We help IT Professionals succeed at work.

WSUS 3.0 SP1: Computers not reporting status, not recieving updates.

Last Modified: 2011-10-19
I have WSUS 3.0 SP1.
My computers have not reported status for ages.
I can't remember when it stopped working, possibly when Sharepoint was installed, Sharepoint has now been removed.
Server also has Symantec Endpoint Protection Manager on it.

IIS Settings:
WSUS Administraton is on port 8530
Self Update is also in Default Website on port 80.

See attached output from ClientDiag.exe and WindowsUpdate.log.


Watch Question

I hate to say, but Symantec Endpoint Protection Manager is truly one of the worse pieces of software I have come across.  I thought their previous offerings were bad (I see Symantec software screw up more systems than it protects), but I couldn't believe the overhead it took when installed on a server.

You haven't attached the output, which would be useful.  Clients not connecting are usually a configuration issue or firewall issue.  Having said this, if you installed and uninstalled Sharepoint into the same website, this may have had an effect also.

The logs would be useful to see what errors are being reported.

Symantec Endpoint Protection, I think blocks port 8530.


Some don't have it installed, others have only antivirus and antispyware installed.
The log file shows that the client attempts to connect to this URL:


However, the server returns a 404 error.  This is most likely the cause of the problem.  Can you check if this file exists on the server?

I agree with purplepomegranite here: It looks like your clients are going to the wrong site for their updates. Do you have group policy set up to point your clients to your WSUS server.

The GPO should look like this:

Also, it looks like your clients are rejecting cookies. Are your clients set up to accept any cookies? I have seen this as a problem before, as odd as it may seem.


Computers started reporting in last week.

In the GPO.

http://alpaca Didn't work
http://alpaca:8530 Didn't work
http://alpaca.mydomain.int Didn't work

http://alpaca.mydomain.int:8530 Worked.

Some seem to be downloading updates others are not.
Not one computer is without errors.

In WSUS manager.
Bison Reports: 18 updates needed, see attached log.
AyeAye Reports  5 updates needed, see attached log.
Bear reports 20 needed 1 failed, update fails to install each shutdown. see log.

First off, let's get a feel for how it was set up. About 90% of all WSUS problems are a result of some simple thing, overlooked.

Top 90% of all WSUS problems:
What port do you have WSUS on? Port 80 (default) or port 8530 an alternative port?
What software firewalls do you have on the servers and clients, if any at all? (Example: ISA)
You didn't set up your GPO on the COMPUTERS group in active directory, did you?
Did you upgrade to Netframework 2.0 or later and MMC console 3.0?
Have you synchronized your server with another server and have updates waiting for the clients?

1) Cookie rejection and Internet Explorer Enhanced Security.

You can test these to by going into internet explorer properties and enabling cookies and adding the UNC path as a trusted site.
2) Problems with imaged or cloned clients:
Are your clients imaged clients or cloned clients. WSUS has a problem with imaged clients because of the identical SIDs.
3) Firewall and AV products knock down WSUS:
4) Problems with the web proxy: (This only applies is a web proxy is used.)
5) problems with the NIC
I have been working with another post where only a couple clients showed up. When running a WSUS client diagnostic tool, they came up with the 503 error on the client (overloaded NIC). The WSUS client diag tool will show a line in the text that says something like:

VerifyWUServerURL() failed with hr=0x801901f7

The proposed fix to this is:
"Check your registry (on the client machine) for a Binary value in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet
Settings\Connections that is called WinHttpSettings. If it exists,
delete it."

and I found that fix on this site:
6) For those who checked in but are not getting updates, the updates need to be approved:
7) did you reindex the database: (This one is tricky. Request for help if you need it because the technet article is wrong. the correct answer is the accepted answer.)

This one is on us!
(Get your first solution completely free - no credit card required)
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.