Hi All,
Just want a quick verification if this is possible? Currently in the midst of upgrading an old WSUS running on Windows Server 2008 R2 version to new WSUS to run on Windows server 2016.
Want to know if it is possible to directly make the new WSUS server (WS2016) a replica of the old one (WS2008R2)?
Thank you for your expertise.
Regards,
Josh
Hi,
We have got Server 2008 R2 servers and one Rollup update fail every month. It failed in June and failed again in July.
2018-07 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4338818)
Download size: 228.2 MB
Does anyone know why does it fail on our server?
Thanks,
Hi, I'm encountering an issue when I try to download the Feature Update to Windows 10(Business Editions), version 1803, en-us.
On download status, whenever the file size reaches almost 4,000 MB it resets back to 0 MB
Dowload Status
Updates needing files: 1
Downloaded 0.0 MB of 5,561.45 MB
Please help.
Thanks
Hello,
I am trying to install patches in few UAT servers
OS: windows server 2012 R2
Patches are missing from 2014 to till date
I am able to install most of the patches but while trying to install below patches getting message ""Will Not Install (This patch is not applicable because it is not recommended by Windows Update, so it will not be installed)"
Patch |
KB3012702 |
KB3044374 |
KB3055323 |
KB3091297 |
KB3145432 |
KB3172614 |
KB4052978 |
We are experiencing this issue with a number of Windows 10 machines, both 1703 and 1607.
They are all showing the same error:
* START * Finding updates CallerId = UpdateOrchestrator Id = 11
Online = Yes; Interactive = Yes; AllowCachedResults = No; Ignore download priority = No
Criteria = IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1""
ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
Search Scope = {Machine}
Caller SID for Applicability: S-1-5-21-1615105449-1528263825-1960982893-210032
ProcessDriverDeferrals is set
Got WSUS Client/Server URL: http://[FQDN]:8530/ClientWebService/client.asmx""
Skipping printer driver 3 due to incomplete info or mismatched environment - HWID[(null)] Provider[(null)] MfgName[(null)] Name[WebEx Document Loader] pEnvironment[Windows x64] LocalPrintServerEnv[Windows x64]
Skipping printer driver 6 due to incomplete info or mismatched environment - HWID[microsoftmicrosoft_musd] Provider[Microsoft] MfgName[Microsoft] Name[Microsoft enhanced Point and Print compatibility driver] pEnvironment[Windows NT x86] LocalPrintServerEnv[Windows x64]
ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://[FQDN]:8530/ClientWebService/client.asmx
OK to reuse existing configuration
Existing cookie is valid, just use it
PTInfo: Server requested registration
WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 159; does use network; is at background priority
Auto proxy settings for this web service call.
WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 159) stopped; does use network; is at background priority
WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover) started; operation # 160; does use network; is at background priority
WU operation (CAgentProtocolTalker::SyncUpdates_WithRecover, operation # 160) stopped; does use network; is at background priority
SyncUpdates round trips: 2
ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://[FQDN]:8530/ClientWebService/client.asmx
OK to reuse existing configuration
Existing cookie is valid, just use it
PTInfo: Server requested registration
WU operation (CAgentProtocolTalker::GetExtendedUpdateInfo_WithRecovery) started; operation # 161; does use network; is at background priority
WU operation (CAgentProtocolTalker::GetExtendedUpdateInfo_WithRecovery, operation # 161) stopped; does use network; is at background priority
*FAILED* [80248007] Method failed [SlsDatastoreLookup:797]
Retrieving SLS response from server...
Making request with URL HTTPS://sls.update.microsoft.com/SLS/{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}/x64/10.0.16299.0/0?CH=480&L=en-US;cs-CZ;de-DE;es-ES;fr-FR;hu-HU;it-IT;ja-JP;ko-KR;pl-PL;pt-BR;pt-PT;ru-RU;sv-SE;tr-TR&P=&PT=0x4&WUA=10.0.16299.15&MK=Dell+Inc.&MD=Precision+Tower+5810
SLS Response is Error response type. Attempting to extract the HRESULT in the payload...
Succeeded in extracting the HRESULT from the payload => 0x80240042
*FAILED* [80245004] Method failed [MetadataIntegrity::SignatureVerifier::GetFragmentSigningConfig:793]
*FAILED* [80245004] GetFragmentSigningConfig (Using default enforcement mode: Audit)
*FAILED* [80245004] Method failed [MetadataIntegrity::SignatureVerifier::GetFragmentSigningConfigAndUpdateEnforcementPolicy:745]
Policy-driven service enabled. Using Ignore Policy.
SyncExtendedUpdateInfo - 0 bad out of 0 metadata signatures checked using Audit enforcement mode.
Found 0 updates and 98 categories in search; evaluated appl. rules of 3605 out of 5934 deployed entities
* END * Finding updates CallerId = UpdateOrchestrator Id = 11
WU operation (CSearchCall::Init ID 11, operation # 158) stopped; does use network; is not at background priorityCan anyone suggest anything?
restarting the WU client service and clearing the SoftwareDist folder has made no difference.
Note that CCM is not involved here, aside from asking the WUAU clt to scan. This is a client or WSUS issue.
Thanks
Hi!
I'm trying to install 1803 upgrade to our pilot computers via WSUS. They all have been installed via MDT from 1709 image. For some reason, all Lenovo laptops and workstations shows up as "Not Applicable" in WSUS, and wont even try to install update.
I have couple of older Dell laptops, which has been installed using same base image. They are outside of our pilot group, and the upgrade has not yet been approved for them. However, their status is "not installed", meaning they would need the 1803 upgrade and the upgrade is suitable for them.
Computers has no problem fetching and installing other updates.
So what could cause this?
I want to get updates from only wsus.
But when i watch windows update log,
there are lot of log like below.
2018/01/15 09:04:36.1520630 7364 6424 SLS [0]1CC4.1918::01/15/2018-09:04:36.152 [sls]Making request with URL HTTPS://sls.update.microsoft.com/SLS/{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}/x64/10.0.15063.0/0?CH=796&L=ja-JP&P=&PT=0x30&WUA=10.0.15063.726&MK=Dell+Inc.&MD=XPS+13+9350
My computer downloaded from windows update.
My wsus register settings are below.
Is there any mistake?
Please help me and sorry about terrible english.
I have a question about WSUS approvals and updates.
I am running WSUS on Server 2012 R2. I have configured WSUS to store the updates locally, and download only when they are approved. On my other servers, when I check for updates, they see the approvals, but won’t download the files.
We have made some recent changes to the network and WSUS. We have blocked outbound ports on our other servers on all ports; however, these servers and WSUS are on the same VLAN and there is nothing blocking communication between them. It was after we blocked these ports that I then configured our WSUS server to download the updates. I thought that the clients would then download the files from WSUS, but our Network Admin says that we can see the clients still trying to connect to Microsoft IPs when I check for updates. So, do the clients still need to download something from Windows Update, even though the approvals and files are on my WSUS server? The updates that I have approved have finished downloading on the WSUS server (or at least the message saying “the files have not yet been downloaded” has disappeared).
Thanks
We've been battling an issue at our organization for several months now regarding Windows 10 Professional 1709 workstations not receiving the 1803 Feature Update that was released in early May 2018. The main symptom of this issue is that these
workstations are showing a status of "Not Applicable" for the 1803 Feature Update which has applied for other workstations.
We have identified that the only workstations exhibiting this behavior show an operating system name of "Windows 10 Pro for Workstations", as opposed to the other workstations' OS (which received 1803 through WSUS successfully) simply
named "Windows 10 Pro".
Is there a separate set of instructions for servicing feature updates to Windows 10 Pro for Workstations through WSUS that we are missing? These machines are receiving all other dynamic and cumulative updates without issue through WSUS, it
is only the 1803 Feature Update that will not recognize as "needed".
Thank you,
Hello
windows 10 clients are set to get definition update from wsus server.
Clients does not any gateway since we restrict internet.
Clients are able to get windows update successfully from local WSUS server but they are not able to update defender definition update.
They get error when click "Check for updates" under Threat Protection
Protection definition update failed.
Error Code: :-2147012721
Some Clients gets:
Error code: 2145107924
or
Error code: 2145103860
========= windowsupdate log is as follow:
2018/07/18 17:32:22.9783148 1124 7740 ComApi
* START * Federated Search ClientId = Windows Defender Antivirus (77BDAF73-B396-481F-9042-AD358843EC24) (cV: W+tQhC2DGEyOcYvz.1.0)
2018/07/18 17:32:22.9791048 4828 4860 IdleTimer WU
operation (SR.Windows Defender Antivirus (77BDAF73-B396-481F-9042-AD358843EC24) ID 4) started; operation # 48; does use network; is not at background priority
2018/07/18 17:32:22.9791607 4828 5224 Agent *FAILED* [80240007] Method failed [CAgentServiceManager::GetTargetedServiceMapping:3010]
2018/07/18 17:32:22.9791642 4828 5224 Agent Processing auto/pending service registrations and recovery.
2018/07/18 17:32:22.9792696 4828 5224 Misc *FAILED* [8024500C] Method failed [CSLSEndpointProvider::GetWUClientData:1996]
2018/07/18 17:32:22.9792730 4828 5224 Misc *FAILED* [8024500C] Method failed [CSLSEndpointProvider::GetSecondaryServicesEnabledState:1503]
2018/07/18 17:32:22.9792767 4828 5224 Agent *FAILED* [8024500C] Method failed [CAgentServiceManager::DetectAndToggleServiceState:2896]
All,
On a brand new Windows 2012 server VM, in a DMZ, the machines (I have this issues on several) can't connect to WSUS to update.
The WSUS server isn't in the DMZ, but both ports 8530 (HTTP) & 8531 (HTTPS) are opened on the firewall.
I've seen many articles, tested many solutions but still have the issue.
You'll find below some screenshots to avoid the "basic" troubleshooting questions.
Thanks for your help !
Result of New-Object System.Net.Sockets.TcpClient("FQDN", PORT) where PORT = 8530 or 8531
We have a bunch of Windows 2016 servers in VMM where I am trying to Remediate using the WSUS server configured on a separate server.
We know the VMM is configured correctly as it is working fine for other operating systems such as 2012 R2 & Windows 2008 R2.
When I run the scan on a Windows 2016 Server, it seems to be going out to Microsoft to check the update compliance before it attempts to download it from my WSUS server (if required) - I see this in the log files after I execute command Get-WindowsUpdateLog:
ProtocolTalker ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL =https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx
This is not so good for us if we like to keep all servers consistent with same patches - as soon as one of the patches get superseded by Microsoft, it no longer downloads this from our local WSUS Server.
Is there a way around this? We would like to run the scan (and download) from the local WSUS server and not Microsoft?
Hi.In July 10th Microsoft published some updates which most of them have issue e.g. KB 4338814 , KB4338815.
After that in July 17th, Microsoft released other Rollup updates which solve the aforementioned updates' problems and supersedes them. I want to know if I should approve both July 10th and July 17th updates on WSUS or approving 17th is enough?
Enviroment: Windows Server 2012 R2 + WSUS6.3 + Domain
I build the WSUS Roles on windows server 2012 r2 with WID database,If not client connected everything is ok,But if many clients connect this server,when i click the Computers Groups on the WSUS Console,the Console will crashed show error:Unexpected Error and evnet log haderror id :7053
,I had rebuild the windows and wsus roles for 3 times,the is the same error.
Now i have no idea,Is there anybody can help me to fix this issue ?
There is error log :
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting
the administration console. If this error persists,
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the
administration console. If this error persists,
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.
System.Xml.XmlException -- '', hexadecimal value 0x18, is an invalid character. Line 1, position 1159930.
Source
System.Xml
Stack Trace:
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.ParseNumericCharRefInline(Int32 startPos, Boolean expand, StringBuilder
internalSubsetBuilder, Int32& charCount, EntityType& entityType)
at System.Xml.XmlTextReaderImpl.ParseCharRefInline(Int32 startPos, Int32& charCount, EntityType&
entityType)
at System.Xml.XmlTextReaderImpl.ParseText(Int32& startPos, Int32& endPos, Int32& outOrChars)
at System.Xml.XmlTextReaderImpl.ParseText()
at System.Xml.XmlTextReaderImpl.ParseElementContent()
at System.Xml.XmlReader.ReadStartElement()
at System.Xml.Serialization.XmlSerializationReader.ReadStringValue()
at System.Xml.Serialization.XmlSerializationReader.ReadTypedPrimitive(XmlQualifiedName type, Boolean elementCanBeType)
at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderApiRemotingCompressionProxy.Read1_Object(Boolean
isNullable, Boolean checkType)
at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderApiRemotingCompressionProxy.Read2_GenericReadableRow(Boolean
isNullable, Boolean checkType)
at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderApiRemotingCompressionProxy.Read339_Item()
at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents
events)
** this exception was nested inside of the following exception **
System.InvalidOperationException -- There is an error in XML document (1, 1159930).
Source
System.Xml
Stack Trace:
at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents
events)
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse
response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchComputers(String computerTargetScopeXml)
at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchComputers(String
computerTargetScopeXml)
at Microsoft.UpdateServices.Internal.BaseApi.ComputerTarget.SearchComputerTargets(ComputerTargetScope searchScope,
UpdateServer updateServer)
at Microsoft.UpdateServices.UI.AdminApiAccess.ComputerTargetManager.GetComputerTargets(ComputerTargetScope
searchScope)
at Microsoft.UpdateServices.UI.AdminApiAccess.BulkComputerPropertiesCache.GetAndCacheComputers(ExtendedUpdateScope
updateScope, ComputerTargetScope computerTargetScope)
at Microsoft.UpdateServices.UI.SnapIn.Pages.ComputersListPage.GetListRows()
Hi,
In My environment some of the Windows 10 and Windows 8.1 clients not reporting to the WSUS server. But its contacting ,I already done the basic troubleshooting as per below . pls help to resolve this issue.
Note :- Today i have taken new Windows 10 laptop and added the same in domain . Based on the GPO settings its contacting to the WSUS server . But not reporting ( If any Windows 7 added newly with the same GPO settings its contacting and reporting )
Kindly refer the Windows update log also
wuauclt.exe /detectnow
wuauclt.exe /reportnow
wuauclt.exe /resetauthorization /detectnow
Stopping wuauserv, deleting C:\Windows\SoftwareDistribution\DataStore\ and Download, Starting wuauserv and wuauclt.exe /detectnow
Deleting the clients from WSUS console.
http://wsus:8530/selfupdate/iuident.cab
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f--> Client ID Successfully Reconfigured automatically.
Server cleanup completed .
server Rebooted.
WSUS Data store having 100 GB free space.
Able to telnet from the client.
Regards,
V.P.Neelakandan
Hi All,
Just want a quick verification if this is possible? Currently in the midst of upgrading an old WSUS running on Windows Server 2008 R2 version to new WSUS to run on Windows server 2016.
Want to know if it is possible to directly make the new WSUS server (WS2016) a replica of the old one (WS2008R2)?
Thank you for your expertise.
Regards,
Josh
Hi,
If I approve a Windows 10 Upgrade in WSUS, for example to 1709, the users get prompted about a Windows feature update and get the option to Snooze, Restart Now or Pick a time. It appears they are able to indefinitely click Snooze (or at least, during testing, I've found it's possible to Snnoze beyond a couple of weeks) - is there a way to force this after a certain amount of time, or will it do itself eventually anyway?
Most of our clients are swtcthed off when not used, so there's no point looking at Active Hours etc.
I'm aware I can deadline the update in WSUS, but i'm staggering the upgrades and don't want to have to bother about keeping track of which systems need to be\have been deadlined etc.
Thanks in advance
