Zdroje informací pro profesionály v oboru IT >
Domovská stránka fór
>
WSUS
>
WSUS 3.0 SP1 Clients Not Reporting Correctly
WSUS 3.0 SP1 Clients Not Reporting Correctly
- Hi,
I have a WSUS 3.0 SP1 server serving as our main Upstream Server. I am having issues sending patches out to clients for the past few weeks (only just noticed it yesterday).
The issue is that patches that were released on the June Patch Tuesday are saying they are Not Applicable to all of my servers. After I have approved the updates, I go to update the client and get the below in the windowsupdate.log file. Any ideas? I saw in a post recently that the evaluate rule failure is something Microsoft are looking into but it was only a passing reference and have found nothing since.
2009-07-01 09:04:57:143 1012 d50 AU Triggering AU detection through DetectNow API 2009-07-01 09:04:57:143 1012 d50 AU Triggering Online detection (non-interactive) 2009-07-01 09:04:57:143 1012 7c0 AU ############# 2009-07-01 09:04:57:143 1012 7c0 AU ## START ## AU: Search for updates 2009-07-01 09:04:57:143 1012 7c0 AU ######### 2009-07-01 09:04:57:143 1012 7c0 AU <<## SUBMITTED ## AU: Search for updates [CallId = {EDC6BFEF-0E4E-4A90-8C1A-0A5BBFB67032}] 2009-07-01 09:04:57:143 1012 dd4 Agent ************* 2009-07-01 09:04:57:143 1012 dd4 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-07-01 09:04:57:143 1012 dd4 Agent ********* 2009-07-01 09:04:57:143 1012 dd4 Agent * Online = Yes; Ignore download priority = No 2009-07-01 09:04:57:143 1012 dd4 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 2009-07-01 09:04:57:143 1012 dd4 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 2009-07-01 09:04:57:159 1012 dd4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-07-01 09:04:57:175 1012 dd4 Misc Microsoft signed: Yes 2009-07-01 09:04:57:206 1012 dd4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-07-01 09:04:57:206 1012 dd4 Misc Microsoft signed: Yes 2009-07-01 09:04:57:221 1012 dd4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: 2009-07-01 09:04:57:237 1012 dd4 Misc Microsoft signed: Yes 2009-07-01 09:04:57:237 1012 dd4 Setup *********** Setup: Checking whether self-update is required *********** 2009-07-01 09:04:57:237 1012 dd4 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 2009-07-01 09:04:57:237 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:237 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:237 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:237 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 09:04:57:253 1012 dd4 Setup * IsUpdateRequired = No 2009-07-01 09:05:04:175 1012 dd4 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2009-07-01 09:05:04:175 1012 dd4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://camspemwsus1.cobwebmanage.local/ClientWebService/client.asmx 2009-07-01 09:05:06:518 1012 dd4 Agent WARNING: Failed to evaluate Installed rule, updateId = {A901C1BD-989C-45C6-8DA0-8DDE8DBB69E0}.103, hr = 8024E001 2009-07-01 09:05:07:190 1012 dd4 PT +++++++++++ PT: Synchronizing extended update info +++++++++++ 2009-07-01 09:05:07:190 1012 dd4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://camspemwsus1.cobwebmanage.local/ClientWebService/client.asmx 2009-07-01 09:05:08:581 1012 dd4 Agent * Found 0 updates and 52 categories in search; evaluated appl. rules of 675 out of 902 deployed entities 2009-07-01 09:05:08:643 1012 dd4 Agent ********* 2009-07-01 09:05:08:643 1012 dd4 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-07-01 09:05:08:643 1012 dd4 Agent ************* 2009-07-01 09:05:08:643 1012 1c4 AU >>## RESUMED ## AU: Search for updates [CallId = {EDC6BFEF-0E4E-4A90-8C1A-0A5BBFB67032}] 2009-07-01 09:05:08:643 1012 1c4 AU # 0 updates detected 2009-07-01 09:05:08:643 1012 1c4 AU ######### 2009-07-01 09:05:08:643 1012 1c4 AU ## END ## AU: Search for updates [CallId = {EDC6BFEF-0E4E-4A90-8C1A-0A5BBFB67032}] 2009-07-01 09:05:08:643 1012 1c4 AU ############# 2009-07-01 09:05:08:643 1012 1c4 AU AU setting next detection timeout to 2009-07-01 11:18:47 2009-07-01 09:05:08:643 1012 1c4 AU Setting AU scheduled install time to 2009-07-02 02:00:00 2009-07-01 09:05:13:643 1012 dd4 Report REPORT EVENT: {F8187730-F1E4-49FC-BBD5-676B2A647D43} 2009-07-01 09:05:08:643+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates. 2009-07-01 09:05:13:643 1012 dd4 Report REPORT EVENT: {4CEA87DB-2B7D-4B68-9917-7E6203F34885} 2009-07-01 09:05:08:643+0100 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status. 2009-07-01 09:11:27:536 1012 dd4 Report Uploading 2 events using cached cookie, reporting URL = http://camspemwsus1.cobwebmanage.local/ReportingWebService/ReportingWebService.asmx 2009-07-01 09:11:27:630 1012 dd4 Report Reporter successfully uploaded 2 events.
Odpovědi
To me this shows that the server is working correctly for distributing patches that are already shown to be needed by clients, but it seems to be going wrong with clients reporting new patches that it needs.
As noted above... the WUAgent can only report on what it can *see* at the server. If the new updates are "invisible" to the WUAgent during the update scan, then it cannot report any status for the update. Remember, everything happens from the WUAgent. The WSUS Server is just a passive player in this game, answering queries to a database of available updates, and providing binary packages for download when requested. But if those queries are returning defective information, then the WUAgent can't "Comment on" updates it doesn't know about.
Thus my suggestion to completely UNAPPROVE (maybe even DECLINE), and then REAPPROVE those June updates -- the intent being to 'reset' anything that might have gotten incorrectly set by a dysfunctional approval the first time through (like inadvertently setting the Decline or Expire bitflag on the updates - which would cause exactly this behavior).
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)- Označen jako odpověďEric Zhang - MSFTMSFT, Moderátor8. července 2009 7:17
I seem to have found the issue. It seems that from the June 2009 updates released by Microsoft, there is no longer support for Server 2003 SP1. This is what the machines that are not reporting correctly are running. I installed SP2 on my WSUS server and immediately after rebooting it started reporting correctly.
Thanks.- Označen jako odpověďKeir Nolan 13. srpna 2009 10:24
Všechny reakce
- This log looks incomplete.. several expected entries are missing.
Notwithstanding the missing entries, it looks like the basic issue is that this client is not detecting against the correct target group -- thus no detection of approved updates.
How did you assign groups? What group should this machine be a member of?
Please rerun this command: wuauclt /resetauthorization /detectnow and post the log entries from that detection event.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009) I have run that command have received the below results in the log file.
The groups are assigned by creating them in WSUS, then when a computer is built and appears in the Unassigned Computers group, they are added to their correct group. This machine is a member of the WSUS Group that I have created, and it is the WSUS server itself.2009-07-01 14:26:25:005 1012 874 AU Triggering AU detection through DetectNow API 2009-07-01 14:26:25:005 1012 874 AU Triggering Online detection (non-interactive) 2009-07-01 14:26:25:005 1012 7c0 AU ############# 2009-07-01 14:26:25:005 1012 7c0 AU ## START ## AU: Search for updates 2009-07-01 14:26:25:005 1012 7c0 AU ######### 2009-07-01 14:26:25:005 1012 7c0 AU <<## SUBMITTED ## AU: Search for updates [CallId = {409102A4-E06D-48F6-8C1D-2963AFB00DE6}] 2009-07-01 14:26:25:005 1012 fa4 Agent ************* 2009-07-01 14:26:25:005 1012 fa4 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-07-01 14:26:25:005 1012 fa4 Agent ********* 2009-07-01 14:26:25:005 1012 fa4 Agent * Online = Yes; Ignore download priority = No 2009-07-01 14:26:25:005 1012 fa4 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 2009-07-01 14:26:25:005 1012 fa4 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 2009-07-01 14:26:25:005 1012 fa4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-07-01 14:26:25:005 1012 fa4 Misc Microsoft signed: Yes 2009-07-01 14:26:25:271 1012 fa4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-07-01 14:26:25:271 1012 fa4 Misc Microsoft signed: Yes 2009-07-01 14:26:25:302 1012 fa4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: 2009-07-01 14:26:25:302 1012 fa4 Misc Microsoft signed: Yes 2009-07-01 14:26:25:318 1012 fa4 Setup *********** Setup: Checking whether self-update is required *********** 2009-07-01 14:26:25:318 1012 fa4 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-01 14:26:25:333 1012 fa4 Setup * IsUpdateRequired = No 2009-07-01 14:26:32:240 1012 fa4 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2009-07-01 14:26:32:240 1012 fa4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://camspemwsus1.cobwebmanage.local/ClientWebService/client.asmx 2009-07-01 14:26:32:412 1012 fa4 PT WARNING: Cached cookie has expired or new PID is available 2009-07-01 14:26:32:412 1012 fa4 PT Initializing simple targeting cookie, clientId = 3aa1cf0f-cbd5-4ab7-b6aa-c2b879ff6961, target group = , DNS name = camspemwsus1.cobwebmanage.local 2009-07-01 14:26:32:412 1012 fa4 PT Server URL = http://camspemwsus1.cobwebmanage.local/SimpleAuthWebService/SimpleAuth.asmx 2009-07-01 14:26:34:568 1012 fa4 Agent WARNING: Failed to evaluate Installed rule, updateId = {A901C1BD-989C-45C6-8DA0-8DDE8DBB69E0}.103, hr = 8024E001 2009-07-01 14:26:35:271 1012 fa4 PT +++++++++++ PT: Synchronizing extended update info +++++++++++ 2009-07-01 14:26:35:271 1012 fa4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://camspemwsus1.cobwebmanage.local/ClientWebService/client.asmx 2009-07-01 14:26:36:740 1012 fa4 Agent * Found 0 updates and 52 categories in search; evaluated appl. rules of 675 out of 902 deployed entities 2009-07-01 14:26:36:756 1012 fa4 Agent ********* 2009-07-01 14:26:36:756 1012 fa4 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-07-01 14:26:36:756 1012 fa4 Agent ************* 2009-07-01 14:26:36:756 1012 4cc AU >>## RESUMED ## AU: Search for updates [CallId = {409102A4-E06D-48F6-8C1D-2963AFB00DE6}] 2009-07-01 14:26:36:756 1012 4cc AU # 0 updates detected 2009-07-01 14:26:36:756 1012 4cc AU ######### 2009-07-01 14:26:36:756 1012 4cc AU ## END ## AU: Search for updates [CallId = {409102A4-E06D-48F6-8C1D-2963AFB00DE6}] 2009-07-01 14:26:36:756 1012 4cc AU ############# 2009-07-01 14:26:36:756 1012 4cc AU AU setting next detection timeout to 2009-07-01 17:25:00 2009-07-01 14:26:36:756 1012 4cc AU Setting AU scheduled install time to 2009-07-02 02:00:00I have run that command have received the below results in the log file.
Thank you for the feedback.
The groups are assigned by creating them in WSUS, then when a computer is built and appears in the Unassigned Computers group, they are added to their correct group. This machine is a member of the WSUS Group that I have created, and it is the WSUS server itself.
2009-07-01 14:26:32:412 1012 fa4 PT WARNING: Cached cookie has expired or new PID is available 2009-07-01 14:26:32:412 1012 fa4 PT Initializing simple targeting cookie, clientId = 3aa1cf0f-cbd5-4ab7-b6aa-c2b879ff6961, target group = , DNS name = camspemwsus1.cobwebmanage.local 2009-07-01 14:26:32:412 1012 fa4 PT Server URL = http://camspemwsus1.cobwebmanage.local/SimpleAuthWebService/SimpleAuth.asmx 2009-07-01 14:26:34:568 1012 fa4 Agent WARNING: Failed to evaluate Installed rule, updateId = {A901C1BD-989C-45C6-8DA0-8DDE8DBB69E0}.103, hr = 8024E001 2009-07-01 14:26:35:271 1012 fa4 PT +++++++++++ PT: Synchronizing extended update info +++++++++++ 2009-07-01 14:26:35:271 1012 fa4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://camspemwsus1.cobwebmanage.local/ClientWebService/client.asmx 2009-07-01 14:26:36:740 1012 fa4 Agent * Found 0 updates and 52 categories in search; evaluated appl. rules of 675 out of 902 deployed entities 2009-07-01 14:26:36:756 1012 fa4 Agent ********* 2009-07-01 14:26:36:756 1012 fa4 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-07-01 14:26:36:756 1012 fa4 Agent ************* 2009-07-01 14:26:36:756 1012 4cc AU >>## RESUMED ## AU: Search for updates [CallId = {409102A4-E06D-48F6-8C1D-2963AFB00DE6}] 2009-07-01 14:26:36:756 1012 4cc AU # 0 updates detected 2009-07-01 14:26:36:756 1012 4cc AU ######### 2009-07-01 14:26:36:756 1012 4cc AU ## END ## AU: Search for updates [CallId = {409102A4-E06D-48F6-8C1D-2963AFB00DE6}] 2009-07-01 14:26:36:756 1012 4cc AU ############# 2009-07-01 14:26:36:756 1012 4cc AU AU setting next detection timeout to 2009-07-01 17:25:00 2009-07-01 14:26:36:756 1012 4cc AU Setting AU scheduled install time to 2009-07-02 02:00:00
What is the exact name of the WSUS group you have created?
How many updates have been APPROVED for installation for this WSUS group?
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)- Group name is - "WSUS"
I just recently approved all of the patches for the June Patch Tuesday for this group and all of my other groups, however they did not download them.
Have you seen the Failed To Evaluate Rule error before?
On the client it seemed to have started happening around the 23rd June about 4am (checked on a couple of machines). Do you know what could cause this rule error?
Thanks. - I am also seeing this in the SoftwareDistribution.log log file in the Update Services installation folder:
Warning w3wp.5 SoapUtilities.CreateException ThrowException: actor = http://[Server URL]/ClientWebService/client.asmx, ID=119a036a-cf2f-4625-87da-ce6c3868e9d3, ErrorCode=ConfigChanged, Message=, Client=2ccd5d21-6e4f-4690-8f4e-2f5827bb6334
Not sure if that helps? Group name is - "WSUS"
I just recently approved all of the patches for the June Patch Tuesday for this group and all of my other groups, however they did not download them.
Have you seen the Failed To Evaluate Rule error before?
On the client it seemed to have started happening around the 23rd June about 4am (checked on a couple of machines). Do you know what could cause this rule error?
Thanks.
The "Failed to Evaluate" rule is known and under investigation and is not related to the issue of the June updates being undetected.
Try this please: On the WSUS Server, remove the approvals for the June updates, and then reapply the approvals. I have no logical reasoning for this suggestion but in a separate thread a week or so ago, another person did exactly that and resolve a very similar issue.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)- Without a time stamp, it's hard to correlate against the other information, but generally this is a normal indication if a configuration change on the WSUS Server really did happen at the timestamp of this log entry.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009) - OK i will try that.
None of the clients are reporting that they need the patches that have been released. They claim they are all up to date, and the new patches that were released in June are saying they are "Not Applicable". Even if they are not picking up the fact that the patches have been approved surely they should be saying that they need the patches? - I have just removed all approvals for the WSUS group. I then ran a report to seek what updates were needed by the server in that group. It needed about 12 updates, all or which were update rollups, none were Critical or Security patches.
I approved .NET Framework 2.0 Service Pack 1 on that group and the server in the group downloaded it immediately. I've added the windowsupdate.log below. To me this shows that the server is working correctly for distributing patches that are already shown to be needed by clients, but it seems to be going wrong with clients reporting new patches that it needs. Is there any troubleshooting you know for this scenario?
2009-07-02 16:17:15:734 1280 1f4 AU Triggering AU detection through DetectNow API 2009-07-02 16:17:15:734 1280 1f4 AU Triggering Online detection (non-interactive) 2009-07-02 16:17:15:734 1280 808 AU ############# 2009-07-02 16:17:15:734 1280 808 AU ## START ## AU: Search for updates 2009-07-02 16:17:15:734 1280 808 AU ######### 2009-07-02 16:17:15:734 1280 808 AU <<## SUBMITTED ## AU: Search for updates [CallId = {B88D4167-44C4-4D0D-83B2-D43DE4FEE84F}] 2009-07-02 16:17:15:734 1280 3cc Agent ************* 2009-07-02 16:17:15:734 1280 3cc Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-07-02 16:17:15:734 1280 3cc Agent ********* 2009-07-02 16:17:15:734 1280 3cc Agent * Online = Yes; Ignore download priority = No 2009-07-02 16:17:15:734 1280 3cc Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 2009-07-02 16:17:15:734 1280 3cc Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 2009-07-02 16:17:15:734 1280 3cc Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-07-02 16:17:15:750 1280 3cc Misc Microsoft signed: Yes 2009-07-02 16:17:15:750 1280 3cc Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-07-02 16:17:15:750 1280 3cc Misc Microsoft signed: Yes 2009-07-02 16:17:15:765 1280 3cc Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: 2009-07-02 16:17:15:781 1280 3cc Misc Microsoft signed: Yes 2009-07-02 16:17:15:781 1280 3cc Setup *********** Setup: Checking whether self-update is required *********** 2009-07-02 16:17:15:781 1280 3cc Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 2009-07-02 16:17:15:843 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-07-02 16:17:15:859 1280 3cc Setup * IsUpdateRequired = No 2009-07-02 16:17:16:109 1280 3cc PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2009-07-02 16:17:16:109 1280 3cc PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://camspemwsus1.cobwebmanage.local/ClientWebService/client.asmx 2009-07-02 16:17:18:515 1280 3cc Agent WARNING: Failed to evaluate Installed rule, updateId = {A901C1BD-989C-45C6-8DA0-8DDE8DBB69E0}.103, hr = 8024E001 2009-07-02 16:17:19:062 1280 3cc PT +++++++++++ PT: Synchronizing extended update info +++++++++++ 2009-07-02 16:17:19:062 1280 3cc PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://camspemwsus1.cobwebmanage.local/ClientWebService/client.asmx 2009-07-02 16:17:19:812 1280 3cc Agent * Added update {5D2787CB-BCB5-439D-B734-3E6F1B21B2DD}.103 to search result 2009-07-02 16:17:19:812 1280 3cc Agent * Found 1 updates and 52 categories in search; evaluated appl. rules of 675 out of 902 deployed entities 2009-07-02 16:17:19:812 1280 3cc Agent ********* 2009-07-02 16:17:19:812 1280 3cc Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-07-02 16:17:19:812 1280 3cc Agent ************* 2009-07-02 16:17:19:812 1280 19c AU >>## RESUMED ## AU: Search for updates [CallId = {B88D4167-44C4-4D0D-83B2-D43DE4FEE84F}] 2009-07-02 16:17:19:812 1280 19c AU # 1 updates detected 2009-07-02 16:17:19:812 1280 19c AU ######### 2009-07-02 16:17:19:812 1280 19c AU ## END ## AU: Search for updates [CallId = {B88D4167-44C4-4D0D-83B2-D43DE4FEE84F}] 2009-07-02 16:17:19:812 1280 19c AU ############# 2009-07-02 16:17:19:812 1280 19c AU AU setting next detection timeout to 2009-07-02 18:29:29 2009-07-02 16:17:19:812 1280 19c AU Setting AU scheduled install time to 2009-07-03 02:00:00 2009-07-02 16:17:24:812 1280 3cc Report REPORT EVENT: {63407DB7-FE61-4007-B9F6-6A3FE40C2ECC} 2009-07-02 16:17:19:812+0100 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 1 updates. 2009-07-02 16:17:24:812 1280 3cc Report REPORT EVENT: {426EAD95-842F-488B-BF20-B5DFC9D24587} 2009-07-02 16:17:19:812+0100 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status. 2009-07-02 16:20:20:921 1280 19c AU AU checked download status and it changed: Downloading is not paused 2009-07-02 16:20:20:921 1280 19c AU AU setting pending client directive to 'Download Progress' 2009-07-02 16:20:36:125 1280 808 AU Launched new AU client for directive 'Download Progress', session id = 0x0 2009-07-02 16:20:36:156 2596 b7c Misc =========== Logging initialized (build: 7.1.6001.65, tz: +0100) =========== 2009-07-02 16:20:36:156 2596 b7c Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2009-07-02 16:20:36:156 2596 b7c AUClnt Launched Client UI process 2009-07-02 16:20:36:234 2596 b7c Misc =========== Logging initialized (build: 7.1.6001.65, tz: +0100) =========== 2009-07-02 16:20:36:234 2596 b7c Misc = Process: C:\WINDOWS\system32\wuauclt.exe 2009-07-02 16:20:36:234 2596 b7c Misc = Module: C:\WINDOWS\system32\wucltui.dll 2009-07-02 16:20:36:234 2596 b7c CltUI AU client got new directive = 'Download Progress', serviceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, return = 0x00000000 2009-07-02 16:20:36:234 2596 b7c CltUI AU client creating default WU/WSUS UI plugin 2009-07-02 16:21:00:109 1280 308 DnldMgr BITS job {05A0AF1A-6874-48D6-9EF0-376C060212E0} completed successfully 2009-07-02 16:21:00:265 1280 308 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\Download\d1aa06bf58f925ef0f147aef76702fc7\eef5a36924cdf0c02598ccf96aa4f60887a49840: 2009-07-02 16:21:00:406 1280 308 Misc Microsoft signed: Yes 2009-07-02 16:21:00:468 1280 308 DnldMgr Download job bytes total = 24758792, bytes transferred = 24758792 2009-07-02 16:21:00:515 1280 308 DnldMgr *********** DnldMgr: New download job [UpdateId = {B746CE49-8054-4E6E-865A-DB442BE9952A}.103] *********** 2009-07-02 16:21:00:953 1280 308 DnldMgr * All files for update were already downloaded and are valid. 2009-07-02 16:21:01:046 1280 19c AU >>## RESUMED ## AU: Download update [UpdateId = {5D2787CB-BCB5-439D-B734-3E6F1B21B2DD}, succeeded] 2009-07-02 16:21:01:046 1280 19c AU ######### 2009-07-02 16:21:01:046 1280 19c AU ## END ## AU: Download updates 2009-07-02 16:21:01:046 1280 19c AU ############# 2009-07-02 16:21:01:046 1280 19c AU Setting AU scheduled install time to 2009-07-03 02:00:00 2009-07-02 16:21:01:046 1280 19c AU AU setting pending client directive to 'Install Approval' 2009-07-02 16:21:01:046 1280 19c AU Changing existing AU client directive from 'Download Progress' to 'Install Approval', session id = 0x0 2009-07-02 16:21:01:093 2596 b7c CltUI AU client got new directive = 'Install Approval', serviceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, return = 0x00000000 2009-07-02 16:21:01:093 2596 b7c CltUI AU client creating default WU/WSUS UI plugin 2009-07-02 16:21:06:046 1280 3cc Report REPORT EVENT: {2D208E1A-2F6E-42DB-8A33-5A5BC407C8A8} 2009-07-02 16:21:01:046+0100 1 188 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on 03 July 2009 at 03:00: - Microsoft .NET Framework 2.0 Service Pack 1 (KB110806) 2009-07-02 16:21:06:046 1280 3cc Report REPORT EVENT: {2413B716-AD4C-4412-82D2-CE383EA26F1F} 2009-07-02 16:21:01:046+0100 1 162 101 {5D2787CB-BCB5-439D-B734-3E6F1B21B2DD} 103 0 AutomaticUpdates Success Content Download Download succeeded. 2009-07-02 16:25:46:076 1280 3cc Report Uploading 19 events using cached cookie, reporting URL = http://camspemwsus1.cobwebmanage.local/ReportingWebService/ReportingWebService.asmx 2009-07-02 16:25:46:107 1280 3cc Report Reporter successfully uploaded 19 events. OK i will try that.
None of the clients are reporting that they need the patches that have been released. They claim they are all up to date, and the new patches that were released in June are saying they are "Not Applicable". Even if they are not picking up the fact that the patches have been approved surely they should be saying that they need the patches?
Not if, for some reason, they're not coming up in the WUA scan of the WSUS Server at all.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)- WAU scan (windows automatic update scan?). Any way of checking this, or refreshing the status of the server?
I'll try and remove the server from WSUS, delete the SoftwareDistribution directory and see if it picks it up. Would it be an issue client side or server side? Which one does the scan of the server? To me this shows that the server is working correctly for distributing patches that are already shown to be needed by clients, but it seems to be going wrong with clients reporting new patches that it needs.
As noted above... the WUAgent can only report on what it can *see* at the server. If the new updates are "invisible" to the WUAgent during the update scan, then it cannot report any status for the update. Remember, everything happens from the WUAgent. The WSUS Server is just a passive player in this game, answering queries to a database of available updates, and providing binary packages for download when requested. But if those queries are returning defective information, then the WUAgent can't "Comment on" updates it doesn't know about.
Thus my suggestion to completely UNAPPROVE (maybe even DECLINE), and then REAPPROVE those June updates -- the intent being to 'reset' anything that might have gotten incorrectly set by a dysfunctional approval the first time through (like inadvertently setting the Decline or Expire bitflag on the updates - which would cause exactly this behavior).
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)- Označen jako odpověďEric Zhang - MSFTMSFT, Moderátor8. července 2009 7:17
- Of course, all of this theory is based on the presumption that the June updates really are NEEDED on those server(s), and that they are being misreported.
Have you physically confirmed, at each server, that these updates have NOT been installed?
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009) - As an update. It seems that some machines are reporting OK, and these are a mix of 2003 and 2008 machines.
On a server that is not reporting correctly (the WSUS server) i ran the client diagnostic tool, and all checks passed with no issue.
Any more ideas? I seem to have found the issue. It seems that from the June 2009 updates released by Microsoft, there is no longer support for Server 2003 SP1. This is what the machines that are not reporting correctly are running. I installed SP2 on my WSUS server and immediately after rebooting it started reporting correctly.
Thanks.- Označen jako odpověďKeir Nolan 13. srpna 2009 10:24
- This is not likely the case Keir. I have a couple of systems in my network that are still at Win2003SP1 (just not motivated to take the time to install SP2).. and they're reporting just fine.
What's more likely is that you've inadvertently supplied a "needed" update by applying SP2, and now the post-SP2 updates can be detected. A missing update that is a prerequisite for other updates would pretty much shutdown a client's activity if it missed being approved for installation.
Or, as I suggested on July 2nd, it could be an update with a corrupted approval that's not being properly detected by those machines.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009) - I've tried it on a few machines in my test lab, and as soon as i install SP2 then reboot, it starts to report that it needs multiple critical and security patches.
If you look at the security bulletins for April it shows that the patches are for SP2 AND SP1.
If you look at the security bulletins for June it shows that the patches are for SP2 only.
I'm going to roll this out to my servers to resolve the issue.
Thanks. - > I've tried it on a few machines in my test lab, and as soon as i install SP2 then reboot, it starts to report that it needs multiple critical and security patches.
I've already addressed one common scenario that may be responsible for this behavior.
But, in addition, you also need to be aware of this: Support for downlevel service packs is only available for 24 months after the release of the current service pack. Service Pack 2 was released on 3/13/2007, which means, functionally speaking, that general update support for Windows Server 2003 SP1 systems ended on 3/13/2009. Therefore, I do not find it suprising at all that updates may not be applicable to Win2003SP1 systems. In those scenarios, the correct resolution is to install Service Pack 2.
> If you look at the security bulletins for April it shows that the patches are for SP2 AND SP1.
> If you look at the security bulletins for June it shows that the patches are for SP2 only.
Note that MS09-020 is applicable to IIS5.0 on Windows 2000 SP4 (which is in Extended Support, thus eligible for security updates) and IIS 5.1 on Windows XP SP2 (which is still supported until 4/21/2010); however Win2003SP1 is past it's supported lifecycle. As noted above, the supported lifecycle for service packs is two years after the release of the subsequent service pack. Win2003 Service Pack 2 was released on 3/13/2007, thus support for Service Pack 1 expired on 3/13/2009. So, I don't find it at all surprising that MS09-020 is only applicable to =SP2= systems. The correct remediation is (as always) to install the Latest Service Pack.
However, none of this has anything at all to do with WSUS functionality, or your originally reported issue. Windows Server 2003 SP1 systems will continue to report, in perpetuity, to a WSUS Server. The fact that an update may be Not Applicable to the machine has absolutely nothing at all to do with whether it is properly reporting or not.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009) - However, none of this has anything at all to do with WSUS functionality, or your originally reported issue. Windows Server 2003 SP1 systems will continue to report, in perpetuity, to a WSUS Server. The fact that an update may be Not Applicable to the machine has absolutely nothing at all to do with whether it is properly reporting or not.
My original question was in regards to thinking that the servers were not reporting successfully. However, they were only reporting as "Not Applicable" because they had all the patches that Microsoft had released that was supported by SP1 installed on them. Once I had noticed this lack of support in new updates for SP1, the installation of SP2 resolved the issue.
Turns out it was just my fault for being slack with installing Service Packs rather than any WSUS issue :)
