Troubleshooting WSUS 3.0 SP2 on Windows Server
Troubleshooting WSUS 3.0 SP2 on Windows Server – In the post we will see steps to troubleshoot WSUS 3.0 SP2 related issues. We will see the most common issues related to WSUS 3.0 SP2 and their resolution. In the previous posts we have seen Installation, Configuration, Managing the WSUS 3.0 SP2. Before we start troubleshooting WSUS issues, lets take a look at some of the log files created by WSUS server.
WSUS Log Files -WSUS setup creates the following four log files that can help you diagnose problems with setup. These log files are located in the %temp% folder of the user who installed the WSUS software.
- WSUSSetup.log: The status of each of the component installations that are performed during WSUS setup is logged to this file. You can check this log to see whether any component installation failed. If you see a failure, check the corresponding log to see what went wrong during the installation of that component.
- WSUSSetupMsi_timestamp.log: This log file is generated by MSI for WSUS component setup. Before it invokes custom or standard actions, Windows Installer logs that information to this file. The return values from the custom actions are also logged in this file.
- WSUSCa_timestamp.log: This log file is used by custom actions. Errors that occurred while executing any custom actions in WSUS component or BITS setup are logged in this file.
- WSUSWyukonSetup_timestamp.log: This is the log file for Windows Internal Database setup. All Windows Internal Database installation and uninstallation information is logged in this file.
Apart from these log files, there are 2 more log files that are really important. These log files are located in WSUSInstallationdriveLogFiles.
Change.log – When any change or modification is done to the WSUS server, the changes are logged in this file. It also provides information about the WSUS server database information that has changed.
SoftwareDistribution.log – Provides information about the software updates that are synchronized from the configured update source to the WSUS server database.
Important Note – Microsoft has released an update KB2734608 for WSUS 3.0 SP2. This update lets servers that are running Windows Server Update Services (WSUS) 3.0 SP2 provide updates to computers that are running Windows 8 or Windows Server 2012.
This update fixes the following issues:
- Installation of update 2720211 may fail if Service Pack 2 was previously uninstalled and then reinstalled.
- After you install update 2720211, health monitoring may fail if the WSUS server is configured to use SSL.
 Common issues related to WSUS 3.0 Sp2 and troubleshooting :
1) WSUS Client Computers are not installing Updates – If the WSUS client computers are not installing updates, then check the DCOM configuration. On the client machine, click on Start, Run, type “dcomcnfg” (without quotes), Component Services window will appear. In the left pane under Console Root, expand Component Services, expand Compoters, right-click My Computer, and then click Properties. Click the Default Properties tab. Make sure that EnableDistributed COM on this computer is selected and Default Impersonation Level is set to Identify.
2) Client Computers Not reporting to WSUS Server :- If you have configured client computers for a particular WSUS server, but they have not reported over a period of days, use the following procedures to isolate and repair the problem
First check the connectivity between the client computer and WSUS server. You can use the ping utility to check connectivity.
Contact the WSUS HTTP server by providing the servername:port number. open the Internet Explorer and type http://wsusservername:portnumber. You must see the IIS version on the page.
Verify the existence of the self-update tree. In an Internet Explorer address bar, type: http://WSUSServerName/selfupdate/wuident.cab. If the WSUS server is functioning properly, you should see a File Download window that asks you whether to open or save the file.
Troubleshoot the Automatic Update client – On the client computer, run the command prompt as administrator, type the following registry query – reg query HKLMSOFTWAREPoliciesMicrosoftWindowsWindowsUpdate.
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate
WUServer   REG_SZ http://WSUSServerName
WUStatusServer     REG_SZ http://WSUSServerName
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU
If you don’t find the above output or if the query returns the error, “The system was unable to find the specified registry key or value,” Automatic Update has not been configured on this computer.
Resetting the Automatic Update client :- You can try resetting the automatic update client on the client machine. Open the command prompt on the client machine, type the command – wuauclt.exe /resetauthorization /detectnow. Wait for 10 minutes for detection cycle to complete.
Issues related to BITS – Background Intelligent Transfer Service (BITS) is the service that is used by WSUS to download updates from Microsoft Update to the main WSUS server, and from WSUS servers to their client computers. BITS also supports the transfer of files between peer computers in a domain.
To check whether BITS is running, on the WSUS machine open the command prompt and type the command SC QUERY BITS (can be in lowercase also). We see in the output that BITS is running.
If the BITS Service is not running, then the output should look like this. Note that the STATE is STOPPED.
You can start or stop the BITS using the commands “SC START BITS” or “SC STOP BITS“.
I have several servers that after patching say they need 1 patch. When looking at the computers report the summary for the same server says that no patches are missing. I am trying to troubleshoot how to make the console match the report as I do think all patches are applied.
I cannot attach a screenshot to this comment but you can clearly see the console saying 1 update is needed and the report saying that 0 updates are needed.
Hi Prajwal,
I have a server that keeps failing on the post-install tasks but I cannot find any of the setup log files anywhere. I’ve actually looked on other healthy WSUS servers and I can’t even find the log files there either. Any clue why or where they might be hiding. And yes I’ve looked into the %temp% folders.
Thanks
Hi Prajwal,
I am running WSUS Env with single server node, version 3.2.7600.251 without SSL mode. lately i notice below synchronization errors.
WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at Microsoft.UpdateServices.Serve
–> After doing google i found following things should be checked & no luck.
1) Update latest Microsoft Trusted Root Certificate Program Updates. which i downloaded and updated #Feb19 from — https://social.technet.microsoft.com/wiki/contents/articles/31680.microsoft-trusted-root-certificate-program-updates.aspx#Feb19
2) Tested and Verified using proxy based test but no luck.
3) Their is enough space for WSUS database on the system.
4) Domain policy is working fine/No network issue been observed.
5) WSUS logs are clean.
6) As i said we are not using SSL mode on WSUS, so why WSUS complaining about Remote configuration failed on WSUS Server.
7) Has microsoft changed anything in recent past on WSUS because wsus is unable to do sync from last 2 month,
It will be great if you have any suggestions.
Thank You.
If you uninstall WSUS remember to uninstall ‘Remote Server Administration Tools -> Role Administration Tools -> Windows Server Update Services Tools
hi,
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.
System.Threading.ThreadAbortException — Thread was being aborted.
Source
System
Stack Trace:
at System.Net.UnsafeNclNativeMethods.OSSOCK.recv(IntPtr socketHandle, Byte* pinnedBuffer, Int32 len, SocketFlags socketFlags)
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags, SocketError& errorCode)
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
at System.Net.ConnectStream.ProcessWriteCallDone(ConnectionReturnResult returnResult)
at System.Net.ConnectStream.CallDone(ConnectionReturnResult returnResult)
at System.Net.ConnectStream.ResubmitWrite(ConnectStream oldStream, Boolean suppressWrite)
at System.Net.HttpWebRequest.EndWriteHeaders_Part2()
at System.Net.HttpWebRequest.EndWriteHeaders(Boolean async)
at System.Net.HttpWebRequest.WriteHeadersCallback(WebExceptionStatus errorStatus, ConnectStream stream, Boolean async)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
at System.Net.HttpWebRequest.EndSubmitRequest()
at System.Net.Connection.SubmitRequest(HttpWebRequest request, Boolean forcedsubmit)
at System.Net.ServicePoint.SubmitRequest(HttpWebRequest request, String connName)
at System.Net.HttpWebRequest.SubmitRequest(ServicePoint servicePoint)
at System.Net.HttpWebRequest.GetResponse()
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPGetUpdateServerStatus(Int32 updateSources, Boolean includeDownstreamComputers, String updateScopeXml, String computerTargetScopeXml, String preferredCulture, Int32 publicationState, Int32 propertiesToGet)
at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetUpdateServerStatus(UpdateSources updateSources, Boolean includeDownstreamComputers, String updateScopeXml, String computerTargetScopeXml, String preferredCulture, ExtendedPublicationState publicationState, UpdateServerStatusPropertiesToGet propertiesToGet)
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetStatus(UpdateSources updateSources, Boolean includeDownstreamComputers, UpdateScope updatesToInclude, ComputerTargetScope computersToInclude, UpdateServerStatusPropertiesToGet propertiesToGet)
at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetReplicaStatus(UpdateSources updateSources)
at Microsoft.UpdateServices.UI.AdminApiAccess.CachedObject.RefreshCache()
at Microsoft.UpdateServices.UI.AdminApiAccess.CachedObject.GetFromCache()
at Microsoft.UpdateServices.UI.SnapIn.Pages.ServerSummaryPage.backgroundWorker_DoWork(Object sender, DoWorkEventArgs e)
Hi Prajwal,
How to find WSUSSetup.log, and related logs.
Thanks
Hi ,
I Have Uninstalled Wsus Role from Server 2008 r2 but Not Tick in UpdateServicesPackages and After Uninstall it I have Many Try with Internal Database and Sql Express for Installation but not Luck. Error Is Below Mention and Attached.
Unable to install WSUS 3.0 sp2 on Server 2008 r2 . Error Code is 80070643.
Please Help me.
Thanks
Did you run the gpupdate /force on the client computer manually and verified ?.
Thanks for the reply, can you plz share your personal email id
My servers keeps disappearing in the MMC tree it self. I can add them back, but when I exit the console and open it back up, only half of the servers are there. Any suggestions?
Hi Prajwal, Group Policy has not applying in client side computer
Issue has been resolved. WSUS server build was not updated.
Great.. But you had told me you had installed WSUS sp2 3.0 hotfix ?
I have follwed this link https://www.prajwaldesai.com/troubleshooting-wsus-3-0-sp2-on-windows-server/
but still no luck