Hi

I am trying to setup an additional WSUS server on our network. We presently use WSUS 3 SP2 on a Windows Server 2008 standard that is also a domain controller. I want to install WSUS on a Windows Server 2012 standard member server in the domain and then remove the old WSUS from the 2008 domain controller.

I read through the 'Deploy Windows Server Update Services in Your Organisation' before starting this.

Everything was carried out using the domain administrator account.

I added the role to the 2012 server (which also has the Remote Access role) but after installation a notification appeared that the post-install tasks had failed.

I restarted the server and under Task Details and Notifications under the Server Manager's Dashboard is an entry stating that Post-deployment Configuration has failed.

I started WSUS from the Tools menu and was prompted for the content store location (which I had already provided during the initial installation - I had manually created a folder named WSUSContent and pointed it at that). I browsed to the location and set it. In the lower pane of the same window was a notification asking if the server should run the post-install tasks. I clicked Run and the following log was generated immediately:

2013-08-14 08:33:52  Postinstall started
2013-08-14 08:33:52  Detected role services: Api, UI, WidDatabase, Services
2013-08-14 08:33:52  Start: LoadSettingsFromParameters
2013-08-14 08:33:52  Content local is: True
2013-08-14 08:33:52  Content directory is: C:\WSUSContent
2013-08-14 08:33:52  SQL instname is:
2013-08-14 08:33:52  End: LoadSettingsFromParameters
2013-08-14 08:33:52  Start: Run
2013-08-14 08:33:52  Configuring content directory...
2013-08-14 08:33:52  Configuring groups...
2013-08-14 08:33:52  Starting group configuration for WSUS Administrators...
2013-08-14 08:33:52  Group does not already exist in the registry
2013-08-14 08:33:52  Searching for existing group...
2013-08-14 08:33:53  Group was not fount attempt to create it...
2013-08-14 08:33:53  Writing group to registry...
2013-08-14 08:33:53  Finished group creation
2013-08-14 08:33:53  Starting group configuration for WSUS Reporters...
2013-08-14 08:33:53  Group does not already exist in the registry
2013-08-14 08:33:53  Searching for existing group...
2013-08-14 08:33:53  Group was not fount attempt to create it...
2013-08-14 08:33:53  Writing group to registry...
2013-08-14 08:33:53  Finished group creation
2013-08-14 08:33:53  Configuring permissions...
2013-08-14 08:33:53  Fetching content directory...
2013-08-14 08:33:53  Fetching ContentDir from registry store
2013-08-14 08:33:53  Value is C:\WSUSContent
2013-08-14 08:33:53  Fetching group SIDs...
2013-08-14 08:33:53  Fetching WsusAdministratorsSid from registry store
2013-08-14 08:33:53  Value is S-1-5-21-1820295096-694618493-131162164-1007
2013-08-14 08:33:53  Fetching WsusReportersSid from registry store
2013-08-14 08:33:53  Value is S-1-5-21-1820295096-694618493-131162164-1008
2013-08-14 08:33:53  Creating group principals...
2013-08-14 08:33:55  Granting directory permissions...
2013-08-14 08:33:56  System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
   at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl)
   at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext)
   at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath)
   at System.IO.DirectoryInfo.SetAccessControl(DirectorySecurity directorySecurity)
   at Microsoft.UpdateServices.Administration.ConfigurePermissions.GrantDirectoryPermissions()
   at Microsoft.UpdateServices.Administration.ConfigurePermissions.Configure()
   at Microsoft.UpdateServices.Administration.PostInstall.Run()
   at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)

Does anyone understand what this means? Can anyone help me configure WSUS successfully, please?

Thanks!

Hey folks,

we are experiencing problems installing the "KB2855265 - Update for Microsof Security Essential - 4.3.215.0".

All other updates are installed correctly but this one remains pending on all our clients (W7 and WXP).

I know that a "user input is required" but no popup or Windows are opened on user's session so the only way is to logon as administrator and install the update manually.

Here below the setup of our Wsus' policy:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://192.168.1.9:80"
"WUStatusServer"="http://192.168.1.9:80"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"AUPowerManagement"=dword:00000001
"IncludeRecommendedUpdates"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"RescheduleWaitTimeEnabled"=dword:00000000
"UseWUServer"=dword:00000001
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RebootRelaunchTimeout"=dword:000005a0
"DetectionFrequencyEnabled"=dword:00000001
"DetectionFrequency"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003

Many thanks in advance

Diego

On our site we use a WSUS server but when I manually try to up date any other server on the site I get the following message:

"Windows could not search for new updates

An error occurred while checking for new updates for you computer

Error(s) found:

Code 80244023 Windows Update encountered an unknown error. Get help with the error."

I tried clicking on the link but this code don't appear in the list.

I've tried running the FitIt tool for Windows Update and this does report that it's repared an issue with the Windows Update omponents but I'm still getting the same issue and code.

Searches on google have suggested DNS issues but I can ping the WSUS server from any of the server and the a get a responce and the name is resolved.

I've run the WSUS Client Diagnostics Tool on one of the servers and have got this responce:

"WSUS Client Diagnostics Tool

Checking Machine State

Checking for admin rights to run tool.........PASS

Automatic Updates Service is running........PASS

Background Intelligent Transfer Server is running........PASS

GetFileVersion(szEngineDir,&susVersion) failed with hr=0x80070002

The system cannot find the file specified."

Which I can assume isn't good!

All servers are running on Server 2008 R2 and we use Client Side Targeting for all the servers.

Currently it is the summer holidays so the perfect time to update all the servers in the school but I can't seem to get them to talk to WSUS to pick up the approved updates despite them showing in the correct computer list. Some have reported back in the last couple of days but other no essential servers haven't for over a year (since the last time I ran the updates).

Could someone please respond to this and give me some helpful pointers. In the mean time I will just update manually over the net - somewhat defeating the object of having a WSUS server but time is against me.  

This is similar to a lot of postings for WSUS 3.  But I still haven't gotten it working.

1) Installed a Windows Server 2012 Standard (last night), Installed all Windows updates from on-line

2) Added WSUS Role, standard configuration, Set Automatic Approve all categories except Drivers and Approved all Computers.  Synchronized in about 12 hours (20Mbps Internet).

3) Ran the console command "gpedit" as Administrator on the clients.  Changed Group Policy on a client Windows Server 2012 and a client Windows 7 Pro/64 to point the Intranet URL: http://wsus-2013:8530 where "wsus-2013" is the new WSUS server.

4.  Tested browsing http://wsus-2013:8530/Selfupdate/iuident.cab on the clients, no problem

5.  Ran the following console commands as Administrator on the clients: 

gpupdate /force

wuauclt.exe /resetauthorization /detectnow

net stop wuauserv

net start wuauserv

shutdown -r -t 1   (Client Rebooted)

6.  When I run Windows Update on the Windows 7 PC, I get "Windows cannot search for updates, Error Code 80244019"

7.  When I run Windows Update on the Windows Server 2012, it seemed to work.

8.  When I look at the WSUS Server's Computers, I only see the Windows Server 2012 client, not the Windows 7 client.

9.  I changed the GPO in Active Directory for workstations in our AD domain, but I haven't seen any of those in the WSUS Computers yet.  Note: the W7 and WS2012 clients above were not AD domain members. 

I don't think this is an Active Directory issue. 

Since all clients can see the WSUS URL and one of them works, I think something else is wrong.   Before posting my question here, I have tried searching for a solution, but mostly find WSUS 3 version information.  I did not have this problem when setting up WSUS 3 servers in the past.

10.  Tried following standard Mr Fixit Windows Update diagnostic on client and it returns "No Problems Found" on the Windows 7 PC.  The same PC that returns 80244019 Error Code when running Windows Update.

Any suggestions or clues?

UPDATE to My Issue with Windows Updates:

The WindowsUpdate.log provides a clue with the line: 

"Misc WARNING: DownloadFileInternal failed for http://wsus-2013/selfupdate/wuident.cab: error 0x80190194"

SO, HOW DO I GET WINDOWS UPDATE TO USE THE PORT IN THE URL http://wsus-2013:8530  ???

2013-03-20 16:58:27:362  524 f14 Agent *************
2013-03-20 16:58:27:362  524 f14 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-03-20 16:58:27:362  524 f14 Agent *********
2013-03-20 16:58:27:362  524 f14 Agent   * Online = Yes; Ignore download priority = No
2013-03-20 16:58:27:362  524 f14 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-03-20 16:58:27:362  524 f14 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-03-20 16:58:27:362  524 f14 Agent   * Search Scope = {Machine}
2013-03-20 16:58:27:362  524 f14 Setup Checking for agent SelfUpdate
2013-03-20 16:58:27:362  524 f14 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-03-20 16:58:27:362  524 f14 Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-03-20 16:58:27:377  524 f14 Misc  Microsoft signed: Yes
2013-03-20 16:58:28:940  524 f14 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2013-03-20 16:58:28:940  524 f14 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2013-03-20 16:58:28:940  524 f14 Misc WARNING: DownloadFileInternal failed forhttp://wsus-2013/selfupdate/wuident.cab: error 0x80190194
2013-03-20 16:58:28:940  524 f14 Setup WARNING: SelfUpdate check failed to download package information, error = 0x80244019
2013-03-20 16:58:28:940  524 f14 Setup FATAL: SelfUpdate check failed, err = 0x80244019
2013-03-20 16:58:28:940  524 f14 Agent   * WARNING: Skipping scan, self-update check returned 0x80244019
2013-03-20 16:58:28:955  524 f14 Agent   * WARNING: Exit code = 0x80244019
2013-03-20 16:58:28:955  524 f14 Agent *********
2013-03-20 16:58:28:955  524 f14 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-03-20 16:58:28:955  524 f14 Agent *************

****************

It looks like I'll have to use a work-around for now.  I disabled the WSUS server's Default website's binding for port 80 and added  port 80 binding to the WSUS Administration website and now things are working.

I think the requirement to maintain the legacy Port 80 instead of Only using the new ports 8530 and 8531 on the WSUS server for Windows 7 and earlier should be documented somewhere so that it doesn't frustrate admins trying to use WSUS 6.2.92 for the first time.

Attention Microsoft:  Please let me know when this is fixed or if there are any security issues related to enabling port 80 on the WSUS Administration website.

Hi Technet !

Tuesday's updates arrived well on my WSUS server.

I approved some of them, but some updates seems to not appear in the MMC console while on the computer's state they are noticed as Needed and Not Approved.

I can figure why the .NET Framework's updates do not appear as we excluded previous .NET Framework patches :
* for example KB2656373 for .NET Framework 3.5.1 was declined, it's normal that the KB2844286 received on the 12th of August was automatically declined.

Any chance someone can explained me why the one from the 13rd is still considered as Needed ?

And why the Security Update for IE8 -which is not Declined- does not appear in my pending updates ?

Thanks.

TiGrOu.

Hi

When I am running WSUS client diagnostic tool in one client vm host running under windows 2008 server standard R2, I am getting the following error.

When pinging the WSUS Server from this vm host , it pings successfully and telnetting to the wsus too works.

Any help regarding this issue is appreciated!

Thanks & Regards S.Swaminathan Live & let others live!!!

• OK, this is one of the thorniest update problems...I am using WSUS on the network, and all of my updates on my desktop client are running, except for KB2847927 ...it keeps failing.  I have cleaned up any Trojan/viruses, I have run a chkdsk /r, I have done all of the recommended fixes to correct my antivirus problems (McAfee), and fixed my Windows Firewall (and related Base Filtering Engine Service).  I have run recommended subinacl.exe fix (as admin), and it apparently fixed some things, but here's what it said after running in the command shell:

  ************

  HKEY_CLASSES_ROOT\X509Enrollment.CX509PolicyServerUrl.1 - RegSetKeySecurity Erro
  r : 5 Access is denied.

  X509Enrollment.CX509PolicyServerUrl.1\CLSID : delete Perm. ACE 3 nt authority\sy
  stem
  X509Enrollment.CX509PolicyServerUrl.1\CLSID : delete Perm. ACE 2 nt authority\sy
  stem
  X509Enrollment.CX509PolicyServerUrl.1\CLSID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PolicyServerUrl.1\CLSID - RegSetKeySecurit
  y Error : 5 Access is denied.

  X509Enrollment.CX509PrivateKey : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PrivateKey : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PrivateKey : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PrivateKey - RegSetKeySecurity Error : 5 A
  ccess is denied.

  X509Enrollment.CX509PrivateKey\CurVer : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PrivateKey\CurVer : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PrivateKey\CurVer : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PrivateKey\CurVer - RegSetKeySecurity Erro
  r : 5 Access is denied.

  X509Enrollment.CX509PrivateKey.1 : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PrivateKey.1 : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PrivateKey.1 : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PrivateKey.1 - RegSetKeySecurity Error : 5
   Access is denied.

  X509Enrollment.CX509PrivateKey.1\CLSID : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PrivateKey.1\CLSID : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PrivateKey.1\CLSID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PrivateKey.1\CLSID - RegSetKeySecurity Err
  or : 5 Access is denied.

  X509Enrollment.CX509PublicKey : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PublicKey : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PublicKey : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PublicKey - RegSetKeySecurity Error : 5 Ac
  cess is denied.

  X509Enrollment.CX509PublicKey\CurVer : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PublicKey\CurVer : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PublicKey\CurVer : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PublicKey\CurVer - RegSetKeySecurity Error
   : 5 Access is denied.

  X509Enrollment.CX509PublicKey.1 : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PublicKey.1 : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PublicKey.1 : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PublicKey.1 - RegSetKeySecurity Error : 5
  Access is denied.

  X509Enrollment.CX509PublicKey.1\CLSID : delete Perm. ACE 3 nt authority\system
  X509Enrollment.CX509PublicKey.1\CLSID : delete Perm. ACE 2 nt authority\system
  X509Enrollment.CX509PublicKey.1\CLSID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\X509Enrollment.CX509PublicKey.1\CLSID - RegSetKeySecurity Erro
  r : 5 Access is denied.

  XEV.FailSafeApp : delete Perm. ACE 1 nt authority\system
  XEV.FailSafeApp : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.FailSafeApp : 2 change(s)
  XEV.FailSafeApp\DefaultIcon : delete Perm. ACE 1 nt authority\system
  XEV.FailSafeApp\DefaultIcon : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.FailSafeApp\DefaultIcon : 2 change(s)
  XEV.FailSafeApp\shell : delete Perm. ACE 1 nt authority\system
  XEV.FailSafeApp\shell : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.FailSafeApp\shell : 2 change(s)
  XEV.FailSafeApp\shell\open : delete Perm. ACE 1 nt authority\system
  XEV.FailSafeApp\shell\open : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.FailSafeApp\shell\open : 2 change(s)
  XEV.FailSafeApp\shell\open\command : delete Perm. ACE 1 nt authority\system
  XEV.FailSafeApp\shell\open\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.FailSafeApp\shell\open\command : 2 change(s)
  XEV.GenericApp : delete Perm. ACE 1 nt authority\system
  XEV.GenericApp : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp : 2 change(s)
  XEV.GenericApp\DefaultIcon : delete Perm. ACE 1 nt authority\system
  XEV.GenericApp\DefaultIcon : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp\DefaultIcon : 2 change(s)
  XEV.GenericApp\shell : delete Perm. ACE 1 nt authority\system
  XEV.GenericApp\shell : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp\shell : 2 change(s)
  XEV.GenericApp\shell\open : delete Perm. ACE 1 nt authority\system
  XEV.GenericApp\shell\open : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp\shell\open : 2 change(s)
  XEV.GenericApp\shell\open\command : delete Perm. ACE 1 nt authority\system
  XEV.GenericApp\shell\open\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp\shell\open\command : 2 change(s)
  XEV.GenericApp\shell\open\ddeexec : delete Perm. ACE 1 nt authority\system
  XEV.GenericApp\shell\open\ddeexec : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp\shell\open\ddeexec : 2 change(s)
  XEV.GenericApp\shell\open\ddeexec\application : delete Perm. ACE 1 nt authority\
  system
  XEV.GenericApp\shell\open\ddeexec\application : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp\shell\open\ddeexec\application : 2 change(s)
  XEV.GenericApp\shell\open\ddeexec\topic : delete Perm. ACE 1 nt authority\system

  XEV.GenericApp\shell\open\ddeexec\topic : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.GenericApp\shell\open\ddeexec\topic : 2 change(s)
  XEV.OriginalApp : delete Perm. ACE 1 nt authority\system
  XEV.OriginalApp : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.OriginalApp : 2 change(s)
  XEV.OriginalApp\DefaultIcon : delete Perm. ACE 1 nt authority\system
  XEV.OriginalApp\DefaultIcon : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.OriginalApp\DefaultIcon : 2 change(s)
  XEV.OriginalApp\shell : delete Perm. ACE 1 nt authority\system
  XEV.OriginalApp\shell : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.OriginalApp\shell : 2 change(s)
  XEV.OriginalApp\shell\open : delete Perm. ACE 1 nt authority\system
  XEV.OriginalApp\shell\open : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.OriginalApp\shell\open : 2 change(s)
  XEV.OriginalApp\shell\open\command : delete Perm. ACE 1 nt authority\system
  XEV.OriginalApp\shell\open\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.OriginalApp\shell\open\command : 2 change(s)
  XEV.OriginalApp\shell\open\ddeexec : delete Perm. ACE 1 nt authority\system
  XEV.OriginalApp\shell\open\ddeexec : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.OriginalApp\shell\open\ddeexec : 2 change(s)
  XEV.OriginalApp\shell\open\ddeexec\application : delete Perm. ACE 1 nt authority
  \system
  XEV.OriginalApp\shell\open\ddeexec\application : new ace for nt authority\system

  HKEY_CLASSES_ROOT\XEV.OriginalApp\shell\open\ddeexec\application : 2 change(s)
  XEV.OriginalApp\shell\open\ddeexec\topic : delete Perm. ACE 1 nt authority\syste
  m
  XEV.OriginalApp\shell\open\ddeexec\topic : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XEV.OriginalApp\shell\open\ddeexec\topic : 2 change(s)
  xhtmlfile : delete Perm. ACE 1 nt authority\system
  xhtmlfile : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile : 2 change(s)
  xhtmlfile\CLSID : delete Perm. ACE 1 nt authority\system
  xhtmlfile\CLSID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\CLSID : 2 change(s)
  xhtmlfile\shell : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell : 2 change(s)
  xhtmlfile\shell\open : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\open : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\open : 2 change(s)
  xhtmlfile\shell\open\command : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\open\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\open\command : 2 change(s)
  xhtmlfile\shell\opennew : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\opennew : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\opennew : 2 change(s)
  xhtmlfile\shell\opennew\command : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\opennew\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\opennew\command : 2 change(s)
  xhtmlfile\shell\print : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\print : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\print : 2 change(s)
  xhtmlfile\shell\print\command : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\print\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\print\command : 2 change(s)
  xhtmlfile\shell\printto : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\printto : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\printto : 2 change(s)
  xhtmlfile\shell\printto\command : delete Perm. ACE 1 nt authority\system
  xhtmlfile\shell\printto\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xhtmlfile\shell\printto\command : 2 change(s)
  XML : delete Perm. ACE 3 nt authority\system
  XML : delete Perm. ACE 2 nt authority\system
  XML : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XML - RegSetKeySecurity Error : 5 Access is denied.

  XML\CLSID : delete Perm. ACE 3 nt authority\system
  XML\CLSID : delete Perm. ACE 2 nt authority\system
  XML\CLSID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XML\CLSID - RegSetKeySecurity Error : 5 Access is denied.

  XML\OLEScript : delete Perm. ACE 1 nt authority\system
  XML\OLEScript : new ace for nt authority\system
  HKEY_CLASSES_ROOT\XML\OLEScript : 2 change(s)
  xmlfile : delete Perm. ACE 1 nt authority\system
  xmlfile : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile : 2 change(s)
  xmlfile\BrowseInPlace : delete Perm. ACE 1 nt authority\system
  xmlfile\BrowseInPlace : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\BrowseInPlace : 2 change(s)
  xmlfile\CLSID : delete Perm. ACE 3 nt authority\system
  xmlfile\CLSID : delete Perm. ACE 2 nt authority\system
  xmlfile\CLSID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\CLSID - RegSetKeySecurity Error : 5 Access is denied.

  xmlfile\DefaultIcon : delete Perm. ACE 1 nt authority\system
  xmlfile\DefaultIcon : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\DefaultIcon : 2 change(s)
  xmlfile\shell : delete Perm. ACE 1 nt authority\system
  xmlfile\shell : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\shell : 2 change(s)
  xmlfile\shell\edit : delete Perm. ACE 1 nt authority\system
  xmlfile\shell\edit : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\shell\edit : 2 change(s)
  xmlfile\shell\edit\command : delete Perm. ACE 1 nt authority\system
  xmlfile\shell\edit\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\shell\edit\command : 2 change(s)
  xmlfile\shell\open : delete Perm. ACE 1 nt authority\system
  xmlfile\shell\open : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\shell\open : 2 change(s)
  xmlfile\shell\open\command : delete Perm. ACE 1 nt authority\system
  xmlfile\shell\open\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\shell\open\command : 2 change(s)
  xmlfile\ShellEx : delete Perm. ACE 1 nt authority\system
  xmlfile\ShellEx : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\ShellEx : 2 change(s)
  xmlfile\ShellEx\IconHandler : delete Perm. ACE 1 nt authority\system
  xmlfile\ShellEx\IconHandler : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xmlfile\ShellEx\IconHandler : 2 change(s)
  xslfile : delete Perm. ACE 1 nt authority\system
  xslfile : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile : 2 change(s)
  xslfile\BrowseInPlace : delete Perm. ACE 1 nt authority\system
  xslfile\BrowseInPlace : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\BrowseInPlace : 2 change(s)
  xslfile\CLSID : delete Perm. ACE 3 nt authority\system
  xslfile\CLSID : delete Perm. ACE 2 nt authority\system
  xslfile\CLSID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\CLSID - RegSetKeySecurity Error : 5 Access is denied.

  xslfile\DefaultIcon : delete Perm. ACE 1 nt authority\system
  xslfile\DefaultIcon : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\DefaultIcon : 2 change(s)
  xslfile\shell : delete Perm. ACE 1 nt authority\system
  xslfile\shell : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\shell : 2 change(s)
  xslfile\shell\Open : delete Perm. ACE 1 nt authority\system
  xslfile\shell\Open : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\shell\Open : 2 change(s)
  xslfile\shell\Open\command : delete Perm. ACE 1 nt authority\system
  xslfile\shell\Open\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\shell\Open\command : 2 change(s)
  xslfile\shell\Open\ddeexec : delete Perm. ACE 1 nt authority\system
  xslfile\shell\Open\ddeexec : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\shell\Open\ddeexec : 2 change(s)
  xslfile\shell\Open\ddeexec\application : delete Perm. ACE 1 nt authority\system
  xslfile\shell\Open\ddeexec\application : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\shell\Open\ddeexec\application : 2 change(s)
  xslfile\shell\Open\ddeexec\topic : delete Perm. ACE 1 nt authority\system
  xslfile\shell\Open\ddeexec\topic : new ace for nt authority\system
  HKEY_CLASSES_ROOT\xslfile\shell\Open\ddeexec\topic : 2 change(s)
  zapfile : delete Perm. ACE 1 nt authority\system
  zapfile : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile : 2 change(s)
  zapfile\DefaultIcon : delete Perm. ACE 1 nt authority\system
  zapfile\DefaultIcon : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\DefaultIcon : 2 change(s)
  zapfile\shell : delete Perm. ACE 1 nt authority\system
  zapfile\shell : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\shell : 2 change(s)
  zapfile\shell\open : delete Perm. ACE 1 nt authority\system
  zapfile\shell\open : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\shell\open : 2 change(s)
  zapfile\shell\open\command : delete Perm. ACE 1 nt authority\system
  zapfile\shell\open\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\shell\open\command : 2 change(s)
  zapfile\shell\print : delete Perm. ACE 1 nt authority\system
  zapfile\shell\print : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\shell\print : 2 change(s)
  zapfile\shell\print\command : delete Perm. ACE 1 nt authority\system
  zapfile\shell\print\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\shell\print\command : 2 change(s)
  zapfile\shell\printto : delete Perm. ACE 1 nt authority\system
  zapfile\shell\printto : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\shell\printto : 2 change(s)
  zapfile\shell\printto\command : delete Perm. ACE 1 nt authority\system
  zapfile\shell\printto\command : new ace for nt authority\system
  HKEY_CLASSES_ROOT\zapfile\shell\printto\command : 2 change(s)
  {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} : delete Perm. ACE 1 nt authority\system
  {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} : new ace for nt authority\system
  HKEY_CLASSES_ROOT\{2C256447-3F0D-4CBB-9D12-575BB20CDA0A} : 2 change(s)
  {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}\ProgID : delete Perm. ACE 3 nt authority\
  system
  {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}\ProgID : delete Perm. ACE 2 nt authority\
  system
  {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}\ProgID : new ace for nt authority\system
  HKEY_CLASSES_ROOT\{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}\ProgID - RegSetKeySecur
  ity Error : 5 Access is denied.

   

  Elapsed Time: 00 00:02:16
  Done:   163592, Modified   116878, Failed    46714, Syntax errors        0
  Last Done  : HKEY_CLASSES_ROOT\{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}\ProgID
  Last Failed: HKEY_CLASSES_ROOT\{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}\ProgID - R
  egSetKeySecurity Error : 5 Access is denied.

  C:\Users\xxxxx.xxxxx\Desktop : delete Perm. ACE 2 nt authority\system
  C:\Users\xxxxx.xxxxx\Desktop : delete Perm. ACE 1 nt authority\system
  C:\Users\xxxxx.xxxxx\Desktop : new ace for nt authority\system
  C:\Users\xxxxx.xxxxx\Desktop : new ace for nt authority\system
  C:\Users\xxxxx.xxxxx\Desktop : 4 change(s)

  Elapsed Time: 00 00:00:00
  Done:        1, Modified        1, Failed        0, Syntax errors        0
  Last Done  : C:\Users\xxxxx.xxxxxx\Desktop
  =========================
  Finished.
  =========================
  Press any key to continue . . .

  ********************

  ...so I'm guessing the major problem is the whole "access is denied" problem, no doubt caused by the virus.  I really don't want to reformat, after doing all this work, but...

  Any recommendation would be appreciated.  Thanks all.

Hi

We use SCCM 2007 R3 and WSUS..

all my Windows servers are unable to check for windows updates. They all return the above error..

I have installed the hotfixes KB 2720211 and KB 2734608 onto the WSUS server and restarted as per other articles here, but still continue to have issues with all Windows server clients. Interestingly enough all workstations update perfectly fine.

An excerpt from my windowsupdate.log on one of the problematic servers:

Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-07-11 15:26:27:941  436 15a0 Misc  Microsoft signed: Yes
2013-07-11 15:26:27:941  436 15a0 Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab are not trusted: Error 0x800b0001
2013-07-11 15:26:27:957  436 15a0 Setup WARNING: SelfUpdate check failed to download package information, error = 0x800B0001
2013-07-11 15:26:27:957  436 15a0 Setup FATAL: SelfUpdate check failed, err = 0x800B0001
2013-07-11 15:26:27:972  436 15a0 Agent   * WARNING: Skipping scan, self-update check returned 0x800B0001
2013-07-11 15:26:28:269  436 15a0 Agent   * WARNING: Exit code = 0x800B0001

Any help greatly appreciated..

Cheers,

Max

Hi Technet,

Regarding this thread, I made some search on the error code and finally found a nice Windows Error Code list made by an engineer from Microsoft Redmont :List of Windows Error Code

As I found it very useful, I decide to share it with you, but as I didn't find the 0X800B010A error code in it I was wondering if there was any chance someone here has maybe an updated list ?

Thanks

TiGrOu.

Hi, we are running Update Services 3.2.7600.226 on Windows server 2008R2 and I want to add .net 4 platform to the workstation update schedule. Our expert on this has left and we have no documentation on the process. I think the sequence of events is to right-click on 'Updates' (under Update Services), click on 'Import Updates', enter '.net 4' in the search and add all components related to our client operating system (Windows XP SP 3). Yay or nay?

If this is correct will any subsequent updates for the product be automatically downloaded? 

Secondly, once the updates are downloaded to WSUS, what is the process to actually deploy these to the client workstations?

Thanks in advance for your help.

I', sorry for this long post.

First a few words of my setup. I'm using SBS2008 as simply a mail and web server, that is I have no computers connected to it or any thing else and it's not my DHCP server. I know it has all the functions for that by I'm running a simple one man company and only needs a reliable web and mail server.

I have disabled WSUS (a long time ago) and only use Windows Update to keep the server up to date. But now I see that I'm "only" getting sercurity and other updates to the OS not updates to software e.g. Exchange and other software. I know that as my Exchange is running SP1 - so the BPA tells me. I remember getting updates for Exchage and other software before turning WSUS off. I remember doing this in order to get rid of a HUGE WSUS folder.

I used this guide to turn off WSUS: http://social.technet.microsoft.com/Forums/windowsserver/en-US/10d6929c-bdbb-4ea3-9c87-d67de127597f/removeuninstall-wsus-from-sbs-2008

I have now turned WSUS back on on the server. I the SBS console there are no updates available even after "syncronizing updates". Only result is that I have a WSUS library on my C: drive og some 56 GB!

I used this guide to turn back WSUS on: http://blogs.technet.com/b/sbs/archive/2009/06/23/update-services-in-sbs-2008.aspx

What I would prefer is not to use WSUS but just Windows Update. But I also want my software to be updated. Right now I'm in th worst of situations: Running WSUS and having the HUGE folder but getting no updates for the software but only for the OS. I have checked the settings for Windows Update and the "Microsoft Update" setting is checked.

I appreciate any help to get me up to date again.

Hi -

I have a number of machines with a bloated Windows\SoftwareDistribution folder.  I usually address this by:

1. Stopping the Automatic Updates service.
2. Deleting the Windows\SoftwareDistribution folder.
3. Restarting the Automatic Updates service.

I'm considering using a computer startup script to perform this task automatically.  Does anyone have a more elegant method of automating this task?

Thanks in advance for your input.

Hello,

With the recent release of SQL 2008 R2 SP2 I was curious as to when Microsoft will be pushing it out to WSUS services? I've already done some testing in our environment with a manual download of it, but I was hoping to release it to my production servers for a upcoming maintenance night through the proper channels in WSUS. I haven't been able to find any further details on the average release to WSUS time-frame, so I was hoping someone here could shed some light on the matter.

Thanks in advance,

Guys,

Im having problems getting my WSUS 3.0 SP2 installation to work with my Server 2008 R2 x64.

My server is running as a Domain Controller, DHCP, DNS, and WDS. It is 100% patched. It HAD Symantec endpoint manager installed, but has been removed to help support WSUS.

It is part of a high secure environment and has been configured per DoD STIGs (2008 Domain Controller), SCAP, and RETINA requirements. I have the ability to relax some of the security settings, but not sure where to start.

After installing WSUS 3.0 SP2 - I am unable to connect to the WSUS administrative console. I get the following error in event log:

Error 7053 Windows Server Update Services

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the console.

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\mmc\.

System.InvalidOperationsExecption -- Client found response content type of 'text/html; charset=utf-8, but expected 'text/xml"

The request failed with the error message:

I also get these errors in the event log:

ERROR 13402 Self Update is not working

ERROR 12002 The Reporting Web Service is not working

ERROR 12012 The API remoting web service is not working

ERROR 12032 The Server Sync Web Serrvice is not working

ERROR 12022 The Client Web service is not working

ERROR 12042 The SimpleAuth Service is not working

ERROR 12052 The DSS Authentication Web Service is not working



After the installation of WSUS 3.0 SP 2, the setup tries to automatically launch the WSUS configuration wizard but fails with this error:

"An unexpected error occurred and this wizard must be closed. You may restart the wsus server configuration wizard from the options page."

I have read just about every post reguarding WSUS not connecting to the admin console - and none seem to help me out. I have tried to uninstall/reinstall IIS/WSUS several times now with no resolve.

I have been following the Microsoft installation guide for WSUS 3.0 SP2, including the prerequsits for IIS and permissions of the Network Service account on the %temp%/Framework\%temp% directories.

I have also read the guidelines from Microsoft for securing WSUS - and have modified my settings to match.

I have also tried the WSUS server debug tool, but I does not run for me. It will crash as soon as I open the program.

I need some advice on how to make this work. Please advise.

me

Hi

We are encountering this error of automatic updating going to stopping state when entered the command net stop wuauserv during the troubleshooting of windows update as below

Only solution to solve this is by rebooting the servers.Is there any solution to avoid this problem?

Any help appreciated!

Thanks & Regards S.Swaminathan Live & let others live!!!

I have installed a new server with Server 2012 Standard 64-bit.  When I add the role for WSUS everything look fine until after 4pm EST then I am getting a Critical Event "The application (Windows Server Update Services, from vendor Microsoft) was hard-blocked and raised the following: Windows Server Update Services is incompatible with this version of Windows. For more information, contact Microsoft."  After I get the error, the server removes the WSUS role. 

I would appreciate any help that anyone can give me?

Hi,

I installed WSUS Server (W2003 R2 Std - full patched)
Same install as I always do without any problems
If I try sync WSUS Server with Microsoft Update than sync failed with error:

WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.Serve

I did not set up any SSL or did not do anything other than usual.
Reinstall did not help.

Who can help me? What did i do wrong? 

Couple of simple questions:

1. Under WSUS Options/Products, there is a Microsoft Security Essentials category with two subcats: "MS Security Essentials" and "Security Essentials". Does anyone here know what is different about these?

2. The Classification known as Definition Updates appears to deliver Defender, MSSE, and something called Forefront to clients. Is there anything else this is needed for?

I have only a few MS Security Essentials clients, no Defender at all, and while I have the products in #1 all checked to be able to get updates to MSSE executables, I have Def Updates UN-checked and the clients do therefore get definition updates directly from the Microsoft Update Server and not my WSUS installation; more timely because my WSUS only downloads after hours using BITS.

I'd just like to know that I have this set-up right, TIA!