Hello

I've been at war with WSUS, getting it to install on a 2012 R2 member server in a 2008 domain.

The first stage of the role installation was fine, but the post installation tasks failed. First of all the security on the ..\webservices folders was not set correctly but I found a solution to that where iCACLS was used to grant permissions. Next, the NT SERVICE\MSSQL$MICROSOFT##WID account could not be used to start the WID service because it did not have the Log on as a service right.

It's this last bit that I'm having continuing problems with. I ended up using services.msc to change the WID logon to use the local system account which worked fine and the post installation tasks completed successfully. 

>>Note that WSUS is now up and running - updates are being downloaded and clients are reporting to the server.<<

However, when using Group Policy to grant the NT SERVICE\MSSQL$MICROSOFT##WID account the log on as a service right in User Rights Assignment I am unable to get the account recognised. I have tried using the full form NT SERVICE\MSSQL$MICROSOFT##WID and just the account itself and then using Check names to validate it, but it fails to validate.

I left the account name in the Log on as a service settings and rebooted the WSUS server in the hope that the service would be properly installed and registered on the system. Since then,as mentioned above, I abandoned the use of the account to start WID and chose the option to use the Local system account because NT SERVICE\MSSQL$MICROSOFT##WID has never been recognised. I also saw many SceCli 1202 events in the Application event logs stating an account cannot be resolved to a SID. Running the Find command against winlogon.log, MSSQL$MICROSOFT##WID is the culprit. I have now removed the account from the Group Policy setting.

My question is: can I leave the system account 'in charge' of WID? It seems clear that NT SERVICE\MSSQL$MICROSOFT##WID does not exist and is not affecting the performance of the WSUS installation.

Many thanks

Mark

Hello

I am trying to query the needed updates on my WSUS and although in the GUI I have for the specific machine no updates with no status, when I query using powershell I get some updates as unknown.

A closer look on these updates show the same update as per its GUID twice. once as expired and once as published. For example:

UpdateServer                       : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer
Id                                 : Microsoft.UpdateServices.Administration.UpdateRevisionId
Title                              : Security Update for Adobe Flash Player for Windows Server 2012 R2 (KB3167685)
Description                        : A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from
                                     Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you
                                     may have to restart your system.
LegacyName                         : KB3167685-Win8.1Server-RTM-X64-TSL
MsrcSeverity                       : Moderate
KnowledgebaseArticles              : {3167685}
SecurityBulletins                  : {MS16-083}
AdditionalInformationUrls          : {http://support.microsoft.com/kb/3167685}
ReleaseNotes                       :
UpdateClassificationTitle          : Security Updates
CompanyTitles                      : {Microsoft}
ProductTitles                      : {Windows Server 2012 R2}
ProductFamilyTitles                : {Windows}
IsLatestRevision                   : True
HasEarlierRevision                 : True
Size                               : 0
CreationDate                       : 12/10/2019 9:38:39 PM
ArrivalDate                        : 2/8/2020 3:17:29 PM
UpdateType                         : Software
PublicationState                   : Expired
InstallationBehavior               : Microsoft.UpdateServices.Administration.InstallationBehavior
UninstallationBehavior             : Microsoft.UpdateServices.Administration.InstallationBehavior
IsBeta                             : False
HasStaleUpdateApprovals            : False
IsApproved                         : False
IsDeclined                         : True
DefaultPropertiesLanguage          :
HasLicenseAgreement                : False
RequiresLicenseAgreementAcceptance : False
State                              : NotNeeded
HasSupersededUpdates               : True
IsSuperseded                       : True
IsWsusInfrastructureUpdate         : False
IsEditable                         : False
UpdateSource                       : MicrosoftUpdate

UpdateServer                       : Microsoft.UpdateServices.Internal.BaseApi.UpdateServer
Id                                 : Microsoft.UpdateServices.Administration.UpdateRevisionId
Title                              : Security Update for Adobe Flash Player for Windows Server 2012 R2 (KB3167685)
Description                        : A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from
                                     Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you
                                     may have to restart your system.
LegacyName                         : KB3167685-Win8.1Server-RTM-X64-TSL
MsrcSeverity                       : Moderate
KnowledgebaseArticles              : {3167685}
SecurityBulletins                  : {MS16-083}
AdditionalInformationUrls          : {http://support.microsoft.com/kb/3167685}
ReleaseNotes                       :
UpdateClassificationTitle          : Security Updates
CompanyTitles                      : {Microsoft}
ProductTitles                      : {Windows Server 2012 R2}
ProductFamilyTitles                : {Windows}
IsLatestRevision                   : False
HasEarlierRevision                 : False
Size                               : 0
CreationDate                       : 6/16/2016 5:00:00 PM
ArrivalDate                        : 10/6/2019 8:05:59 PM
UpdateType                         : Software
PublicationState                   : Published
InstallationBehavior               : Microsoft.UpdateServices.Administration.InstallationBehavior
UninstallationBehavior             : Microsoft.UpdateServices.Administration.InstallationBehavior
IsBeta                             : False
HasStaleUpdateApprovals            : False
IsApproved                         : False
IsDeclined                         : True
DefaultPropertiesLanguage          :
HasLicenseAgreement                : False
RequiresLicenseAgreementAcceptance : False
State                              : NotNeeded
HasSupersededUpdates               : True
IsSuperseded                       : True
IsWsusInfrastructureUpdate         : False
IsEditable                         : False
UpdateSource                       : MicrosoftUpdate

Is this a normal entry? all the expired updates have this double entry in WSUS?

Thanks

Hi All,

Just wondering if someone knows something in regards to the error below and how to resolve the crashing issues im getting with WSUS. Unsure how to go about resolving these in our environment

Error below

The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The request was aborted: The operation has timed out.

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, Int32 publicationState)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, ExtendedPublicationState publicationState)
   at Microsoft.UpdateServices.Internal.BaseApi.Update.SearchUpdates(UpdateScope searchScope, ExtendedPublicationState publicationState, UpdateServer updateServer)
   at Microsoft.UpdateServices.UI.AdminApiAccess.UpdateManager.GetUpdates(ExtendedUpdateScope filter)
   at Microsoft.UpdateServices.UI.AdminApiAccess.BulkUpdatePropertiesCache.GetAndCacheUpdates(ExtendedUpdateScope updateScope, ComputerTargetScope computerTargetScope)
   at Microsoft.UpdateServices.UI.SnapIn.Pages.UpdatesListPage.GetListRows()

Hi, all of our desktops and servers (windows 7, windows 10, server 2008 - 2016) are trying to check for updates causing our internet connection to have no bandwidth.  The entire environment is run from WSUS and are set by GPO.  We have a large VDI and XenApp infrastructure and the windows update service is disabled and turned off. We are seeing these windows OS's trying to check for updates as well, we can tell this by looking at our firewall logs source and destination.  We have tried disabling all updates via reg keys and this also has not stopped the OS from trying to reach out to the internet for updates. 

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
        Key: DisableWindowsUpdateAccess
HKEY_LOCAL_MACHINE\SYSTEM\Internet Communication Management\Internet Communication
        Key: DisableWindowsUpdateAccess
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
        Key: NoAutoUpdate

Wondering if anyone can help?

Thanks

Scott

Hi Guys,

We have 25 Win2016 Server which is failing to install February Month patches.

We have patches that two is reflecting in software center but installation failed with error code " The software change returned error code 0x80004005(-2147467259)".

I have go through the CAS log found below errors as well.

CoCreateInstance for ICcmContentTransferManager9 failed with error 0x80040154
Error: DeleteDirectory:- Failed to delete Directory  with Error 0x00000003.
Error: DeleteDirectory:- Failed to delete Directory C:\Windows\ccmcache\29.BCWork with Error 0x00000002.
DownloadManager.RequestDownload failed
ContentRequest SubmitDownloadRequest failed

Thanks,

Mohanbabu .M

I manage about a dozen WSUS servers for small domains in our company, which are firewalled off from the rest of the corporate network. Due to the size of WSUS patch storage on each WSUS server, I've been asked to consolidate their storage onto a "central" server, which only the WSUS server will have access to (but the clients won't).  The server is on our corporate domain (i.e., not any of the domains the WSUS servers are on), and has plenty of storage.  The domains I manage all have one-way trusts with the corporate domain (not two-way; only corporate->local).  All my WSUS servers are replicas of a master at the corporate level.  Current WSUS servers range from Server 2008 R2 to Server 2016.

We recently replaced one of our WSUS servers (Server 2016), so I'm trying to set it up to use the share on the new server (first time).  I was able to specify the share when running through the initial setup, no problem.  While it says it's says it completed the initial sync successfully and has the UpdateServicesPackage and WsusContent folders on its own, there are 0 files in either of them.

Can someone point me in the right direction?

Thank you for any assistance.

I'm not sure where I'm going wrong here.  I've installed all the 2020-01 updates, installed the SSU, installed the Extended Security Updates (ESU) Licensing Preparation Package, and updated the key all successfully.

I approved the 2020-02 Security Only update in WSUS and yet none of the 2008 R2 servers see it.  If I download and install the package manually, it works fine.  Is there some step on WSUS that I'm missing here?

I have newly installed on WSUS server in my Location. I have configured the below GPO Settings in the AD and Cofigured WSUS as below. I am approving patches manually. Currently i am in testing face for the few machines. Please suggest me how to trouble shoot to  install patches in my workstation. Server its showing below state from past 14 days.



GPO Configuration for the client

Hi there,

I would like to distribute the version 1903 or 1909 on a WSUS that runs on a Server 2019 standard to some clients that are still running Windows 10 1803. (both versions cannot be installed)

The update is beeing seen and offered to the clients, it gets downloaded and as soon as it is to be installed it stops immediately with the error 0x8000ffff.

Server 2019 is on 1809 (OS Build 17763.973)
Windows Update Services has version 10.0.17763.1

What i tried:

Windows Update Troubleshooter.
Read the CBS.log file (no errors found)
Uninstalling the Trend Micro Worry Free Business antivirus software
Install 1909 on a client using the Windows Update Assistant (works)
Disable computer protection
All drivers updated (these are Dell notebooks)
Resetting the wsus using wsustools

I dont know why exactly but there must be an error while downloading the update from the wsus.
Sometimes it slowly goes to about 5% and stops with error 0x80070057
and othertimes it rushes to 100% in 3 seconds and shows error 0x8007005. I also saw the error 0x80244010 a few times.

Hello,

I have a report from WSUS:

Computer Name	Needed	Installed Failed	No Status
vrprdssvr1	17	8507       14			0
fpgisiweb	25	8497	   13			3
vmpwmtmp	21	8505	   12			0
vopairmagnetapp	17	8509	   12			0
sopentsql1	50	8475	   10			3
sopbldbkmobile3	93	8380	    6			59

When I go to the server itself and launch the Windows Updates "Check Updates" nothing is showing they are green Up-to-date.

Even if I try to launch Check Updates from Microsoft online I get few patches but nothing above 5 so far!!!

Why this discrepancy?

Thanks,

Dom

Security / System Center Configuration Manager Current Branch / SQL

Hi,

Try to install the kb4534273 on 2 server 2019 and both failed. Before installing this update we had to install the KB4523204 but this update is replaced by KB4539571 so we did install it on the servers, but still kb4534273 failed.

It looks like the kb4534273 is also replaced by some other updates, and those updates also replaced by other. So which update should we install?

Shahin

hi evryone,

I am looking for a method to test the "WSUS" updates before deployment on all computers, if you have any leads I am interested.

best regards,

AHL

AHL1988

Hi All

Brand fresh new install of W2K19 OS + WSUS.  After syncing (our sync is around 32k updates) and hitting the 'All Updates' > Any Except Declined >  The infamous Reset Node screen and GUI halt message: The request was aborted: The operation has timed out

Here's the error log:

And here's what I've tried:

4 cores + 24GB RAM

Amended IIS as follows:

Make the following "Advanced Settings" for WSUS Application Pool in IIS:   

- Queue Length: 25000 from 1000   

- Limit Interval (minutes): 15 from 5   

- "Service Unavailable" Response: TcpLevel from HttpLevel* (Stop IIS first)

Edit the web.config ( C:\Program Files\Update Services\WebServices\ClientWebService\web.config ) for WSUS:   

Replace <httpRuntime maxRequestLength="4096" /> with <httpRuntime maxRequestLength="204800" executionTimeout="7200"/>

<add key="maxInstalledPrerequisites" value="400"/> change to 800

Adjust the app pool private memory limit  to 4194304 (4GB)

Some also recommend changing pool memory to O i.e no memory limit

Changed from WID to SQL Standard

I'm out of ideas so suggestions more than welcome

Cheers

Lea

Hello I work in place with a secure network no connection to outside. I have a WSUS server ready but I can't connect it to MICROSOFT servers , I wanted to know if there is a way to get updates from another active WSUS server
Manually without connecting their together

thank you 

Mr Nobody.

When I attempt to run the WSUS Server Cleanup Wizard, it hangs on "Unused updates and update revisions" and doesn't do anything. The wizard then disappears and I am taken back to the WSUS Console where I see the following:

Error: Database Error

When I click copy error to clipboard, this is what is copied:

hi evryone,

on my wsus server I have a group of computers for the servers, the number displayed does not exceed 33 while I have more than 33 servers,
if I take a server which does not appear in the list and I do: wuauclt.exe / resetauthorization / detectnow, this server appears but another disappears.
I use a server with an internal "WID" database.

best regards.

AHL

AHL1988

Hi everybody,

First, sorry for my approximative english.

I have 2 servers WSUS, one is connected to internet and get his updates from Windows servers. The second one is in offline network.

The procedure i've applied to update my offline server is :

• Copy folders inside WSUSContent of online server to external disk
• Export metadata with this command : wsusutil.exe export export.xml.gz export.log (first i try a .cab extension, but size is too big)
• Copy folders from external disk inside WSUSContent of offline server
• Import metadata with this command : wsusutil.exe import export.xml.gz import.log

Updates seems to be present, but this message is present on the offline server : "0,00 Mo download on 379 888,82Mo".

I supposed the offline server doesn't know the updates are already present.

Precisions :

• Windows 2012 R2
• Online update services version : 6.3.9600.16384
• Offline update services version : 6.3.9600.16384
• All updates are approved on the each servers
• Clients doesn't see any updates avalaible. But in its log there are : "Found 0 updates and 75 categories in search; evaluated appl. rules of 1006 out of 2017 deployed entities" and "Reporting status event with 211 installable, 103 installed, 0 installed pending, 0 failed and 0 downloaded updates"

Then, I think the last thing is to say to the offline server : your updates are already here !

If you need more informations tell me.

Thank you in advance for your help

Dear All,

Since I've installed the new WSUS Server on Windows 2019 Server, I have an issue with installting automatically 1 update (Servicing stack update for Windows 8.1 for x64-based Systems) on all Windows 8.1 computers.

Indeed All other updates are downloaded and installed automatically following my GPO.

I can see that the specific update has been downloaded on computers but even if  I click to Start Menu --> update and restart the computer, it doesn't work.

The only way to install that update, is to open Control Panel\All Control Panel Items\Windows Update and click to install the uptdate.

I don't understand why the GPO below cannot force the installation of that specific update while for all other updates, there is no problem ?

Can you please help me ?

Thank you and Regards,

William

I keep seeing references to WSus 4 and Wsus 2012, yet I cant find any download for them. is there such a thing?

Alan Mosley - ThatsIT Solutions

Downstream server unable to synchronize from upstream server. When we checked event id it is showing 10022 "The last catalog synchronization attempt was unsuccessful."

Below is the error we got :

SqlException: Cannot insert the value NULL into column 'UpdateType', table 'SUSDB.dbo.tbDeployment'; column does not allow nulls. INSERT fails.
The statement has been terminated.
at Microsoft.UpdateServices.DatabaseAccess.DBConnection.DrainObsoleteConnections(SqlException e)
   at Microsoft.UpdateServices.DatabaseAccess.DBConnection.ExecuteCommandNoResult()
   at Microsoft.UpdateServices.Internal.DataAccess.HideUpdatesForReplicaSync(String xmlHiddenUpdateIds, String xmlAllUpdatesIds)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ProcessHiddenUpdates(Guid[] hiddenUpdates, UpdateIdentity[] allUpdates)

   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ReplicaSync()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

I have tried database reindexing also, still persisting the same issue. 

Thanks,

Narayan. N