Member_2_6492660_1
asked on
WSUS Client Issues
Windows 2012 R2
SQL 2014 Enterprise
WSUS 4
Just installed a Windows 2012 R2 VM with SQL 2014 Enterprise installed WSUS Role using the SQL for the Database
WSUS 4 has been configured and seems to be working fine sending status emails and sync just fine.
Now I had WSUS 3 running on a Windows 2008 R2 Server with WSUS and SQL 2008 Enterprise.
I deleted the computers from WSUS 3.
I changed my DNS A record to point to the new WUS server we can now ping it and do a
http://wsus.xxx.com:8530/selfupdate/wuident.cab it shows a download file
Using GPO to define the WSUS policies they all look good on each client after doing gpupdate /force
All but one machine connects to the WSUS 4 server That is my Windows 10 Pro computer
All other computers Windows 2012, Windows 2008 Windows 8.1 Windows 7 and Windows Vista all have connected
But none have yet to report.
When I use the WSUS Console and display all Computers the column labeled Last Status Report shows NOT YET REPORTED
In the policy it checks every 6 hours.
I have ran wuauclt /resetauthorization /detectnow
wuauclt /reportnow many times
I have done this
net stop wuauserv
net stop bits
Delete "%windir%\softwaredistribu tion" directory.
net start wuauserv
net start bits
wuauclt.exe /resetauthorization /detectnow
So I have two issues here
1. My Windows 10 Computer does not even report/Connect to the WSUS server
2. Non of the computers are reporting.
I am attaching three windowsupdatelog files 1. My windows 10 2.Computer not reporting 3. The wsus Server itself
I have been struggling with this for the past two days hoping someone might have some insight on this
Thanks in advance
Tom
WindowsUpdate.log
WindowsUpdate.log
WindowsUpdate.log
SQL 2014 Enterprise
WSUS 4
Just installed a Windows 2012 R2 VM with SQL 2014 Enterprise installed WSUS Role using the SQL for the Database
WSUS 4 has been configured and seems to be working fine sending status emails and sync just fine.
Now I had WSUS 3 running on a Windows 2008 R2 Server with WSUS and SQL 2008 Enterprise.
I deleted the computers from WSUS 3.
I changed my DNS A record to point to the new WUS server we can now ping it and do a
http://wsus.xxx.com:8530/selfupdate/wuident.cab it shows a download file
Using GPO to define the WSUS policies they all look good on each client after doing gpupdate /force
All but one machine connects to the WSUS 4 server That is my Windows 10 Pro computer
All other computers Windows 2012, Windows 2008 Windows 8.1 Windows 7 and Windows Vista all have connected
But none have yet to report.
When I use the WSUS Console and display all Computers the column labeled Last Status Report shows NOT YET REPORTED
In the policy it checks every 6 hours.
I have ran wuauclt /resetauthorization /detectnow
wuauclt /reportnow many times
I have done this
net stop wuauserv
net stop bits
Delete "%windir%\softwaredistribu
net start wuauserv
net start bits
wuauclt.exe /resetauthorization /detectnow
So I have two issues here
1. My Windows 10 Computer does not even report/Connect to the WSUS server
2. Non of the computers are reporting.
I am attaching three windowsupdatelog files 1. My windows 10 2.Computer not reporting 3. The wsus Server itself
I have been struggling with this for the past two days hoping someone might have some insight on this
Thanks in advance
Tom
WindowsUpdate.log
WindowsUpdate.log
WindowsUpdate.log
ASKER
Muhammad
Yes I checked that on the three computers I sent the logs with
All have the AU sub key with values
Yes I checked that on the three computers I sent the logs with
All have the AU sub key with values
Hi, Thomas
You need to install a special update for WSUS to allow recognize Windows 10 Clients.
https://support.microsoft.com/en-us/kb/3095113
You need to install a special update for WSUS to allow recognize Windows 10 Clients.
https://support.microsoft.com/en-us/kb/3095113
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hector
1. KB3095133 is already installed
2. Disagree with using WID that causes many problems with WSUS and in all the Docs I read and videos I watch I did not see or hear anyone say use WID is best practice.
I have WSUS 3.0 using a SQL database for years no major issues When I first started using WSUS I used the WID and had so many problems I switched to SQL That is going backwards not forward
I think it is another issue but can not figure out what
I hope you guys can help me figure this out
Thanks
1. KB3095133 is already installed
2. Disagree with using WID that causes many problems with WSUS and in all the Docs I read and videos I watch I did not see or hear anyone say use WID is best practice.
I have WSUS 3.0 using a SQL database for years no major issues When I first started using WSUS I used the WID and had so many problems I switched to SQL That is going backwards not forward
I think it is another issue but can not figure out what
I hope you guys can help me figure this out
Thanks
ASKER
Guys
I was trying things
in IE I go http://wsus.mydom.com:8530 I get blank page
I have a WSUS 3.0 server running
when I do the same http://wsus2.mydom.com I get IIS 7 display
WSUS 3.0 use port 80
WSUS 4.0 using port 8530
Is that a problem?
Am I getting somewhere?
I was trying things
in IE I go http://wsus.mydom.com:8530 I get blank page
I have a WSUS 3.0 server running
when I do the same http://wsus2.mydom.com I get IIS 7 display
WSUS 3.0 use port 80
WSUS 4.0 using port 8530
Is that a problem?
Am I getting somewhere?
ASKER
I was able to move wsus to port 80
used wsusutil usecustomwebsite false
Using port 80 now
I can now goto http://wsus.mydom.com it now shows iis site
I update my GPO to change the uri and removed the port 8530
I did a gpupdate /force on several machines
ran
wuauclt /resetauthorization /detectnow
wuauclt /reportnow
I will see what happens
Update
Still not Yet reporting
What can we do here?
used wsusutil usecustomwebsite false
Using port 80 now
I can now goto http://wsus.mydom.com it now shows iis site
I update my GPO to change the uri and removed the port 8530
I did a gpupdate /force on several machines
ran
wuauclt /resetauthorization /detectnow
wuauclt /reportnow
I will see what happens
Update
Still not Yet reporting
What can we do here?
ASKER
I found this tool from solarwinds Diagnostic Tool for the Windows Server Update Service
Install it on the client and then run it gives you a health report of you WSUS Agent.
On the Computers that connected but are not report yet I get this three error conditions
See attached text
On my windows 10 computer which is not connected I get additional errors
One being the client is out of date which is probably why it does not connect
see attached
WSUS-Client.txt
wsus-client.txt
Install it on the client and then run it gives you a health report of you WSUS Agent.
On the Computers that connected but are not report yet I get this three error conditions
See attached text
On my windows 10 computer which is not connected I get additional errors
One being the client is out of date which is probably why it does not connect
see attached
WSUS-Client.txt
wsus-client.txt
ASKER
Update the solorwinds tool does not work well with Windows 10
I ran a powershell command
(Get-ChildItem 'c:\windows\System32\wuauc lt.exe').v ersioninfo .productve rsionI
my version is 10.0.10586.17 I think that is current
My windows 10 windowsupdatelog shows this
Agent Unable to query IsInventoryRequired service property hr=8024043d
Misc Got WSUS Client/Server URL:http: // wsus.mydom.com:8530 /clientWebService/client.a smx
ProtocolTalker ServiceId = {3DA21691-E39D-4DA6-8A4B-B 43877BCB1B 7}, Server URL =
http: // wsus.mydom.com:8530 /clientWebService/client.a smx
ProtocolTalker PT: Calling GetConfig on server
WebServices Auto proxy settings for this web service call.
WebServices WS error: There was an error communicating with the endpoint at
http: // wsus.mydom.com:8530 /clientWebService/client.a smx
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
WebServices Current service auth scheme=0.
WebServices Current Proxy auth scheme=0.
ProtocolTalker PTError: 0x8024401f
ProtocolTalker GetConfig_WithRecovery failed 0x8024401f
ProtocolTalker RefreshConfig failed 0x8024401f
ProtocolTalker RefreshPTState failed 0x8024401f
ProtocolTalker SyncUpdates round trips: 0
ProtocolTalker Sync of Updates 0x8024401f
ProtocolTalker SyncServerUpdatesInternal failed 0x8024401f
Agent Failed to synchronize, error = 0x8024401F
Agent Exit code = 0x8024401F
Please help going on week 2 without this working
I ran a powershell command
(Get-ChildItem 'c:\windows\System32\wuauc
my version is 10.0.10586.17 I think that is current
My windows 10 windowsupdatelog shows this
Agent Unable to query IsInventoryRequired service property hr=8024043d
Misc Got WSUS Client/Server URL:http: // wsus.mydom.com:8530 /clientWebService/client.a
ProtocolTalker ServiceId = {3DA21691-E39D-4DA6-8A4B-B
http: // wsus.mydom.com:8530 /clientWebService/client.a
ProtocolTalker PT: Calling GetConfig on server
WebServices Auto proxy settings for this web service call.
WebServices WS error: There was an error communicating with the endpoint at
http: // wsus.mydom.com:8530 /clientWebService/client.a
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
WebServices Current service auth scheme=0.
WebServices Current Proxy auth scheme=0.
ProtocolTalker PTError: 0x8024401f
ProtocolTalker GetConfig_WithRecovery failed 0x8024401f
ProtocolTalker RefreshConfig failed 0x8024401f
ProtocolTalker RefreshPTState failed 0x8024401f
ProtocolTalker SyncUpdates round trips: 0
ProtocolTalker Sync of Updates 0x8024401f
ProtocolTalker SyncServerUpdatesInternal failed 0x8024401f
Agent Failed to synchronize, error = 0x8024401F
Agent Exit code = 0x8024401F
Please help going on week 2 without this working
Check the MIME types on the IIS.
Maybe you have some of those MIME Types repeatedly declared.
Go to IIS Manager, Click WSUS Website features view, Select MIME Types, and delete the wrong MIME Type from there.
Restart the website and check if you can Download updates now.
Maybe you have some of those MIME Types repeatedly declared.
Go to IIS Manager, Click WSUS Website features view, Select MIME Types, and delete the wrong MIME Type from there.
Restart the website and check if you can Download updates now.
ASKER
Hector
I looked at the mine types they all look ok to me
What am I looking for exactly?
I looked at the mine types they all look ok to me
What am I looking for exactly?
From the WSUS-Client.txt log
WSUS Server Connectivity -- Unable to connect to the remote server
clientwebservice/client.asmx:Error:Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'.
ASKER
Hector
So many entries in the Mime types
I found these
.htm text/html
.html text/html
.hxt text/html
Is that what you mean?
What do I do ?>
So many entries in the Mime types
I found these
.htm text/html
.html text/html
.hxt text/html
Is that what you mean?
What do I do ?>
Check if there are some double defined.
Check if .asmx is defined, it should not.
Check if .asmx is defined, it should not.
Read this article on Microsoft site: https://social.technet.microsoft.com/Forums/en-US/40db1b27-6215-4bba-8a9b-fb55203d84f8/clients-no-longer-downloading-updates-error-8024401f?forum=winserverwsus
Maybe is a permissions issue.
Maybe is a permissions issue.
ASKER
Hector
No duplicates that I can find.
.asmx is NOT defined.
In the article I see the guy added everyone read permissions on the WSUS folder
I added that
Went to one machine and entered wauaclt /resetauthorization /detectnow waiting to see
tried wuauclt /detectnow and wuauclt /reportnow also I will give it about 15 minutes to see
No duplicates that I can find.
.asmx is NOT defined.
In the article I see the guy added everyone read permissions on the WSUS folder
I added that
Went to one machine and entered wauaclt /resetauthorization /detectnow waiting to see
tried wuauclt /detectnow and wuauclt /reportnow also I will give it about 15 minutes to see
ASKER
Hector
after about 30 min still not reporting
windowsupdatelog
WebServices WS error: There was an error communicating with the endpoint at
http: // wsus.mydom.com:8530 /clientWebService/client.a smx
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
Also when I run wsusutil checkhealth
I get event id 12022 the client web service is not working
after about 30 min still not reporting
windowsupdatelog
WebServices WS error: There was an error communicating with the endpoint at
http: // wsus.mydom.com:8530 /clientWebService/client.a
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
Also when I run wsusutil checkhealth
I get event id 12022 the client web service is not working
Sorry Thomas, I ran out of bullets.
And I have to leave now, tomorrow if this isnt solved I will try again.
And I have to leave now, tomorrow if this isnt solved I will try again.
Hello Thomas,
I was thinking, what if you try to do a fresh install of WSUS?
You can follow this excelent EE article steps: https://www.experts-exchange.com/articles/18543/Installing-Configuring-and-Managing-WSUS.html
I was thinking, what if you try to do a fresh install of WSUS?
You can follow this excelent EE article steps: https://www.experts-exchange.com/articles/18543/Installing-Configuring-and-Managing-WSUS.html
ASKER
Hector
I have done that already many times
This is not a solution
The errors should be helpful but they are not
I have done that already many times
This is not a solution
The errors should be helpful but they are not
Could you explain in detail your instalation procedure step by step.
I think you are making the same mistake over and over.
Please, talk to us about that.
I think you are making the same mistake over and over.
Please, talk to us about that.
ASKER
Hector
To uninstall I went to Tools ADD/Remove Roles Features
Removed IIS , WSUS
After removal restarted server.
After server started went into SQL and deleted the WSUS database.
Went to my E Drive and deleted the WSUS folder and all sub folders content etc.
Restart the server once more
Added WSUS role which installs IIS
after the install completes I run the postinstall process
Then the postinall process turns into the deployment process
This takes a long time
Then I start up the WSUS console and configure the options
I do not pick all the products for the init sync so it runs faster.
Then the clients
wuauclt /resetauthorization /detectnow
This is how I have done many wsus installs
This is my first 6.3 version of WSUS
I have all the patches already installed
One question would be should I remove them and reinstall them in some sort of order?
Thanks
Update
I will follow Seths article tonight and see if it makes any difference
I do see he created a certificate and I never did that
Will post with results
To uninstall I went to Tools ADD/Remove Roles Features
Removed IIS , WSUS
After removal restarted server.
After server started went into SQL and deleted the WSUS database.
Went to my E Drive and deleted the WSUS folder and all sub folders content etc.
Restart the server once more
Added WSUS role which installs IIS
after the install completes I run the postinstall process
Then the postinall process turns into the deployment process
This takes a long time
Then I start up the WSUS console and configure the options
I do not pick all the products for the init sync so it runs faster.
Then the clients
wuauclt /resetauthorization /detectnow
This is how I have done many wsus installs
This is my first 6.3 version of WSUS
I have all the patches already installed
One question would be should I remove them and reinstall them in some sort of order?
Thanks
Update
I will follow Seths article tonight and see if it makes any difference
I do see he created a certificate and I never did that
Will post with results
I think that the use of SSL and certificate is an optional step. Not esential.
good luck.
good luck.
ASKER
Hector,
no where in Seths article does it talk about the fixs need to be put on WSUS 6.3
Also does not talk about HTTP Activation Setting for Net Frame work 3.5 and 4.0
Thoughts
no where in Seths article does it talk about the fixs need to be put on WSUS 6.3
Also does not talk about HTTP Activation Setting for Net Frame work 3.5 and 4.0
Thoughts
ASKER
Hector
The Server Certificate does not exist on my server as shown in that article
The Server Certificate does not exist on my server as shown in that article
ASKER
Update
After following the instruction that seths except for SSL I get the same results
Downloading WSUS Client Diag Tool
On My Windows 10 and all others get same results
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is running. . . PASS
GetFileVersion(szEngineDir ,&susVersi on) failed with hr=0x80070002
The system cannot find the file specified.
Press Enter to Complete
Also same results all computers except for my Windows 10 connect but do not report
This error still happens in windowsupdatelog on all computers
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
After following the instruction that seths except for SSL I get the same results
Downloading WSUS Client Diag Tool
On My Windows 10 and all others get same results
WSUS Client Diagnostics Tool
Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is running. . . PASS
GetFileVersion(szEngineDir
The system cannot find the file specified.
Press Enter to Complete
Also same results all computers except for my Windows 10 connect but do not report
This error still happens in windowsupdatelog on all computers
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
ASKER
Hector
I have it now using SSL https://wsus.mydom.com:8531
That means I followed all the instructions except for the options settings did not do them yet
Still no change computers not reporting still
Windows 10 not even communicating to the wsus 6.3 server
Puzzeled
I have it now using SSL https://wsus.mydom.com:8531
That means I followed all the instructions except for the options settings did not do them yet
Still no change computers not reporting still
Windows 10 not even communicating to the wsus 6.3 server
Puzzeled
ASKER
Guys
If we can figure out what this error is it will resolve this issue for my computers not yet reporting
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
My windows 10 computer is another story
If we can figure out what this error is it will resolve this issue for my computers not yet reporting
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
My windows 10 computer is another story
ok.
I have seen this error before:
This is the error that shows up when running Microsoft WSUS Diag tool in an x64-based computer. Use the Solarwind WSUS diag tool instead. On my article Understanding Windows Update Agent you can find the URL.
This error is on the WindowsUpdate.log file of all clients?
I think that the problem may be on the IIS, but cant see a way to solve it. The reinstallation should do the magic.
I have seen this error before:
GetFileVersion(szEngineDir,&susVersi on) failed with hr=0x80070002
This is the error that shows up when running Microsoft WSUS Diag tool in an x64-based computer. Use the Solarwind WSUS diag tool instead. On my article Understanding Windows Update Agent you can find the URL.
WebServices WS error: The server returned HTTP status code '500 (0x1F4)' with text 'Internal Server Error'.
WebServices WS error: The server was unable to process the request.
WebServices Web service call failed with hr = 8024401f.
This error is on the WindowsUpdate.log file of all clients?
I think that the problem may be on the IIS, but cant see a way to solve it. The reinstallation should do the magic.
ASKER
Hector
Yes same error on all clients
The reinstall did not fix it
I am getting these error now also
Event 13042 Self-Update in not working
Event 12002 The Reporting Web Service is not working
Event 12012 The API Remoting Web Service is not working
Event 12032 The Server Synchronization Web Service is not working
Event 12022 The Client Web Service in not working
Event 12042 The SimpleAuth Web Service is not working
Event 12052 The DSS Authentication Web Service is not working
Event 12072 The WSUS content directory is not accessible
Yes same error on all clients
The reinstall did not fix it
I am getting these error now also
Event 13042 Self-Update in not working
Event 12002 The Reporting Web Service is not working
Event 12012 The API Remoting Web Service is not working
Event 12032 The Server Synchronization Web Service is not working
Event 12022 The Client Web Service in not working
Event 12042 The SimpleAuth Web Service is not working
Event 12052 The DSS Authentication Web Service is not working
Event 12072 The WSUS content directory is not accessible
Wow, many events. I have search the web for each one, read and try this steps: (hope the solution is in some of them)
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Clients
Event ID: 13042
User: N/A
Computer: WSUS01
Description: Self-update is not working.
To fix the issue, follow these steps:
Verify that the problem is fixed by running the following command at the command prompt:
C:\Program Files\Update Services\Tools\wsusutil.ex e checkhealth
Then examine the Application event log for the following event:
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Clients
Event ID: 10000
User: N/A
Computer: WSUS01
Description: WSUS is working correctly.
As background, WSUS clients must connect to the SelfUpdate virtual directory to check for a new version of the WSUS client before checking for new updates. This always happens anonymously over port 80, even if WSUS is configured to use a custom port, such as port 8530.
I would start by verifying that the /ReportingWebService resource is properly configured in IIS.
Correct configurations can be found in the WSUS Technical Reference Guide: IIS Settings for WSUS 3.0 SP2 Web Services. (Valid also for WSUS higher versions).
Try this: http://jackstromberg.com/2013/10/windows-update-services-multiple-errors-in-event-viewer-event-id-1205212042-12022-12032-12012-1200213042/
When you enabled anonymous access on the site and virtual directories (which is, generally, the correct configuration), you may have overdone it and also enabled anonymous access on the APIRemoting30 virtual directory -- which should not have anonymous access.
Disable anonymous access on the APIRemoting30 virtual directory and set it to require Integrated Windows Authentication and Digest Authentication, and that should restore connectivity to your console.
Also, take a look at these links :
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=.NET+Framework&ProdVer=2.0.50727&EvtID=12052&EvtSrc=Windows+Server+Update+Services&LCID=1033
http://www.eventid.net/display.asp?eventid=13042&eventno=8857&source=Windows%20Server%20Update%20Services&phase=1
Here are the relevant questions:
Event 13042 Self-Update in not working
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Clients
Event ID: 13042
User: N/A
Computer: WSUS01
Description: Self-update is not working.
To fix the issue, follow these steps:
- Open IIS Manager and ensure there is a Selfupdate virtual directory in the Default Web Site. If not, create it with the Local Path pointing to C:\Program Files\Update Services\Selfupdate.
- Click the Directory Security tab and ensure that Anonymous Access is allowed.
- Restart IIS.
Verify that the problem is fixed by running the following command at the command prompt:
C:\Program Files\Update Services\Tools\wsusutil.ex
Then examine the Application event log for the following event:
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Clients
Event ID: 10000
User: N/A
Computer: WSUS01
Description: WSUS is working correctly.
As background, WSUS clients must connect to the SelfUpdate virtual directory to check for a new version of the WSUS client before checking for new updates. This always happens anonymously over port 80, even if WSUS is configured to use a custom port, such as port 8530.
Event 12002 The Reporting Web Service is not working
I would start by verifying that the /ReportingWebService resource is properly configured in IIS.
Correct configurations can be found in the WSUS Technical Reference Guide: IIS Settings for WSUS 3.0 SP2 Web Services. (Valid also for WSUS higher versions).
Event 12012 The API Remoting Web Service is not working
Event 12032 The Server Synchronization Web Service is not working
Event 12042 The SimpleAuth Web Service is not working
Try this: http://jackstromberg.com/2013/10/windows-update-services-multiple-errors-in-event-viewer-event-id-1205212042-12022-12032-12012-1200213042/
Event 12022 The Client Web Service in not workingAs microsoft expert said here:
When you enabled anonymous access on the site and virtual directories (which is, generally, the correct configuration), you may have overdone it and also enabled anonymous access on the APIRemoting30 virtual directory -- which should not have anonymous access.
Disable anonymous access on the APIRemoting30 virtual directory and set it to require Integrated Windows Authentication and Digest Authentication, and that should restore connectivity to your console.
Event 12052 The DSS Authentication Web Service is not workingGo into IIS/Web Services Extensions. In the right pane you will see all the Web Service Extensions, if you have done any updates to .NET so make sure that the status of all ASP.NET versions is "ALLOWED".
Also, take a look at these links :
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=.NET+Framework&ProdVer=2.0.50727&EvtID=12052&EvtSrc=Windows+Server+Update+Services&LCID=1033
http://www.eventid.net/display.asp?eventid=13042&eventno=8857&source=Windows%20Server%20Update%20Services&phase=1
Event 12072 The WSUS content directory is not accessibleDid somebody recently try to relocate the WSUSContent folder? or change the ACLs?
Here are the relevant questions:
- What is the actual physical pathname of the WSUSContent folder?
- What is the pathname configured in IIS for the /Content v-dir?
- What is the pathname configured in the registry value "ContentDir" in HKLM\Software\Microsoft\Up
date Services\Server\Setup?
ASKER
Hector
After checking all the above I ran this
wsusutil.exe usecustomwebsite true
form your posting
Try this: http://jackstromberg.com/2013/10/windows-update-services-multiple-errors-in-event-viewer-event-id-1205212042-12022-12032-12012-1200213042/
What that did was turn off the SSL and now I only get this one
Event 12022 The Client Web Service in not working
this I checked from above
Event 12022 The Client Web Service in not working
As microsoft expert said here:
When you enabled anonymous access on the site and virtual directories (which is, generally, the correct configuration), you may have overdone it and also enabled anonymous access on the APIRemoting30 virtual directory -- which should not have anonymous access.
Disable anonymous access on the APIRemoting30 virtual directory and set it to require Integrated Windows Authentication and Digest Authentication, and that should restore connectivity to your console.
the APIRemoting30 virtual directory has anonymous disabled
Windows Authentication is Enabled
Digest Authentication does not exist in my IIS
We are not back to a week ago when I only had the 12022 error all the time
What is wrong with this IIS installation?
After checking all the above I ran this
wsusutil.exe usecustomwebsite true
form your posting
Try this: http://jackstromberg.com/2013/10/windows-update-services-multiple-errors-in-event-viewer-event-id-1205212042-12022-12032-12012-1200213042/
What that did was turn off the SSL and now I only get this one
Event 12022 The Client Web Service in not working
this I checked from above
Event 12022 The Client Web Service in not working
As microsoft expert said here:
When you enabled anonymous access on the site and virtual directories (which is, generally, the correct configuration), you may have overdone it and also enabled anonymous access on the APIRemoting30 virtual directory -- which should not have anonymous access.
Disable anonymous access on the APIRemoting30 virtual directory and set it to require Integrated Windows Authentication and Digest Authentication, and that should restore connectivity to your console.
the APIRemoting30 virtual directory has anonymous disabled
Windows Authentication is Enabled
Digest Authentication does not exist in my IIS
We are not back to a week ago when I only had the 12022 error all the time
What is wrong with this IIS installation?
ASKER
Could this have any thing to do with the IUSR account on this server? I don't seem to have one
I thought IIS created this account when it was installed?
The is a Domain Joined server
Thoughts
I thought IIS created this account when it was installed?
The is a Domain Joined server
Thoughts
On Windows 2012R2 there is no IUSR account.
Hint: Have you ever try WSUSOffline? Maybe if you run it on the WSUS server it will install any missing update. You can also use it to update clients.
Going back to the IIS issue. Have you verified the physical path to the WSUS folders and its configuration on IIS?
Hint: Have you ever try WSUSOffline? Maybe if you run it on the WSUS server it will install any missing update. You can also use it to update clients.
Going back to the IIS issue. Have you verified the physical path to the WSUS folders and its configuration on IIS?
ASKER
Hector
I thought that IUSR was not part of Windows 2012 just was not sure
WSUS Offline NO and not really interested in another product at this time
WSUS 6.3 should be working and I SHOULD NOT BE HAVING THIS ISSUE
I have checked all the virtual directories and yes they are all defined
As far as the IIS configuration goes well WSUS when you install the Role installs IIS for you.
I have not seen any documentation on how to setup IIS for WSUS All I find is how to install and setup WSUS which is not hard to do.
The Event 12022 The Client Web Service in not working Is the issue here I know if we figure out this one and we get WSUS Is Working message instead of EVENT 12022 when you run wsusutil checkhealth then the clients will report I am sure that is the only stumbling block here
I hope you/someone can figure this out I am at wits end trying
Thoughts
I thought that IUSR was not part of Windows 2012 just was not sure
WSUS Offline NO and not really interested in another product at this time
WSUS 6.3 should be working and I SHOULD NOT BE HAVING THIS ISSUE
I have checked all the virtual directories and yes they are all defined
As far as the IIS configuration goes well WSUS when you install the Role installs IIS for you.
I have not seen any documentation on how to setup IIS for WSUS All I find is how to install and setup WSUS which is not hard to do.
The Event 12022 The Client Web Service in not working Is the issue here I know if we figure out this one and we get WSUS Is Working message instead of EVENT 12022 when you run wsusutil checkhealth then the clients will report I am sure that is the only stumbling block here
I hope you/someone can figure this out I am at wits end trying
Thoughts
ASKER
Hector
What are the proper NTFS permissions for the Update Services folder which contains Webservices folder which contains all the virtual directories
I tried to add Network Service Account to the permissions but it will not let me greyed out.
What are the proper NTFS permissions for the Update Services folder which contains Webservices folder which contains all the virtual directories
I tried to add Network Service Account to the permissions but it will not let me greyed out.
I made this NTFS Permission report for you.
r = read
w = write
x = execute
And this is a photo of the advanced settings on the IIS for the ClientWebService virtual directory:
TreeSize-Professional-Details-for-U.xlsx
r = read
w = write
x = execute
And this is a photo of the advanced settings on the IIS for the ClientWebService virtual directory:
TreeSize-Professional-Details-for-U.xlsx
ASKER
Hector
The image you placed overlayed your txt info
Please repost
The image you placed overlayed your txt info
Please repost
It is not a text, is a XLSX file attached.
ASKER
Hector
I see I will compare and report back
I see I will compare and report back
ASKER
Hector
I think I have that same program on my system somewhere
What command line parameters did you run ?
I think I have that same program on my system somewhere
What command line parameters did you run ?
Not a command, just use the GUI for the Update Services folder. Then Export if you like.
ASKER
Ok great
ASKER
Hector
you have treesize PRo? my version of treesize does not show owner and permissions
you have treesize PRo? my version of treesize does not show owner and permissions
Yes, Pro. But to solve this problem you don't need TreesizePro, just verify your folder's permissions on the Security tab manually one by one.
ASKER
Hector I noticed on the web services folder for example it has server/users server/administrators
That looks like it is using local accounts shouldn't it be the domain users and domain administrators on all the virtual directories?
Since this is in a domain
That looks like it is using local accounts shouldn't it be the domain users and domain administrators on all the virtual directories?
Since this is in a domain
Domain administrators are members of local Administrators security group.
That is the default setting for any domain joined member server.
Is any difference in your server?
That is the default setting for any domain joined member server.
Is any difference in your server?
ASKER
I will check that account
ASKER
Ok the domain users is in the local group users and domain administrators is in the local administrators group
Now I need to check all the settings on the folder
Now I need to check all the settings on the folder
ASKER
Hector
Checked all the folder permissions
Found all look fine.
Some had more accounts listed
Logfiles Administrators is Full yours was +r+w_x SYSTEM same
UpdateServicePackages Same as above
WSUSContent Same as above
So it looks like the permissions on the folder update services is ok
Need this error solved which I believe is causing the clients not to connect.
Thoughts
Checked all the folder permissions
Found all look fine.
Some had more accounts listed
Logfiles Administrators is Full yours was +r+w_x SYSTEM same
UpdateServicePackages Same as above
WSUSContent Same as above
So it looks like the permissions on the folder update services is ok
Need this error solved which I believe is causing the clients not to connect.
Thoughts
ASKER
This is resolved
Built a new Windows 2012 R2 VM using SQL 2012 Enterprise.
Looks like WSUS 6.3 does not support/Work with SQL 2014
Thanks Hector for all your time and effort
Built a new Windows 2012 R2 VM using SQL 2012 Enterprise.
Looks like WSUS 6.3 does not support/Work with SQL 2014
Thanks Hector for all your time and effort
The whole key was missing for me on some machines and caused them to not report. You may need to recreate it.