Link to home
Create AccountLog in
Avatar of RhoSysAdmin
RhoSysAdminFlag for United States of America

asked on

WSUS clients do NOT see approved updates from WSUS server

This is a follow up question to one I posted just last week where none of our WSUS clients had reported a status in the past 30 days.  After getting past the failed .NET patch on our (W2K19) WSUS server, every client is now reporting a status.  The WSUS console does show that clients are in need of patches that are approved for install.

But the Win 10 clients I've checked show NO update history, and no patches needed despite the fact that the WSUS console says otherwise.  I should note that the Win 10 clients I've checked have recently had O365 installed - with updates configured to be downloaded directly from Microsoft.  

The couple of test servers I've checked DO show update histories, but they also fail to see the approved updates waiting for them on the WSUS server.

I've tried resetting a test WSUS client, but it does not resolve the issue.  I wanted to post this now while I'm still pouring through event logs to see if anyone has seen this before.

I'll provide more details should I find any additional clues.  

Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image

But the Win 10 clients I've checked show NO update history, and no patches needed despite the fact that the WSUS console says otherwise.

if you run a report for one of those systems, does the status show updates as 'approved' and 'not installed'?
Avatar of RhoSysAdmin


The report shows "Install" for approval and "Not installed" for status.

have you tried to stop the windows update service, deleting all of the files in \windows\softwaredistribution, starting the windows update service and doing another check?
I tried it on a Windows 10 client and it detected zero updates.

I would blame it on the Office 365 updates, but it's happening to every client, O365 or not, Win 10 or Win Server *.

wsus doesn't have any updates needing files does it?
The WSUS server hasn't found anything that it thinks it needs to install when running the update check against its own downloads.  I allowed it to check online with Microsoft and it found some we have not approved yet. So I'm allowing these to install now - which will take some time.

I'm also seeing the following error in the app event log :

Log Name:      Application
Source:        Windows Server Update Services
Date:          12/15/2021 9:06:38 PM
Event ID:      10032
Task Category: 7
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      <mywsusserver>.com
The server is failing to download some updates.
Event Xml:

Open in new window

Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Post reboot of the WSUS server (after installing all available updates), the 12002 error (The Reporting Web Service is not working) and 1309 ASP.NET warning events my previous question asked for help with have re-appeared and clients are no longer reporting their status at all.

So we're back where we started....

Previous discussion : ​ALL of our WSUS clients have failed to report their status in more than 30 days​​​

Previous (and now current) error events :

Log Name:      Application
Source:        Windows Server Update Services
Date:          12/16/2021 1:32:18 PM
Event ID:      12002
Task Category: 9
Level:         Error
Keywords:      Classic
User:          N/A
The Reporting Web Service is not working.
Event Xml:

Log Name:      Application
Source:        ASP.NET 4.0.30319.0
Date:          12/16/2021 1:03:17 AM
Event ID:      1309
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 12/16/2021 1:03:17 AM 
Event time (UTC): 12/16/2021 6:03:17 AM 
Event ID: 78fa1e0f13fe43bbb67cd150e1d57136 
Event sequence: 26886 
Event occurrence: 32 
Event detail code: 0 
Application information: 
    Application domain: /LM/W3SVC/1558258880/ROOT-16-132839353019997346 
    Trust level: Full 
    Application Virtual Path: / 
    Application Path: C:\Program Files\Update Services\WebServices\Root\ 
    Machine name: WSUS 
Process information: 
    Process ID: 3872 
    Process name: w3wp.exe 
Exception information: 
    Exception type: HttpException 
    Exception message: A potentially dangerous Request.Path value was detected from the client (<).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Request information: 
    Request URL:<script>alert('XSS')</script> 
    Request path: /cgi-bin/search=<script>alert('XSS')</script> 
    User host address: 
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
Thread information: 
    Thread ID: 58 
    Thread account name: NT AUTHORITY\NETWORK SERVICE 
    Is impersonating: False 
    Stack trace:    at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Open in new window

After reviewing SoftwareDistribution.log, I hope to be going in the right direction now.  There are a bunch of errors. But it's hard to tell which error is key. To start with, we have 100+ of the following:

Source File: /c/msdownload/update/software/crup/2021/11/aspnetcore-runtime-5.0.12-win-x64_4922f60dcb21f8c227e2ba022138eefc7ac70d9f.exe 
Destination File: E:\WsusContent\9F\4922F60DCB21F8C227E2BA022138EEFC7AC70D9F.exe
2021-12-17 18:32:11.151 UTC    Info    WsusService.16    EventLogEventReporter.ReportEvent    EventId=364,Type=Error,Category=Synchronization,Message=Content file download failed.
Reason: There are no more endpoints available from the endpoint mapper.

Open in new window

We also have 300+ of this error mixed in with the above

2021-12-17 19:21:33.945 UTC    Error    WsusService.11    HmtWebServices.CheckReportingWebService    Reporting WebService SoapException:System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.TypeInitializationException: The type initializer for 'Microsoft.UpdateServices.Internal.Reporting.WebService' threw an exception. ---> System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Server is in script upgrade mode. Only administrator can connect at this time.

Open in new window

I've tried "C:\Program Files\Update Services\Tools>WsusUtil.exe postinstall" from an administrative prompt, but it didn't change anything.

I've confirmed the permissions for "NETWORK SERVICE" to the root of the WSUSContent drive and made sure it has full permissions to "WsusContent".  

This server worked until the 2021-09 CU for W2K19 failed to install on 11/8/2021. It has since been replaced by the 2021-10 CU and the 2021-11 CU.

Hoping someone has been down this road.

Server is in script upgrade mode.

that is a problem
what database is being used?
seems to indicate SQL is being patched or upgraded causing WSUS issues
if someone was doing something with the database, try restarting the WSUS service; could have been a transient error
We're using the built in database. The server has been rebooted multiple times.  This has been an issue for a month.

Can we move the DB from the built-in to a SQL server?  Or do we need to start over and build a new server that uses a separate SQL server for its database?  Or remove WSUS, the DB, the content, and start over completely, setting up WSUS to use an external SQL server (assuming that's an option)?

At this point, I just need something that works.

Can we move the DB from the built-in to a SQL server?


Migrating the WSUS Database from WID to SQL
Given the mountain of errors in our SoftwareDistribution.log, should I uninstall everything on the existing server and redo from the ground up, this time pointing to an external SQL server? I can't tell from the error whether I have a content problem or a database problem.

Is there any benefit to deleting the contents of our WsusContent directory and running a "wsusutil.exe reset"?  We "kind of" did this once already, although I think we failed to run the "wsusutil.exe reset" immediately after deleting the contents of WsusContent.  So it's possible we made things worse.
you could start over.  I had frequent console errors doing certain things when using WID but rebuild with SQL express and have had no issues since.  Not sure what would happen if you kept the content folder; it might just create new folders and download it again as what you have is currently mapped in the database.
So a local install of SQL express is an option rather than using an external SQL server (with a full SQL install)?

yes sql express is an option
It appears a "wsusutil.exe reset" plus (re)enabling the Windows Firewall has fixed my issues (wrt clients reporting update history and downloading newly approved updates) for all but one stubborn server.  Every other client is showing their update history locally, and downloading newly approved updates from the WSUS server.

I have one W2K19 server that is only showing the updates I applied manually (last night) in the update history.  Funny thing is when you go to "uninstall updates" the complete list of updates IS there. I've tried resetting the client (while removing it from the WSUS console at the same time). It re-appeared in the WSUS console, but it still not showing the history in "View Update History".

It's been more than 24 hours since I reset the WSUS client info. Even though this seems to be a minor glitch, I still would prefer to see a proper update history list.

Any ideas?