Accedi
 
HomeLibraryRisorseFormazioneDownloadSupportoCommunityForumBlog
Risorse per professionisti IT >
Another 2720211 sync issue

Traitée Another 2720211 sync issue

  • venerdì 17 agosto 2012 21:11
     
     
    Registrati per votare
    0

    Issue:  New wsus server (2008R2 x64 with WSUS 3.0 SP2) and initially it would sync but none of my Windows 7 machines would check in so we found the stated hotfix and applied it.  Now, sync does not happen yet all my Windows 7 Machines check in.  I have a virtual machine snapshot that I can revert to that does not have the hotfix and sync's just fine.  Apply the hotfix and sync no longer works. I have tried the wsusutil configuressl your.fqdn.server command, I made sure my domain controllers time were set properly.... several suggestions from this site and none other than a clean install will get WSUS syncing again (but still have the issue of Win 7 machines not communicating)

    What is strange is that my Windows 2003 x32 server has the hotfix installed but has no issue.  Is this an OS related issue?

     

Tutte le risposte

  • sabato 18 agosto 2012 09:28
     
     Con risposta
    Registrati per votare
    0

    if you have clients with the updated WUA then I'd say you would have less work to resolve the sync issues than to rollback those clients, and, I'd say the preferred position would be to have the latest setup rather than an outdated one (which would be at risk of random breakage should further updates come along).

    There may be better guides out there, but here is one that gives a few pointers on logs etc to check into, to identify the sync failures:
    http://sccmts.wordpress.com/2011/08/05/wsus-troubleshooting/

    And, the 2720211 kb article itself, which mentions the problems introduced due to content inspection between your WSUS and wu.com (in case the route/path for your 2008 server is being inspected and your 2003 server is not being inspected)

    there is what seems to be a match for your symptom described as Issue#1:
    http://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx 
    but the resolution described is an uninstall/reinstall (which you've effectively done).
    So I'd focus on the networking/inspection/IIS/cert aspects for troubleshooting. (e.g. is something interfering with the "hardened" comms in play when 2720211 is in place on *this* server, and, other than the OS version, what else is "different" about your 2 servers)

    Don



     
  • domenica 19 agosto 2012 15:19
    Moderatore
     
     
    Registrati per votare
    0

    There are also other updates that are part of this collection of 'hardening' changes that came out of Flame.

    My suggestion -- since you missed KB2720211 (from June) already -- is to ensure that *ALL* updates are applied to your WSUS server and to any proxy servers or firewalls between your WSUS server and Microsoft, and then re-evaluate the situation.

    Of course, knowing exactly why the sync failure is occurring would be helpful, but my money is on an SSL failure, likely attributable to one or more missing updates related to the myriad of changes in MS certificate management and certificates over the past two months.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin


     
  • lunedì 20 agosto 2012 18:40
     
     
    Registrati per votare
    0

    Don-

    Thanks for the links, Ive looked at the blog one before and nothing changed the status.  Im looking into the logs now.

    Lawerence-

    I didnt 'miss' 2720211... I had it applied and it broke the sync so I removed it.

    There is only 1 difference between the 2 server environments.  2003 is using the Integrated Database and 2008 is using a SQL Server database on a separate server.

     
  • lunedì 20 agosto 2012 21:19
    Moderatore
     
     
    Registrati per votare
    0

    I didnt 'miss' 2720211... I had it applied and it broke the sync so I removed it.

    In which case, it's quite likely that your server is still 'broke'. Review the remediations discussed in the cited blog post,

    http://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx

    and then reapply KB2720211 (and any other Security and Critical Updates).

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin


     
  • martedì 21 agosto 2012 14:06
     
     
    Registrati per votare
    0

    Its either broken one way (without the KB) or another (with the KB).  I have reviewed that article but will go over it again.

    In case anyone else is reading this and click that link....

    http://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx

    That one works.


    • Modificato dfittech martedì 21 agosto 2012 15:06
    •  
     
  • martedì 21 agosto 2012 20:40
     
     
    Registrati per votare
    0

    As crazy as it is, uninstalling with leaving everything there and reinstalling (even thou I did it like 6 times in the last few days without the same result) works.

    I will say that I just deleted the virtual machine and started over from scratch instead of messing with the other one.  Thanks for all the help.

     
  • martedì 21 agosto 2012 21:13
     
     
    Registrati per votare
    0

    As crazy as it is

    It's IT - crazy goes with the territory ;)

    Don

     
  • mercoledì 22 agosto 2012 16:11
    Moderatore
     
     
    Registrati per votare
    0

    As crazy as it is, uninstalling with leaving everything there and reinstalling (even thou I did it like 6 times in the last few days without the same result) works.

    I will say that I just deleted the virtual machine and started over from scratch instead of messing with the other one.  Thanks for all the help.

    So now you have a fresh installation of WSUS v3 SP2 (v3.2.7600.226), and you're still lacking KB2720211?

    Or, you successfully installed KB2720211 on a fresh WSUS installation -- which is totally expected.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Product Manager, SolarWinds
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin


     
  • lunedì 27 agosto 2012 15:26
     
     Risposta suggerita
    Registrati per votare
    0
    I started with a fresh install of Server 2008r2 and added WSUS, synced with Windows but clients wouldnt sync with the server.  Applied the KB that fixed the client sync but breaks MS Sync.  Uninstalled WSUS with leaving everything program specific on the server, reinstalled, applied the KB again and now it works.
    • Proposto come risposta antwesor martedì 28 agosto 2012 16:35
    •