Hi

Wanted to obtain some clarity on a confusing view I seem to be getting from a few people

Domain A : NUmerous Windows 2012 Servers

Domain B : WSUS Server

We want to update all the Servers from Domain A from the WSUS in Domain B

However - we are using SCCM to connect to the WSUS Server.....

We can obtain and get the necessary Ports opened etc [80 and 443?

However - I am hearing that the WSUS server needs to have Admin access permissions on the share where the Updates are kept - I find this somewhat odd - is this true? Does the Server that needs to be patched or the WSUS share need ADMIN access permissions for either?

Good Day Everyone

I am having an issue on trying to get one laptop machine to report to WSUS. The rest of the machine are reporting fine except for just one. Which comes up with The Computer has not reported status. What could be the issue?

These are the logs:

Kind Regards

Simtandile Mtubeli

Windows Server 2008 R2 Standard
Variety of Vista32 and Windows 7 pc's
Around August 12th, around 70's pc stopped talking to my WSUS Server, and haven't received updates.

I've tried so many things..deleted them from WSUS, resetauthorization, used our Solar Winds PatchManager to run EVERY tool there was.

I"ve had pc's end up needing to be restored, and some restored even though the restore failed!  Some come up with "Windows Not Genuine" now. I've ran all sorts of PSEXEC commands on them as well.

Sometimes, I do a gpupdate /force and see the WindowsUpdate.log show that it now has a target group which doesn't exist anymore, and the pc's don't even use Client-side targeting. They are supposed to go to Unassigned and then I target them.

Please let me know what other info I can possibly give. 

I've had some odd success occasionally, by remoting in, logging on as admin, run a resetauthorization /detectnow, then a gpupdate /force, then i logoff or reboot and run it again, then blah blah blah..I don't know sometimes it works and sometimes it doesn't!!

PLEASE HELP!

I'm a bit of a WSUS newbie, so bear with me.  I have a new WSUS server taking over service for my environment.  For the most part it is working well.  However, there are a large number of computers with patch failures.  

2 servers have 27 patch failures each.  No matter how many times I try to update, the updates always fail.  If I then manually check for updates against Microsoft instead of the WSUS server, it finds and installs the same patches fine.  I can find little different about these servers or patches that would cause the issue.  The only thing at all that I can see is that for some reason, all the failed patches are dated July 31, 2015, even if the patch shows a publish date of 2009! on WSUS.  

I have run the Windows Update Repair tool on these two servers with the 27 broken patches, but still no dice.  Furthermore all patches preceding and following these 27 patches have installed successfully. Is this a problem with my WSUS server or the target servers?  Is there a way to fix this beyond downloading them manually?

Jon

I have 2012r2 DC and 2008r2 RODC .can we use the same wsus computer group for server 2008r2 and server 2012r2 to deploy windows update.

After update the Patch on server 2008r2 i'm getting below issue & it running from long time. Pls help

Failure Configuring Windows update

Reverting changes 

do not turn off your computer.

Hi,

I'm trying to install Powershell 3.0 on Domain Controllers running on Windows Server 2008 R2 (x64) production environment (it was success on Development Environment (Domain Controllers running on Windows Server 2008 R2 (x64) )).

I have installed prerequesits mentioned on https://technet.microsoft.com/en-us/library/hh847837.aspx#BKMK_InstallingOnWindows7andWindowsServer2008R2

Its installing successfully however when you reboot the Server it reverts back to previous version.

I found below error  on Update history.

Hello everyone, I had a sbs2011 server running low on disk space on the system drive. I used the SBS2011 console to move the wsus repository to a drive which had sufficient space. I have left the database in the original location C:\WSUS

Since doing this I can no longer use WSUS. I get this error in the console:-

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The operation has timed out

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPGetUpdateServerStatus(Int32 updateSources, Boolean includeDownstreamComputers, String updateScopeXml, String computerTargetScopeXml, String preferredCulture, Int32 publicationState, Int32 propertiesToGet)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetUpdateServerStatus(UpdateSources updateSources, Boolean includeDownstreamComputers, String updateScopeXml, String computerTargetScopeXml, String preferredCulture, ExtendedPublicationState publicationState, UpdateServerStatusPropertiesToGet propertiesToGet)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetStatus(UpdateSources updateSources, Boolean includeDownstreamComputers, UpdateScope updatesToInclude, ComputerTargetScope computersToInclude, UpdateServerStatusPropertiesToGet propertiesToGet)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetReplicaStatus(UpdateSources updateSources)
   at Microsoft.UpdateServices.UI.SnapIn.Common.CachedUpdateServerStatus.GetFreshObjectForCache()
   at Microsoft.UpdateServices.UI.AdminApiAccess.CachedObject.GetFromCache()
   at Microsoft.UpdateServices.UI.SnapIn.Pages.ServerSummaryPage.backgroundWorker_DoWork(Object sender, DoWorkEventArgs e)

Can someone help me get this working again please. I don't understand why it has stopped working seen as I used the SBS2011 console to make the change. I thought I would be safe doing it this way.

Many Thanks in advance

Hi All ,

I realised the microsoft update option is missing for server 2008 R2  ... even join or standalone domain is still the same .. Is it being hidden or removed ? Win7 i'm able to find the option.

Im only able to see options : Recommended updates and who can install the updates in the Windows update settings only .

My WSUS server stopped synchronizing in October. I've been trying to get it to sync, but manual syncs also fail. I have been using the WSUS debug tool to try to purge unneeded updates, but that also fails at the state machine reset. I know the time is quickly running out on this OS, but until I can build a 2012 R2 server to replace it, I have to stick with this one. The last time I tried to replace it, my clients would not connect to the new server (same OS.)

What else can be done to try to get it working again?

Thank you

I have a Windows Server 2012 R2 VM that has the WSUS role installed and some other software. Since the last round of MS updates, I can no longer run reports in WSUS. If I revert to my snapshot before the updates, everything is working fine. Below are the specifics:
The error I am getting when running *some* reports (some reports DO work):

 
Then I get this error:

 
Event viewer shows the following:
Faulting application name: vbc.exe, version: 12.0.51209.34209, time stamp: 0x5348b3a6
Faulting module name: s\SYSTEM32\MSVCP120_CLR0400.dll!__crtGetFileInformationByHandle, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000139
Fault offset: 0x00000000000ec4e0
Faulting process id: 0x7c8
Faulting application start time: 0x01d123a5d067a54a
Faulting application path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
Faulting module path: s\SYSTEM32\MSVCP120_CLR0400.dll
Report Id: 0e38906b-8f99-11e5-80cd-005056b93132
Faulting package full name:
Faulting package-relative application ID:

The report.wer for this event is as follows:
Version=1
EventType=APPCRASH
EventTime=130925059249554379
ReportType=2
Consent=1
ReportIdentifier=0e38906c-8f99-11e5-80cd-005056b93132
IntegratorReportIdentifier=0e38906b-8f99-11e5-80cd-005056b93132
NsAppName=vbc.exe
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=vbc.exe
Sig[1].Name=Application Version
Sig[1].Value=12.0.51209.34209
Sig[2].Name=Application Timestamp
Sig[2].Value=5348b3a6
Sig[3].Name=Fault Module Name
Sig[3].Value=s\SYSTEM32\MSVCP120_CLR0400.dll!__crtGetFileInformationByHandle
Sig[4].Name=Fault Module Version
Sig[4].Value=6.3.9600.18007
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=55c4c16b
Sig[6].Name=Exception Code
Sig[6].Value=c0000139
Sig[7].Name=Exception Offset
Sig[7].Value=00000000000ec4e0
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.3.9600.2.0.0.272.7
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=ac05
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=ac0507478d1c5bd693cfc4fe3987e900
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=ac05
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=ac0507478d1c5bd693cfc4fe3987e900
UI[2]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
UI[3]=Visual Basic Command Line Compiler has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution and close the program
UI[6]=Check online for a solution later and close the program
UI[7]=Close the program
LoadedModule[0]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\KERNEL32.DLL
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[5]=C:\Windows\SYSTEM32\MSVCR120_CLR0400.dll
LoadedModule[6]=C:\Windows\system32\ole32.dll
LoadedModule[7]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[8]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[9]=C:\Windows\system32\USER32.dll
LoadedModule[10]=C:\Windows\SYSTEM32\VERSION.dll
LoadedModule[11]=C:\Windows\SYSTEM32\MSVCP120_CLR0400.dll
LoadedModule[12]=C:\Windows\SYSTEM32\mscoree.dll
LoadedModule[13]=C:\Windows\system32\PSAPI.DLL
LoadedModule[14]=C:\Windows\system32\msvcrt.dll
LoadedModule[15]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[16]=C:\Windows\system32\RPCRT4.dll
LoadedModule[17]=C:\Windows\SYSTEM32\combase.dll
LoadedModule[18]=C:\Windows\system32\GDI32.dll
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Visual Basic Command Line Compiler
AppPath=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
NsPartner=windows
NsGroup=windows8
ApplicationIdentity=7F5B6F8EE7375BAC20017EC5AB095217

This is only happening on one server, all others seem fine (as far as I can tell). I have tried installing individual updates, but the same thing happens regardless of which one I choose. I have run SFC, and it comes back with no errors. Below are the updates that are being installed:

 Any help is greatly appreciated!
Thanks
Doug

Dear Team,

I have installed WSUS and it was working fine, but due to some reason i had to reinstall it on my Windows 2012 R2 Standard Active Directory server.

Now i am trying to reinstall it on same server installation goes all fine but post install fails, no matter what i try it doesn't work. 

I Removed previous installation fully and removed WID database manually. Removed IIS , registry. Even then installation goes fine but post installation failed. Checked logs but , searched google and tried all solutions but no luck yet.

Any help would be much appreciated.

Hi,

I'm looking for a way to update a disk installation of windows server 2008 r2 with the latest windows updates.

This has been a recent event and occurring more often. We manage windows updates using WSUS and automatic updates. Also, I have a custom script I will run that checks for any pending updates. Our automatic updates occur on Sundays and I run my script on Monday or Tuesday. When I run my script against all of the hosts it shows no updates pending. Reporting looks like this:

At this point I think everything is good. Now the next Sunday some servers will reboot outside of their maintenance window and WSUS shows that they installed a couple of pending updates. I use the same script to manually install updates as well. The same script run against a machine that did not auto update suddenly says.

[9:23:30 AM] - Script action is set to: detect
[9:23:30 AM] - Verbose/Silent mode is set to: Silent
[9:23:30 AM] - Restart action is set to: Do nothing (only if action is pending)
[9:23:30 AM] - Checking local WU settings...
[9:23:30 AM] - Windows update agent is scheduled to run on every day at 3:00 AM
[9:23:30 AM] - Update Server: <WSUS URL>
[9:23:30 AM] - Target Group: CORP
[9:23:30 AM] - WUA mode Updates are downloaded automatically, and users are prompted to install.
[9:23:30 AM] - Instantiating Searcher
[9:24:11 AM] - This computer does not have any pending reboots (Pre-check).
[9:24:11 AM] - WUA mode: detect
[9:24:11 AM] - WU Server: <WSUS URL>
[9:24:11 AM] - Searching for missing or updates not yet applied...
[9:24:11 AM] - Missing: Update for Windows Server 2012 (KB2822241), Category ID: e6cf1350-c01b-414d-a61f-263d14d133b4
[9:24:11 AM] - Missing: Security Update for Windows Server 2012 (KB2993651), Category ID: a105a108-7c9b-4518-bbbe-73f0fe30012b
[9:24:11 AM] - An error has occured while instantiating search results. Error -2145124345 - . Check the C:\Windows\windowsupdate.log file for further information.
[9:24:11 AM] - ********** Cataloging updates **********
[9:24:11 AM] - Cataloged: Update for Windows Server 2012 (KB2822241)
[9:24:11 AM] - Cataloged: Security Update for Windows Server 2012 (KB2993651)
[9:24:11 AM] - Cataloged: Update for Windows Server 2012 (KB2975331)
[9:24:11 AM] - This PC requires updates from the configured Update Server (<WSUS URL>).
[9:24:11 AM] - Windows Update Agent has finished detecting needed updates.
[9:24:11 AM] - Windows Update VB Script finished

This happens despite no new updates being approved over that week. Also the updates that are pending are older and should have been installed long ago. KB2993651 seems to be involved in these incidents.

Any insights into what would cause a multiple day delay in reporting pending updates?

Success is a lousy teacher. It seduces smart people into thinking they can't lose. -Bill Gates

I am posting this question on behalf of someone who cannot post to this forum for some reason. Here's the problem:

• I have 2 servers both running Windows Server 2012.
• Server 1 = SCCM 2012 SP1 + WSUS
• Server 2 = Server 2012 =+SQL Server 2012 SP1

This is a brand new install, not an upgrade or migration.

• When I use WID locally it is fine. But I can't use WID as IT wants to use the SQL we have so their SQL team can manage it like any other SQL DB

Here is the error:

2013-06-13 08:57:22  Generation of encryption key to save to the database failed. Error=System.IndexOutOfRangeException: Index was outside the bounds of the array.   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccess.ExecuteSPGetConfiguration()   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()   at Microsoft.UpdateServices.Setup.StartServer.StartServer.GenerateNewDatabaseEncryptionKey()
2013-06-13 08:57:22  StartServer encountered errors. Exception=Index was outside the bounds of the array.
2013-06-13 08:57:22  Microsoft.UpdateServices.Administration.CommandException: Failed to start and configure the WSUS service   at Microsoft.UpdateServices.Administration.PostInstall.Run()   at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
Fatal Error: Failed to start and configure the WSUS service

Any ideas? I am following up internally and will update this thread if I find out anything more.

Hello,

The Nessus scan is notifying us of High Vulnerabilities on a shared drive SH on Node A for the cluster CL.

When patching the Node A the shared drive SH is failed over to Node B of cluster CL and the vulnerability is still listed on the share.

How to correct this type of vulnerabilities on shared drives?

WSUS does not propose the patch even approved...

Thanks,
Dom

System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

Hi,

After we got our Windows 2012 downstream server all setup, we had to rename the server.  So after renaming the server hostname, we recently discovered many of the PCs connecting to it have not checked in since.  In doing a little troubleshoot, I noticed that the IIS server manager still had the old name, which I then changed.  Is there any other thing to change in order for the new name to work correctly?  I think clients aren't still connecting.  And in looking at "C:\Program Files\Update Services\LogFiles\change.log" I still see the error "WSUS configuration has been changed by NT AUTHORITY\NETWORK SERVICE."  

Any help would be appreciated.