Quantcast
Viewing all 12874 articles
Browse latest View live

Disabling SSL Protocol TLSv 1.0 breaks WSUS Synchronization with Microsoft.

August 25, 2016, 8:54 am
$
0
0

Running Windows 2012 R2 with WSUS role. I'm using IISCrypto v2 to disable TLSv1.0 and possible TLSv1.1. But when I disable TLSv1.0, Synchronization directly with Microsoft fails. Is there away I can use TLSv1.2 to make the connection?

Synchronization Error Message:

WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.Serve

Thank you,

Don

Search

WSUS Breaks after KB3159706, released 5/5/2016

May 5, 2016, 11:25 am
$
0
0

Hey all, just installed KB3159706 on my WS 2012 R2 WSUS Server at 2PM on 5/5/2016.  This was supposed to fix/issues when KB3148812 was released a few weeks ago.  Don't install KB3159706, it breaks WSUS.

C'mon Microsoft, get your stuff together.  I'm tired of this amateur hour BS.



WSUS on 2012 R2 with custom port

August 10, 2016, 8:00 pm
$
0
0

I have my antivirus software running on port 80 and would like to install WSUS on the same server which is failing.

My guess is that, the 80 port is already in use by antivirus application. Is there a way to define custom port during the WSUS installation. In 2008 R2 it was possible but in 2012 I dont see such an option.

DELETE

September 1, 2016, 9:05 am

WSUS keeps crashing after KB3159706

May 11, 2016, 12:47 am
$
0
0

Hi, I still have problems with my WSUS server running on Windows Server 2012 R2.

KB3148812 broke my WSUS, like everyone, so I waited for KB3159706 to be released.

After installing KB3159706 and doing the manual steps, my WSUS seemed to work fine at first sight, but in fact it's not...

Without doing anything particular, the WSUS seems to crash randomly 2/3 times per day : when it happens I can't connect to the WSUS console, and the clients can't reach the WSUS server to get updates, that's really annoying...

The only thing I can do is reboot the Windows Server to get the WSUS back, but you understand that I can't do that every 4 hours...

WSUS console & service can't start. "Reason: Failed to open the explicitly specified database 'SUSDB'"

April 21, 2016, 3:55 am
$
0
0

Our WSUS server (Windows Server 2012 R2) hanged when it was installing updates on itself. I rebooted it in a harsh way, it started normally and finished installing the updates. However, now I can't start the WSUS management console due to a connection error. The WSUS server service itself doesn't start as well.

The Application server contains multiple events 18456, source MSSQL$MICROSOFT##WID, message "Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'SUSDB'. [CLIENT: <named pipe>]" If I try to connect to the server using SQL Server Management Studio, it displays the following error: 

"Cannot connect to \\.\pipe\MICROSOFT##WID\tsql\query. Login failed for user 'MY-LOGIN'. (Microsoft SQL Server, Error: 18456)"

The Application even log contains the same event mentioned above, only the message is different: "Login failed for user 'MY-LOGIN'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT:<named pipe>]".

If I restart the Windows Internal Database service, it starts normally and doesn't throw any errors in the Application log. Among other things, it successfully mounts the SUSDB database. No other errors (including DCOM errors) can be found in the log.

Seems that security setting on the WID engine are damaged. Any ideas how to fix them? Besides reinstalling the server, of course? :)

Evgeniy Lotosh // MCSE: Server infrastructure, MCSE: Messaging


KB3167679 breaks password changing on Windows 2008 R2 Servers

August 30, 2016, 9:53 am
$
0
0

Hi Team,

we are faced password changing issue on our 2008 R2 Server, Please find the below Error.

"The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."

we are uninstalled the patch KB3167679 issue was resolved,but patch will install automatically.

the thing is that  there is any hotfix for this issue.

Kindly help on this issue.

Regards

Vajram Gajengi

Update server listed multiple times in navigation pane

August 24, 2016, 8:20 am
$
0
0
I am new to WSUS. Deployed a new 2012 R2 server and added WSUS to it. Most of my machines are reporting to it. In the navigation pane I have always had it listed twice. Once just the name of the server and once with the domain included. I was attempting to get reporting worked out and install Report Viewer and .NET as well. Subsequently it is now listed 3 more times with the domain in the navigation pane for a total of 5 times. What does this mean?
Search

Custom Update View does not list updates

August 24, 2016, 8:46 am
$
0
0
I created a new update view because I need to approve updates for just one server. No updates will list for this new update view. There are plenty of updates available as we are way behind on patching. I altered the approval and status filters to show any except declined and any status. Also edited the view to be more specific with the updates I am looking for. I am able to view an approve updates via other avenues but this would be helpful to me.

WSUS replace the second S with an X

August 26, 2016, 9:14 am
$
0
0

I don't know how much I can take anymore of these systems that don't work. I am so sick of spending hours trying to fix what shouldn't even be broken. This started with trying to get my Windows 10 clients to upgrade to 1607 and not being able to download from WSUS because of newly discovered old updates from years ago that came out of nowhere.

Now I have a few Surfaces that are having all kinds of minor problems that I'm wasting hours trying to fix.  Now my workstation is acting up with 1607 and I go to Settings and see there's two updates in the wings to fix all the things screwed by 1607 (even though you been beta testing with Insiders for months, still can't produce software that works right)

Cumulative Update for Windows 10 Version 1607 KB3176934

Update for WIndows 10 Version 1607 KB3176936

Stuck at downloading Updates 0%

So now I suppose I have to stop the hours i'm wasting trying to fix Office, and the hours i'm wasting trying to solve the new problem on my computer and begin spending hours wasting time trying to figure out what magic is needed to install these.

I can't stand much more of this nonsense (I wanted to use other words but I'm resisting)

WSUS High CPU usage

August 26, 2016, 10:02 am
$
0
0

I'm running WSUS on server 2012 with the WID database. It is linked to SCCM 1606, hosted on a different server. There's a downstream server, configured as a replica that serves internet sccm clients. It can serve up to 6000 clients.

IIS stopped the WsusPool after recycling it too many times. I increased the private memory limit from the 1.8GB default to 4GB. But still, the worker process consumes memory and CPU like crazy (CPU is at 100% almost all the time, with 90% going to w3wp.exe). I can throw more memory at it, but I doubt it will fix the underlying problem.

In %ProgramFiles%\Update Services\LogFiles\SoftwareDistribution.log, I get many entries like this:

2016-08-26 12:34:15.223 UTC	Warning	w3wp.14	UnencryptedCookieData.Deserialize	Argument exceptioninvalid header
Nom du param..tre..: bytes
2016-08-26 12:34:15.223 UTC	Warning	w3wp.14	EncryptionHelper.DecryptData	Argument exceptionMicrosoft.UpdateServices.Internal.Authorization.LoggedArgumentException: invalid header
Nom du param..tre..: bytes
   .. Microsoft.UpdateServices.Internal.Authorization.UnencryptedCookieData.Deserialize(Byte[] bytes)
   .. Microsoft.UpdateServices.Internal.Authorization.EncryptionHelper.DecryptData(Byte[] cookieData)
Nom du param..tre..: cookieData
2016-08-26 12:34:15.224 UTC	Warning	w3wp.14	SoapUtilities.CreateException	ThrowException: actor = https://060dp1.vd.cerfs:8531/ClientWebService/client.asmx, ID=8136e9e6-3170-4003-9bc8-4cd0fa39bf85, ErrorCode=InvalidCookie, Message=, Client=?

I also see many of the following lines, but I presume they're from the AppPool recycling or restarting:

2016-08-26 12:34:20.431 UTC	Warning	w3wp.46	SoapUtilities.CreateException	ThrowException: actor = https://060dp1.vd.cerfs:8531/ClientWebService/client.asmx, ID=591777d0-5daf-498d-845e-f5489ca98dcf, ErrorCode=ServerChanged, Message=Server rolled back since last call to GetCookie, Client=5c2fefec-d448-44b7-85ee-91090530dd29
2016-08-26 12:34:21.976 UTC	Warning	w3wp.14	SoapUtilities.CreateException	ThrowException: actor = https://060dp1.vd.cerfs:8531/ClientWebService/client.asmx, ID=3e4e072e-bb33-45ae-b8dd-d94df5e92632, ErrorCode=ConfigChanged, Message=, Client=1a6a5b29-f421-4eb4-b53a-40688773af05

I installed KB3159706 a week ago and followed the post-install instructions. I can't tell if the update caused this, I know the console was working fine after the post-install procedure, but most of my clients were off at that time (during school district summer vacations almost everything is unplugged).

Windows 2008 R2: Problems with installing KB890830 and KB915597

August 29, 2016, 9:06 am
$
0
0
Hi all, when trying to install above updates, I get errors as below.

Windows 2008 R2, logged in as administrator.

Please let me know if you need any more information to help me identify what's wrong - I dont have any AV installed right now!

Thanks in advance for any help/suggestions.

Windows Malicious Software Removal Tool x64 - August 2016 (KB890830)

Definition Update for Windows Defender - KB915597 (Definition 1.227.706.0)

AntiMalware Definition Update has stopped working.

Problem signature:
  Problem Event Name:APPCRASH
  Application Name:mpas-fe.exe
  Application Version:1.227.706.0
  Application Timestamp:57bf9a81
  Fault Module Name:mpas-fe.exe
  Fault Module Version:1.227.706.0
  Fault Module Timestamp:57bf9a81
  Exception Code:40000015
  Exception Offset:000000000000c63e
  OS Version:6.1.7601.2.1.0.274.10
  Locale ID:1030
  Additional Information 1:1940
  Additional Information 2:19409312fceac14dede4f92510119cc8
  Additional Information 3:3689
  Additional Information 4:3689b368422b49af0045cba19bd93eb8

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt



Microsoft Windows Malicious Software Remotal Tool (KB890830) has stopped working



Problem signature:
  Problem Event Name:APPCRASH
  Application Name:Windows-KB890830-x64-V5.39.exe
  Application Version:5.39.12900.0
  Application Timestamp:5799795c
  Fault Module Name:Windows-KB890830-x64-V5.39.exe
  Fault Module Version:5.39.12900.0
  Fault Module Timestamp:5799795c
  Exception Code:40000015
  Exception Offset:000000000000ec22
  OS Version:6.1.7601.2.1.0.274.10
  Locale ID:1030
  Additional Information 1:4c8d
  Additional Information 2:4c8d35b3f474a1a2e0c8452a9dbaa5f2
  Additional Information 3:63c5
  Additional Information 4:63c5264bae8bc293618c014c24e81eeb

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt


Windowsupdate.log here: http://pastebin.com/TPTwd5XU





How to temporarily stop synchronizing new updates to the wsus ?

August 29, 2016, 1:54 pm
$
0
0

Hi,

I have a customer that has a stage of testing servers and a stage of production ones.

Only Testing servers have Automatic Approvals updates enabled in order to install important updates inmediately, and production ones don´t. They want to stop synchronization in order to make a testing window time, to test the updates and in some scheduled time apply the same updates to production servers. The question is, how to stop the synchronization in order to temporaly cancel Automatic Approvals? (by a scheduled task with a script or something like that, in a automatically way). Is possible just stopping the "Update Services" service? Or is there any other way?

Thanks in advance

Cristian L Ruiz


KB3172985 and Google Cloud Print

August 29, 2016, 7:05 pm
$
0
0

So we are in an education setting. We use Windows 10 Pro and google cloud print. Today, a large majority of us were not able to print using google cloud print. I quickly found this:

https://productforums.google.com/forum/#!topic/chrome/omdLlyyPCu0;context-place=forum/chrome

Where users state that the google cloud print installation errors out. Which leads to most of us uninstalling google cloud print and trying to reinstall and this is where we encounter the error. After you install a windows update (i was never able to find the specified update), the install succeeds and printing resumes. However, we use WSUS and with Windows 10 the updates happen automatically which reinstalls the update that was removed. I know i can stop the update install but the issue is, the update to stop on the WSUS server does not appear to be the same across systems. So, i wanted to check here and see if anybody has reported this issue and if not, see if anyone has any ideas as to what is going on?

KB3161949 (MS16-077) - June 2016 Update causes network file shares to become unavailable. Superseded patch available?

August 31, 2016, 1:29 am
$
0
0

Hi All,

I've been reading a few posts on this issue and this article (https://support.microsoft.com/en-us/kb/3161949) states that it creates the following reg entry:

After you install this security update, the following changes are applied:
  • NETBIOS communication outside of the local subnet is hardened. Therefore, by default, some features that depend on NETBIOS (such as SMB over NETBIOS) will not work outside the local subnet. To change this new default behavior, create the following registry entry:
    SUBKEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    Value Name: AllowNBToInternet
    Type: Dword
    Value: 1
    Default value of the flag: 0

This, as most know, caused network shares to stop working. I needed to specifically remove this from our domain controllers to resolve our issues. The patch remains installed on all of our other servers not causing any problems. I had a look now and the above mentioned registry entries aren't created on any of the servers that the patch was installed on. It makes sense why this reg entry is not applied to the DC's from which the patch was removed. Question is why don't I see it on the rest of the servers from which the patch was not removed?

Take note the patch was changed to declined on WSUS to prevent it from reinstalling on the DC's, but that doesn't remove it from the other servers. Majority servers running Server 2008 R2, including DC's.

Then my other question is - was there a superseded patch/fix? If not, what is the fix? In my mind, adding this reg entry to our DC will affect our shares again - not applying it will leave a vulnerability in our environment.

Thank you

Search

Can't log on Domain after Windows 10 home to pro upgrade

August 31, 2016, 6:36 am
$
0
0

We purchased 2 laptops with windows 10 home before we established a domain at our office.  We now want to join them to our domain so we purchased the 10 pro upgrade for $100. Although we are able to join the domain from the laptops, we are unable to login / authenticate to it.  no matter what username we use, we get an "incorrect user password" error. All of the windows 10 pro <g class="gr_ gr_543 gr-alert gr_spell gr_run_anim ContextualSpelling" data-gr-id="543" id="543">pcs</g> that we own are having no issue.  It's just the ones we upgraded from home to pro. 

Has anyone else experienced this issue?  How can it be solved?

No client computers have ever contacted the server.

September 5, 2016, 9:43 pm
$
0
0

hi<o:p></o:p>

installed new server 2012 r2 and wsus.it running and getting updates(200gb) but I don't see my clients connected.keep getting 13051 id error in event viwer.check the policy and configure my server as "http://servername" in the policy.when trying to connect via explorer from the station or the server  to "http://servername" keep getting "authentication required" and username and pass instead getting the iis.looked in the iis bindings and permisions and even tryied :8530 or 8531 port in the explorer but no good

<o:p>when running windows update directly on the srver get"80244017" error</o:p>

ronnie

WSUS - Error downloading Uprade Win 10 Education, version 1511, 10586 -en-gb, Volume

September 4, 2016, 9:12 am
$
0
0

Hi,

I can not download with WSUS "Upgrade to Windows 10 Education, version 1511, 10586 - en-gb, Volume". I tried with three different servers with direct access to the internet, no proxy. All other upgrades can I download. In event viewer I find ab error 2 with a CRC error. Has anyone else downloaded the upgrade? How can I fix it? A reset of the content does not help.

Log Name:      Application
Source:        Windows Server Update Services
Date:          9/4/2016 4:42:40 PM
Event ID:      364
Task Category: 2
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      BADWLRZ-SWWSUS2.ads.mwn.de
Description:
Content file download failed.
Reason: CRC verification failure.
Source File: /c/upgr/2016/05/10586.0.160426-1409.th2_refresh_clienteducation_vol_x64fre_en-gb_c4f7837e4028339a2c8be01dbf03c34a0886359f.esd
Destination File: E:\WSUS\WsusContent\9F\C4F7837E4028339A2C8BE01DBF03C34A0886359F.esd
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Server Update Services" />
    <EventID Qualifiers="0">364</EventID>
    <Level>2</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-09-04T14:42:40.000000000Z" />
    <EventRecordID>2154</EventRecordID>
    <Channel>Application</Channel>
    <Computer>BADWLRZ-SWWSUS2.ads.mwn.de</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Content file download failed.
Reason: CRC verification failure.
Source File: /c/upgr/2016/05/10586.0.160426-1409.th2_refresh_clienteducation_vol_x64fre_en-gb_c4f7837e4028339a2c8be01dbf03c34a0886359f.esd
Destination File: E:\WSUS\WsusContent\9F\C4F7837E4028339A2C8BE01DBF03C34A0886359F.esd</Data>
  </EventData>
</Event>

Error when I configure MDT to run with WSUS

August 30, 2016, 5:55 am
$
0
0

ZTI ERROR - Unhandled error returned by ZTIWindowsUpdate:  (-2147023838  0x80070422)

This is the error I have when I execute this task sequence : 

Image may be NSFW.
Clik here to view.

And I had this line in CustomSettings file : 

WSUSServer=http://*mynameserver*:8530

So I don't understand the error. I did it like all tutorials show that. 

Thanks to your help, and sorry for my bad english :) 



Migrate WSUS from 008 R2 to 2012 R2 with remote SQL DB

September 6, 2016, 2:08 am
$
0
0

Hi guys, I currently have WSUS installed and happy on Windows 2008 R2. The DB is also on a remote SQL 2008 R2 instance. I'd like to get the WSUS server piece onto Windows 2012 R2. I have been reading this guide:

  • https://technet.microsoft.com/en-us/library/hh852352(v=ws.11).aspx
 Is it still applicable? Is the only change required to backup the DB and restore to a new name?
Viewing all 12874 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>