We have a domain controller which is stuck in OOBE because it cannot update from WSUS and does not appear in the WSUS console.
When running nslookup wsusservername
on the DC we get the following response:
C:\Windows\system32>nslookup wsusservername
Server: dc002.(domain).local
Address: 172.16.164.xx
*** dc002.(domain).local can't find wsusservername: Non-existent
domain
All servers are in the same domain.
Doing some research on this error suggests looking at the following:
- DNS reverse lookup zone 64.16.172.in-addr.arpa contains correct PRT record for the WSUS server
- DNS forward lookup zone for the domain contains correct A record for the WSUS server
- I can ping the WSUS server successfully from the DC
- DNS servers are configured correctly on the NICs of the DC and WSUS servers.
- Other servers have been patched successfully earlier this month.
- Configured Group Policy Objects are all applying correctly as per
gpresult /r
- Registry entries are pointing to the WSUS server (HKLM/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate).
It should be noted here that running the following command failed with this message:
C:\Windows\system32>reg query HKLM/SOFTWARE/Policies/Microsoft/Windows/WindowsUpdate
ERROR: Invalid key name.
Type "REG QUERY /?" for usage.
Yet this key quite clearly appears in the registry editor - I'm unsure if this is related to the overall problem or something else entirely.
When checking IIS on the WSUS box, the configured ports are 80 for HTTP and 8531 for HTTPS and the GPO applied to the OU containing the problematic DC specifies port 80. This is also reflected in the registry.
This is turning into a right head-scratcher so any help would be greatly appreciated!