WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts,

I rebuilt a new 2016 Core Virtual Server.  
I am trying to install WSUS, the install is successful up until after the restart, then the post installation tasks keep failing.
I tried the fix with the 2012 server and uninstalled it and deleted the Windows/WID folder and it didn't make any difference, same behavior.
Here are the errors from the logs:

Failed to restart the current database. The current database is switched to master.
   at Microsoft.UpdateServices.DatabaseAccess.DBConnection.DrainObsoleteConnections(SqlException e)
   at Microsoft.UpdateServices.DatabaseAccess.DBConnection.ExecuteCommandNoResult()
   at Microsoft.UpdateServices.Administration.ConfigureDB.ExecuteQueryNoResults(String query)
   at Microsoft.UpdateServices.Administration.ConfigureDB.SetMultiUser(Boolean noFail)
ClientConnectionId:b27e8565-d50c-48a6-962a-2ba75ea0eb9c
Error Number:3605,State:1,Class:16
2017-08-18 07:59:03  Disposing Connection
2017-08-18 07:59:03  Clearing Connection Pools
2017-08-18 07:59:03  System.Data.SqlClient.SqlException (0x80131904): Schema verification failed for database 'SUSDB'.
ALTER DATABASE statement failed.
Failed to restart the current database. The current database is switched to master.
   at Microsoft.UpdateServices.DatabaseAccess.DBConnection.DrainObsoleteConnections(SqlException e)
   at Microsoft.UpdateServices.DatabaseAccess.DBConnection.ExecuteCommandNoResult()
   at …
0
Free Tool: Path Explorer
LVL 9
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Think I broke my SCCM. Its all grayed outt. I have reinstalled WSUS and the role again still no use can someone please help
0
I've set up a 2016 WSUS Server and have performed a successful synchronization. I've been testing with one server client (also 2016) just to make sure I can get it working correctly the way I want to before I go edit the Master GPO's on each domain and make this change permanent. The problem is I can't get this client to show in the WSUS Console

Firewalls are off on both server and each machine can ping each other. If I browse to http://WSUSservername I get hit with the IIS web page

When I open the local gpo on the client server, i've edited the correct windowsupdate policy object so that http://WSUSservername is the target WSUS server (I also see this http:// address in the registry)

What is it that i'm missing here? First time setting up WSUS in almost a decade so would appreciate some help! Thanks in advance
0
WSUS is being used to install Windows Updates on all PCs in this environment.
A recent batch of updates seems to have broken Office functionality. I want to remove them all to confirm if it is actually the updates that are causing the problem.
However when I try:

wusa /uninstall /kb:%%

Open in new window


This shows me that "KB%%% is not installed."
This is obviously not true since I see the KB in the "Installed Updates" list and can uninstall it manually.

I had a similar issue a few weeks ago and found that running msiexec works in this environment. In that case I had to remove a specific KB and used this command which I found in another forum:

psexec /accepteula \\%%a -e -w C:\ %Windir%\System32\msiexec.exe /I {90140000-0012-0000-0000-0000000FF1CE} MSIPATCHREMOVE={70DAB69D-244C-403A-9C0F-CB7748CD2991}

Open in new window


My question is how can I find these parameters in that command:
{90140000-0012-0000-0000-0000000FF1CE}  and {90140000-0012-0000-0000-0000000FF1CE}

since I think I will need to find those for each update in order to uninstall on all PCs.
Or is there another option?
0
Hi everyone.  We just went through our monthly pilot patching cycle last night and out of 17 servers on the list, we encountered errors with five of them.  Two (the 80244019 errors) showed patches available to download and install and also checked in with WSUS earlier in the day, prior to scheduled patching.  Three showed no patches available, but threw an error message (either 8024401f or 80244008) when I attempted to check for updates.  Two months ago (the last time I was on the hook to update servers), I did not see these errors.  I do not believe the individual who ran the patches last month saw these either.  Nothing I'm seeing in the Windows Update log leads to anything that would seem (to me, at least) to apply.

We have a script that does a number of different things to troubleshoot the issue.  Rather than listing them out, I've copied the script below.  I'll also upload the WindowsUpdate log files.

Beyond this, I found the WSUS Client Diagnostics Tool and there is a single error message that appears on every failed machine, but my Google Fu must be weak as I'm not seeing anything that makes sense.  There is no proxy server are there were not a lot of patches approved (and we've approved far more in the past, successfully).

Here is the script we run:

GetFileVersion(szEngineDir,&susVersion) failed with hr=0x80070002
The system cannot find the file specified

I've also checked that bandwidtch if perfectly fine; I can manually copy hundreds of Gb from the …
0
Hi All,

I get the following error when I check for updates:

There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information: (0x80244022)

 
I then RDP to PRODWSUS01VM which is the windows update server set in my registry.

I ran the Update Services snapin and tried to connect to PRODWSUS01VM but I get the following error:

WSUS console
Can anyone here please assist me what stepsI need to do to ensure the WSUS is working again in my AD domain ?

Thanks,
0
Hi All,

WSUS Clients are showing status "Not Reported Yet"

We have WSUS Server where clients are not receiving updates by the Server and the status is Not Yet Reported

Regards
System Support
0
hi team

we require a script which will copy the reg file to remote servers and add it in registry.

we are implementing wsus. we don't want to use the GP. so we would like to add the reg key in our servers. please help to provide a nice script.
0
Hello, on WSUS post installation, i am getting this error, and attached is the "tmp919A.tmp"


Log file is located at C:\Users\USER\AppData\Local\Temp\2\tmp919A.tmp
Post install is starting
Fatal Error: Attempted to perform an unauthorized operation.

any help ?
tmp919A.txt
0
Hi All,
We have SCCM 2012, Current Branch.
Been installed (by a consultant) about 6 weeks ago. We have ran into an issue with clients updating and not sure if they have ever updated since it's been installed
I think (I will double check) most of our clients are showing the following errors from the windowupdate.log

2017/08/03 22:09:18.4202729 312   3520  ProtocolTalker  SyncServerUpdatesInternal failed 0x8024401c
2017/08/03 22:09:18.4246690 312   3520  Agent           Failed to synchronize, error = 0x8024401C

I have attached logs from 3 Windows 10 machines. These include WU log and WUAHandler.log
Also attached are 2 SCCM Log files

What I have tried.
1. Can telnet onto port 8530 from any client machine
2. Checked event logs
3. Rebooted SCCM Server
4. Made the changes as per this article - all through I don't think it was relevant - https://blogs.msdn.microsoft.com/the_secure_infrastructure_guy/2015/09/02/windows-server-2012-r2-wsus-issue-clients-cause-the-wsus-app-pool-to-become-unresponsive-with-http-503/
5. Ran through this article - https://technet.microsoft.com/en-us/library/bb735874.aspx.
But still haven't been able to crack the issue.

Questions
1. Can you still use WU to check for updates that will just go to your SCCM Server and expect to find and install updates? Or do updates get installed differently using ADR's?
I was expecting to click "Check for Updates" and find available updates.

2. Under update history, would I still see updates …
0
Free Tool: SSL Checker
LVL 9
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hey guys,

My C: drive is running low on space on my SBS 2011 server, i ran a scan, and i see in the WSUS folder, there is a SUSDB.mdf file of 20GB. How can i free up space in this folder properly?
0
Hi Experts

is there anyway get a report of last patched status of group of servers from wsus. I want to know when was the  patches installed last.
0
I had this question after viewing On an SBS 2011 server what do you think about turning off WSUS and how would you do that?.

The SBS Console shows that the 3 workstations are missing 10 or 11 updates that have been downloaded.  But the Updates tab of the console does not show any undeployed updates and the workstations think they are up to date.
0
Microsoft updates are getting too large and take too long to download. I work for a school and we have over 250 windows computers that share 100MB internet and they take a long time to update and update at bad times. i am trying to create a wsus server, but keep getting connection errors. we have a xtm525 watchguard firewall and was told there may be a way to prevent the updates at different times. is this correct? Does anyone know how?

thank you
0
Hi

we have mulitple machines running Windows 8.1 , those machines are their respective OUs in AD and there was a policy created for them to point towards our WSUS server onsite to get their updates, up until this month the machines were receiving them correctly, this month however multiple machines are stuck on 99% in WSUS,  once we check the details of the updates we see that the same 3 updates for the windows 8.1 machines will not install, we have marked them for removal and set a specific deadline but the deadline passed and still the machines status do not change and remain at 99%, can anyone please advise?

the three updates -

KB4025336
KB4025333
KB4025252
0
WSUS error: connection error
i can get the console open, but after using it a while i get this error.

2017-07-18_7-21-28.jpgthis is what it shows in the event log.
The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The operation has timed out

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, Int32 publicationState)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, ExtendedPublicationState publicationState)
   at Microsoft.UpdateServices.Internal.BaseApi.Update.SearchUpdates(UpdateScope searchScope, ExtendedPublicationState publicationState, UpdateServer updateServer)
   at Microsoft.UpdateServices.UI.AdminApiAccess.UpdateManager.GetUpdates(ExtendedUpdateScope filter)
   at …
0
Hi all,

We have a setup, where all computers are connected to the Head Office WSUS server so that we have a better visibility of all computers and we control which updates need to be downloaded.

Some of the computers are at our remote sites (connected via VPN) and we would like to reduce the bandwidth. Thus, we were thinking of having a physical server at our remote site which downloads the updates that we at the Head Office authorise and the clients download from the local WSUS site server.

The administrator still needs to control everything from the Head Office and authorise updates from 1 location (HO).

Thanks.
0
We are a corporate environment with a single WSUS server. We have our main headquarters where the majority of our devices reside, but we also have a few remote offices with slower internet connections. Our issue is that ever since we started deploying Windows 10 to PCs at our remote locations, we started having big bandwidth issues at those remote locations when deploying Windows Updates with WSUS. I see in previous operating systems you could throttle the BITS service with a GPO. That doesn't appear to be an option for Windows 10 devices. Does anyone have any recommendations? Thanks!
0
Hi

I have recently installed and started running WSUS on Windows Server Std 2012 R2.
I have got all the computers on our network connecting to it.
It keep crashing and giving the following error information:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The request failed with HTTP status 503: Service Unavailable.

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()
   at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)
   at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type type, Object[] args)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetConfiguration()
   at
0
Free Tool: Subnet Calculator
LVL 9
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

.
bgbisapi.msi could not install
0
I am starting to roll out new Windows 10 laptops in my network.  I have installed a new WSUS server on Windows 2012 R2.  In the past with Windows 7 and WSUS on 2008 server I was able to use registry keys instead of a group policy to get my machines to report in with WSUS.  I prefer this method as I can give different machines different days of week and time of day to check for updates.  Is this possible with my new WSUS and Windows 10?
0
How can you find out when wsusoffline.net has updated its site to the latest published patches. For instance it is Patch Tuesday tomorrow so there is little point spending time updating offline computers until the newest patches releases have been incorporated in the wsusoffline site.
0
So, we run WSUS on Server 2012 R2 for our environment.

In June, the 15th to be exact, I approved a rollup that contained a two specific patches.  When I search on those two specific patches, I can see the date I approved them since I use deadlines when I approve.  So, I know I approved the rollup and I have confirmed that the two specific KBs are in the rollup.

So, after I have run thru all of my patching, I run Computer Tabular Status for Approved Updates and it looks like all but one or two of my servers are all compliant.

Then I go back and I search on the two specific KBs and I do a detailed report and I find that over 100 servers do not have the patch in question.  

The patch was approved in the rollup.  The rollup was installed.  The Computer Tabular Status for Approved Updates report does not show any servers missing approved updates, yet my detailed report shows that the two specific KBs are needed on over 100 computers.  

This discrepancy in reporting is killing me!

So, if the KB is in the rollup, will it not show up in a report looking for the specific KB?  Or, another way to put it, will the specific KB only show in a report looking for that specific KB if the KB was installed standalone and not in a rollup?

I logged into some of the servers and I do not see the KB and that is matching up pretty well with the detailed report.

I'm just confused on why the reporting discrepancies.

Thanks

Cliff
0
Except for one client computer that recently joined the domain,  none of the 65+ clients are showing up in the WSUS 'all computers' list.   Tried  wuaclt.exe /detectnow and gpupdate /force.   No Joy.   Wsus has collected updates, 130gb worth, and seems ready to serve.   What do I do?
0
We are using wsus on our pc's.  However, we have one pc that must not be allowed to update, as we use it to connect to some archaic systems, and the newer security settings play havoc with the systems we connect to.  Asking the outfits at the other end to update their systems has been fruitless, and we can't us another outfit for this.  WSUS is managed via group policy, and I need this one pc to NEVER get windows updates or java updates, while keeping it as a member of our domain.

Any ideas?
0

WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In
WSUS
<
Monthly
>