Hello!

I have two Windows Server 2012 R2 in RDS farm, both connected to same WSUS by GPO. On both servers GPO applied correctly. When new updates are received one server reboot at 04:00 as it scheduled in GPO. But second server always rebooting at the working time. Looks like it gets correct GPO but by some reasons it didn't applied. Registry settings are the same on both. I did WSUS client reset. Any suggestions?

Hi All,

If I am not mistaken when we are doing "Check Updates" from Client we are only downloading the meta-data for the updates, i.e. only the patch information is downloaded and not the actual patches. And when click on "Install Updates" the patches are downloaded locally from the WSUS server and installed.

My question if in a production environment we start patching (installing updates) on a huge number of servers (around 100) which points to the same WSUS server at the same time, then will there be any impact on the WSUS server (possibility of crash due to overload)? Also will the the download speeds on each client get reduced proportionately with the increasing count of clients being updated simultaneously?

I hope I was able to explain myself. Looking forward for your expertise :)

Thanks,

In the new batch of updates, one update, kb3189866, the cumulative security update for Windows 10 1607 keeps failing download from Microsoft. I've tried about a dozen times to Retry Download, and it starts but always errors out in the list. It does look like it downloads the whole thing according to the status/sync page, but it's always in an error condition in the list of all updates, and no client will download it in this state.

Is there a way to clear that and make it try again cleanly?

Curt Kessler - FLC

I have a WSUS Windows 2008 client that has a GPO that pushes a WUServer and WUStatusServer ip address, the correct settings are visible in Windows registry, the correct settings come up if you do "req query "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate"", but in WindowsUpdate.log, it still shows the following:

Agent     * WSUS Server: <NULL>

Agent     * WSUS status server: <NULL>

and fails with exit codes 0x800401FD and 0x80240007. In the Windows update GUI, it displays a 8024402C error code

The WSUS server is running on Windows 2012 R2.

What could be causing this?

Paul

...seems like only 64-bit packages are the Problem, 32-bit packages are donwloading with no Problems...

regards

JackyJ

Content file download failed.

Reason: CRC verification failure.

Source File: /c/msdownload/update/software/secu/2016/09/windows10.0-kb3185611-x64_d4a088ac78c72872cc32d4fe953e8cfc324b6af1.psf

Destination File: D:\WSUS\WsusContent\F1\D4A088AC78C72872CC32D4FE953E8CFC324B6AF1.psf

Hi,

Some of our WSUS clients are not appearing in the WSUS console. The clients I have noticed so far have all been Server 2012 r2 but not all 2012r2 servers are missing.

The affected servers are getting the correct GPO settings and they are the same as working machines. The WSUS server is running Server 2012r2.

Looking at windowsupdate.log I can see that the affected servers are connecting to our WSUS server and are detecting updates successfully but they just don't appear in the console either in their correct group or in "All Computers"

Any ideas anyone?

Our WSUS server (Windows Server 2012 R2) hanged when it was installing updates on itself. I rebooted it in a harsh way, it started normally and finished installing the updates. However, now I can't start the WSUS management console due to a connection error. The WSUS server service itself doesn't start as well.

The Application server contains multiple events 18456, source MSSQL$MICROSOFT##WID, message "Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'SUSDB'. [CLIENT: <named pipe>]" If I try to connect to the server using SQL Server Management Studio, it displays the following error: 

"Cannot connect to \\.\pipe\MICROSOFT##WID\tsql\query. Login failed for user 'MY-LOGIN'. (Microsoft SQL Server, Error: 18456)"

The Application even log contains the same event mentioned above, only the message is different: "Login failed for user 'MY-LOGIN'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT:<named pipe>]".

If I restart the Windows Internal Database service, it starts normally and doesn't throw any errors in the Application log. Among other things, it successfully mounts the SUSDB database. No other errors (including DCOM errors) can be found in the log.

Seems that security setting on the WID engine are damaged. Any ideas how to fix them? Besides reinstalling the server, of course? :)

Evgeniy Lotosh // MCSE: Server infrastructure, MCSE: Messaging

I have noticed that *several* users had their workstations unexpectedly restarted today for Windows Updates.

When I checked the update status in WSUS, I found that this was triggered because there were updates still pending that were deadlines from July.

For some reason the installation deadline for some updates only became enforced today.

If it was only one workstation, I would guess it was a local glitch on the workstation or maybe the user uninstalled the update and then it reinstalled automatically because it was overdue.  However, this is not a single user problem.

Not sure if this is related, but when users click on the "Check for update" button, it takes much longer for the check to complete and either display available updates or else say the system is up to date and doesn't need any updates.  We are used to this taking around 20 seconds or less and now it sometimes takes minutes.

What can cause these types of issues? 

WSUS server running, GPo directs clients to update from and report to WSUS.

After working correctly for some time, I now discover that clients are failing updates from our WSUS server. Ever freshly installed clients Win 7 Pro UK with Service Pack 1 with no 3rd party software installed

First time WU is run, users are promted to install an updated version of WU. After this, nothing happens.

WSUS tells me "This computer has not reported status yet"

Errors in windows update logs looks like this:

First it tells me: WU client version 7.5.7601.17514

2016-09-1115:29:04:015812ab0AgentWARNING: Failed to read the service id for re-registration 0x80070002
2016-09-1115:29:04:015812ab0AgentWARNING: Missing service entry in the backup data store; cleaning up

2016-09-1117:36:36:558920a00SetupDownload of SelfUpdate binaries succeeded
2016-09-1117:36:36:558920a00SetupStarting agent SelfUpdate

2016-09-1117:36:43:7713300ce8SetupInstalling setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320"
2016-09-1117:36:45:9573300ce8SetupWARNING: CBS installation failed, error = 0x800F0806
2016-09-1117:36:45:9573300ce8SetupWARNING: Install of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320" failed, error = 0x8024D00E
2016-09-1117:36:45:9573300ce8SetupFATAL: Failed to install package, error = 0x8024D00E
2016-09-1117:36:45:9573300ce8SetupWARNING: Installing applicable setup packages failed, error = 0x8024D00E
2016-09-1117:36:45:9733300ce8SetupReboot is required.  Diagnostic: <0|0|3:X|5:X>

Rebooting...

And it gets updated to 7.6.7600.320

2016-09-1117:36:53:873920da8SetupSetup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320" is applicable but is already staged; it will not be downloaded.
2016-09-1117:36:53:873920da8SetupSelfUpdate check completed.  SelfUpdate is required.

2016-09-1118:07:45:378900164SetupService restarting after SelfUpdate
2016-09-1118:07:45:378900164SetupClient version: Core: 7.6.7600.320  Aux: 7.6.7600.320

(after what seems to be a couple of failed selfupdates)

From here every WU fails (with svchost stalling af 25%):

2016-09-1118:09:09:7859006c4AgentWARNING: Failed to evaluate Installed rule, updateId = {189A8F50-0C3A-4FDF-8BC2-BC23A3EB11FB}.101, hr = 80242013

(which seems to be an Irish language pack that I can't find on the WSUS server)

Lots of these:

2016-09-1118:09:30:8959006c4AgentUpdate {9F3DD20A-1004-470E-BA65-3DC62D982958}.100 has no local extended metadata. Not returning it.
2016-09-1118:09:30:8959006c4AgentUpdate {28BC880E-0592-4CBF-8F95-C79B17911D5F}.100 has no local extended metadata. Not returning it.
2016-09-1118:09:30:8959006c4AgentUpdate {68623613-134C-4B18-BCEC-7497AC1BFCB0}.101 has no local extended metadata. Not returning it

Then:

2016-09-1118:09:30:8999006c4Agent * Found 0 updates and 0 categories in search; evaluated appl. rules of 1193 out of 2157 deployed entities
2016-09-1118:09:30:9019006c4Agent*********
2016-09-1118:09:30:9019006c4Agent**  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2016-09-1118:09:30:9019006c4Agent*************
2016-09-1118:09:30:951900d58AU>>##  RESUMED  ## AU: Search for updates [CallId = {AD1027AE-A2E5-4A05-B670-688F728597D8}]
2016-09-1118:09:30:951900d58AU # 0 updates detected

With the last WU I did, the last logs ends with:

2016-09-1121:26:44:146916df4SetupSelfUpdate handler update NOT required: Current version: 7.6.7600.320, required version: 7.6.7600.320
2016-09-1121:26:44:146916df4SetupEvaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320"
2016-09-1121:26:44:149916df4SetupSetup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.320" is already installed.
2016-09-1121:26:44:149916df4SetupEvaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320"
2016-09-1121:26:44:176916df4SetupSetup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320" is already installed.
2016-09-1121:26:44:176916df4SetupEvaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320"
2016-09-1121:26:44:219916df4SetupSetup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.320" is already installed.
2016-09-1121:26:44:219916df4SetupSelfUpdate check completed.  SelfUpdate is NOT required.
2016-09-1121:26:46:680916df4PT+++++++++++  PT: Synchronizing server updates  +++++++++++
2016-09-1121:26:46:680916df4PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://192.168.206.14:8530/ClientWebService/client.asmx
2016-09-1121:27:18:773916df4AgentWARNING: Failed to evaluate Installed rule, updateId = {189A8F50-0C3A-4FDF-8BC2-BC23A3EB11FB}.101, hr = 80242013
2016-09-1121:27:24:618916df4PT+++++++++++  PT: Synchronizing extended update info  +++++++++++
2016-09-1121:27:24:618916df4PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://192.168.206.14:8530/ClientWebService/client.asmx

And nothing happens for 10 min. (Except for svchost taking 25% cpu).

What I have done:

Declining some of the language packs

I ran WSUSutil reset

I ran WSUS troubleshooter on the client. It told me things like "wsus server registration is missing or corrupt" 

Other things to try - reinstalling WSUS server?

Regards, Lars.

Alex Olver

KB3182373 is showing as "needed" by our servers and is classified as a "Feature Pack."  However, when I follow the link, the description says it is a Security Update.

"This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email message or instant message that takes the user to the attacker's website."

We don't want to install Silverlight on any of our servers or workstations that don't already have a need for Silverlight and that don't aleady have older versions that need patching already installed.  Of course, we want vulnerable versions of Silverlight that are already installed to be updated.

Is this a patch that should only be detected as needed on systems that already have an older version of Silvelright or is this really a feature pack that will install Silverlight on systems that don't already have it?

Hi,

I can not download with WSUS "Upgrade to Windows 10 Education, version 1511, 10586 - en-gb, Volume". I tried with three different servers with direct access to the internet, no proxy. All other upgrades can I download. In event viewer I find ab error 2 with a CRC error. Has anyone else downloaded the upgrade? How can I fix it? A reset of the content does not help.

Log Name:      Application
Source:        Windows Server Update Services
Date:          9/4/2016 4:42:40 PM
Event ID:      364
Task Category: 2
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      BADWLRZ-SWWSUS2.ads.mwn.de
Description:
Content file download failed.
Reason: CRC verification failure.
Source File: /c/upgr/2016/05/10586.0.160426-1409.th2_refresh_clienteducation_vol_x64fre_en-gb_c4f7837e4028339a2c8be01dbf03c34a0886359f.esd
Destination File: E:\WSUS\WsusContent\9F\C4F7837E4028339A2C8BE01DBF03C34A0886359F.esd
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Server Update Services" />
    <EventID Qualifiers="0">364</EventID>
    <Level>2</Level>
    <Task>2</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-09-04T14:42:40.000000000Z" />
    <EventRecordID>2154</EventRecordID>
    <Channel>Application</Channel>
    <Computer>BADWLRZ-SWWSUS2.ads.mwn.de</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Content file download failed.
Reason: CRC verification failure.
Source File: /c/upgr/2016/05/10586.0.160426-1409.th2_refresh_clienteducation_vol_x64fre_en-gb_c4f7837e4028339a2c8be01dbf03c34a0886359f.esd
Destination File: E:\WSUS\WsusContent\9F\C4F7837E4028339A2C8BE01DBF03C34A0886359F.esd</Data>
  </EventData>
</Event>

Hello,

I am having an issue upgrading my PCs from 1511 to 1607 using WSUS. I have installed all required updates and followed all appropriate steps found here: https://support.microsoft.com/en-us/kb/3159706.  I have put the .esd file type in IIS. The clients are all failing with error code: (Unable to Find Resource:) ReportingEvent.Client.167; Parameters: Feature update to Windows 10 Pro, version 1607, en-us, Retail being reported on the WSUS server. I am running 2012 R2. Any help would be appreciated.

Hello,

I have a WSUS server on amazon ec2 which has few clients connected as we are just trying out this option to roll updates to clients. I created a group named dev and added 1 single computer to it. I applied all the patches i want and then tried another computer to the group. I added it successfully. But the problem is that the new computer added to the group doesn't seems to pick up updates which are already approved. I have no clue why. Can someone please help. It is been 45 minutes waiting for the same. 

--

Niraj

On a 2008R2 Domain, Im getting an SQL error moving WSUS from a 2008R2 domain controller (its WSUS Server ver 3.2.7600.226 using Windows Internal Database) to a new 2012R2 standard Server (again using WID). Im at step 3.3 "Back up the WSUS database" of technet.microsoft.com/en-us/library/hh852349. Ive installed SQL Server Management Studio release 16.3 on the 12R2 but cant connect from it to the database on either the old or new server.

(to add to the fun, SQL Server Management Studio release 16.3 wont install on 2008R2; I "run as admin", accept the UAC prompt, and nothing else happens.)

Anyway, on 12R2, at "Connect to (SQL) Server", server type says Database Engine, I enter the server name, hit Connect, errors after a few secs with:
"Cannot connect to SERVERNEW.
------------------------------
ADDITIONAL INFORMATION:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 2)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=2&LinkId=20476
------------------------------
The system cannot find the file specified."

If I "Browse for more" (servers to connect to), no Local Servers are shown. Network Servers shows "Database Engine" & both the 2012R2 & 2008R2 WSUS Server names under it, but "connect" gives the exact same previous error, in both cases.

Ive searched web but it all seems to be about SQL Server proper, not WID ("is the SQL Server service running?" no, dont have that; "Windows Internal Database" & "Windows Internal Database VSS Writer" services are running on 2012 & "Windows Internal Database" on 8R2). Dont know how to check if "SQL Server is configured to allow remote connections" since dont know how to access WID.

Thanks so much. Id love to complete this migration.
Chris

I have a freshly installed WSUS instance on a brand new 2012 R2 server, no other roles.  GPO is configured and is applying to a group of Windows 10 machines.  Client side targeting is enabled.  When I look in WSUS console only a single Windows 10 PC is present/reporting as if only one machine can report to WSUS.  However, if repeatedly visit the console over time you will realize that the name of the PC displayed in the console changes. Almost as if the last one to report gets to be shown, the others are not.  To verify that more then one Windows 10 machine is being serviced by this WSUS instance a policy has been setup to force update installation and reboot.  A single update has been approved for installation.  PCs in question installed it and you can see it in update history.  This leads me to believe this is a console issue.  Any insights will be much appreciated.  SSL not in use.  Using SQL Express. KB3095113 has been installed.  KB3159706 has been installed, post configuration steps completed.  WSUS console cache has been cleared.  Thank you!

I am able to recieve all updates from my WSUS server without issue EXCEPT the 1607 update that has been approved. All other updates install on clients while the log shows a failure with error code 0x80244016 for 1607.

I looked up the error code and it means 

WU_E_PT_HTTP_STATUS_BAD_REQUEST Same as HTTP status 400 - the server could not process the request due to invalid syntax.

Not sure why I would be getting this error considering all other updates work without issue. 

Lastly, I was able to deploy 1511 with this WSUS server without issue as well. This is a 1607 problem only.

Windows Update was downloading :

. Cumulative Update for Windows 10 Version 1607 for x64-based systems (KB3189866)

. Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB3188128)

. Update for Windows 10 Version 1607 for x64-based systems (KB3176936)

it's been stuck here all day on my Surface Book "Downloading updates 95%"

How do I get this unstuck?

MfG Hei_G