[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Cannot check for updates - WSUS

Posted on 2010-04-06
12
Medium Priority
?
2,028 Views
Last Modified: 2012-05-09
I had given up on this on another thread, but decided to post again because I've gathered a bit more information now and hopefully someone can point me in the right direction.

I have a Windows SBS 2008 server that recently had WSUS 3.0 SP1 reinstalled.  I created the GPO's per Microsoft's instructions, created the computer groups, etc. and the Updates section of the SBS Console is a pretty green color.  That said, it's not working still.  When I open WSUS to approve updates or look at updates/computers, there are no computers listed in the groups - zero.  When I try to update (for example, on the server) I get the error "8024400E" and it says it cannot check for updates.  There is little to no help online for this error.

I did some more digging and found the error in the windowsupdate.log.  Also, I ran Microsoft's Client Diagnostic tool, which failed.  I've attached the latest portion of the log file, and a screenshot of the ClientDiag.exe tool.

I'm assuming if I can fix it for the server, I can fix it for the other clients as well.  Any help would be fantastic.

Note:  The server name of "fox1", local domain is "foxbc", and the WSUS is set to run on port 8530.
client-diag-result.jpg
updates-errors.txt
0
Comment
Question by:mborland
  • 4
  • 4
  • 2
10 Comments
 
LVL 9

Expert Comment

by:ConchCrawl
ID: 29967291
Since you don't have SP2 you should start  by updating WSUS to that.
Hope this helps
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 29968242
0
 

Author Comment

by:mborland
ID: 30016328
Unfortunately, SP2 didn't seem to help any.  I know that SP2 broke some things on some other SBS servers of mine so I was hesitant to try it originally, but it doesn't appear to fix anything, or break anything further.  I went ahead and tried reinstalling from SP1 again, but to no avail - it still acts as if everything is working properly, but none of the clients can get to it and it doesn't list computers in the "All Computers" or any of the computer groups.

I'll look into the other two links that dstewartjr posted, but I think I've looked at those both before and didn't make any progress.

Any other ideas?  I feel there has to be an indication in the log file I posted, but I think it takes a certain level of understanding WSUS and its methods to interpret it - an understanding I obviously do not have.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 47

Expert Comment

by:Donald Stewart
ID: 30024710
Let's Check for selfupdate virtual directory on port 80<<< this is even though you are installed on 8530
 
 http://technet.microsoft.com/en-us/library/cc708554(WS.10).aspx
Check for the selfupdate tree on the WSUS server
WSUS uses IIS to automatically update most client computers to the WSUS-compatible Automatic Updates. To accomplish this, WSUS Setup creates a virtual directory named Selfupdate, under the Web site running on port 80 of the computer where you install WSUS. This virtual directory, called the self-update tree, holds the latest WSUS client. For this reason, you must have a Web site running on port 80, even if you put the WSUS Web site on a custom port. The Web site on port 80 does not have to be dedicated to WSUS. In fact, WSUS only uses the site on port 80 to host the self-update tree
 
Running the command:
C:\Program Files\Update Services\setup\installselfupdateonport80.vbs
 
will create this directory for you.
 
 
0
 

Author Comment

by:mborland
ID: 30026720
I ran the script and it says it completed successfully.  The SelfUpdate directory is showing up under the Default Web Site - it has anonymous authentication enabled, SSL is not required...

I confirmed that I am prompted to open/save a file when I go to http://servername/iuident.cab as well as http://servername/selfupdate/au/OS/language/wuaucomp.cab.

Still getting the same error when I run windows update, and no computers in the listings of WSUS.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 30027798
Lets get a clean windowsupdate.log to look at. Run the .bat below giving it a few minutes for the log to repopulate and post that here.
 
Do this on a client machine and post the windowsupdate.log
 

%Windir%\system32\net.exe stop bits 
%Windir%\system32\net.exe stop wuauserv 
%Windir%\system32\net.exe stop cryptsvc

del %WINDIR%\WindowsUpdate.log /S /Q  



reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f


rd /s /q %windir%\softwareDistribution
%Windir%\system32\net.exe start cryptsvc
%Windir%\system32\net.exe start bits 
%Windir%\system32\net.exe start wuauserv 


sc sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)


sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

wuauclt /resetauthorization /detectnow
wuauclt /reportnow

exit /B 0 

Open in new window

0
 

Author Comment

by:mborland
ID: 30028000
Unfortunately, I don't have access to a client PC during their business hours - I'll run this tonight and get back to you.  Thanks for the guidance!
0
 
LVL 9

Expert Comment

by:ConchCrawl
ID: 30037048
I still will say my original comments on the other post were still accurate, you would've been done by now :-).
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 30037818
This wont hurt to give a try also, run the "Fix it for me"  here
 
http://support.microsoft.com/kb/971058 
0
 

Accepted Solution

by:
mborland earned 0 total points
ID: 32690329
I ended up rebuilding the server and going with a fresh installation of SBS 2008.  Ended my misery.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
There’s hardly a doubt that Business Communication is indispensable for both enterprises and small businesses, and if there is an email system outage owing to Exchange server failure, it definitely results in loss of productivity.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question