WSUS Client Failure

Hello,

I have a lab full of Windows 7 Pro clients attached to a WSUS server. The clients are attached through a GPO which provides all of the WSUS settings. Periodically, some of the clients will fail to report in to the server and will remain that way until acted upon. If I were to log into one of the failing clients and run the Windows Update software, an 80070005 error is produced, but the client reports back in to the server.

Why do some of the clients drop their connections to the server? How can this be prevented and what can be done about the 80070005 error? My research thus far has told me that the error comes from the update software not having the proper rights to actually update Windows. I have seen some pages that suggest resetting the ACL on the main Windows registry, but am hesitant to do that for obvious reason.

Any thoughts toward this end would be greatly appreciated.
LVL 27
Jason WatkinsIT Project LeaderAsked:
Who is Participating?
 
BembiConnect With a Mentor CEOCommented:
Yes, takes longer as the SoftwareDistribution folder has to be recreated. But this is a reset of windows update on the client.
The updates which were installed before are not deleted, sure there stay installed, the client just refreshes the windows update repository.

If you can identify just a single update, what do not wan tto install, check your WSUS if this update in not declined. This can produce such errors.
Another reason may be, that the installer service installs updates in the background, then the manual install can fail. For this case, just wait a while and check again. Never OS like WIn 7 should give you an according message.
Check the event log about this error if you get more detailed information.
Check if updates are not installed in general or if this is just connected to a single update. You may try to install them one by one to see, if all of them fails or just one.

Sure, it can even be a permission problem on the client, but in this case, all updates would fail and it is not wuite easy to find out, which permission is missing, as long as you haven't changed permissions for the Trusted Installer account or the root folders of windows.
0
 
BembiCEOCommented:
The error code means Access denied. This leads me either to some permissions changes on the client ot to some mess in the windows update at all.

If you changed permissions, which differ from the default, the error can happen. Usually the TrustedInstaller identity is used which is able to install with privilleged permissions.

To reset the window installer on the loal machine (even some subfolders may have invalif permissions), ou amy try to reset the Windows Update folder.

Just rename the folder C:\Windows\SoftwareDistribution and run force a update on the client. The folder is recreated by recreating all intems inside this folder.

At least this can solve most of the WSUS problems.
0
 
Jason WatkinsIT Project LeaderAuthor Commented:
I'll give that a try. Thanks!
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Jason WatkinsIT Project LeaderAuthor Commented:
I just renamed the SoftwareDistribution folder an re-ran Windows Update. The process took a little bit longer and still resulted in the 80070005 error. However, it appears that the updates were, in fact, installed. A dialog box appeared, prompting me to restart the PC or it would do so in 5 minutes.
0
 
Jason WatkinsIT Project LeaderAuthor Commented:
I think the manual updates are failing because another update process is happening automatically in the background. After a few moments, a restart dialog appears asking me to do so.
0
 
Jason WatkinsIT Project LeaderAuthor Commented:
Great advice thanks!
0
All Courses

From novice to tech pro — start learning today.