Hi to all
I am having problems at the moment that I check the Windows updates from Windows Server 2016 "version 1607 (14393.2248)" , I got that they are pending 4 updates and then it ispreparing to install updates 5%
However, it does not advance and it remains as waiting.
What troubleshooting can I do?
Warm regards MeVs
Hi All,
Just wondering if someone knows something in regards to the error below and how to resolve the crashing issues im getting with WSUS. Unsure how to go about resolving these in our environment
Error below
The WSUS administration console was unable to connect to the WSUS Server via the remote API.
Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
System.Net.WebException -- The request was aborted: The operation has timed out.
Source
System.Web.Services
Stack Trace:
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, Int32 publicationState)
at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, ExtendedPublicationState publicationState)
at Microsoft.UpdateServices.Internal.BaseApi.Update.SearchUpdates(UpdateScope searchScope, ExtendedPublicationState publicationState, UpdateServer updateServer)
at Microsoft.UpdateServices.UI.AdminApiAccess.UpdateManager.GetUpdates(ExtendedUpdateScope filter)
at Microsoft.UpdateServices.UI.AdminApiAccess.BulkUpdatePropertiesCache.GetAndCacheUpdates(ExtendedUpdateScope updateScope, ComputerTargetScope computerTargetScope)
at Microsoft.UpdateServices.UI.SnapIn.Pages.UpdatesListPage.GetListRows()
Hi
I have defender updates setup for WSUS on Server 2019. The definition updates are coming down to the client servers fine. But it just does not auto install. These are all Server 2019 as well.
I have these policies setup:
- Configure Auto update (3 - Auto download and notify for install)
- Specify intranet Microsoft update service location (enabled)
- Automatic update detection frequency (enabled)
- Do not connect to any Windows Update Internet locations (enabled) <these servers dont have internet access anyway>
- Allow Automatic Updates immidiate installations (enabled)
- Enable client-side targetting (enabled)
So based on these settings, i expect the Defender updates to be installed immidiately once the server discovers them. However this is not happening. The server discovers the updates, but the they just sit there with "pending install".
If someone can point to me where i am going wrong.
Thanks, DM.
DM
Hello,
I run the WSUS service and have someone with a Windows Server 2019 box that is running Windows Defender and when they run updates they are able to get all other Windows Updates but the Definition Updates for Defender constantly fail with 80248007. We have tried updating from Windows Update and from within Defender.
On the WSUS Server, the Definition Updates are approved for Install, and I was able to view the logs on the 2019 Server and it appeared the updates were downloading then failing to install. I have had them manually install the definition updates and they work fine. We have tried everything I can think of like resetting windows updates, removing his box from the WSUS server, removing and reinstalling defender and they still fail. I have attempted to go through a number of different TechNet forums to help resolve this issue.
I am now at a loss of how to proceed with getting him fixed. Has anyone ever come across this? Are there any suggestions on how to fix?
Thanks,
Ryan
Actually, our WSUS content folder was full and that's why to reduce the size of the folder I tried the following steps and after that I am in a big trouble.
1. Close any open WSUS consoles.
2. Go to Administrative Tools – Services and STOP the Update Services service.
3. In Windows Explorer browse to the WSUSContent folder (typically D:\WSUS\WSUSContent or C:\WSUS\WSUSContent)
4. Delete ALL the files and folders in the WSUSContent folder.
5. Go to Administrative Tools – Services and START the Update Services service.
6. Open a command prompt and navigate to the folder: C:\Program Files\Update Services\Tools.
7. Run the command WSUSUtil.exe RESET.
After all the above steps, our WSUS is not synchronizing and no updates are being downloaded at all. Every time showing "Reset Server Node"
Please help me out as soon as possible.
Thanks
Yousuf
Hello, for at least a month I face some problems with my WSUS upstream server, it just doesn't sync. All attempts I made, whether manual or automatic, have errors such as "unknown", or "failure". Checking in the Event Viewer I find only "The last catalog synchronization attempt was unsuccessfull" and nothing more.
Using SQL Express on the server and I recently cleaned the database thinking about solving the problem, but I was not successful. My downstreams are working perfectly.<o:p></o:p>
Can someone help me?
Windows Server 2016
WSUS Server version: 10.0.14393.2696
I validated with my network team and I have connection with Microsoft portals, such as catalog, among others.
Thanks for listening.
Greetings,
after lots of weeks dealing with this problem, the only reasonable next step
is to speak to the experts! So here I am. I work in a small organization, with
a WSUS server (2016) caching updates for all computers.
On December, we started rolling out the 1903 feature update to all Windows
10 machines (most of them on 1803). About two thirds of the population got
the update normally, but the others (~100PCs) did produce the error 80070057.
Troubleshooting steps taken for the 80070057 error:
The step that fails is the call of WindowsUpdateBox.exe with the \predownload
parameter. It lasts for about 3 seconds, then fails with said error (source: ProcMon)
I have tried clearing the cache, changing locale (digit seperator), monitoring
with Wireshark and Process Monitor - but the process just fails. WSUS' IIS
doesn't report any 'denies' in its logs, like the request didn't reach him.
Even a fresh 1803 install from media fails to get the approved 1903 feature
update, with the same error. Redownliading the WSUS binaries didn't work,
and the binaries appear to be OK. The only thing the clients have in common
is that they all were previously upgraded from 1703 --> 1803 - but I'm not
sure whether this has to do with anything. Altering the disk layout also didn't
seem to have to do with the problem.
After all this, we set up a new WSUS with the same major/minor version (OS
and WSUS). We approved the 1903 update, and monitored the behaviour:
The problem is that we can't remedy the affected PCs, since the error is persistent
across different WSUS server. The new WSUS server is a new install, and is serving
the feature update to all PCs that have never encountered the 80070057 error.
We also spent an awful lot of time to resolve the error, but couldn't identify a root
cause - even after browsing through many forums & posts. It only affects the
feature update - all other updates are installed normally. Since it affects clean OS
installations as well, I'm confident that it is an issue affecting both the client and
the server:
FYI, the organization utilizes a proxy server (not used for local access). Even getting the
PC in the same subnet as WSUS doesn't remedy the error - so I don't think it's a network
issue.
Logs from all these are also available upon request.
Thank you for your time,
Anastasios Georgopoulos
Hi all,
Our organization was experiencing widespread slowness (network) and with further investigation we discovered our bandwidth was pegged. It appeared our endpoints were going out to the internet for windows update when they should be pointed at our WSUS server (this is done via GPO). We have not made any changes to our GPOs.
This issue is impacting our VDI (Windows 7), physical (endpoints (Windows 7) and servers (2012 R2, 2008 R2, 2016) and is very widespread.
VDI even has the windows update service disabled. We confirmed this while the device was reaching out.
Does anyone have any idea what would cause this?
As a workaround, we implemented a firewall to block the traffic.
Hi, all of our desktops and servers (windows 7, windows 10, server 2008 - 2016) are trying to check for updates causing our internet connection to have no bandwidth. The entire environment is run from WSUS and are set by GPO. We have a large
VDI and XenApp infrastructure and the windows update service is disabled and turned off. We are seeing these windows OS's trying to check for updates as well, we can tell this by looking at our firewall logs source and destination. We have tried disabling
all updates via reg keys and this also has not stopped the OS from trying to reach out to the internet for updates.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
Key: DisableWindowsUpdateAccess
HKEY_LOCAL_MACHINE\SYSTEM\Internet Communication Management\Internet Communication
Key: DisableWindowsUpdateAccess
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
Key: NoAutoUpdate
Wondering if anyone can help?
Thanks
Scott
Hi Guys,
We have 25 Win2016 Server which is failing to install February Month patches.
We have patches that two is reflecting in software center but installation failed with error code " The software change returned error code 0x80004005(-2147467259)".
I have go through the CAS log found below errors as well.
CoCreateInstance for ICcmContentTransferManager9 failed with error 0x80040154
Error: DeleteDirectory:- Failed to delete Directory with Error 0x00000003.
Error: DeleteDirectory:- Failed to delete Directory C:\Windows\ccmcache\29.BCWork with Error 0x00000002.
DownloadManager.RequestDownload failed
ContentRequest SubmitDownloadRequest failed
Thanks,
Mohanbabu .M
Is there a project to make WSUS API compatible with .Net Core?
Thanks.
Hi,
At one of our sites we have a 2012 R2 WSUS server with around 60 clients connecting to it. All clients are Windows 10, of a variety of builds. There is no common build that this problem is affecting. This has been working fine since we set it up a few years ago. However, over the space of about a month, 75% of the clients have stopped checking in with WSUS, with the Last Status and Last Contact dates not updating. The other 25% continue to work fine.
Of all the clients i've checked so far, the Last Checked date shown in Windows Update Settings on the client itself matches the date I'm seeing in WSUS, so i don't actually think it's a problem with the WSUS server itself. Also, if I click the Check Now button then the client immediately connects to WSUS and downloads the required updates and the date value gets updated in WSUS, so the problem seems to be that the clients are just not checking.
All clients use the same GPO Policy, so it can't be a problem with that. I can't see any issues in Event Viewer, but the check isn't even running so I guess if nothing is happening there won't be a matching event anyway!. I could manually connect or visit them all and push the check now button, but i've got no confidence that won't just be a one-off that doesn't fix the actual problem and i'll end up having to do the same thing next month.
Does anybody have any suggestions on what be the problem and how to fix it (ideally not by suggesting buying applications to manage this)?
Thanks
Hi guys,
I believe I originally posted this in the wrong section
Windows 10 IT Pro > Windows 10 Installation, Setup, and DeploymentSo I am re-posting here, since I haven't had much feedback. I would post the link to that thread, but I'm not allowed to. Just to summarize, beginning this month between 8/4 - 8/7 almost all of my client systems (Win 10 1809 and Server 2016) have stopped reporting status to WSUS (also on Win 2016 Server). A lot of threads that I have found seem to point to a dupe SusclientID, but that is not the case here. I have even tried the AJtek methods of resetting this, but still no luck.
From my testing I have deduced that clients that have the "Configure Automatic Updates" policy disabled are able to check in normally with UpdateOrchestrator tasks that get created by the GPO. I have spent countless hours trying to figure out the usoclient command and all the options, but there is some other mechanism at play that I can't see and have no idea how it works. When the policy setting is disabled, usoclient.exe startscan works and checks into WSUS, when it is enabled, this command never works either directly or through the GPO created tasks. They run successfully, but the command does nothing, which I have witnessed by watching Wireshark.
The other odd thing that I have not mentioned yet in any thread, was a very strange thing that I have never seen before in my years dealing with GPO's. We are a small IT team, so I know that I am the only one managing GPO's. What happened last month was the "Configure Automatic Updates" policy somehow get set to "disabled" on my several WSUS GPO's. I thought it was a fluke and maybe something I did some how on accident, but after setting these all back to enabled, it happened again on some of them. They seem to be staying enabled now, but the reason I bring this up was that the handful of clients that were still reporting into WSUS had this policy disabled when reviewing the gpresults.
The other weird thing is this
| Component Name | Status | Time Taken | Last Process Time | Event Log |
|---|---|---|---|---|
| Group Policy Infrastructure | Success | 11 Second(s) 510 Millisecond(s) | 8/16/2019 11:09:20 AM | View Log |
| Group Policy Power Options | Success | 391 Millisecond(s) | 8/16/2019 11:09:20 AM | View Log |
| Group Policy Registry | Success | 1 Second(s) 172 Millisecond(s) | 8/16/2019 11:09:19 AM | View Log |
| Registry | Success | 813 Millisecond(s) | 8/13/2019 11:55:02 AM | View Log |
| Security | Success | 7/17/2019 10:40:49 AM |
Now I had noticed the policy set to disabled on 8/12, which I set back to enabled, but even after policy refreshes the settings were not picked up and these clients still thought that it was disabled. Only after a gpupdate /force did the one client update the settings.
Apologies for the lengthy post, but I am running out of ideas and I seem to be sinking further down the rabbit hole with no hope in sight. Please let me know what logs, tests or anything else I can provide to help get to the bottom of this. I really appreciate it!
Many thanks, Steve
P.S.
How can I post images and links? How do I get my account verified? I had a nice output of the GPO results, but it's all out of sort because I had to past as text.
I have been running WSUS in our environment for years and have never experienced WSUS and IIS mysteriously uninstalling from the server.
Currently running WSUS on a virtual Server 2016, at least two different times, the WSUS and IIS components appear to be uninstalled.
I am not sure what might be causing this behavior.
Anybody know what might be causing the two components to uninstall. The database is in tact, however the service is not listed in the services applet.
Thanks,
Barb
bc
I manage about a dozen WSUS servers for small domains in our company, which are firewalled off from the rest of the corporate network. Due to the size of WSUS patch storage on each WSUS server, I've been asked to consolidate their storage onto a "central" server, which only the WSUS server will have access to (but the clients won't). The server is on our corporate domain (i.e., not any of the domains the WSUS servers are on), and has plenty of storage. The domains I manage all have one-way trusts with the corporate domain (not two-way; only corporate->local). All my WSUS servers are replicas of a master at the corporate level. Current WSUS servers range from Server 2008 R2 to Server 2016.
We recently replaced one of our WSUS servers (Server 2016), so I'm trying to set it up to use the share on the new server (first time). I was able to specify the share when running through the initial setup, no problem. While it says it's says it completed the initial sync successfully and has the UpdateServicesPackage and WsusContent folders on its own, there are 0 files in either of them.
Can someone point me in the right direction?
Thank you for any assistance.
每日计划的同步任务失败,报错如下:
InvalidOperationException: XML 文档(1, 585)中有错误。 ---> System.Net.WebException: 操作已超时。
在 System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
在 System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
在 System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
在 System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
在 Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetUpdateData(Cookie cookie, UpdateIdentity[] updateIds)
在 Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig)
在 Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetUpdateDataInChunksAndImport(List`1 neededUpdates, List`1 allMetadata, List`1 allFileUrls
We have a server running Server 2016 with the latest version of SCCM on it.
We have IIS and WSUS setup on the same server and all was running nicely until a couple of weeks ago.
Now WSUS won't sync and if you open the console you get "Fatal Error: The system cannot find the file specified"
I have searched forums online and they recommend either reinstalling WSUS or WSUS and IIS.
I have tried both but still getting the same error message.
Can anyone shed some light on this issue?
I'm not sure where I'm going wrong here. I've installed all the 2020-01 updates, installed the SSU, installed the Extended Security Updates (ESU) Licensing Preparation Package, and updated the key all successfully.
I approved the 2020-02 Security Only update in WSUS and yet none of the 2008 R2 servers see it. If I download and install the package manually, it works fine. Is there some step on WSUS that I'm missing here?
I've seen it said in another forum:
"1909 can be enabled thru WSUS by looking for "Feature Update to Windows 10 version 1909. It is NOT a security or critical patch, so if your WSUS is restricted to download only those, you will not see it. After approval, the install
is pretty quick thru Windows Update"
My question: To get this within WSUS, we must enable 'Feature Packs' in Updates and Classifications?? Or something else???????
If I add this item, what ELSE will be installed to all our computers and servers?? We don't want any unnecessary updates that could cause problems.
We presently have the Feature Updates and whatnot policies set to 'NOT Configured' to prevent the WSUS dual scan problem.
Thank you, Tom
I'm trying to find the difference between running WUAUCLT.exe /detectnow and going into Windows Update and selecting "Check for Updates". When doing the wuauclt command I get the following error:
Windows Update Client failed to detect with error 0x80072ee2.
But when going into Windows Update and selecting Check for updates, things work.
We don't want to have to manually check for updates so maybe understanding what the difference between the two is will help determine where the issue is.
Also to note I've already used PSExec to change the IE proxy settings to be what they need to be for the IE with the "System" account.
Thanks,
Craig