Quantcast
Channel: WSUS forum
Viewing all 12874 articles
Browse latest View live

Some unexpected output from WSUS Server when running the Powershell.

August 7, 2019, 2:07 am
$
0
0

Hi There,

Background

-------------

1.When try to run the powershell,one object from the WSUS server will disappeared sometimes.

Get-WsusComputer -NameIncludes "contoso"

sometimes it will returN the right anwer with one FQDN called contoso.

2.But after 10 seconds later,when try to run the cmdlet again from CMD line,it will return the result as:

Computer unavailable

3.We have only one WSUS from environment.

Question

=====

1.How it possible that one object can be found from the powershell and sometimes it return null,event this powershell cmdlet are the same?

2.Some possible reason that can affect on this issue?

Thanks 

Lance

Search

WSUS update source keeps changing

July 30, 2019, 1:34 pm
$
0
0

We are running WSUS on Server 2016 and have SCCM 1802 (Current Branch).

The update source in SCCM keeps changing to "Synchronize from another Windows Server Update Services" server. SCCM is configured (Software Update Component Properties) to "Synchronize from Microsoft Update" once per day.

It appears to change every hour and I can see in the WCM.log that it has changed.

I have rebooted the WSUS server but it still happens. Some threads point to the Microsoft Client Security Update Assistant service but our server does not have that.  I find no hourly tasks that are triggered at the times it happens.

Thoughts?

Skip

Windows Update KB4506161 - Failing to Install

July 12, 2019, 3:43 am
$
0
0

I am currently installing the July 2019 Windows Updates and have come across Windows Update KB4506161 which fails to install and returns an error Code 66A. Our updates are pushed out to our servers by WSUS.

The offending update is KB450616 - Security update for the information disclosure vulnerability in Visual Studio 2010 Service Pack 1

All the servers where this update fails to install are Windows Server 2012 R2. Has anyone else experienced this issue and if so, what actions were taken to get the update to install?

Some WSUS clients are not displayed on WSUS console

July 31, 2019, 12:57 am
$
0
0

Hi,

we deployed WSUS on Windows Server 2019. The servers (as WSUS clients) get the settings for updates using GPOs in the domain.

Although some servers have the identical settings, they will not listed in the WSUS console.

What is the issue here?

Best regards

Birdal

Disable "Update Settings" on WSUS clients

July 31, 2019, 1:03 am
$
0
0

Hi,

we deployed WSUS on Windows Server 2019 and the the servers (as WSUS client) get the setting using GPO in the domain.

We want disable using GPO all "Update Settings" (Change Active Hours, Restart Options, Advanced Options) under"SETTINGS > UPDATE & SECURITY" to avoid that any account change these settings.

Unfortunately we could not find any GPO settings options in Administrative Templates.

Any idea?

Best regards

Birdal

Upgrading WSUS from 3.0 SP2 to 4.0 (Windows Server 2012) and re-enabling SSL

September 18, 2012, 5:48 pm
$
0
0

Hi all

Our WSUS 3.0 SP2 server was running on W2K8 R2, using a database on a remote SQL server and using SSL with 80/443 ports (not tcp/853n ports). Last week I upgraded the server to 2012. In order to upgrade, I had to uninstall WSUS on W2K8 R2, then run the OS upgrade, and add the "Windows Update Services" role. During the role installation, I was able tode-select WID (Windows Internal Database) and add the "Database" role service instead. I then was asked for the name/instance of the SQL server. After granting my current login sysadmin/securityadmin rights in the SQL server login, WSUS seemed to do some DB-maintenance and then was up and running - but [Edit 2012/09/19] on the default port and with no SSL[End Edit]. The certificate used previously (from AD) was still present in the computer certificate store, as expected.

I was unable to find much info on enabling SSL on WSUS 4.0, so I followed the advice given on the Deployment Guide for WSUS 3.0 SP2 (Section"Configuring SSL on the WSUS Server"), basically:

    • Start IIS Manager, stop the Default Web Site and change the bindings (i moved the port binding one up, e.g. 80 -> 81, 443 -> 444)
    • Edit the bindings of the WSUS Administration Site and assign 80 and 443 and select the still present certificate
    • Now WSUS is responding to clients but the Management Console fails. After running%ProgramFiles%\Update Services\wsusutil.exe configuressl <fqdn>
    • Reboot (since I was unable to find out how to restart the ClientServicingProxy as mentioned by the Deployment Guide). Now everything seems OK.

    Hope this is useful for others. Ideas or suggestions for streamlining are welcome.

    /Maurice


    Server 2019, WSUS MMC Snap-in: Increase timeout?

    March 19, 2019, 1:29 am
    $
    0
    0

    I have a brand new Windows 2019 running a basic WSUS install in a virtual machine with two Xeon 3.5 ghz vCPUs, 8 gig of memory.

    It is a fully default WSUS install using the Windows Internal Database SQL server, and the default language and product options. I ran the synchronization. Nothing has been approved, no computers are joined. Everything is working normally.

    I am unable to view the synchronization status because the Windows Internal Database SQL engine is taking too long to respond to the MMC snap-in.

    How can the snap-in timeout be increased? I have thoroughly searched C:\Program Files\Update Services and I can not find any MMC configuration files where there is a timeout option that can be adjusted.

    WSUS for Windows Server 2019 appears to be broken as designed.

    ,

    Steps to reproduce:

    1. Open WSUS MMC management snap-in. Open Task Manager, says 0-5% CPU load.

    2. Click on Synchronizations in WSUS MMC.

    3. It says at bottom "Loading synchronization history, 0% complete"

    4. Windows task manager suddenly shows 50% CPU usage across the two vCPU's (really, just 100% load for 1 CPU).

    5. After about 5 minutes pass, the MMC snap-in is unhappy and claims it can't reach WSUS. Task manager continues to show 50% CPU usage across the two vCPU's for several more minutes by SQLServr.exe.

    6. WID-SQL server eventually finishes whatever it was doing, and Task Manager drops to about 0-5% system load.

    7. Can't do anything with the MMC after the internal database has stopped chugging along for 7-10 minutes now. The only option available is to "Reset Server Node," which discards anything that has been retrieved so far. 

    8. Go back to Step 2 and do this all over again several more times. No change.

    9. Stop VM, increase memory from 8 gb to 16 gb, start VM. This memory increase has no effect. The WSUS MMC still times out trying to load the synchronization history.

    ,

    Is there any way to increase the Server 2019 WSUS MMC snap-in timeout, or am I being indirectly forced by Microsoft to buy a full license for Microsoft SQL Server, because the Windows internal database is too slow and low performance, to respond to the MMC snap-in within 5 minutes?


    WSUS postinstall error

    July 27, 2019, 5:58 am
    $
    0
    0

    i installed WSUS but when i tried to do the post installation steps

    i got this error 

     CreateDefaultSubscription failed. Exception: System.Security.SecurityException: Request for principal permission failed.
   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.GetServerVersion()
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.CreateUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer..ctor(Boolean bypassApiRemoting)
   at Microsoft.UpdateServices.Setup.StartServer.StartServer.CreateDefaultSubscription()
The Zone of the assembly that failed was:
MyComputer
2019-07-27 15:47:16  StartServer encountered errors. Exception=Request for principal permission failed.
2019-07-27 15:47:16  Microsoft.UpdateServices.Administration.CommandException: Failed to start and configure the WSUS service
   at Microsoft.UpdateServices.Administration.PostInstall.Run()
   at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)

     
    Search

    How to perform SQL query over WID database using PowerShell ?

    July 25, 2019, 5:21 am
    $
    0
    0

    Hi, I'm using PowerShell and would like to perform SQL query to WSUS server which is using WID database.

    I connected to DB with this commands

    [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
    $wsus=[Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("WSUSSERVER",$false,"8530")
    $db = $wsus.GetDatabaseConfiguration().CreateConnection()
    $db.connect()

    And what now ? How can I now query the DB using SQL ?
    Please if you could provide an example how to do that - let's say an example how to get something fromvUpdate VIEW.

    Thank you.


    WSUS clients not reporting to server

    July 18, 2019, 1:33 am
    $
    0
    0

    Hi All,

    i have setup a WSUS server and everything is find except that the client computers did not report to the server. I have configured a GPO already based on what i saw and read from the forums and youtube. What would be missing?

    Any idea would be great!

    Thank you very much and more power.

    WSUS vs Delivery Optimization for Home use

    July 20, 2019, 8:50 am
    $
    0
    0

    I have several different PCs on my home networking running a mixture of Windows 10 Home and Pro. My bandwidth is limited so I'd like to minimize the toll that Windows Updates takes on my connection. WSUS came to mind, but I'm thinking that might be overkill for this situation. Windows 10 Home would require registry hacks for it to work anyway, correct? Would I be better off creating a dedicated Windows 10 Pro VM that updates automatically and is always on to provide updates via Delivery Optimization? Would the Pro edition provide updates for my Home machines as well? Or would I need both a Home and Pro VM running?

    Thanks.

    Can not delete 'Declined' updates to clear up disk space

    July 9, 2019, 8:45 am
    $
    0
    0

    I'm seriously running low on disk space on the WSUS Server and contentiously adding virtual disk space is not an ideal solution. I've Declined a whole bunch of updates like for IE 6, Languages other than English and Itanium-Based system.

    I've ran the Server Cleanup Wizard and ran my PowerShell script for clean up. Sure, it freed up about 500MB to 1.5GB. But, it still takes alot of space and the declined updates are still there. I've searched the forums and found suggestions and downloaded a script 'Automated WSUS Maintenance Utility v1.7' and ran fine. At the end, they're still there. Is it possible to get rid of out-dated patches to free up disk space?

    Windows 2016 Command line OS not detecting patches from WSUS but showing complaint in WSUS console

    August 8, 2019, 1:51 am
    $
    0
    0

    Hi,

    I really want someone to help me as we are getting no where with this issue. we have a set of 2016 servers both GUI and command line OS of 2016 and we seem to have no problem with the GUI servers. but when it comes to Command line os of 2016 servers it is not at all detecting patches from WSUS and the WSUS console is showing complaint. until now we are doing the patching manually but the issue is the servers are supposed to receive the updates from their respective GPO's. I hope someone can gimme an idea about whats wrong with this???

    Awaiting reply from someone.

    Deepan Marimuthu

    Reboot web server when application server updated/rebooted

    August 8, 2019, 5:03 am
    $
    0
    0

    We have server environments where a web server depends on an application server, if the application server is rebooted the web server needs to be rebooted after the application server is back up, so as to reconnect.

    In respect to windows updates being applied automatically.  Does anyone have an automated process configured to reboot a web server following on from an application server that it depends on being rebooted?

    My current thought is to put a script on the application server which will run on start-up and cause the web server to reboot.  It would be good to restrict this to only after windows updates having completed.

    Regards,

    Pete.

    Cannot post pictures, Verify account?

    August 8, 2019, 7:44 am
    $
    0
    0

    Hello,

    I am trying to insert an image, but when i do i get "body text cannot contain images or links until we are able to verify your account"

    How do i fix this? I do not see a verification code in my email address

    Search

    WSUS - 2019 All Computers Server Node Crash

    November 27, 2018, 5:19 am
    $
    0
    0

    I wanted to try out a test 2019 WSUS server. Everything seemed to go smoothly, however when I go look at All Computers, I get a system node crash.

    I looked at the possibility of it being the same as the bad BIOS name, but I do not seem to see any errors.

    The error is as follows:

    The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.


System.InvalidCastException -- Unable to cast object of type 'System.Guid' to type 'System.String'.

Source
Microsoft.UpdateServices.BaseApi

Stack Trace:
   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchComputers(String computerTargetScopeXml)
   at Microsoft.UpdateServices.Internal.BaseApi.ComputerTarget.SearchComputerTargets(ComputerTargetScope searchScope, UpdateServer updateServer)
   at Microsoft.UpdateServices.UI.AdminApiAccess.ComputerTargetManager.GetComputerTargets(ComputerTargetScope searchScope)
   at Microsoft.UpdateServices.UI.AdminApiAccess.BulkComputerPropertiesCache.GetAndCacheComputers(ExtendedUpdateScope updateScope, ComputerTargetScope computerTargetScope)
   at Microsoft.UpdateServices.UI.SnapIn.Pages.ComputersListPage.GetListRows()

    Has anyone come across this error before?

    Thanks.

    Automatically install Defender definitions on Server 2016 not working

    June 4, 2018, 5:40 pm
    $
    0
    0

    We have an auto approval rule for definition updates plus the GPO to automatically install updates that don't interrupt running services or require rebooting applied to our clients including servers.

    The servers are getting the updates but the definitions queue up waiting to be manually installed on these servers.

    What else do we need to do to make these updates install automatically?

    Large Environment Updates

    August 8, 2019, 4:28 pm
    $
    0
    0

    Hello,

    We are a big HyperV shop, running around 500 clusters with 4 nodes per cluster. Mix of Server 2016/2019 DC. We are looking for the best way to patch our environment without impact to our customers. As some updates require reboot and the sheer volume of updates requires Bitlocker key to be entered on startup, this complicates the process tremendously. What would be the best way to patch such a large environment and save ourselves from manual Bitlocker key input and reboots for Cumulative Updates 07-2019 for example that require reboot.

    Failed to install KB4507452,KB4507461 On Win 2008 SP2

    August 8, 2019, 7:04 pm
    $
    0
    0
    OS: Win 2008 SP2 32Bit
    Issue: Failed to install KB4507452,KB4507461
    Error Information:

    1.2019-08-0710:39:00:6821004f78MiscWARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\Download\49a91de589aef47620fe875bc7ee6106\Windows6.0-KB4507452-x86.cab are not trusted: Error 0x80096010
    2.2019-08-0710:51:44:648980d8cReportREPORT EVENT: {88205214-5460-41F8-B98C-606D14136568}2019-08-07 10:51:41:981+08001189102{00000000-0000-0000-0000-000000000000} 00AutomaticUpdatesSuccessContent InstallInstallation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions:  - 2019-07 ............... x86 ............ Windows Server 2008 ...........................KB4507452...
    3.2019-08-0710:52:37:548980d8cReportREPORT EVENT: {ECC7DBE3-EEF4-4036-BC4C-4FCE6120718D}2019-08-07 10:52:28:937+08001182101{D1340FF7-4166-440B-AF5C-9002F229A336} 20180092004 AutomaticUpdatesFailureContent InstallInstallation Failure: Windows failed to install the following update with error 0x80092004: 2019-07 ............... x86 ............ Windows Server 2008 ...........................KB4507452....
    4.
    2019-08-0816:43:12:495164465cHandlerFATAL: CBS called Error with 0x80092004, 
    2019-08-0816:43:12:8391016d30AUAll updates already downloaded, setting percent complete to 100
    2019-08-0816:43:13:4311644af4HandlerFATAL: Completed install of CBS update with type=0, requiresReboot=0, installerError=1, hr=0x80092004
    2019-08-0816:43:13:4311016ad0AU>>##  RESUMED  ## AU: Installing update [UpdateId = {D1340FF7-4166-440B-AF5C-9002F229A336}]
    2019-08-0816:43:13:4311016ad0AU  # WARNING: Install failed, error = 0x80092004 / 0x80092004

    Environment:
    1.WSUS Server in domain environment.
    2.Non-joint Domain OS with Group Policy set.

    Please help.

    Auto Reboot Not Working after 1703 to 1809 Feature Upgrade

    August 9, 2019, 8:14 am
    $
    0
    0

    Hi,

    I'm trying to deploy "Feature update to Windows 10 (business editions), version 1809 x64 2019-03B, en-us" to our workstations running 1703. The machines see the update, download it, and install it. However, the last event message seen by clicking the "Status" link on the WSUS report is "Installation successful and restart required for the following update...". This message reads the same for statuses of "Downloaded" or "Pending Reboot". We deploy these over a maintenance weekend to avoid client disruption in the form of a reboot that may take a long time to finish. I know that these machines were logged off after business hours. So now, I'm wondering if one of my GPO settings is conflicting with another since we're walking this fine line of preventing reboots when we don't want them, but getting them to reboot when we do.

    Just to give you the full picture, here's how the update is getting to the machines:

    1. GPO (enforced) with all Windows Update settings uses WMI filter to add any machine running 1703 or earlier to my "1809 Test" WSUS group.
    2. The "2019-03B" upgrade is approved for the 1809 Test group.

    We want to prevent auto reboots for machines with logged on users, but we definitely want it to reboot if there are none. So, here's a listing of my Windows Update GPO settings. Maybe you can help me identify what's preventing the reboots:

    • Allow Automatic Updates Immediate Installation - Enabled
    • Configure Automatic Updates - Enabled
    • ------Configure automatic updating: 4 - Auto download and schedule the install
    • ------Install during automatic maintenance [unchecked]
    • ------Scheduled install day: 0 - Every day
    • ------Scheduled install time: 02:00
    • ------Limit updating: "every week" was checked, but I just now unchecked it.
    • Configure auto-restart reminder notifications for updates - Enabled, Period: 30 min
    • Configure auto-restart required notification for updates - Enabled, Method: 1 - Auto
    • Enable client-side targeting - Enabled (there are a few different target groups)
    • Enable Windows Update Power Management to automatically wake up the system to install scheduled updates - Enabled
    • --------------Note- We use Verdiem Surveyor for power management. It's supposed to allow Windows Update to do its thing, but, maybe this setting is interfering with that?
    • No auto-restart with logged on users for scheduled automatic updates installations - Enabled
    • Re-prompt for restart with scheduled installations - Enabled: re-prompt, 30 min
    • Reschedule Automatic Updates scheduled installations - Enabled, Wait after system startup: 1 min
    • Specify intranet Microsoft update service location - Enabled, same url for update service and statistics server, no alternate

    Thanks for reading and if I can provide more information, I'd be glad to.


    Viewing all 12874 articles
    Browse latest View live
    Search
    <script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>