Hello

Server WIN 2016 is deployed, settings for WSUS updates are configured as.

There is a problem with updating once a month. When configured, the server reboots every week.



On Win Server 2016



Hi All

I have noticed that in September 2019 patching run, WSUS is failing to install the SSU update on more than half the fleet of servers, mainly the server 2008R2 and 2012R2. It is installing other patches OK and reboots the server, just not the SSU. Its not all its doing this to... but majority is like this. Previous months has been OK.. its just in September i have noticed this. Has others seen something similar? 
Thanks

DM

Wsus on Windows server 2016, is configured to "do not store update locally"

I've approved Feature upgrade to windows 10 (consumer edition) ver 1809 for some pc but they all fail with error:"Unable to find resource"

I've read same article that suggests to change (od add) on IIS mime type .esd to application/octet-stream. In my case the type was already present as application/vnd.ms-cab-compressed but the changes to application/octet-stream  makes no effect.

Any idea of how can I solve it?

Thank you

Alessandro Belli

alex

….outside of your active hours and need you to restart your device to finish up.

Our servers are downloading and installing ok, but won't restart as per the above.

I've just built a new WSUS server as per Adam (AJ Tek) blog.  I've set the group policies as indicated in his articles....yet fails to restart.  Our old wsus server is fine.

New server is 2019 std, old one 2012 R2 std

We have a series of scheduled installed for different servers which apply updates early Sunday morning between 2 and 5am.  The active hours are outside this anyway.

I've seen a suggestion to force the issue:

"Always automatically restart at the scheduled time"

I also have this set (suggested), although shouldn't be any logged on users (except perhaps Remote Desktop, which was why I think I set originally)

"**Also one other nugget: If you are using Server 2012 or 2016 you may see a policy called No auto-restart with logged on users for scheduled automatic updates installations, make sure you have that disabled. Disabling will allow the schedule you set on the previous policy to take effect immediately after the updates.

Any help most appreciated.

Hi all,

This is the scenario... after a failed in-place update at the WSUS server, I've had to install a new brand VM with Windows 2012R2 with WSUS role.

The DB instancy is in another server (SQL2008R2) so, I've change the value "SQLServerName" at the registry to the SQLServer.

At the IIS, I've change the Wsus Pool the memory to 0 (it is the only service that will be running at the server), and the Queue Length from 1000, to 30000...

After installing KB3159706, run "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

but... nothing worked for me... when I open the WSUS the red error connection appears...

Any idea if the problem could be for a certificate needed? or an API, or something else?

Thank you in advance!

Pablo.

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.


System.IO.IOException -- The handshake failed due to an unexpected packet format.

Source
System

Stack Trace:
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
** this exception was nested inside of the following exception **


System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send.

Source
Microsoft.UpdateServices.Administration

Stack Trace:
   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()

Hi,

We deploy updates with WSUS and use Group policies for configuring windows update.

How we can force a restart of Windows 7 two weeks after approving an update?

The updates should primary be installed by the user by restarting Windows 7. If they dont restart their Computers for a long time, the updates should be force-installed and the computers should reboot automatically.

Thank you for your help!

Hi,

a while ago I had enable Update Rollup in Products and classification.

I unchecked it a month ago, server was restarted... but Update Rollups node is still appears under Updates node.

How to clean it up?

Thx.

--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

Hi - I have just built a fresh Windows Server 2019 WSUS server, and it is working fine with the default settings. I have two IP addresses on this server, and would like to bind the IIS WSUS instance to one of the IP addresses.  If I change the binding to the IP address that I want, the admin console gets disconnected with(I'm using the FQDN in the admin console):

----------------------------------------

Error: Connection error

An error occurred trying to connect to the WSUS server. This error can happen for a number or reasons. Check connectivity with the server. Please contact your network administrator if the problem persists. 

---------------------------------------

If I use the IP address and connect to the Admin Console, it works just fine. I've verified that DNS is working properly for this hostname, by using nslookup.  I confirmed DNS is returning the proper IP address for the hostname, and I can ping the hostname and it returns the same IP address. 

This only seems to be a problem from connecting to the WSUS console from the server itself. If I use another workstation, and remotely connect to the WSUS console using the hostname (after I statically bind the IP address in IIS), the other workstations work fine connecting to it.

Thanks for any ideas on this issue. 

Hi - I have just built a fresh Windows Server 2019 WSUS server, and it is working fine with the default settings. I have two IP addresses on this server, and would like to bind the IIS WSUS instance to one of the IP addresses.  If I change the binding to the IP address that I want, the admin console gets disconnected with(I'm using the FQDN in the admin console):

----------------------------------------

Error: Connection error

An error occurred trying to connect to the WSUS server. This error can happen for a number or reasons. Check connectivity with the server. Please contact your network administrator if the problem persists. 

---------------------------------------

If I use the IP address and connect to the Admin Console, it works just fine. I've verified that DNS is working properly for this hostname, by using nslookup.  I confirmed DNS is returning the proper IP address for the hostname, and I can ping the hostname and it returns the same IP address. Windows 10 clients are only able to update from the WSUS server when the IIS binding is set to all unassigned IP addresses also.  If I bind it to my static IP (either address) the clients are not able to connect to the server to update.

Thanks for any ideas on this issue. 

I have setup a new WSUS server. I removed the old WSUS server from the domain and renamed the new WSUS server to the old server's name and added it to the domain with the same IP address. Previously the new WSUS server was a down stream replica of the old WSUS - all the group names were auto created. I left the current WSUS GPO intact. 

I ran a GPupdate /Force and then a GPresult /H wsus.html on two PC's both display successful for WSUS GPO applied. Running Windows update on both - displays "managed by your administrator" with updates ready to install. 

I attempted to search a number of PC's within a WSUS group to manually add to the group but the computers were not found.

I'm trying to determine what I am missing - its been 24 hours since the rename/add to domain and reboot of new WSUS server

Thanks, 

Milty

milty60

We use deadlines to apply patches on a schedule. When setting deadlines we usually select a range of patches then apply the proper deadlines to each seperate group.

Every now and then (like today) an admin will install something that has a patch with an old deadline causing an undesired reboot.

We are looking for an easy way to remove the deadlines once the patches have been applied, but not alter the approval status. While I can apply approvals and deadlines to multiple patches at once I don't see a way to remove the deadlines. The approval status column reads "Keep existing approvals" and the "Deadline" option is grayed out.

Any recommendations or procedures to remove old deadlines and leave the approval status alone?

Would it be OK to edit the database? I could craft a SQL statement to delete the values in the tbDeployment.Deadline column. I'm sure this is not a Microsoft approved method, but would it be safe and accomplish my goal?

Thanks,

Steve

Hi

One of our server 2008 R2 SP1 having a problem with installing Windows updates.

I did check the failed security updates and i can see that the security update kb4471318 of 12-2018 is not installed on this machine and after that almost all the securtity update also failed.

I think the best action would be first to install the kb4471318. When I go to the .catalog.update.microsoft.com to download this update and install it manually I can see that there is 2 files to download one. should I download both the .exe file and .msu file and install them both?

This is what I see when try to download the file:

Shahin

On almost all our Servers running WIndows Server 2008 R2 we have an issue with updating sincekb4467107

https://support.microsoft.com/en-gb/help/4467107/windows-7-update-kb4467107

This failing update is preventing a lot of newer updates to fail.

Tried the following options but nothing solves it;

- clean boot install
- manual install (also unpacked manual dism install)
- wuagent cleanup

- sfc scan

- chkdsk scan

- dism cleanup
- system readiness installation
- installing latest service stack (kb4516655)

If there is anyone who has more ideas to help. It is a wsus environment and there are a few servers that do not have the issue but also not having that patch installed but others do.

Another typical thing is that the few servers that do not have these issues have a windows update agent version 7.6.7601.24436 (2019/04) while the failing servers have version 7.6.7601.24085 (2018/03).

Checking the servers online gets other updates but then those also fail again. Below some of the errors from several logfiles.

2019-10-01 09:54:14, Error                 CBS    Failed to pre- stage package: Package_for_RollupFix~31bf3856ad364e35~amd64~~7601.24241.1.6 [HRESULT = 0x80070002 - ERROR_FILE_NOT_FOUND]
2019-10-01 09:54:14, Info                  CBS    Perf: Stage chain complete.
2019-10-01 09:54:14, Info                  CBS    Failed to stage execution chain. [HRESULT = 0x80070002 - ERROR_FILE_NOT_FOUND]
2019-10-01 09:54:14, Error                 CBS    Failed to process single phase execution. [HRESULT = 0x80070002 - ERROR_FILE_NOT_FOUND]


2019-10-01 11:30:14:594
4052 1148
Handler FATAL: CBS called Error with 0x80070002, 
2019-10-01 11:35:22:516
976 3dc
Agent WARNING: WU client fails CClientCallRecorder::RemoveService with error 0x80248014
2019-10-01 11:35:22:518
1164 16a8
COMAPI WARNING: ISusInternal::RemoveService failed, hr=80248014

2019-10-02 10:12:54:573
976 3c0
Report REPORT EVENT: {D62AD5E5-1420-4F1B-8FF4-721F8F4314D7}
2019-10-02 10:07:43:067+0200 1
182 101
{1F74C5CC-0F12-40E5-A947-81516A1CCE12}  200 80070002  AutomaticUpdates Failure
Content Install Installation Failure: Windows failed to install the following update with error 0x80070002: 2018-11 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4467107).

2019-10-02 13:26:35:268
976 10c
Report REPORT EVENT: {1D8D980C-EFB2-4046-A314-4232F6B256BE}
2019-10-02 13:23:52:032+0200 1
182 101
{82BF6959-36FF-4D3E-A909-B1CF9FFC9880}  201 80070002  AutomaticUpdates Failure
Content Install Installation Failure: Windows failed to install the following update with error 0x80070002: 2019-08 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4512506).

2019-10-02 19:40:46:024
968 11c4
PT WARNING: Exceeded max server round trips: 0x80244010

2019-10-02 19:40:46:024
968 11c4
Agent WARNING: WU client failed Searching for update with error 0x80244010

2019-10-03 04:05:19:515
976 1a70
Misc Validating signature for C:\Windows\SoftwareDistribution\ScanFile\bd8fb065-c575-451c-86a0-7fc7f2c0f0bc\Source.cab with dwProvFlags 0x00000080:
2019-10-03 04:09:22:766
976 11f0
Agent WARNING: Failed to evaluate Installable rule, updateId = {C646D973-56DD-480C-83CD-4CFE066B2FEA}.201, hr = 80070663
2019-10-03 04:09:38:876
976 11f0
PT +++++++++++  PT: Synchronizing extended update info  +++++++++++
2019-10-03 04:09:38:876
976 11f0
PT   + Offline serviceId = {BD8FB065-C575-451C-86A0-7FC7F2C0F0BC}
2019-10-03 04:10:18:048
976 11f0
OfflSnc WARNING: Failed to add file to the FileLocationList with 0x80240013
2019-10-03 04:10:18:517
976 11f0
Agent Bundle contains no deployed children and thus is invalid.
2019-10-03 04:10:18:517
976 11f0
Agent Update {7E7049E7-B870-4C87-AF60-BC5A0BACE002}.201 is not a valid bundle. Not returning it.
2019-10-03 04:10:18:517
976 11f0
Agent Bundle contains no deployed children and thus is invalid.
2019-10-03 04:10:18:517
976 11f0
Agent Update {393D97F5-B447-43C5-9E0C-B6707C8D29CE}.201 is not a valid bundle. Not returning it.


2019-10-03 09:36:21, Error                 DISM   DISM Package Manager: PID=5888 Failed finalizing changes. - CDISMPackageManager::Internal_Finalize(hr:0x80070002)
2019-10-03 09:36:21, Error                 DISM   DISM Package Manager: PID=5888 Failed processing package changes - CDISMPackageManager::ProcessChanges(hr:0x80070002)
2019-10-03 09:36:21, Info                  DISM   DISM Package Manager: PID=5888 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2019-10-03 09:36:21, Error                 DISM   DISM Package Manager: PID=5888 Failed while processing command add-package. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x80070002)
2019-10-03 09:36:21, Info                  DISM   DISM Package Manager: PID=5888 Further logs for online package and feature related operations can be found at %WINDIR%\logs\CBS\cbs.log - CPackageManagerCLIHandler::ExecuteCmdLine
2019-10-03 09:36:21, Error                 DISM   DISM.EXE: DISM Package Manager processed the command line but failed. HRESULT=80070002


2019-10-03 09:44:48, Error                 DISM   DISM Package Manager: PID=6220 Failed finalizing changes. - CDISMPackageManager::Internal_Finalize(hr:0x80070002)
2019-10-03 09:44:48, Error                 DISM   DISM Package Manager: PID=6220 Failed processing package changes - CDISMPackageManager::ProcessChanges(hr:0x80070002)
2019-10-03 09:44:48, Info                  DISM   DISM Package Manager: PID=6220 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2019-10-03 09:44:48, Error                 DISM   DISM Package Manager: PID=6220 Failed while processing command add-package. - CPackageManagerCLIHandler::ExecuteCmdLine(hr:0x80070002)
2019-10-03 09:44:48, Info                  DISM   DISM Package Manager: PID=6220 Further logs for online package and feature related operations can be found at %WINDIR%\logs\CBS\cbs.log - CPackageManagerCLIHandler::ExecuteCmdLine
2019-10-03 09:44:48, Error                 DISM   DISM.EXE: DISM Package Manager processed the command line but failed. HRESULT=80070002

2019-10-03 09:44:48, Error                 CBS    Failed to perform operation.  [HRESULT = 0x80070002 - ERROR_FILE_NOT_FOUND]

Hello,

I have local windows  Update servers at three sites so users dont have to directly downlaod updates from Windows update server .On all the sites we have internet enabled and updates are coming without any error.But one particular update Server had updates but they failed to download as Barracudda Firewall had blocked them.The IP seems to belong from servers other than microsoft.

I have attached two links which show Ips info.

Virus scan1

Virus Scan2

Here are the  four IPs

205.185.216.42

93.184.221.240

182.176.156.33

13.107.4.50(this one seems to belonging to microsoft when I looked up)

Above IPs are being blocked by Barracudda Firewall.Below is the eventlog that shows that update blocked due to access deny.

Even Log

My point is that why is firewall blocking updates on one particular server as "Virus scan block" while its not blocking updates on other server?

Are above mentioned IPs legitemate or illegitimate?

Hi,

We having problem with installing update KB4516065 on our server 2008 R2 std SP1

These updates were installed succesfully

KB4474419  ( with server rebbot)

KB4490628  ( no need for reboot)

KB4516655 ( no need for reboot)

Disabled the AV on the server as well, but when run the KB4516065 from Windows updates of manually the install failed and event view shows this:

Shahin

WSUS crashed after a bios update, uninstalled and reinstalled WSUS and IIS. Keep coming to post install failure CreateDefaultSubscription failed. Exception: System.Net.WebException: The operation has timed out.

Don't know where to go from here. Any help would be appreciated.

Thanks,

I have had so many issues this month with the August 13 updates.  Literally all of the OS's, servers and workstations broke in some way.  It's pretty crazy, most all issues are unique and removing does seem to fix some software but at the same time breaks many Windows functions like the taskbar and action center etc..

On one particular Windows Server 2012 R2, I am forced to remove KB4517298 and or KB4512488 or the Backup Exec user interface will not open.  The back end product runs fine and I can even remotely access it from another computer.  It's just for whatever reason the actual application simply won't run if either of those KB's are installed.

I hesitate to go to Veritas for support on this since I have half a dozen programs that simply won't function if either of these updates are installed.  It's not just Backup Exec, it's products from Blackbaud and other large organizations that were also broke by these updates.

I realize that on the release page, it does say the issue was solved by KB4517298:

https://docs.microsoft.com/en-us/windows/release-information/status-windows-8.1-and-windows-server-2012-r2

Unfortunately the issue is not resolved.  

The event viewer shows 3 events related to opening the Backup Exec UI:

Faulting application name: BackupExec.exe, version: 20.0.1188.2217, time stamp: 0x5cc09e57
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19425, time stamp: 0x5d26b6e9
Exception code: 0xe0434352

Application: BackupExec.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.AmbiguousMatchException
   at System.RuntimeType.GetMethodImpl(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Reflection.CallingConventions, System.Type[], System.Reflection.ParameterModifier[])
   at System.Type.GetMethod(System.String, System.Reflection.BindingFlags)
   at BackupExec.ThemeManager..cctor()

Exception Info: System.TypeInitializationException
   at BackupExec.ThemeManager.ChangeTheme(System.String, System.String)
   at BackupExec.App..ctor()
   at BackupExec.App.Main()

The attached WER report is here:

dears,

i'm receiving a bad behavior coming from my DC after pushing the updates from wsus.

All the updates are pushed to DC, however most of them are in a failed state in update history.

rebooting the server stuck everytime and roll back the updates with the following msg: we couldnt complete the updates, undoing changes.

it is been doing that for 2 weeks, and can't find the kb causing the issue or the kbs as all of them are shown failed.

i tried to disable widnows update service and reboot same issue occurs

your advice is appreciated

thank you