We have a new WSUS server, so I changed the server name in the appropriate place in the registry on the domain controller (HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate). In other words I'm hard coding it to WSUS, not using GPO to tell it the name. But it never connected up to the new WSUS server. Suspecting it still had a pointer to the old server, I searched with regedit and found 2 pairs of entries as such:
MyDomainName {unique long id#1} Machine - has the old WSUS server info
MyDomainName {unique long id#1} User - is empty
MyDomainName {unique long id#2} Machine - ALSO has the old WSUS server info
MyDomainName {unique long id#2} User - is empty
(Excuse my registry terminology if wrong) So, as you see, each entry actually is a pair with the same name, but the second (User) matching one is empty.
The first entry of each pair has the following registry folder structure: Software-Policies-Microsoft-Windows-WindowsUpdate
Under this are the 5 keys relating to WSUS, with one showing the old WSUS server name with some settings related to it. So, at some point I assume we DID have a GPO that pushed this to the DC. We do NOT anymore though.... After reading various forum posts about old GPO's sticking, here's my plan. Let me know if you think it sounds good.
1. Export each of the 4 entries to the C: drive somewhere.
2. Delete each of the 4 entries.
3. Run Wuauclt.exe /detectnow (this makes it go out and look for the WSUS server referenced in the appropriate place in the registry as mentioned above.)
I'm curious if anyone knows details as to why and how do these old GPOs get stuck on a machine? The only reason I know they're not coming from any CURRENT GPOs in Active Directory is that I checked all current GPOs andnone have the old server name. Is there any way to match IDs showing in it's registry to IDs of current GPO's in active directory, so I can see if there's any more old GPO's other than these? (Although this is optional since I'm not having any issues beyond this one) Deleting entire key structures as some of these forum posts recommend seems risky, especially since I've isolated the two locations of my problem....I want to do as few steps as possible since this is a critical DC that I don't want to make unstable, or preferably not have to reboot either....