SCCM not Syncing with WSUS

compdigit44
compdigit44 used Ask the Experts™
on
We have a Windows 2012 R2 running SCCM 2012 R2 and WSUS. We had an issue where WSUS stopped downloading updates, and got past this, the finial issue I cannot resolve is in SCCM sync the updates from the WSUS service which is itself. I have already tried to uninstall and reinstall SUP and WSUS, IIS App pool settings etc.. without any luck. The error I am getting in the sync logs is: " the request failed with http status 404 .... Microsoft.UpdateServices.Administation.AdminProxy....

In IIS when I click on browse for the WSUS admin still I can only see file in the directory list view, SSL does not work at all.

THoughts... bet at this for two days now....
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Open SCCM console -> Monitoring -> Software Update Point Synchronization Status and let me know what error code you have in the "Last Synchronization Error Code"

Author

Commented:
There is no error and no last sync
Do you have enough space on WSUS server ?
Is it WSUS installed with SCCM on the same server ?
Confirm if WSUS service is running ?
Share the log file that showing "" the request failed with http status 404 .... Microsoft.UpdateServices.Administation.AdminProxy...."
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
1) Enough space is on the WSUS server
2) Yes WSUS and SCCM are on the same server
3) I cannot upload the log but here is what the error says: " The request failed with HTTP status 404: Not Found ~~ at Microsoft.UpdateServices.Administrator.AdminProxy.CreateUpdateServer ~~at Microsoft.SystemManagementServer.WSUS.WSUSServer.ConnecttoWSUS (String ServerName, Boolen, USESSL, INT32)
Adam LeinssSystems Administrator

Commented:
What port is WSUS listening on?  It's going to be either port 8530 for non-SSL or 8531 for SSL.  While RDPed into the server hosting SCCM, go to http://localhost:8530 and see if you get any IIS response back.  Then go and make sure that port is configured in your SUP (see attached file).
sccm_wsus.png

Author

Commented:
It is using port 8350 and get the forbidden error message screen. I did enable directory browsing which does open the page to the directory view
Adam LeinssSystems Administrator

Commented:
Without log files, it is a bit of a guessing game what the problem is.  BTW, you can replace sensitive information in a group of LOG files using Notepad++ or any of these programs:  https://www.raymond.cc/blog/easily-delete-or-replace-multiple-lines-for-all-files-in-a-folder/

With that said, setting up SCCM with WSUS is relatively straight forward, so my advice would be the following:

1. Remove SCCM SUP role.  Wait 15 minutes.
2. Restart server
3. Remove WSUS Role.  Wait 5 minutes.
4. Restart server
5. Manually remove any WSUS folders left over from the uninstall (if any)
6. Re-setup WSUS/SCCM SUP using the following guide: https://everythingsccm.com/2017/03/27/configuring-wsus-with-sccm-current-branch-server-2016-part-i/

This is for SCCM CB, but the steps should also follow closely to SCCM 2012.

Recheck WCM.LOG and Wsusmgr.log for any errors using CMTrace after you completed the guide.

Author

Commented:
I did the step suggested and still not luck. I even deleted the SUSDB when doing this.
error.PNG
Systems Administrator
Commented:
Try this:

Under the Software Update Component properties and uncheck all Products and Classifications. Next click on Software Library > Software Updates > All Software Updates. Right-click All Software Updates and click Synchronize Software Updates. When you do this no updates are synchronized. So it’s only the products and classifications catalog that will be synchronized. Open WCM.log and wsyncmgr.log file and check if synchronization is successful. Finally, check/enable the products and classifications under software update component properties. Run the sync again and it should work well.

https://www.prajwaldesai.com/failed-to-set-subscriptions-on-wsus-server-error-0x80131500/

Check this video as well: https://www.youtube.com/watch?v=XJE_8ni-DPg

Author

Commented:
Even unchecking all items I still get a Failed to set subscriptions error

Author

Commented:
I gave up trying to fix this environment and setting up a new SCCM 2019 environment now.

Author

Commented:
I am standing up a new SCCM 2019 environment with the WSUS role on a separate server. WSUS tools are installed on the site server and can remotely manage the WSUS server yet in the log I keep getting the error " Remote configuration failed on WSUS server". All of the suggestions I have tried online have failed
Adam LeinssSystems Administrator

Commented:
Likely a firewall issue or permissions issue.

Is the computer account of the SCCM server a local administrator on the WSUS server?  If not, please add it and retry the operation.

Make sure port 8530 is open on the Windows firewall of the WSUS server.  You should be able to get to http://wsus:8530 (assuming non-SSL setup) from the SCCM server.

Author

Commented:
There are not firewall between the servers and the windows firewall is not enabled. The SCCM server account is a member of the local administrator group on the WSUS server and I did not manually configure anything on the WSUS server. When I go to http://<NameOfWsusServer>:8530 I get Forbidden Access Denied
Adam LeinssSystems Administrator

Commented:
What build # of SCCM are you running?  1810 or later is required for WSUS 10.0.17763 on Server 2019.

Author

Commented:
1906
Adam LeinssSystems Administrator

Commented:
When you remotely manage WSUS, are you seeing any metadata for updates?   It should look like the attached file.
wsus.png

Author

Commented:
SO I ended up opening a case with MS premier support for $499 dollars, After two hours on the phone with them still no luck. The tech said I had to make the server running the SUP role a site server in order for this to work, We had errors even make the WSUS server another site server. I think I am going to try and move the WSUS roll back to the Site server.


This is such a mess and thanks for all of the help.... OMG!!!

Author

Commented:
On my new Site server which is a CAS server, I moved the WSUS role and after following the article fellow members posted https://everythingsccm.com/2017/03/27/configuring-wsus-with-sccm-current-branch-server-2016-part-i/ it appears to be trying to sync now.  

I do have one question, as per the article I setup WSUS to pull updates from the internet and yet SCCM it set the same way. Would you want SCCM to point to the URL of the WSUS site locally?
Adam LeinssSystems Administrator
Commented:
You only need a CAS if you have 100,000 or more clients.  I would recommend rebuilding and not setting up the CAS if that is all possible as it will only add unnecessary complexity to your SCCM hierarchy.

In terms of WSUS: SCCM is only using WSUS for update metadata.  Your WSUS pulls the update metadata from the Internet.  When you build an update package in SCCM, SCCM uses this update metadata from the local WSUS to download the updates and build the package.

Author

Commented:
We need to setup a CAS since we place on setting up other primary sites at three remote sites.

Author

Commented:
Well our new SCCM 2019 server with WSUS installed on it pull 15,000 updates but noticed it is missing the 2019-11 Security patches.  It has all the security updates from 2018 but not 2019. Thoughts? Please note, I noticed that status under monitor status its syncing with the DB and has been in this state for a while.
Adam LeinssSystems Administrator

Commented:
Any errors in the logs? Check WCM.LOG and Wsusmgr.log with CMTrace.

Author

Commented:
I do not see any errors in the logs and see it scrolling / downloads 2019-10 updates now.... This download is taking forever....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial