I'm in the process of trying to configure Kerberos Constrained Delegation in ISA 2006 for a Web Server which will use Client Certificate Authentication.

I found this article over at Technet which i thought was very useful.

WSUS 3.0 SP1 Clients Being Overwritten

We've recently deployed WSUS 3.0 SP1 at work and found an interesting issue regarding our Virtual Machines. It appears that the VM's were overwriting eachother in the WSUS console.

We did a little reading and found this by Stephen Farrar. It appears that the Sysprep process that we used to commission our VMs on ESX does not strip out the [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId] entry in the Registry and therefore all of our VMs have the same ID.

I've written a VBScript which first of all deletes the key, stops and starts the Automatic Updates service and then forces the client to re-register with the WSUS Server. This seems to resolve the issue.

Option Explicit

Dim strRegKey, WshShell, strServiceName
Set WshShell = WScript.CreateObject("WScript.Shell")

'Delete Automatic Update Client ID

strRegKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\" _
& "CurrentVersion\WindowsUpdate\SusClientId"
WshShell.RegDelete strRegKey

'Restart Automatic Update Windows Service

strServiceName = "wuauserv"
WshShell.Run "Net Stop " & strServiceName, 0, True
WshShell.Run "Net Start " & strServiceName, 0, True

'Force the Client to report to the WSUS Server
WshShell.Run "wuauclt.exe /detectnow /resetauthorization"