead(sRegKey & "\SusClientId")
If sSusClientId <> "" And oFSO.FolderExists(sFolderPath) Then

sFilePath = sFolderPath & "\" & sSusClientId & ".txt"

If oFSO.FileExists(sFilePath) Then

' Another computer is using the same SusClientId, we need to
' clear out the registry values.

' delete values
oShell.RegDelete sRegKey & "\AccountDomainSid"
oShell.RegDelete sRegKey & "\PingID"
oShell.RegDelete sRegKey & "\SusClientId"

' Stop and start the Automatic updates service
oShell.Run "%SystemRoot%\system32\net.exe stop wuauserv", 0, True
oShell.Run "%SystemRoot%\system32\net.exe start wuauserv", 0, True

' Run wuauclt.exe with resetauthorization
sCmd = _
"%SystemRoot%\system32\wuauclt.exe /resetauthorization /detectnow"
oShell.Run sCmd, 0, True


' Create entry in log file.
' If script is not able to open the file for write access, it
' will give up after 5 seconds (10 loops)
bUpdLogFinished = False
iLoops = 0

On Error Resume Next
Do
Err.Clear
' Open for appending
Set fLogFile = oFSO.OpenTextFile(sLogFilePath, ForAppending, True)
If Err.Number <> 0 Then
' Was not able to open the log file for writing
' Waiting 1/2 a second before trying again
WScript.Sleep 500
Else
fLogFile.WriteLine Now & ", " & oWshNetwork.ComputerName
fLogFile.Close
bUpdLogFinished = True
End If
iLoops = iLoops + 1
Loop Until bUpdLogFinished Or iLoops > 10

Else
' No other computer have reported this SusClientId, we need
' to create a text file in the common folder using the SusClientId
' as file name. Putting the computer name inside the file.
Set f = oFSO.CreateTextFile(sFilePath, OverwriteIfExist, OpenAsASCII)
f.WriteLine oWshNetwork.ComputerName
f.Close

End If

End If
On Error Resume Next

' Create registry marker
oShell.RegWrite sRegKey & "\ClientIdChecked", "yes"

End If

'--------------------8<----------------------

--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

Lawrence Garvin

unread,
Jul 28, 2005, 2:53:40 PM7/28/05
to

Thank you!!! Torgeir.... this is an awesome enhancement to that script.


"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message
news:u5ICEA6...@TK2MSFTNGP10.phx.gbl...

Bobbie Harder (MSFT)

unread,
Jul 28, 2005, 11:25:21 PM7/28/05
to
Torgeir, thats awesome!! Would you mind posting this to the WSUSwiki so it
persists overtime and others can use it too? I can set up a page for WSUS
script samples, then you can link to each one you create there with a
description of what it can do? thank you! -
Bobbie
--
Bobbie Harder
Program Manager, WSUS
Microsoft

This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message
news:u5ICEA6...@TK2MSFTNGP10.phx.gbl...

Bobbie Harder (MSFT)

unread,
Jul 28, 2005, 11:30:02 PM7/28/05
to
Here would be a great repository in txt format:) thanks Torgeir!
http://www.wsuswiki.com/Scripts

--
Bobbie Harder
Program Manager, WSUS
Microsoft

This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message
news:u5ICEA6...@TK2MSFTNGP10.phx.gbl...

Todd Oliver

unread,
Jul 29, 2005, 10:24:01 AM7/29/05
to
Awesome! So far, in testing, this works REALLY well. I only have one
question, however. The registry marker is created (ClientIdChecked) whether
or not the client's SUSClientID gets modified, if I'm reading it correctly.
It also only creates the file corresponding to its SUSClientID if no other
machine has reported it, and only writes to the administrator log file if it
runs through the modification procedure. However, if the SUSClientID doesn't
exist, either because the client has not generated one or is in the process
of regenerating one, the script will never run through again due to the
registry marker being present. Would it be better to only create the
registry marker if and only if the SUSClientID exists in the registry when
the script first runs? That way there would not only be a record of the
machine that was changed in the administrator log file, but also a record of
its NEW SUSClientID, because the script would, effectively, run twice. Once
to generate a new ID and once to create the file corresponding to that ID.
Not only that, but if a machine has never checked in with the WSUS server and
does not have a SUSClientID, the script will run, create the registry marker
and never record that client's SUSClientID.

Basically, what I'm thinking about here is changing this part of the script:

'-----
End If

End If
On Error Resume Next

' Create registry marker
oShell.RegWrite sRegKey & "\ClientIdChecked", "yes"

End If
'-----

To read:

'-----
End If

' Create registry marker
oShell.RegWrite sRegKey & "\ClientIdChecked", "yes"

End If
On Error Resume Next

End If
'-----

Thoughts?

Richard

unread,
Aug 4, 2005, 3:36:04 PM8/4/05
to
Torgeir,

I have been reading this thread. I will also be using this script. Do you
agree with Todd's changes? If yes, I will make this edit also.

Bobbie,

Are there any discussions in the MS WSUS team to add a patch/update so that
this script or something else is used? Most companies, as we all know, are
imaging or cloning their machines so this is a big issue.

Thanks
Richard

Lloyd

unread,
Aug 12, 2005, 4:36:02 PM8/12/05
to
Have a quick quesiton. I am new to WSUS and encountering similar problems
with duplicate SUSClientID values. I believe this script will help me out.
What do I need to do to use this script? It says its a VB Script do I need
VB .net to use this or can someone help me out?

Torgeir Bakken (MVP)

unread,
Aug 13, 2005, 10:27:43 AM8/13/05
to
Lloyd wrote:

> Have a quick quesiton. I am new to WSUS and encountering
> similar problems with duplicate SUSClientID values. I
> believe this script will help me out. What do I need to
> do to use this script? It says its a VB Script do I need
> VB .net to use this or can someone help me out?

Hi,

You don't need to install anything to create or run a VBScript. Use
Notepad to put the script code into a "text" file and save the file
with the file extension .vbs instead of .txt. To run it manually,
just double click on the .vbs file in Explorer.

To be able to run it automatically on all clients (assuming you have
Active Directory), put the vbscript in a computer startup script (with


a GPO) that runs as part of the boot up process (before the user logs
in). It runs under the system context and has admin rights.

Some links for you:

Frequently Asked Questions About Logon Scripts
http://www.rlmueller.net/LogonScriptFAQ.htm

Most of the things mentioned in the link above is relevant for computer
startup scripts as well (see Q/A 9 "What about Logoff, Startup, and
Shutdown scripts in Group Policy?").


For a list of some scripting resources and links to some Windows Script
Host (WSH) Web introductions, take a look here (WSH is VBScript/JScript):

http://groups.google.co.uk/groups?selm=3FFC3C56...@hydro.com

Dave

unread,
Sep 1, 2005, 3:35:10 PM9/1/05
to
This is nice, but it would be really nice to see an automated process for
this in the next release of WSUS. We reuse the PC name when systems are
reimaged (with RIS, believe it or not) and the reimaged machines show up as
duplicates with more recent last seen times in WSUS.

John Mannarino

unread,
Mar 2, 2006, 9:58:27 PM3/2/06
to
Hello Torgien,
I wanted to add this script as a group policy logon script. It doesn't
seem to run. my guess is that the newtork is not available yet at logon. Any
thoughts on this? Do you know if this can run as a logon script?

John M

Dave Mills

unread,
Mar 3, 2006, 12:27:09 AM3/3/06
to
You will be able to see errors in the application event viewer if the GPO is
failing because the startup script is attempting to run before the network is
ready. See http://support.microsoft.com/kb/840669/en-us

If you are running it as a login script then do the users have admin rights.

--
Dave Mills
There are 10 type of people, those that understand binary and those that don't.

Culver

unread,
Mar 8, 2006, 4:15:30 PM3/8/06
to
Todd,

I know this has been a while, but what did you end up doing with this script?

Thanks,
Scott

Reply all
Reply to author
Forward
0 new messages