WSUS 3.0 not adding client computers

Was it a fresh WSUS 3 installation on that server, or an upgrade from 2.0?

is there anything else on that machine that uses IIS (port 80)?

It was a fresh install.  We were using 2,0 on another machine but put 3.0 on a new server as a clean install. And then when it wasn't working I reinstalled it.

Nothing else on the machine uses IIS (port 80) .

Hi there Gavin,

The good news is that because it was a new install (and not an upgrade) .. life is slightly easier, but unfortunately still not that easy.

WSUS 3.0's installation process gets a bit funky sometimes and it sounds to me like the setup process has failed to add the correct permissions in order of WSUS to be running.

There are two avenues of progress.

Option #1
------------

If, on the server in question, you can see in the SECURITY event log a failure audit of type Logon/Logoff (Event ID 534) for the 'System' user.. (If you have a lot of events in your security log then filter them for failures only) .. then you need to make sure the NETWORK SERVICE account has the rights to "log on as a service" in the comptuer's Local Security Policy.

In Administrative Tools, open "Local Security Policy"
Go to Local Policies > User Rights Assignment > Log on as a service
Double-click "Log on as a service" to open its properties

Look to see if 'NETWORK SERVICE' is listed in there. If it is, then this method won't fix your problem, so read down to option #2. If it's not in there, click "Add User or Group" and then type Network Service. Also, add in 'ASPNET' if it isn't in there as well.

Now, still under "User Rights Assignment" .. look for the option, "Replace a process level token". Make sure that NETWORK SERVICE is under there as well.

Reboot the server, and WSUS should start to work. After you've rebooted, go back to the "Log on as a service" and "Replace a process token" above, and verify that NETWORK SERVICE is still in there.


Option #2
------------

Uninstall and re-install WSUS :-) .. however, there's a catch.

If you installed SQL Server and then installed WSUS to point at that SQL server, you should be ok. However, if when you installed WSUS, you selected to let WSUS install it's own SQL (Express/Internal) database, then when you remove WSUS 3.0, it tends to leave traces of the SQL application lying around that stuff up the reinstallation of the same SQL application.

You will then need to refer to "Uninstalling WSUS 3.0 does not uninstall the database instance" from the WSUS 3.0 release notes here:
http://technet2.microsoft.com/windowsserver/en/library/94d1385f-4872-4c29-8822-3a4ec5e45ae41033.mspx?mfr=true

Then, after you've sorted this, you can try re-installing WSUS.

This last part is the process I ended up having to do, and it's a real pain, but upon re-installation, I got WSUS 3.0 up a running.


There is I suppose .. a third option ..

Option #3
------------

You could just nail the server and start with a fresh O/S and try installing again. Then you wouldn't have to mess around with cleaning up the WSUS 3.0 installer's leftover residue.

Or try installing it to a different server that is clean from the dirt of WSUS.



You've got some choices. Option #1 is the easiest if it works for you. If not, Option #3 is the best for ease of life. Option #2 is the long road, but it works (Well it worked for me).

Good luck with it.

Right, after all that, I'm having a well-earned cup of tea.

Don't turn the kettle on just yet!

Option 1 - N/A no 534 error codes

Option 3 - Not possible, our WSUS server will also be our print server and all the print side is set up and working fine.

So I ran with Option 2.  I deleted the internal database and the default .mdf and .ldf files as suggested. Reinstalled WSUS 3 but still have these same error events, which I guess will stop clients from getting their updates.

Back to the drawing board...

since the error messages seem realted to IIS, i think the one thing that may have been missed here is uninstalling/reinstalling IIS.  I would remove WSUS, remove sql, then remove iis (in add/remove programs, add/remove windows components, click on application server, details, uncheck iis) next, finish.  then reinstall iis and then reinstall wsus and sql.  maybe that will resolve?

I wonder if the WSUS site (and application pool?) in IIS are running as NETWORK SERVICE ?

( What I mean is, I think they should be. )

OK, I'll try that later today.

Hi Again

Finally managed to get back to this!

Uninstalled WSUS. Uninstalled the internal database and manually removed the remaining files.  Uninstalled IIS. Rebooted, just for the hell of it!

Reinstalled IIS.  Reinstalled WSUS. Went through the wizard and ran an overnight synchronisation.

Today, exactly the same problem!  We have other apps on this server so a clean install is not an option. But this server has plenty of space so is ideal for WSUS.

Any more ideas?

have you read through the release notes? there are know issues and incompatibilitys...such as running it on a terminal server and an issue with a corrupted download cache...you might find something

http://technet2.microsoft.com/windowsserver/en/library/94d1385f-4872-4c29-8822-3a4ec5e45ae41033.mspx?mfr=true

you said there are other apps running on the server---what might those be?  

if you can't get wsus running with those other apps, you might think about virtualization on this server.  install wsus on a virtual server on this server.  

also, i would check the iis logs and see if anything is going on there..

the logs for wsus on my sus server are in this path:

C:\WINDOWS\system32\LogFiles\W3SVC1 the log files are named by yymmdd format

open iss mgr---expand default web site, are those web services (dssauth,etc) list in your original post listed?  

also do a netstat -a from a cmd prompt.  do you http listed as a port that the computer is listening on?  you may want to stop wsus services and see if something else is listening on port 80