Windows Server TechCenter >
Windows Server Forums
>
WSUS
>
wsus 3 sp2 via windows update? reconfigure!?!
wsus 3 sp2 via windows update? reconfigure!?!
- I just ran windows update on my server 2008 machine and let it install wsus 3 sp2, it popped up a wizard giving an option to 'ugrade' or cancel if you wanted a fresh install, I let it upgrade, it went through the process updating the schema etc... and completed. Then the configuration wizard popped up! I immediately cancelled it.
1. do I have to reconfigure everything now?
2. can I just back out of this at this point? uninstall? I *really* don't want to reconfigure! I spent a lot of time approving only updates that were 'approved' by the powers that be internally here... it won't be an easy task to go through it again.
what the? what kind of 'service pack' completely reinstalls! what is going on with MS these days?
Answers
1. Is WSUS installed on this Windows Server 2008 machine as a ROLE? If so, then updating from WU/MU is not the correct procedure.
2. If installing WSUS ran the setup wizard, then WSUS wasn't installed on the machine to begin with, or it didn't find your previously existing database, or the previously existing database was not a WSUS3SP2 database and you selected the option to create a *new* database.
3. You can, theoretically, uninstall WSUS, and preserve your database, but if the installer is running the setup configuration wizard, that's a pretty strong indication that it didn't find a pre-existing database. (Perhaps there's more to this story that you've not shared that will explain this behavior of the installer.)
4. If you've invested hours of time "approving only updates that were 'approved' by the powers that be", then I presume you also have a current backup of your WSUS database?
As for the what kind of service pack "completely reinstalls" question, this is actually the natural behavior of every MSI "upgrade". An MSI "upgrade" package actually uninstalls the previous product and installs the new product. In the case of WSUS this appears to be an upgrade because WSUS permits key components (database, content, logs) to be left behind after uninstallation. The new installation of WSUS3SP2 finds those components, and attaches them appropriately.
This is exactly the same behavior of the predecessors WSUS2SP2 and WSUS3SP1.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Friday, November 13, 2009 5:51 PM
- 1. I believe I used the seperate installer for wsus 3.0 sp1 for this original install, then that update that makes it available as a role was also installed on the server. WSUS *is* listed as an installed role, assuming due to that update. Assuming my memory is correct (yes, a failure to document there) what is the procedure to install the sp2 when the separate installer was used? and what is the procedure if it was added as a role?
If you have WSUS 3.0 SP1 installed on Windows Server 2008 =RTM=, and have not installed KB940518, then the appropriate steps to upgrade WSUS to SP2 will be to use the standalone installer. Then you should seriously consider applying Windows Server 2008 Service Pack 2 (which will also convert WSUS3SP2 to a role-based installation).
However, since it sounds like you've already installed KB940518, upgrading a Role-Based installation should function by simply going to Server Manager and choosing to "Add Role" for "Windows Server Update Service", which should trigger an attempt to access the current "Dynamic Installer" package -- which is KB972493 (be sure that KB972493 is approved on the WSUS Server for installation to the WSUS Server).
> server had existing install of sql server 2008 express so the wsus database was created there during original setup,
This is most unfortunate. SQL Server Express Edition is not a preferable choice to using the Windows Internal Database.
> also this server already hosts a web site on 80 so the default alternative port was used (8530)
Presumably this website on the D.W.S. is not interfering with the WSUS-required access to the D.W.S.?
> Also, I checked under 'programs and features', and Windows Server Update Services 3.0 SP2 is listed,
> (wondering what would happen if I 'remove', would it just remove sp2, or the whole wsus installation?).
It should run the uninstaller, which will prompt you with the standard checkbox dialog to keep/remove the Database, Content, and Logs.
But, then, it was my understanding that WSUS installed as a *ROLE* should not be appearing in the Programs and Features listing !!! <sigh>
> And finally, my installation *is* currently working as it was before this ocurred...
Now *that* is unexpected. Your Programs & Features reports WSUS3SP2 is installed, you report that it's working as it should
-- Why exactly are we having this conversation? :)
Maybe you should clarify what you mean by "*is* currently working as it was". Unless it means something more obscure than the obvious, I'd say you have a functional WSUS3SP2 system and you should let it do its job.
> it was obviously my mistake to just let windows update install this without first looking into it.
I would argue that KB972455 should not have detected as NEEDED on a machine with KB940518 installed in the first place (unless KB972455 really is the appropriate methodology for updating WSUS AS A ROLE; its my understanding that KB972493 is what should be detected as NEEDED (unless WSUS3SP2 really is installed as a role). Are you positive that it was KB972455 that you approved/applied to this system? (I'm kinda flying in the dark here, because the one thing the WSUS Product Group did not do is actually document this UPGRADE A ROLE scenario. It looks like I'm going to have to fire up a test machine and walk through the various scenarios to see what the actual behavior should be.)
> because I'm wondering if the sp2 install is not really done since I cancelled the config wizard, and once I do something, it will complete, and then my config will be gone.
The StartupConfigWizard does not do anything that can't be done/undone from the standard Options config pages of the WSUS console. The Wizard definitely does NOT touch metadata, except to retrieve and populate the latest Products, Classifications, and Language selection lists. The configWizard is designed to be cancellable, and should be cancelled when reinstalling WSUS on an existing database, since all of the steps of the configWizard have already been completed if a pre-existing database is being used. (In fact, the installer ought to have set a flag value on "Use an existing database" which would trigger bypassing the configWizard completely.)
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Friday, November 13, 2009 5:51 PM
1. server 2008 sp2 was installed before this wsus 3 sp2 update was installed via windows update. So does that make how wsus was originally installed a moot point? does 2k8 sp2 convert it to a role based install anyway?
Yes. SP2 includes KB940518, and either of those updates will convert a WSUS3 application installation into a Role-based installation.2. my wsus servers themselves do not use themselves for updating... the clients they service have different requirements and so I just use the windows update client within server 2k8 and do updates directly from microsoft for the actual wsus servers. On the machine in question, under control panel, programs and features, installed updates, I don't see any of these:
KB940518 is not appearing because this is a SP2 machine, and KB940518 is superceded by SP2
KB940518 = first update that made wsus availabe as role
KB972493 = current dynamic installer
KB972455 = what I believe I installed (maybe because it is just showing as Windows Server Update Services 3.0 SP2, without the kb number?)
KB972493 does not appear in the WU/MU/WUApp interface at all, but Server Manager will query for it via MU/WSUS if needed
KB972455 is the SP2 standalone installer for Win2003 machines and Win2008 RTM machines without KB940518 installedI went back to my dev/test machine and ran WU, it shows KB972455 as an 'important' update, but it is *not* selected by default... so I must have manually selected it on my production machine. Oddly enough I also ran WU on one of the remote production WSUS servers and KB972455 was *not* listed at all, but there was an update listed for wsus 3.0 sp1 (KB954960).. I patch these machine at the same time so I definitlely was expecting the same results?
So it looks like neither your dev/test machine, nor your remote production server, actually have SP2 installed, and the detection of KB954960 on the remote server suggest that it's still running WSUS3 RTM.4. "Presumably this website on the D.W.S. is not interfering with the WSUS-required access to the D.W.S.?"
Yes, I'm referring to the Default Web Site, which is a required resource for WSUS functionality. If you *deleted* the Default Web Site, this could be contributing to your issues, as the WSUS installer expects to be able to install resources to the Default Web Site, and -- Yes -- this is the cause of your '13042' Event IDs. :)
I'm totally lost there... dws, do you mean default web site by that? I have a total of 2 sites in IIS, one of them being the wsus site. I'm pretty sure I deleted the 'default website' before creating my own, wsus was installed some time after this other website. WSUS has been working and clients have been sucessfully applying updates from it, but I have been getting 'self-update is not working' 13042 errors in the log...? what does that error mean? can this be corrected?5. sql 2008 express... I know I read the release notes and install instructions when originally installing wsus 3 sp1 and nothing was mentioned about problems with sql 2008 express? it was listed as an option... no preference was stated. Whats the deal with this topic
There are no "problems", per se, and it is listed in the documentation and it is supported... BUT
SQL Server Express Edition only permits the use of 1 CPU, 1GB RAM (for data buffering), and has a maximum database size of 4GB.
The Windows Internal Database (with WSUS) has no such limitations, and the performance of both products is functionally identical otherwise.6. A more concise rundown of what happened: server 2k8 *with* sp2, had wsus 3.0 sp1 installed (I think from seperate installer but can't be sure now), ran windows update and installed KB972455, which was listed as 'important', but not selected, I selected it. Install ran, reported it need to update schema, which I let it do, it reported sucess, then the config wizard popped up which I cancelled. So did I screw up? is all actually fine, as it seems now... go ahead and synch from MS?
With the exception of the unexpected appearance of the configWizard, which is perfectly acceptable to cancel out of in such a scenario, I see nothing in this explanation that causes me concern. How the standalone installer behaves in this scenario is unknown to me, though; I'm still a bit confuzed myself. All of the product documentation presumes WSUS is being installed from the Server Manager on a Win2008 SP2 or R2 system. I need to set up a couple test VMs and observe, for myself, what the actual behavior is with the several permutations of Win2008RTM, SP2, KB940518, WSUS3SP1, WSUS3SP2, the standalone installer and the dynamic installer.
In your case, though, I'd say let it rip . . . !
If it's working, it's working.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Friday, November 13, 2009 5:50 PM
ok, makes sense, got it.
lastly, based on my client base (server 2k3, server 2k8) and the sample log info, it doesn't appear I need to take any action on the 'self-update is not working' 13042 errors, right?
If you're not bothered by the error log entry, and you do not need to support legacy client updating, then it's not necessary to take any action on this issue, IMHO.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Tuesday, November 17, 2009 5:34 PM
All Replies
1. Is WSUS installed on this Windows Server 2008 machine as a ROLE? If so, then updating from WU/MU is not the correct procedure.
2. If installing WSUS ran the setup wizard, then WSUS wasn't installed on the machine to begin with, or it didn't find your previously existing database, or the previously existing database was not a WSUS3SP2 database and you selected the option to create a *new* database.
3. You can, theoretically, uninstall WSUS, and preserve your database, but if the installer is running the setup configuration wizard, that's a pretty strong indication that it didn't find a pre-existing database. (Perhaps there's more to this story that you've not shared that will explain this behavior of the installer.)
4. If you've invested hours of time "approving only updates that were 'approved' by the powers that be", then I presume you also have a current backup of your WSUS database?
As for the what kind of service pack "completely reinstalls" question, this is actually the natural behavior of every MSI "upgrade". An MSI "upgrade" package actually uninstalls the previous product and installs the new product. In the case of WSUS this appears to be an upgrade because WSUS permits key components (database, content, logs) to be left behind after uninstallation. The new installation of WSUS3SP2 finds those components, and attaches them appropriately.
This is exactly the same behavior of the predecessors WSUS2SP2 and WSUS3SP1.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Friday, November 13, 2009 5:51 PM
- Hi Lawrence, good to hear from you.
1. I believe I used the seperate installer for wsus 3.0 sp1 for this original install, then that update that makes it available as a role was also installed on the server. WSUS *is* listed as an installed role, assuming due to that update. Assuming my memory is correct (yes, a failure to document there) what is the procedure to install the sp2 when the separate installer was used? and what is the procedure if it was added as a role?
2. the config wizard did pop up, after the install screen completed... I chose 'upgrade' on the install screen and it informed me a schema update would be required, and that schema update ran and reported success, maybe not in that exact order, going from memory, but all those events did occur.
3. yep, config wizard did pop up, I cancelled it though. As for more to the story: server had existing install of sql server 2008 express so the wsus database was created there during original setup, also this server already hosts a web site on 80 so the default alternative port was used (8530), also during original setup. Also, I checked under 'programs and features', and Windows Server Update Services 3.0 SP2 is listed, (wondering what would happen if I 'remove', would it just remove sp2, or the whole wsus installation?). And finally, my installation *is* currently working as it was before this ocurred... I used server manager wsus role section to check the updates and configs and it all looks unchanged... I have not rebooted, or tried to get new updates or anything because I didn't want it to 'break'.
Not sure whats up... it was obviously my mistake to just let windows update install this without first looking into it. I need to get new updates now and I'm afraid something may break if I do... because I'm wondering if the sp2 install is not really done since I cancelled the config wizard, and once I do something, it will complete, and then my config will be gone.
any ideas? is there something I should check to determine what happened before doing anything else? should I just go head and try to synchronize with MS for new updates? I also have 3 replica servers at other sites that depend on this server for everything, the sp2 update was not run on those servers. If my main server was in fact successfully and completely updated to sp2 will those replicas still function without sp2?
unfortunately I had another issue which delayed me from dealing with this until now... and now I need to fast track it.
any help would be appreciated. thanks again.
- 1. I believe I used the seperate installer for wsus 3.0 sp1 for this original install, then that update that makes it available as a role was also installed on the server. WSUS *is* listed as an installed role, assuming due to that update. Assuming my memory is correct (yes, a failure to document there) what is the procedure to install the sp2 when the separate installer was used? and what is the procedure if it was added as a role?
If you have WSUS 3.0 SP1 installed on Windows Server 2008 =RTM=, and have not installed KB940518, then the appropriate steps to upgrade WSUS to SP2 will be to use the standalone installer. Then you should seriously consider applying Windows Server 2008 Service Pack 2 (which will also convert WSUS3SP2 to a role-based installation).
However, since it sounds like you've already installed KB940518, upgrading a Role-Based installation should function by simply going to Server Manager and choosing to "Add Role" for "Windows Server Update Service", which should trigger an attempt to access the current "Dynamic Installer" package -- which is KB972493 (be sure that KB972493 is approved on the WSUS Server for installation to the WSUS Server).
> server had existing install of sql server 2008 express so the wsus database was created there during original setup,
This is most unfortunate. SQL Server Express Edition is not a preferable choice to using the Windows Internal Database.
> also this server already hosts a web site on 80 so the default alternative port was used (8530)
Presumably this website on the D.W.S. is not interfering with the WSUS-required access to the D.W.S.?
> Also, I checked under 'programs and features', and Windows Server Update Services 3.0 SP2 is listed,
> (wondering what would happen if I 'remove', would it just remove sp2, or the whole wsus installation?).
It should run the uninstaller, which will prompt you with the standard checkbox dialog to keep/remove the Database, Content, and Logs.
But, then, it was my understanding that WSUS installed as a *ROLE* should not be appearing in the Programs and Features listing !!! <sigh>
> And finally, my installation *is* currently working as it was before this ocurred...
Now *that* is unexpected. Your Programs & Features reports WSUS3SP2 is installed, you report that it's working as it should
-- Why exactly are we having this conversation? :)
Maybe you should clarify what you mean by "*is* currently working as it was". Unless it means something more obscure than the obvious, I'd say you have a functional WSUS3SP2 system and you should let it do its job.
> it was obviously my mistake to just let windows update install this without first looking into it.
I would argue that KB972455 should not have detected as NEEDED on a machine with KB940518 installed in the first place (unless KB972455 really is the appropriate methodology for updating WSUS AS A ROLE; its my understanding that KB972493 is what should be detected as NEEDED (unless WSUS3SP2 really is installed as a role). Are you positive that it was KB972455 that you approved/applied to this system? (I'm kinda flying in the dark here, because the one thing the WSUS Product Group did not do is actually document this UPGRADE A ROLE scenario. It looks like I'm going to have to fire up a test machine and walk through the various scenarios to see what the actual behavior should be.)
> because I'm wondering if the sp2 install is not really done since I cancelled the config wizard, and once I do something, it will complete, and then my config will be gone.
The StartupConfigWizard does not do anything that can't be done/undone from the standard Options config pages of the WSUS console. The Wizard definitely does NOT touch metadata, except to retrieve and populate the latest Products, Classifications, and Language selection lists. The configWizard is designed to be cancellable, and should be cancelled when reinstalling WSUS on an existing database, since all of the steps of the configWizard have already been completed if a pre-existing database is being used. (In fact, the installer ought to have set a flag value on "Use an existing database" which would trigger bypassing the configWizard completely.)
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Friday, November 13, 2009 5:51 PM
- Hi Lawrence, thanks for taking the time to converse with me on this. I appreciate it.
I wish I had documented the exact procedure I used to setup this, and the other remote servers with regard to WSUS... I know on my dev/test machine I used the standalone installer (before the server manager integration update was available, I think)... then after all my dev/testing was done I recall being aware of the Server Manager Dynamic installer option but I thought I stuck with the stand-alone installer to stay consistent with my dev/test machine. I can't be sure though now. I may have opted for the role based install at the last minute.
couple things:
1. server 2008 sp2 was installed before this wsus 3 sp2 update was installed via windows update. So does that make how wsus was originally installed a moot point? does 2k8 sp2 convert it to a role based install anyway?
2. my wsus servers themselves do not use themselves for updating... the clients they service have different requirements and so I just use the windows update client within server 2k8 and do updates directly from microsoft for the actual wsus servers. On the machine in question, under control panel, programs and features, installed updates, I don't see any of these:
KB940518 = first update that made wsus availabe as role
KB972493 = current dynamic installer
KB972455 = what I believe I installed (maybe because it is just showing as Windows Server Update Services 3.0 SP2, without the kb number?)
is this because I have 2k8 sp2 installed, and those updates are included in sp2?
I went back to my dev/test machine and ran WU, it shows KB972455 as an 'important' update, but it is *not* selected by default... so I must have manually selected it on my production machine. Oddly enough I also ran WU on one of the remote production WSUS servers and KB972455 was *not* listed at all, but there was an update listed for wsus 3.0 sp1 (KB954960).. I patch these machine at the same time so I definitlely was expecting the same results?
3. "Now *that* is unexpected. Your Programs & Features reports WSUS3SP2 is installed, you report that it's working as it should
-- Why exactly are we having this conversation? :)
Maybe you should clarify what you mean by "*is* currently working as it was". Unless it means something more obscure than the obvious, I'd say you have a functional WSUS3SP2 system and you should let it do its job."
LOL :) Nothing would please me more right now than to find out there was never any problem! Even if that winds up being the case I always learn something when you respond to my posts, so always worthwhile. Basically something unexpected happened (at least unexpected to me) and I wanted to find out what the deal was before doing anything else with the system. As for "is currently working as it was", I mean that the server continues to service clients with the updates/config it had prior to running KB972455 via WU.. because I saw the config wizard pop up I was concerned that I was going to have to reconfigure everything (I cancelled the wizard)... I was thinking of the possibility that the only reason it was still working like this was because I had not rebooted or that the update was not finalized in some way.. so I have not done anything with it, including synching new updates from MS. I wanted to first find out what the heck I just did, and if necessary undo it.
4. "Presumably this website on the D.W.S. is not interfering with the WSUS-required access to the D.W.S.?"
I'm totally lost there... dws, do you mean default web site by that? I have a total of 2 sites in IIS, one of them being the wsus site. I'm pretty sure I deleted the 'default website' before creating my own, wsus was installed some time after this other website. WSUS has been working and clients have been sucessfully applying updates from it, but I have been getting 'self-update is not working' 13042 errors in the log...? what does that error mean? can this be corrected?
5. sql 2008 express... I know I read the release notes and install instructions when originally installing wsus 3 sp1 and nothing was mentioned about problems with sql 2008 express? it was listed as an option... no preference was stated. Whats the deal with this topic?
and finally:
6. A more concise rundown of what happened: server 2k8 *with* sp2, had wsus 3.0 sp1 installed (I think from seperate installer but can't be sure now), ran windows update and installed KB972455, which was listed as 'important', but not selected, I selected it. Install ran, reported it need to update schema, which I let it do, it reported sucess, then the config wizard popped up which I cancelled. So did I screw up? is all actually fine, as it seems now... go ahead and synch from MS?
thanks again, your time is greatly appreciated.
1. server 2008 sp2 was installed before this wsus 3 sp2 update was installed via windows update. So does that make how wsus was originally installed a moot point? does 2k8 sp2 convert it to a role based install anyway?
Yes. SP2 includes KB940518, and either of those updates will convert a WSUS3 application installation into a Role-based installation.2. my wsus servers themselves do not use themselves for updating... the clients they service have different requirements and so I just use the windows update client within server 2k8 and do updates directly from microsoft for the actual wsus servers. On the machine in question, under control panel, programs and features, installed updates, I don't see any of these:
KB940518 is not appearing because this is a SP2 machine, and KB940518 is superceded by SP2
KB940518 = first update that made wsus availabe as role
KB972493 = current dynamic installer
KB972455 = what I believe I installed (maybe because it is just showing as Windows Server Update Services 3.0 SP2, without the kb number?)
KB972493 does not appear in the WU/MU/WUApp interface at all, but Server Manager will query for it via MU/WSUS if needed
KB972455 is the SP2 standalone installer for Win2003 machines and Win2008 RTM machines without KB940518 installedI went back to my dev/test machine and ran WU, it shows KB972455 as an 'important' update, but it is *not* selected by default... so I must have manually selected it on my production machine. Oddly enough I also ran WU on one of the remote production WSUS servers and KB972455 was *not* listed at all, but there was an update listed for wsus 3.0 sp1 (KB954960).. I patch these machine at the same time so I definitlely was expecting the same results?
So it looks like neither your dev/test machine, nor your remote production server, actually have SP2 installed, and the detection of KB954960 on the remote server suggest that it's still running WSUS3 RTM.4. "Presumably this website on the D.W.S. is not interfering with the WSUS-required access to the D.W.S.?"
Yes, I'm referring to the Default Web Site, which is a required resource for WSUS functionality. If you *deleted* the Default Web Site, this could be contributing to your issues, as the WSUS installer expects to be able to install resources to the Default Web Site, and -- Yes -- this is the cause of your '13042' Event IDs. :)
I'm totally lost there... dws, do you mean default web site by that? I have a total of 2 sites in IIS, one of them being the wsus site. I'm pretty sure I deleted the 'default website' before creating my own, wsus was installed some time after this other website. WSUS has been working and clients have been sucessfully applying updates from it, but I have been getting 'self-update is not working' 13042 errors in the log...? what does that error mean? can this be corrected?5. sql 2008 express... I know I read the release notes and install instructions when originally installing wsus 3 sp1 and nothing was mentioned about problems with sql 2008 express? it was listed as an option... no preference was stated. Whats the deal with this topic
There are no "problems", per se, and it is listed in the documentation and it is supported... BUT
SQL Server Express Edition only permits the use of 1 CPU, 1GB RAM (for data buffering), and has a maximum database size of 4GB.
The Windows Internal Database (with WSUS) has no such limitations, and the performance of both products is functionally identical otherwise.6. A more concise rundown of what happened: server 2k8 *with* sp2, had wsus 3.0 sp1 installed (I think from seperate installer but can't be sure now), ran windows update and installed KB972455, which was listed as 'important', but not selected, I selected it. Install ran, reported it need to update schema, which I let it do, it reported sucess, then the config wizard popped up which I cancelled. So did I screw up? is all actually fine, as it seems now... go ahead and synch from MS?
With the exception of the unexpected appearance of the configWizard, which is perfectly acceptable to cancel out of in such a scenario, I see nothing in this explanation that causes me concern. How the standalone installer behaves in this scenario is unknown to me, though; I'm still a bit confuzed myself. All of the product documentation presumes WSUS is being installed from the Server Manager on a Win2008 SP2 or R2 system. I need to set up a couple test VMs and observe, for myself, what the actual behavior is with the several permutations of Win2008RTM, SP2, KB940518, WSUS3SP1, WSUS3SP2, the standalone installer and the dynamic installer.
In your case, though, I'd say let it rip . . . !
If it's working, it's working.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Friday, November 13, 2009 5:50 PM
- maybe KB972455 just invokes the role based installer under the hood if it detects its installed as a role?
one thing I'm suspicious of is that KB972455 shows as available, but not selected by default on all my wsus servers now (yes, one of them was showing an update for wsus sp1, to clarify, I think it was an update 'applying' to sp1, not the sp1 install itself, but after installing that update the KB972455 showed on the next run of WU)... I'm thinking when I updated the main server (the one in question) that maybe I in fact did not check it, rather that it was checked by default... because I ran WU on this server again today and it had to update itself first... the other remote servers also had to update themselves first, then they showed KB972455 as available but not selected.. so I'm thinking this update to the WU client itself may have changed the behavior of that update being selected or not... the server in question ran WU before this WU update, and the others ran WU with it.
1. so since I had 2k8 sp2 already installed, we can consider it a role based installation...
2. "KB972455 is the SP2 standalone installer for Win2003 machines and Win2008 RTM machines without KB940518 installed"
so KB972455 did install on my 2k8 sp2 machine? yikes. Maybe my opening comment is true and would explain that one... not sure.
3. "Yes, I'm referring to the Default Web Site, which is a required resource for WSUS functionality. If you *deleted* the Default Web Site, this could be contributing to your issues, as the WSUS installer expects to be able to install resources to the Default Web Site, and -- Yes -- this is the cause of your '13042' Event IDs. :)"
what do I do about this? should I do anything? What does 'self-update is not working' mean? what are the consequences?
There is a 'clientWebService' and a 'SelfUpdate' virtual directory within my website (the one and only one that existed prior to installing wsus, uses port 80). I suppose its possible that I just renamed the default website for my own but I typically delete it... always did for IIS 5 and IIS6 but this was my first deal with IIS7, so mabye I just renamed it. Is there a way to tell? I'm more interested is just straightening this out and since my posts are so long as it is I'll skip all the 'why?' questions that first come to mind concerning the 'default web site' being required or used at all for any application... that baffles me. maybe KB972455 just invokes the role based installer under the hood if it detects its installed as a role?
This is certainly possible.3. "Yes, I'm referring to the Default Web Site, which is a required resource for WSUS functionality. If you *deleted* the Default Web Site, this could be contributing to your issues, as the WSUS installer expects to be able to install resources to the Default Web Site, and -- Yes -- this is the cause of your '13042' Event IDs. :)"
Well, that kinda depends on exactly why you zapped the Default Web Site, and what else is running on that IIS implementation. Ideally you should uninstall and reinstall IIS (which will, of course, require you to uninstall/reinstall any web apps). If WSUS is the only web app, then given the current confusion over if/how it's been upgraded to SP2, this might actually be a good thing.
what do I do about this? should I do anything?What does 'self-update is not working' mean? what are the consequences?
Well, the good news is that the annoyance is more significant than the impace. WSUS still installs the /selfupdate v-dir on the DWS to support legacy AU clients (Win2000, WinXP SP2 and earlier), because AU clients earlier than v5.4.3790 were not enabled for SSL or port 8530, so they can only selfupdate from a port 80 resource. If all of your systems are XPSP3 or newer, then you have no real need for the /selfupdate v-dir on the DWS, but the WSUS Health Monitoring service still checks for it -- and that's what is generating the App Event Log EventIDs. We can only hope that in the very near future, WSUS will be "enhanced" to no longer require the DWS resources on a port 8530 server; or some capability added into health monitoring to disable that check.
The ClientWebService v-dir in the port 80 site is left over from WSUS v2. It can be removed.
I don't really know about the DWS for IIS7; I'm a bit behind on exploring the whole WSUS on Win2008 scenario. Frankly, as along as WSUS is still natively written for IIS6, and Windows Server 2003 is a supported installation platform, I'm a bit challenged to get too worked up over installation to Windows Server 2008. (Maybe if/when an IIS7-native version of WSUS comes out -- which, I fear, will likely be 64-bit only and designed to run only on R2 -- I'll get a bit more involved. In the meantime, WSUS/IIS6 doesn't have any limitations I need to get past at this point.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- ok, I think I'm good, as far as my original concern. I have synched the main server with MS and all the remote servers with the main server successfully.
1) As for the 'self-update is not working' issue, I think I'm ok there also, because my WSUS installation is only used within the context of a deployment system based on MDT 2008. There is a script within MDT 2008 that does the WU against WSUS, and I can see in the log that it is going out to MS to first update the AU client. The earliest OS I'm deploying with this system, and therefore the earliest OS hitting WSUS, is Windows Server 2003 SP2, should that have the same problem as XP SP2? Heres a snippet of the MDT log from a recent deployment of Server 2003 Standard SP2 X64.
11/14/2009 12:37:12 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Configuring client to use WSUS server http://wds-smq:8530 11/14/2009 12:37:12 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Configuring Windows Update settings (manual update, use server) 11/14/2009 12:37:12 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Archive NoAUtoUpdate State: Was []. 11/14/2009 12:37:12 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Property NoAutoUpdate_Previous is now = 11/14/2009 12:37:17 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Unable to create Microsoft.Update.AgentInfo object, Windows Update Agent upgrade is needed 11/14/2009 12:37:17 PM Information ZTIWindowsUpdate ZTIWindowsUpdate FindFile: The file WindowsUpdateAgent30-x64.exe could not be found in any standard locations. 11/14/2009 12:37:17 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Unable to find WindowsUpdateAgent30-x64.exe, will attempt to download 11/14/2009 12:37:19 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Status: 200 http://update.microsoft.com/redist/wuredist.cab 11/14/2009 12:37:19 PM Information ZTIWindowsUpdate ZTIWindowsUpdate About to run command: Expand.exe -r C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wuredist.cab -F:wuRedist.xml C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp 11/14/2009 12:37:20 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Return code from command = 0 11/14/2009 12:37:20 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Current Version %SystemRoot%\System32\WUAUENG.DLL : 5.7.3790.3959 11/14/2009 12:37:20 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Current Version wuredist.cab : 7.2.6001.788 11/14/2009 12:37:21 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Status: 200 http://download.windowsupdate.com/WindowsUpdate/redist/standalone/7.2.6001.788/WindowsUpdateAgent30-x64.exe 11/14/2009 12:37:21 PM Information ZTIWindowsUpdate ZTIWindowsUpdate About to run command: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WindowsUpdateAgent30-x64.exe /wuforce /quiet /norestart 11/14/2009 12:37:35 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Return code from command = 0 11/14/2009 12:37:35 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Ready to Opt-In to Microsoft Update: WUA Version: 7.2.6001.788 11/14/2009 12:37:38 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Microsoft Update Service: Enabled = False 11/14/2009 12:37:39 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Status: 3 11/14/2009 12:37:40 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Command Line Procesed Query=False Registered=True UpdateCommand=[IsInstalled = 0 and IsHidden = 0] 11/14/2009 12:37:40 PM Information ZTIWindowsUpdate ZTIWindowsUpdate Start Search...
looks like my earliest AU client ver is 5.7.3790.3959, and is currently being updated to 7.2.6001.788 before starting the whole WU process. So if I understand correctly, this makes my 'self-update is not working' 13042 errors simply an 'annoyance' rather than any significant problem, right?
2) I removed the DWS only because that is what I was taught to do way back in the IIS 5 days... was I informed incorrectly? or has this practice just changed in the later versions of IIS? I was taught that the first thing you do is remove that default website (which removed the default virtual directories that caused some security concerns) and then start from scratch creating 'your' web sites.
- > 2) I removed the DWS only because that is what I was taught to do way back in the IIS 5 days... was I informed incorrectly?
I know that there's a behavior pattern that's existed for some time that purports that removing the Default Web Site is an appropriate thing to do, but I think the recommendation is founded in a false understanding of the prospective threat and the more appropriate resolution.
The "Default Web Site" carries with it two well-known attributes that can be a vector for attack:
1. It resides on port 80.
2. It resides in IIS Site ID #1.
Deleting the DWS was designed to mitigate those issues, but of course, the website still had to exist on port 80, just a different Site ID, and the truth is that the risk of attack by TCP Port Number (80) is exponentially greater than the risk of attack by Site ID -- so, in the end, the functional accomplishment of such efforts is probably minimally significant.
Furthermore, such recommendations were premised on the idea that [a] the webserver was Internet/Public facing, and actually "at risk" (and to that point, just as one should not install the "Sample Databases" on a production SQL Server -- removing the 'supplied' content is a good idea -- removing the actual v-root, however, is another argument entirely), and [b] that nothing being installed on the server was actually *dependent* on the existence of the Default Web Site or the identity of that v-root as Site ID #1.
Right or wrong, the WSUS installer (ever since the days of SUS v1.0) expects to see the Default Web Site on Site ID #1, and expects to have a web server available on port 80. So, to that point, removing the DWS is fundamentally contraindicated on a machine designed to host WSUS.
Furthermore, those *risks* were founded in an inherentily insecure IIS v3 and IIS v4 product in the days of Windows NT Server, and have no real bearing at all on reality ten years, and three versions, later.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com - ok, makes sense, got it.
lastly, based on my client base (server 2k3, server 2k8) and the sample log info, it doesn't appear I need to take any action on the 'self-update is not working' 13042 errors, right? ok, makes sense, got it.
lastly, based on my client base (server 2k3, server 2k8) and the sample log info, it doesn't appear I need to take any action on the 'self-update is not working' 13042 errors, right?
If you're not bothered by the error log entry, and you do not need to support legacy client updating, then it's not necessary to take any action on this issue, IMHO.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Marked As Answer byc0pe Tuesday, November 17, 2009 5:34 PM
- thanks for all the help, it's appreciated. BTW, I checked the website (not the wsus site, but the other one on my server that I couldn't remember if was the 'renamed' default web site, or if I had deleted the default web site and created from scratch), and it shows an 'id' of 1, so I'm assuming now that I did rename it, not delete it.
thanks again!
