Link to home
Create AccountLog in
Avatar of Scott Milner
Scott MilnerFlag for United States of America

asked on

Looking for help with a WSUS resinstallation that is failing during post-deployment configuration tasks...

Hello Experts!

I'm trying to reinstall WSUS on a Server 2012 R2 Standard domain member server.  I'm attempting to use the Windows Internal Database.  I'm installing from Server Manager - Add roles and features.

The initial role installation of WSUS and feature install of WID complete successfully.  However, the post-deployment configuration tasks have consistently failed for the past two days, through numerous uninstalls, reboots, etc.  It seems to have settled in on the following error in the install log:

2017-03-13 17:01:54  CreateDefaultSubscription failed. Exception: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
   --- End of inner exception stack trace ---

ultimately halting the post-deployment configuration with the following message:

2017-03-13 17:01:54  StartServer encountered errors. Exception=Unable to connect to the remote server
2017-03-13 17:01:54  Microsoft.UpdateServices.Administration.CommandException: Failed to start and configure the WSUS service
   at Microsoft.UpdateServices.Administration.PostInstall.Run()
   at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
Fatal Error: Failed to start and configure the WSUS service

The first error seems (to me, anyway) to point to a problem with IIS.  The 'remote' server that is being called out is actually the WSUS server (  There is nothing else running on port 8530 that I'm aware of, although I'm very weak in IIS.

Here are the steps that I tried during the last installation:

1.  Uninstalled the WSUS role and the WID feature.
2.  Manually deleted the C:\Windows\WID folder (there were remnants left over after the uninstall).
3.  Deleted the WSUS Administration site from IIS Manager.
4.  Rebooted.
5.  Installed the WSUS role and WID feature.
6.  Rebooted  (probably not necessary at this step).
7.  Launched Post-deployment configuration tasks from Server Manager.

The tasks failed after a few minutes.  I've attached the log file.

Can anyone offer me any assistance?  I'm honestly considering dumping the whole server and starting over, but the server also runs internal SMTP services and our helpdesk application, so it's a bunch more work than it sounds to stand it back up.  I'd much prefer to fix this WSUS problem than reload everything.

Thanks in advance.

Avatar of Dan McFadden
Dan McFadden
Flag of United States of America image

1. Is the Windows Firewall enabled on this server?
2. Is the "Default Web Site" in IIS Manager, still there?

Avatar of Scott Milner


Hi Dan,

Windows firewall is turned off on the server.  The Default Web Site in IIS Manager is still present, with bindings to port 80 and 443.
a bit more information...

a 'netstat -an -p TCP' from the server shows that it's listening on and
Avatar of Dan McFadden
Dan McFadden
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account

I tried adding the binding to port 8530 to the default website and rerunning the post-install tasks, but received the same error.

I'm going to uninstall everything and attempt a reinstall with the binding to port 8530 on the default website.  Just to clarify, this won't cause issues with the WSUS Management website that gets created during the post-deployment configuration process?

What is the default website ID in IIS Manager?

I'm sorry to ask... how do I find the ID?
Open up IIS manager, expand the tree so you see the site list on the left, select the Sites object.  In the center panel, you will see additional details about the sites in IIS.  The default site needs to be ID 1.

got it.  Default web site is ID1, WSUS admin site is a 10 digit ID number
Maybe an additional piece of the puzzle from Microsoft.


Were you able to identity the process attached to the ports?
What are the site bindings of the WSUS Admin site in IIS Manager?

I saw that link, but the details in their log file are different than mine .

The WSUS Admin site had bindings for port 8530 and 8531.

To try to track down the process that was attached to the ports, I uninstalled WSUS and WID, and removed the WSUS Admin site.  I then removed the site binding to port 8530 that we set up on the default web site, and ran iisreset.

Afterwards, I started TCPView.  I haven't used it before, but it seems pretty straight-forward.  After letting it run for about 5 minutes, I'm not seeing anything for a local port 8530 or 8531 at this point.

Likewise, netstat -an -p TCP doesn't show anything for ports 8530 or 8531 at this point.

This rules out the issue being something else using the ports WSUS is looking for, doesn't it?  

I'm going to attempt the WSUS installation again and will report back the result.
installation failed again, same log messages...  this is moving past frustrating!  :)
thanks for trying, Dan.  

I'm going to scrap installing it on this server and spin up a new vm.  I'd love to solve the problem, but it's hard to justify the time I'm spending.

I appreciate your efforts though!