If WSUS complains that machines have duplicated IDs/SIDs, running the following on an affected client machine should generate a new random ID for that machine: net stop bits net stop wuauserv reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f net start bits net start wuauserv gpupdate /force wuauclt.exe /resetauthorization wuauclt.exe /detectnow wuauclt.exe /reportnow