Solved

1 Server not receiving updates from WSUS

Posted on 2009-04-08
6
2,472 Views
Last Modified: 2013-11-21
Hello EE,

We have 1 server that is not reporting to our WSUS server.  1 machone out 194 total in WSUS.  I have done my due diligence to find a solution, but everything I have come across points to a global issue where no client are reporting.  That is not the case here are we only have 1 out 194 that is not reporting.  I am not sure if it is related or not but I only noticed the problem after deploying Microsoft Forefront to the server.  It may have been happening all along and I am jus now noticing it.  I ran the WSUS Client Diagnotic Tool and have posted the results.  Any Ideas?
WSUS Client Diagnostics Tool
 

Checking Machine State

        Checking for admin rights to run tool . . . . . . . . . PASS

        Automatic Updates Service is running. . . . . . . . . . PASS

        Background Intelligent Transfer Service is not running. PASS

        Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS

                This version is WSUS 2.0
 

Checking AU Settings

        AU Option is 4: Scheduled Install . . . . . . . . . . . PASS

                Option is from Policy settings
 

Checking Proxy Configuration

        Checking for winhttp local machine Proxy settings . . . PASS

                Winhttp local machine access type

                        <Direct Connection>

                Winhttp local machine Proxy. . . . . . . . . .  NONE

                Winhttp local machine ProxyBypass. . . . . . .  NONE

        Checking User IE Proxy settings . . . . . . . . . . . . PASS

                User IE Proxy. . . . . . . . . . . . . . . . .  NONE

                User IE ProxyByPass. . . . . . . . . . . . . .  NONE

                User IE AutoConfig URL Proxy . . . . . . . . .  NONE

                User IE AutoDetect

                AutoDetect not in use
 

Checking Connection to WSUS/SUS Server

                WUServer = http://Neo:8530

                WUStatusServer = http://Neo:8530

        UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS

        Connection to server. . . . . . . . . . . . . . . . . . PASS
 

WinHttpDownloadFileToMemory(szURLDest, NULL, 0, NULL, NULL, NULL, &downloadBuffe

r) failed with hr=0x80190194
 

No Error description could be found
 

Press Enter to Complete
 

WindowsUpdate.log (just a snippet as the rest of the entries are rather redundant)

2009-04-08	11:05:20:761	1676	d48	AU	#############

2009-04-08	11:05:20:761	1676	d48	AU	AU setting next detection timeout to 2009-04-08 19:33:27

2009-04-08	11:05:20:761	1676	d48	AU	Setting AU scheduled install time to 2009-04-09 08:00:00

2009-04-08	11:05:25:761	1676	e0c	Report	REPORT EVENT: {6F320B50-CD22-4F5C-AB7E-04F187D6B129}	2009-04-08 11:05:20:761-0500	1	148	101	{00000000-0000-0000-0000-000000000000}	0	8024400e	AutomaticUpdates	Failure	Software Synchronization	Windows Update Client failed to detect with error 0x8024400e.

2009-04-08	11:05:29:589	1676	e0c	Report	Uploading 1 events using cached cookie, reporting URL = http://Neo:8530/ReportingWebService/ReportingWebService.asmx

2009-04-08	11:05:29:589	1676	e0c	Report	Reporter successfully uploaded 1 events.

2009-04-08	11:10:16:828	1676	cb0	AU	AU received policy change subscription event

2009-04-08	11:11:07:547	2804	2d8	Misc	===========  Logging initialized (build: 7.2.6001.788, tz: -0500)  ===========

2009-04-08	11:11:07:547	2804	2d8	Misc	  = Process: C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe

2009-04-08	11:11:07:547	2804	2d8	Misc	  = Module: C:\WINDOWS\system32\wuapi.dll

2009-04-08	11:11:07:547	2804	2d8	COMAPI	-------------

2009-04-08	11:11:07:547	2804	2d8	COMAPI	-- START --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]

2009-04-08	11:11:07:547	2804	2d8	COMAPI	---------

2009-04-08	11:11:07:563	1676	e0c	Agent	*************

2009-04-08	11:11:07:563	1676	e0c	Agent	** START **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]

2009-04-08	11:11:07:563	1676	e0c	Agent	*********

2009-04-08	11:11:07:563	1676	e0c	Agent	  * Online = Yes; Ignore download priority = No

2009-04-08	11:11:07:563	1676	e0c	Agent	  * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '0a487050-8b0f-4f81-b401-be4ceacd61cd') or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486')"

2009-04-08	11:11:07:563	1676	e0c	Agent	  * ServiceID = {00000000-0000-0000-0000-000000000000}

2009-04-08	11:11:07:563	1676	e0c	Agent	  * Search Scope = {Machine}

2009-04-08	11:11:07:563	2804	2d8	COMAPI	<<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]

2009-04-08	11:11:08:000	1676	e0c	PT	WARNING: StartCategoryScan failed : 0x80240436

2009-04-08	11:11:08:000	1676	e0c	Agent	WARNING: Server does not support CatScan. Falling back to full catalog sync...

2009-04-08	11:11:08:000	1676	e0c	Agent	Server changed and need resyncing with server

2009-04-08	11:11:08:344	1676	e0c	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++

2009-04-08	11:11:08:344	1676	e0c	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://Neo:8530/ClientWebService/client.asmx

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING: SyncUpdates failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING: SOAP Fault: 0x000190

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING:     faultstring:Fault occurred

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING:     ErrorCode:InternalServerError(5)

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING:     Message:(null)

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING:     Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING:     ID:e32b834d-5f97-4658-95c7-a7dff154ac95

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING: PTError: 0x8024400e

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING: SyncUpdates_WithRecovery failed.: 0x8024400e

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING: Sync of Updates: 0x8024400e

2009-04-08	11:11:08:734	1676	e0c	PT	WARNING: SyncServerUpdatesInternal failed: 0x8024400e

2009-04-08	11:11:08:734	1676	e0c	Agent	  * WARNING: Failed to synchronize, error = 0x8024400E

2009-04-08	11:11:08:734	1676	e0c	Agent	  * WARNING: Exit code = 0x8024400E

2009-04-08	11:11:08:734	1676	e0c	Agent	*********

2009-04-08	11:11:08:734	1676	e0c	Agent	**  END  **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]

2009-04-08	11:11:08:734	1676	e0c	Agent	*************

2009-04-08	11:11:08:734	1676	e0c	Agent	WARNING: WU client failed Searching for update with error 0x8024400e

2009-04-08	11:11:08:750	2804	d88	COMAPI	>>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]

2009-04-08	11:11:08:750	2804	d88	COMAPI	  - Updates found = 0

2009-04-08	11:11:08:750	2804	d88	COMAPI	  - WARNING: Exit code = 0x00000000, Result code = 0x8024400E

2009-04-08	11:11:08:750	2804	d88	COMAPI	---------

2009-04-08	11:11:08:750	2804	d88	COMAPI	--  END  --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]

2009-04-08	11:11:08:750	2804	d88	COMAPI	-------------

2009-04-08	11:11:08:750	2804	ccc	COMAPI	WARNING: Operation failed due to earlier error, hr=8024400E

2009-04-08	11:11:08:750	2804	ccc	COMAPI	FATAL: Unable to complete asynchronous search. (hr=8024400E)

2009-04-08	11:11:13:735	1676	e0c	Report	REPORT EVENT: {1DF12AD1-29BC-4582-9217-2FB491C9675E}	2009-04-08 11:11:08:734-0500	1	148	101	{00000000-0000-0000-0000-000000000000}	0	8024400e	Microsoft Forefront Client Secu	Failure	Software Synchronization	Windows Update Client failed to detect with error 0x8024400e.

2009-04-08	11:15:24:816	1676	e0c	Report	Uploading 1 events using cached cookie, reporting URL = http://Neo:8530/ReportingWebService/ReportingWebService.asmx

2009-04-08	11:15:24:816	1676	e0c	Report	Reporter successfully uploaded 1 events.

Open in new window

0
Comment
Question by:CityofKerrville
6 Comments
 
LVL 17

Accepted Solution

by:
Nik earned 500 total points
Comment Utility
Here's what I've found..

I fought with the same error, then gave up & emailed MS.
NOTE: the workaround below didn't work at first because the problem update was expired. However, I ran through the steps a couple of times & then manually resynchronized the WSUS server. After that, clients started synchronizing correctly.

Here's their workaround from the MS tech:

Thank you for the log. The error you see repeated in the log, 0x8024400E, is consistent with an issue that has been appearing recently. I've posted some root cause information and steps to resolve below. Please review the information and apply the workaround. This is a new problem, so a KB article has not yet been released.

<snip>

" Root Cause:
A recent revision to the 'Office 2003 Service Pack 1' update has resulted in some WSUS 3.0 servers syncing that revision to enter an inconsistent state with respect to the update's approvals. When computers with products related to Office 2003 talk to such a server, the web service is unable to process the approvals resulting in the detection failure.

Workaround:
In order to reset the approvals to a consistent state on the WSUS server, follow these steps from the WSUS Administration Console
1. Find the 'Office 2003 Service Pack 1' update in the updates list. This may involve changing the Approval and Status filters in the update UI (set the Status to "Any" and the Approval to "Declined" - if you don't see it then set the Approval to "Any except Declined"
2. Perform the following steps:
a. First make sure the update is declined.
i. If the update is not yet declined, right click on the update and decline it.
b. Next, approve the update.
i. Right click on the update and select the 'Approve...' option in the context menu.
ii. In the 'Approve Updates' dialog that opens, just click 'OK'. Dismiss the 'Approval Progress' dialog that appears.
c. Next, decline the update.
i. Right click on the update and select the 'Approve...' option in the context menu.
ii. In the 'Approve Updates' dialog that opens, just click 'OK'. Dismiss the 'Approval Progress' dialog that appears.

The computers that were failing detection will now successfully complete detection against the server and receive any applicable updates.

Note: If you have a hierarchy of WSUS servers, these steps must be performed on each server, starting with the top-level server. If one of the servers is a replica child, one must first change it to be autonomous, then perform the steps above, then change it back to being a replica. This can be done from the Options/Update Source and Proxy Server Dialog."
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Run gpresult on this server to make sure the GPO that sets the Windows Update parameters is loaded on this server.

Run wuauclt /detectnow on this server and look at the c:\windows\windowsupdatelog.log to see whether it was trying to connect and to where it is trying to connect.
Can this system get to the WSUS server, tracert wsusserver.
Does this server in a different OU than the other working ones?
Are there different GPO's applied to this system that are not applied to others?

Etc.
0
 

Author Comment

by:CityofKerrville
Comment Utility
Can this system get to the WSUS server, tracert wsusserver?
Yes.  Lines 27-30 of the Client Diagnostic Tool outpout shown above demonstrates a good connection to WSUS server.
Does this server in a different OU than the other working ones?
No, it is in the same OU and on the same subnet
Are there different GPO's applied to this system that are not applied to others?
No, all GPO are identical to server that are reporting properly.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
You may have a corruption, Remote into the server, use IE and go to windows update and see what it tells you.

See if the following helps deals with Office 2003 SP1 patch.
Does the system in question have Office 2003?
http://www.wsus.info/forums/index.php?showtopic=11876
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
0
 

Author Closing Comment

by:CityofKerrville
Comment Utility
Perfect
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now