Solved

WSUS Windows 7 Clients Fail connecting to WSUS Server 2012 R2

Posted on 2015-02-02
26
1,049 Views
Last Modified: 2015-02-19
Hi All Experts:
I have setup WSUS on a single server. The install of WSUS went very well and I followed all the instructions from Microsoft, but apparently the issue I am having may very well be related to either IIS or permissions. I have tried multiple ports (8530, 8531, 80) and I am not having any luck. I am being forced to use Solar Winds WSUS Client Diagnostic tool as most of my clients are 64 bit and Microsoft still has not come out with a diagnostic tool that runs on 64 bit operating systems (I will state these are all Windows 7 Professional Clients). When I run Solar Winds Client Diagnostic tool I pretty much get the same error:
# Solarwinds® Diagnostic Tool for the WSUS Agent
# 2/2/2015
WSUS Server Connectivity -- The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
  clientwebservice/client.asmx:                      Error: TrustFailure
  simpleauthwebservice/simpleauth.asmx:              Error: TrustFailure
  content:                                           Error: TrustFailure
  selfupdate/iuident.cab:                            Error: TrustFailure
  iuident.cab:                                       Error: TrustFailure
I have tried so many different options I have not gotten lost. I do want to mention one thing. I Have 3 servers on 3 different subnets. All of my servers are standalone servers with regards to WSUS, as I have great bandwidth at these locations so I am not connecting to an Upstream server. If anyone can assist me I would appreciate it.
Thanks
0
Comment
Question by:HarleyITGuy
  • 13
  • 7
  • 3
  • +2
26 Comments
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
do you have ssl enabled?
do the GPO(s) you use specify https when you are not using ssl?
0
 

Author Comment

by:HarleyITGuy
Comment Utility
As soon as I get into the office in the morning I will send you whatever you want to see if your willing to tackle this. I had one thought, I had a 2003 WSUS server until about 3 months ago and I am finally able to set it up on my new 2012 servers. I did retire the old server properly though and my clients appear to be going to the correct server when I run the client diagnostic tool. If you have any other ideas of what other settings you may want to know let me know. Thanks in advance
0
 

Expert Comment

by:ram ram
Comment Utility
check telnet command rom the client to wsus with your port
0
 

Author Comment

by:HarleyITGuy
Comment Utility
I can telnet to ports 8530 and 8531, GPO is set fro the time being as https://myserver,local:8530 but I have tried 8531 as well. Any other thoughts?
0
 

Author Comment

by:HarleyITGuy
Comment Utility
OK I am not sure but apparently I am not getting anyone's attention on this question so I ended up removing the WSUS role from my server restarted the server and then attempted to add the WSUS role again. So when I run the post installation routines, I get the following error in a temp file that was created:
 

2015-02-04 12:33:58  Importing default detectoids succeeded.
2015-02-04 12:33:59  Synchronization in progress. Please cancel synchronization and rerun postinstall again. Exception: System.InvalidOperationException: Client found response content type of '', but expected 'text/xml'.
The request failed with an empty response.
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.GetServerVersion()
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.GetServerVersion()
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.CreateUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer..ctor(Boolean bypassApiRemoting)
   at Microsoft.UpdateServices.Setup.StartServer.StartServer.FixSubscriptionCategories()
2015-02-04 12:33:59  StartServer encountered errors. Exception=Synchronization in progress. Please cancel synchronization and run postinstall again.
2015-02-04 12:33:59  Microsoft.UpdateServices.Administration.CommandException: Failed to start and configure the WSUS service
   at Microsoft.UpdateServices.Administration.PostInstall.Run()
   at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
Fatal Error: Failed to start and configure the WSUS service
So the 1st line of this is stating I need to cancel synchronization. I am not sure if this asking me to stop the synch with Microsoft update or what but there is no way that I am aware of to stop synch with Microsoft update unless I can stop it in the WSUS console and as of right now due to the error message above I cannot open the WSUS console. Any ideas from anyone please?
0
 

Author Comment

by:HarleyITGuy
Comment Utility
Well since I have gotten little to no assistance on this request, I thought if anyone does look and try to assist I better document what I have down now.
I uninstalled WSUS again, and IIS as well this time. Post installation still fails.
Here is the full text of the temp file that was created.
2015-02-04 14:55:46  Postinstall started
2015-02-04 14:55:46  Detected role services: Api, UI, WidDatabase, Services
2015-02-04 14:55:46  Start: LoadSettingsFromXml
2015-02-04 14:55:46  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentLocal
2015-02-04 14:55:46  Value is false
2015-02-04 14:55:46  End: GetConfigValue
2015-02-04 14:55:46  Hosting content on MU
2015-02-04 14:55:46  Database roleservice is not installed
2015-02-04 14:55:46  End: LoadSettingsFromXml
Post install is starting
2015-02-04 14:55:46  Start: Run
2015-02-04 14:55:46  Fetching WsusAdministratorsSid from registry store
2015-02-04 14:55:46  Value is S-1-5-21-1427338454-381300014-1068564545-1617
2015-02-04 14:55:46  Fetching WsusReportersSid from registry store
2015-02-04 14:55:46  Value is S-1-5-21-1427338454-381300014-1068564545-1616
2015-02-04 14:56:46  Configuring content directory...
2015-02-04 14:56:46  Configuring groups...
2015-02-04 14:56:46  Starting group configuration for WSUS Administrators...
2015-02-04 14:56:46  Found group in regsitry, attempting to use it...
2015-02-04 14:56:46  Searching for existing group...
2015-02-04 14:56:46  Existing group was found
2015-02-04 14:56:46  Writing group to registry...
2015-02-04 14:56:46  Finished group creation
2015-02-04 14:56:46  Starting group configuration for WSUS Reporters...
2015-02-04 14:56:46  Found group in regsitry, attempting to use it...
2015-02-04 14:56:46  Searching for existing group...
2015-02-04 14:56:46  Existing group was found
2015-02-04 14:56:46  Writing group to registry...
2015-02-04 14:56:46  Finished group creation
2015-02-04 14:56:46  Configuring permissions...
2015-02-04 14:56:46  Fetching content directory...
2015-02-04 14:56:46  Fetching ContentDir from registry store
2015-02-04 14:56:46  Value is C:\Program Files\Update Services
2015-02-04 14:56:46  Fetching group SIDs...
2015-02-04 14:56:46  Fetching WsusAdministratorsSid from registry store
2015-02-04 14:56:46  Value is S-1-5-21-1427338454-381300014-1068564545-1617
2015-02-04 14:56:46  Fetching WsusReportersSid from registry store
2015-02-04 14:56:46  Value is S-1-5-21-1427338454-381300014-1068564545-1616
2015-02-04 14:56:46  Creating group principals...
2015-02-04 14:56:47  Granting directory permissions...
2015-02-04 14:56:47  Granting permissions on content directory...
2015-02-04 14:56:47  Granting registry permissions...
2015-02-04 14:56:47  Granting registry permissions...
2015-02-04 14:56:47  Granting registry permissions...
2015-02-04 14:56:47  Configuring shares...
2015-02-04 14:56:47  Configuring network shares...
2015-02-04 14:56:47  Fetching content directory...
2015-02-04 14:56:47  Fetching ContentDir from registry store
2015-02-04 14:56:47  Value is C:\Program Files\Update Services
2015-02-04 14:56:47  Fetching WSUS admin SID...
2015-02-04 14:56:47  Fetching WsusAdministratorsSid from registry store
2015-02-04 14:56:47  Value is S-1-5-21-1427338454-381300014-1068564545-1617
2015-02-04 14:56:47  Content directory is local, creating content shares...
2015-02-04 14:56:47  Creating share "UpdateServicesPackages" with path "C:\Program Files\Update Services\UpdateServicesPackages" and description "A network share to be used by client systems for collecting all software packages (usually applications) published on this WSUS system."
2015-02-04 14:56:47  Creating share...
2015-02-04 14:56:47  Share successfully created
2015-02-04 14:56:47  Creating share "WsusContent" with path "C:\Program Files\Update Services\WsusContent" and description "A network share to be used by Local Publishing to place published content on this WSUS system."
2015-02-04 14:56:47  Creating share...
2015-02-04 14:56:47  Share successfully created
2015-02-04 14:56:47  Creating share "WSUSTemp" with path "C:\Program Files\Update Services\LogFiles\WSUSTemp" and description "A network share used by Local Publishing from a Remote WSUS Console Instance."
2015-02-04 14:56:47  Deleting existing share...
2015-02-04 14:56:47  Creating share...
2015-02-04 14:56:47  Share successfully created
2015-02-04 14:56:47  Finished creating content shares
2015-02-04 14:56:47  Stopping service WSUSService
2015-02-04 14:56:47  Stopping service W3SVC
2015-02-04 14:56:49  Configuring WID database...
2015-02-04 14:56:49  Configuring the database...
2015-02-04 14:56:54  Establishing DB connection...
2015-02-04 14:56:59  Checking to see if database exists...
2015-02-04 14:56:59  Database does not exist
2015-02-04 14:56:59  Loading install type query...
2015-02-04 14:56:59  DECLARE @currentDBVersion       int
DECLARE @scriptMajorVersion     int = (9600)
DECLARE @scriptMinorVersion     int = (16384)
DECLARE @databaseMajorVersion   int
DECLARE @databaseMinorVersion   int
DECLARE @databaseBuildNumber    nvarchar(10)
IF NOT EXISTS(SELECT * FROM sys.databases WHERE name='SUSDB')
BEGIN
    SELECT 1
END
ELSE
BEGIN
    SET @currentDBVersion = (SELECT SchemaVersion FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
    SET @databaseBuildNumber = (SELECT BuildNumber FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
    DECLARE @delimiterPosition INT = CHARINDEX('.', @databaseBuildNumber)
    IF (@delimiterPosition = 0)
    BEGIN
        RAISERROR('Invalid schema version number', 16, 1) with nowait
        return
    END
    SET @databaseMajorVersion = SUBSTRING(@databaseBuildNumber, 1, @delimiterPosition - 1)
    SET @databaseMinorVersion = SUBSTRING(@databaseBuildNumber, (@delimiterPosition + 1), (10 - @delimiterPosition))
    IF @currentDBVersion < 926
    BEGIN
        SELECT 3
    END
    ELSE
    BEGIN
        IF (@scriptMajorVersion > @databaseMajorVersion OR
           (@scriptMajorVersion = @databaseMajorVersion AND @scriptMinorVersion > @databaseMinorVersion))
        BEGIN
            SELECT 2
        END
        ELSE IF (@scriptMajorVersion = @databaseMajorVersion AND
                 @scriptMinorVersion = @databaseMinorVersion)
        BEGIN
            SELECT 0
        END
        ELSE
        BEGIN
            SELECT 4
        END
    END
END

2015-02-04 14:56:59  Install type is: Fresh
2015-02-04 14:56:59  Checking if WSUS database is detached
2015-02-04 14:56:59  WSUS database file: 'C:\Windows\WID\Data\SUSDB.mdf'
2015-02-04 14:56:59  Attaching database
2015-02-04 14:57:00  Loading install type query...
2015-02-04 14:57:00  DECLARE @currentDBVersion       int
DECLARE @scriptMajorVersion     int = (9600)
DECLARE @scriptMinorVersion     int = (16384)
DECLARE @databaseMajorVersion   int
DECLARE @databaseMinorVersion   int
DECLARE @databaseBuildNumber    nvarchar(10)
IF NOT EXISTS(SELECT * FROM sys.databases WHERE name='SUSDB')
BEGIN
    SELECT 1
END
ELSE
BEGIN
    SET @currentDBVersion = (SELECT SchemaVersion FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
    SET @databaseBuildNumber = (SELECT BuildNumber FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
    DECLARE @delimiterPosition INT = CHARINDEX('.', @databaseBuildNumber)
    IF (@delimiterPosition = 0)
    BEGIN
        RAISERROR('Invalid schema version number', 16, 1) with nowait
        return
    END
    SET @databaseMajorVersion = SUBSTRING(@databaseBuildNumber, 1, @delimiterPosition - 1)
    SET @databaseMinorVersion = SUBSTRING(@databaseBuildNumber, (@delimiterPosition + 1), (10 - @delimiterPosition))
    IF @currentDBVersion < 926
    BEGIN
        SELECT 3
    END
    ELSE
    BEGIN
        IF (@scriptMajorVersion > @databaseMajorVersion OR
           (@scriptMajorVersion = @databaseMajorVersion AND @scriptMinorVersion > @databaseMinorVersion))
        BEGIN
            SELECT 2
        END
        ELSE IF (@scriptMajorVersion = @databaseMajorVersion AND
                 @scriptMinorVersion = @databaseMinorVersion)
        BEGIN
            SELECT 0
        END
        ELSE
        BEGIN
            SELECT 4
        END
    END
END

2015-02-04 14:57:00  Install type is: Reinstall
2015-02-04 14:57:00  Creating logins...
2015-02-04 14:57:00  Fetching account info for S-1-5-20
2015-02-04 14:57:00  Found principal
2015-02-04 14:57:00  Found account
2015-02-04 14:57:00  Got binary SID
2015-02-04 14:57:00  Fetching WsusAdministratorsSid from registry store
2015-02-04 14:57:00  Value is S-1-5-21-1427338454-381300014-1068564545-1617
2015-02-04 14:57:00  Fetching account info for S-1-5-21-1427338454-381300014-1068564545-1617
2015-02-04 14:57:00  Fetching account info for S-1-5-21-1427338454-381300014-1068564545-1617
2015-02-04 14:57:01  Found principal
2015-02-04 14:57:01  Found account
2015-02-04 14:57:01  Got binary SID
2015-02-04 14:57:01  Setting content location...
2015-02-04 14:57:01  Fetching ContentDir from registry store
2015-02-04 14:57:01  Value is C:\Program Files\Update Services
2015-02-04 14:57:01  Swtching DB to multi-user mode......
2015-02-04 14:57:01  Finished setting multi-user mode
2015-02-04 14:57:01  Writing DB settings to registry...
2015-02-04 14:57:01  Marking PostInstall done for UpdateServices-WidDatabase in the registry...
2015-02-04 14:57:01  Starting service W3SVC
2015-02-04 14:57:01  Configuring IIS...
2015-02-04 14:57:01  Start: ConfigureWebsite
2015-02-04 14:57:02  Configuring website on port 8530
2015-02-04 14:57:21  2015-02-04 14:57:03  Info      IISCustomAction    Performing Setup Action, Command /Install
2015-02-04 14:57:20  Info      IISCustomAction    Command /Install Succeeded

2015-02-04 14:57:21  End: ConfigureWebsite
2015-02-04 14:57:21  Configuring performance counters...
2015-02-04 14:57:21  Configuring Stats.NET perf counter...
2015-02-04 14:57:21  Configuring reporting perf counter...
2015-02-04 14:57:21  Configuring client webservice perf counter...
2015-02-04 14:57:21  Configuring server sync webservice perf counter...
2015-02-04 14:57:21  Configuring API remoting perf counter...
2015-02-04 14:57:21  Bringing services online...
2015-02-04 14:57:21  Checking initialization status...
2015-02-04 14:57:22  StartServer starting...
2015-02-04 14:57:22  Generating encryption key to write to the registry...
2015-02-04 14:57:22  Generating encryption key to write to the database...
2015-02-04 14:57:23  Generating encryption key succeeded...
2015-02-04 14:57:23  Setting WSUSService to autostart...
2015-02-04 14:57:23  WSUSService is set to autostart.
2015-02-04 14:57:23  Starting WSUSService...
2015-02-04 14:57:23  WSUSService is now started.
2015-02-04 14:57:23  Importing default detectoids.
2015-02-04 14:57:23  Importing CriticalUpdates.xml...
2015-02-04 14:57:24  Importing Drivers.xml...
2015-02-04 14:57:24  Importing FeaturePacks.xml...
2015-02-04 14:57:24  Importing MicrosoftCorporation.xml...
2015-02-04 14:57:24  Importing SecurityUpdates.xml...
2015-02-04 14:57:24  Importing ServicePacks.xml...
2015-02-04 14:57:24  Importing Tools.xml...
2015-02-04 14:57:24  Importing UpdateRollups.xml...
2015-02-04 14:57:24  Importing Updates.xml...
2015-02-04 14:57:24  Importing Windows.xml...
2015-02-04 14:57:24  Importing Windows2000family.xml...
2015-02-04 14:57:24  Importing WindowsServer2003DatacenterEdition.xml...
2015-02-04 14:57:24  Importing WindowsServer2003Family.xml...
2015-02-04 14:57:24  Importing WindowsXPfamily.xml...
2015-02-04 14:57:24  Importing LocalPublisher.xml...
2015-02-04 14:57:24  Importing LocallyPublishedPackages.xml...
2015-02-04 14:57:24  Importing Applications.xml...
2015-02-04 14:57:24  Importing Exchange.xml...
2015-02-04 14:57:24  Importing Office.xml...
2015-02-04 14:57:24  Importing SQL.xml...
2015-02-04 14:57:25  Importing Exchange2000Server.xml...
2015-02-04 14:57:25  Importing ExchangeServer2003.xml...
2015-02-04 14:57:25  Importing OfficeXP.xml...
2015-02-04 14:57:25  Importing Office2003.xml...
2015-02-04 14:57:25  Importing SQLServer.xml...
2015-02-04 14:57:25  Importing WindowsXP64BitEditionVersion2003.xml...
2015-02-04 14:57:25  Importing DefinitionUpdateSusXml.xml...
2015-02-04 14:57:25  Importing ClientServicingApiDetectoid.xml...
2015-02-04 14:57:25  Importing default detectoids succeeded.
2015-02-04 14:57:28  Synchronization in progress. Please cancel synchronization and rerun postinstall again. Exception: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 10.219.115.237:8531
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.GetServerVersion()
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.GetServerVersion()
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.CreateUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer..ctor(Boolean bypassApiRemoting)
   at Microsoft.UpdateServices.Setup.StartServer.StartServer.FixSubscriptionCategories()
2015-02-04 14:57:28  StartServer encountered errors. Exception=Synchronization in progress. Please cancel synchronization and run postinstall again.
2015-02-04 14:57:28  Microsoft.UpdateServices.Administration.CommandException: Failed to start and configure the WSUS service
   at Microsoft.UpdateServices.Administration.PostInstall.Run()
   at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
Fatal Error: Failed to start and configure the WSUS service


Anyone feel like assisting me?
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
GPO is set fro the time being as https://myserver,local:8530

SSL is used on port 8531
either change your port to 8531 or change the URL to http
0
 

Author Comment

by:HarleyITGuy
Comment Utility
I did all that as I had stated previously I have tried both. https://myserver.local:8531 and http://myserver.local:8530
I you read what I have been doing since the last time I have tried many things to resolve this issue. So I read from searching one idea to allow my post installation to complete was to go into IIS and remove the WSUS Administrators Site and restart and then try again to run the post installation, and this worked to get me through my post install. But when I attempt to open the WSUS console I get the wonderful message Connection Error, and choices are to reset the node (I restarted the server) or copy to clip board. I have restarted all the services and still nothing. I have no idea what to do now. Here are errors I am getting in my event viewer.


The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\. System.NullReferenceException -- Object reference not set to an instance of an object. Source Microsoft.UpdateServices.UI.SnapIn Stack Trace: at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ResetScopeNode()
So I did remove the file it recommends but still no luck except now when I attempt to open the WSUS console it does not even attempt to connect to the server. When I try and connect to the server I get the an error I have attached to the request. Any other ideas?
WSUS-Console-Error.docx
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
...go into IIS and remove the WSUS Administrators Site and restart

you removed the site in IIS?
0
 

Author Comment

by:HarleyITGuy
Comment Utility
I tried that still nothing
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
since you broke it by removing the site, you'll have to remove the feature and add again
0
 

Author Comment

by:HarleyITGuy
Comment Utility
Well I am making some progress, I can now from a client from my web browser access https://myserver.local:8531 and I can see 3 links I have attached pictures to this request. But I still have errors and cannot figure them out.
3-files-.JPG
Export-WSUS.txt
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
as i stated earlier remove the feature and add again

your screenshot shows next to nothing in the directory listing; there are folders missing
0
 

Author Comment

by:HarleyITGuy
Comment Utility
And that was already accomplished. I have reinstalled everything I can access the WSUS console. I have uninstalled WSUS and IIS and reinstalled. I can still access the WSUS console, I have clients appearing in the console, but appears that even though they are coming up in the console, they really are not checking in so to speak, as they do not report their status. If you would rather not be of further assistance please let me know and I will attempt to try and contact someone else. The only reason I am bringing this up is it was almost a week since I last heard from you.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
you didn't state earlier you had already done that
the fact that the clients appear in the console is a good thing
have you tried running windows update to check for updates or run wuauclt /detectnow on a windows 7 client?
status should then appear in the console
0
 

Author Comment

by:HarleyITGuy
Comment Utility
I have tried and tried again many times. Yes the Pc's are checking in sort of, but as you can see from the attachments I uploaded, I am still getting errors when I try and run the Diagnostic tool, as well as the other file I uploaded that shows only 3 files when I go to the WSUS server via https://myserver.local:8531. I am pretty sure there should be 5 files not 3 and I should be prompted to download or have the opportunity to download something, I am just not sure what?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
https://myserver,local:8530

I think the problem exists with the URL

May be you have installed  WSUS on DC, still myserver.local points to all domain controllers

Instead, change URL to point server actual FQDN and try again
Also remove SSL if you have enabled it as "Required" from IIS Console
0
 

Author Comment

by:HarleyITGuy
Comment Utility
OK Maybe your getting me somewhere but let me answer a couple of questions that may or may not help.
1. Yes this server is a domain controller that has the role of DC, DNS, and WSUS and IIS. One domain controller handles about 50 users, the other DC handles about 30 users, and the 3rd DC handles about 7 users. All sites are connected to one another via a private MPLS.
2. I am not really sure how to remove SSL from the server. Do I need to uninstall IIS and WSUS and start over from scratch by reinstalling WSUS and IIS but do not turn on SSL, or do I just remove any SSL configurations from the default website and the WSUS Website?
3. I know that normally I should not be installing WSUS or IIS on these servers (I just read the Microsoft does not recommend this) but these servers are quite robust, and they have very few users authenticating.
Thank you for responding so quickly and I look forward to your next reply
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Open IIS Manager on DC and navigate to WSUS web site in left side.
In middle view \ Features View, double-click SSL Settings.
On the SSL Settings page, clear Require SSL.
In the Actions pane, click Apply
Reset iis from elevated command line
IISRESET

Lastly change GPO WSUS URL to http://servername.domain.com:8530
This will ensure that your clients will points to WSUS server only
After that run gpupdate /force on domain controller once
Then you may run wuauclt /detectnow on client computers to see if it works
Also check if below URL allows you to download wsus cab file, http://<WSUSSERVER:port>/iuident.cab

if you specify http://myserver.local:8530, request might go to any domain controller due to DNS behavior where WSUS is not installed and likely request will fail.
0
 

Author Comment

by:HarleyITGuy
Comment Utility
Hi again,
So I configured everything like you asked me to. When attempting to browse from a client to http://myserver.wsusserver.local:8530 I get the lovely 404 error File or Directory not found.
I have found that Authentication may have something to do with this issue but I am still not sure. When I open IIS on the server, and if I select the WSUS on the far right pane I have a selection to browse the website. When I click on this link it opens the web browser, and gives me 3 files. App Data, aspnet client, and web.config. If I click on the App Data link from within the browser I get another page that opens that gives me another link To Parent Directory. If I click on that link it takes back to the previous page. If I click on aspnet client link it opens another page with a link to system web, which if I click on that link it takes me to another page with a link to 4 0 30319, and If I click on that link it takes me to another page that just takes me back to the Parent Directory via a link to parent directory. If I click on web.config, I get HTTP 404.3 Not Found. The Page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler, If the Page should be downloaded, add a MIME map. I have no idea what that means. Having said that I opened IIS and found under both the default website and the WSUS Administration website an option for IIS Manager Permissions, and I have my Domain Administrator is allowed permissions. Also there is another option for the Default Website and the WSUS Administration Website an option just called Authentication. I played with this a little bit but I really do not know enough to make changes under this option but what is configured under this option is the following:
1. Anonymous Authentication Enabled
2. ASP.NET Impersonation Enabled
3. Basic Authentication Enabled Response Type HTTP 401 Challenge
4. Forms Authentication Disabled Response Type HTTP 302 Login/Redirect
5. Windows Authentication Enabled Response Type HTTP 401 Challenge
I have turned off all the SSL settings
I am also attaching a file that shows the results after I run the Solarwinds Diagnostic tool For WSUS Clients due to the fact that most of my clients are 64 bit OS and the WSUS Client Diagnostic tool from Microsoft only works on 32 bit OS
Any Ideas would be most appreciated as well as if you can think of any other information you may need please let me know.
Thank you
Export-WSUS.txt
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Check from browser if http://servername and http://servername:8530 resolves to IIS default page
If here page display is not correct, try adding it into compatibility view setting on workstations
Basic authentication should be disabled

From logs above:
Also the WSUS server URL and wsus status server should have same URL unless wsus database server is installed on different server
Change that to same as wsus server url (server.domain.local)

Also it seems that iuident.cab file is missing
If you are using proxy for internet access, try  to remove proxy and see if you are able to download http://wsusserver.domain.local:8530/iuident.cab

Check below link for more troubleshooting
http://blogs.technet.com/b/sus/archive/2009/02/19/troubleshooting-guide-for-issues-where-wsus-clients-are-not-reporting-in.aspx
0
 

Author Comment

by:HarleyITGuy
Comment Utility
OK first of all I miss typed as the URL are identical I just miss typed it so I know that is not the issue.  2nd I had already cleared all the SSL configurations like you asked.  We are not using a proxy server at all for this test anyway. We use Websense Cloud Security but for the WSUS server and the Client I have been testing on do not have Websense installed, and due to the fact that all clients will be obtaining updates from within the local subnet Websense would not have an effect anyway.
From the client I can browse to http://myserver.server.local (you do know that I am just typing in a generic name for my servers right on this website just so everyone and their brother does not know my server names), and it brings me to the IIS website. When I browse to http://myserver.server.local:8530 I get the following links:
1. App Data
2. aspnet client
3. web.config
If I browse to http://myserver.server.local:8530/iuident.cab I get the wonderful 404 error file or directory not found.
The article you directed me was from February 2009 and a lot of the trouble shooting he ask is not entirely correct for Server 2012 R2. I am thinking it was written for Server 2003 or Server 2008 and some of the files he asks to make sure about correct security and permissions do not pertain to my server 2012 R2
Last bit not least I have tried the websites in compatibility mode and I get the exact same thing
Oh and one other thing, I have attempted to add the Network Services Account to have access (read and write or just read) when I right click on the Default Website and click on Edit Permissions Mt Network Service Account has full access but for the WSUS Administration Website I tried to add the network services account I am getting a permission denied message. I am logged on to the server via my Domain Administrators Account. I am not sure if this has anything to do with it but I felt if it was left unsaid it may be part of the issue. If it is I have no idea if I have to add this account in the Registry but if so I have no idea where in the registry it will be added. I also did disable the Basic Authentication. And you are right I am missing the iuident.cab file when I access the website but I have no idea why.
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
Comment Utility
Yes this server is a domain controller...

get it off there and put on a member server
that could be causing issues

WSUS: WSUS should be installed on a non-domain controller
https://technet.microsoft.com/en-us/library/ff646928%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

out of the box, WSUS works just fine; shouldn't have to be messing with the registry or IIS settings outside of basic SSL setup
0
 

Author Comment

by:HarleyITGuy
Comment Utility
Well unfortunately info not have any member servers so I guess I will have to come up with something else.
0
 
LVL 1

Expert Comment

by:LukeMo
Comment Utility
Check the server's HTTP log after you try to use a browser to get to:
 http://myserver.server.local:8530/iuident.cab

Check in the IIS config to see where the webroot directory for the server on port 8530 is.    You should really let the role service do the configuration for IIS.

As for using HTTPS, are you sure your PKI is setup properly and your certificate chains up to a trusted root?

I'd highly recommend not running WSUS on your domain controller.    It's not even something I'd try in a lab.
You can get by on pretty minimal resources for WSUS outside of the storage.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now