Cannot check for updates - WSUS

I had given up on this on another thread, but decided to post again because I've gathered a bit more information now and hopefully someone can point me in the right direction.

I have a Windows SBS 2008 server that recently had WSUS 3.0 SP1 reinstalled.  I created the GPO's per Microsoft's instructions, created the computer groups, etc. and the Updates section of the SBS Console is a pretty green color.  That said, it's not working still.  When I open WSUS to approve updates or look at updates/computers, there are no computers listed in the groups - zero.  When I try to update (for example, on the server) I get the error "8024400E" and it says it cannot check for updates.  There is little to no help online for this error.

I did some more digging and found the error in the windowsupdate.log.  Also, I ran Microsoft's Client Diagnostic tool, which failed.  I've attached the latest portion of the log file, and a screenshot of the ClientDiag.exe tool.

I'm assuming if I can fix it for the server, I can fix it for the other clients as well.  Any help would be fantastic.

Note:  The server name of "fox1", local domain is "foxbc", and the WSUS is set to run on port 8530.
client-diag-result.jpg
updates-errors.txt
mborlandAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ConchCrawlCommented:
Since you don't have SP2 you should start  by updating WSUS to that.
Hope this helps
0
mborlandAuthor Commented:
Unfortunately, SP2 didn't seem to help any.  I know that SP2 broke some things on some other SBS servers of mine so I was hesitant to try it originally, but it doesn't appear to fix anything, or break anything further.  I went ahead and tried reinstalling from SP1 again, but to no avail - it still acts as if everything is working properly, but none of the clients can get to it and it doesn't list computers in the "All Computers" or any of the computer groups.

I'll look into the other two links that dstewartjr posted, but I think I've looked at those both before and didn't make any progress.

Any other ideas?  I feel there has to be an indication in the log file I posted, but I think it takes a certain level of understanding WSUS and its methods to interpret it - an understanding I obviously do not have.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

DonNetwork AdministratorCommented:
Let's Check for selfupdate virtual directory on port 80<<< this is even though you are installed on 8530
 
 http://technet.microsoft.com/en-us/library/cc708554(WS.10).aspx
Check for the selfupdate tree on the WSUS server
WSUS uses IIS to automatically update most client computers to the WSUS-compatible Automatic Updates. To accomplish this, WSUS Setup creates a virtual directory named Selfupdate, under the Web site running on port 80 of the computer where you install WSUS. This virtual directory, called the self-update tree, holds the latest WSUS client. For this reason, you must have a Web site running on port 80, even if you put the WSUS Web site on a custom port. The Web site on port 80 does not have to be dedicated to WSUS. In fact, WSUS only uses the site on port 80 to host the self-update tree
 
Running the command:
C:\Program Files\Update Services\setup\installselfupdateonport80.vbs
 
will create this directory for you.
 
 
0
mborlandAuthor Commented:
I ran the script and it says it completed successfully.  The SelfUpdate directory is showing up under the Default Web Site - it has anonymous authentication enabled, SSL is not required...

I confirmed that I am prompted to open/save a file when I go to http://servername/iuident.cab as well as http://servername/selfupdate/au/OS/language/wuaucomp.cab.

Still getting the same error when I run windows update, and no computers in the listings of WSUS.
0
DonNetwork AdministratorCommented:
Lets get a clean windowsupdate.log to look at. Run the .bat below giving it a few minutes for the log to repopulate and post that here.
 
Do this on a client machine and post the windowsupdate.log
 

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv 
%Windir%\system32\net.exe stop cryptsvc

del %WINDIR%\WindowsUpdate.log /S /Q  



reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f


rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 


sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)


sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

wuauclt /resetauthorization /detectnow
wuauclt /reportnow

exit /B 0 

Open in new window

0
mborlandAuthor Commented:
Unfortunately, I don't have access to a client PC during their business hours - I'll run this tonight and get back to you.  Thanks for the guidance!
0
ConchCrawlCommented:
I still will say my original comments on the other post were still accurate, you would've been done by now :-).
0
DonNetwork AdministratorCommented:
This wont hurt to give a try also, run the "Fix it for me"  here
 
http://support.microsoft.com/kb/971058 
0
mborlandAuthor Commented:
I ended up rebuilding the server and going with a fresh installation of SBS 2008.  Ended my misery.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.