locked
2012 WSUS sync errors only on definition updates RRS feed

  • Question

  • WSUS Update continually fails.

    I have a Gateway 9220-T server with Server 2012 Standard on it which has been removed from service and replaced with a new Server 2019 machine as the domain controller. I’m setting up the Gateway to use as a WSUS server. So I’ve wiped it and reloaded Server 2012 standard and installed WSUS on it. Currently I’m still working on it in the LAB and it’s not in use as of yet.

    Installed and configured for "first run" with no issues. I did not elect to have it automatically do that first run automatically, because it would take a really long time, more than 8 hours. So in Options – Products & Classifications – Classifications I elect to get only critical updates first. That went off without a hitch. Then I installed those critical updates needed by the server.

    Next, I checked Definition Updates and then ran the sync again. Problem is, the sync makes it all the way to 99% (maybe 100% but not sure) and then fails. Multiple sync attempts result the same. So, I unchecked definition updates and selected updates (not upgrades) and that ran without a hitch. Installed all those updates, selected definition updates again and upon syncing it gets to 99-100% and fails again.

    Looking at the sync reports for the failed syncs they all say the same thing. "A dependency of the update was not found on the server and was not provided by the upstream server"  I’m syncing with Microsoft, not with an upstream server of mine.

    I’ve googled this and everything I find on this problem is for SCCM or DataCenter. So can someone direct me to a starting point for Server 2012 WSUS please? I’m clueless on this. A screenshot of all the sync errors is attached. It "appears" this has something to do with missing updates? I’m just guessing.

     

     

    Thursday, August 22, 2019 2:33 PM

Answers

  • I guess in this case 4th time was the charm. Since I wasn't getting any feedback here or elsewhere I was posting on this issue, I completely wiped the HD and reloaded from the OS up. But this time WSUS was the first role installed. Then for the first sync I worked through products selecting only those that apply (why is window XP still selected by default?) and under classifications selected only definition updates. Started the sync and it completed in about 45 minutes successfully with no errors. Then selected critical updates and synced again with no errors. It's syncing updates as I type this and I'm confident I'm good now.

    I also notice that Windows 10 client computers are showing up labeled as such in WSUS, whereas before they were appearing as Windows Vista.

    The only other role this server will have will be to set it up as an RD Gateway server. But I'll deal with that once everything is caught up with WSUS updates on the this server.

    • Marked as answer by Carl1959 Sunday, August 25, 2019 12:43 AM
    Sunday, August 25, 2019 12:43 AM

All replies

  • Has your WSUS server been fully patched? Run this on your Server and lets get the results

    wsusutil checkhealth


    SCCM Admin


    • Edited by Levi111 Thursday, August 22, 2019 5:55 PM
    Thursday, August 22, 2019 5:53 PM
  • Thanks for responding. When I run checkhealth from an admin command prompt, all I get is that the last sync attempt was unsuccessful.

    As for patching, I've not done that and wasn't aware of the need. I did some searching on "WSUS 2012 Patch" and it's got me going in circles. I don't know where to start.

    Thursday, August 22, 2019 8:49 PM
  • Follow up this to troubleshoot any kind of WSUS errors,

    https://gallery.technet.microsoft.com/Troubleshooting-WSUS-d63da113?redir=0

    Thursday, August 22, 2019 9:54 PM
  • I downloaded the PDF and worked it through. All checks out. I don't see the relevance here though. The PDF deals will WSUS-Client issues and doesn't address WSUS sync issues at all. There's no issue with WSUS server-client. THe issue is WSUS server sync with MS fails at 99-100% only when definition updates is selected on the classifications tab.
    Thursday, August 22, 2019 10:52 PM
  • Hi Carl,
      

    Is WSUS currently using WID database? Have you tried to completely remove the currently installed WSUS and reinstall it? Please refer to the following steps to remove:
      

    1. Remove the following server roles and features through Server Manager:
      Roles: Windows Server Update Server
      Features: Windows Internal Database, Windows Server Update Services Tools (At Remote Server Administration Tools -> Role Administration Tools)
      Follow the wizard prompts to complete the deletion. Then restart the server.
         
    2. After the server is restarted, manually delete the folder or file of the following path:
      - C:\WSUS (It depends on where you choose to install WSUS.)
      - C:\Program Files\Update Services
      - C:\Windows\WID
         
    3. In the IIS Information Services (IIS) Manager, manually remove the WSUS Administration site. Then restart the server. 
      You can also consider using the Powershell command Remove-WebSite -Name "WSUS Administration" for deletion.
         

    This completes the complete removal of WSUS and related content, and then you can install a new WSUS.
    Hope the above can help you.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 23, 2019 2:43 AM
  • I actually did all that yesterday, down to the point of manually deleting the C:\Windows\WID directory. Then re-installed. Syncing continues to fail only when Definition Updates is selected. So far, I've synced it successfully with Critical Updates, and Updates selected. Tonight I"ll be adding Service Packs to that mix and running it again. Since Definition Updates won't be included in this mix I expect it to succeed.

    Now I'm on 2012 Standard and did attempt to install KB3159706, but get "this update is not applicable to your computer". I've "heard" there's two other patches out there I may need. But can'f find any information on what those patches are.

    Friday, August 23, 2019 3:30 AM
  • Hi Carl,
      

    Before installing KB3159706, please make sure that the server has KB3095113 installed.
    At the same time, if the Windows Update component is not updated, it may cause the KB3159706 installation to fail. If this happens, please install the latest stack update.
       

    Hope the above can help you.
      

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 23, 2019 6:43 AM
  • I'll do that just as soon as the currently running sync attempt finishes and fails. WHile waiting I did some more searching and found a thread at https://social.technet.microsoft.com/Forums/en-US/0f58a38a-042f-4475-b336-b7de3570ab7e/adding-defender-updates-is-causing-sync-to-fail?forum=ConfigMgrCompliance which seems to indicate this is a microsoft issue where the metadata files are not accessible on the MicroSoft update server. The errors in the failed sync results files seem to point that way. This was back in 2018 and was "supposedly" fixed by MS. It would appear it was patched as opposed to fixed. Anything on that before I do the KB and stack update thing?
    Friday, August 23, 2019 12:52 PM
  • The sync finished and since definition updates was selected it failed of course. I ran Windows Update on the server after approving needed updates and installed them. Rebooted the server and ran updates again to confirm it all all the updates presently available to it in WSUS.

    Then ran KB4504418 servicing state update and it says "already installed". I confirmed this, as it does appear in the list of installed updates. Then for both KB3095113 and KB3159706 and for both I get "not applicable to your computer". For those two I confirmed that they are not present in the list of installed updates either.

    I still think this is an MS problem since the errors in the sync log specifically state "not provided by the upstream server". I'm getting updates from the MS Update Server. So I can't see how it can be anything else other than an MS problem on their end.

    Friday, August 23, 2019 2:22 PM
  • I just recently built a fresh Server 2019 WSUS server as a VM on modern hardware and it failed to perform the initial sync multiple times.  After I re-index'd the database then the sync succeeded. 

    It's possible some kind of thrashing is occurring in SQL due to it being very un-optimized.   Given that server is older and probably on the extreme side of slow compared to modern equipment, it may simply not be fast enough to perform the initial sync at all.  I assume it's got a $50 SSD hosting the DB files? 

    Maybe try optimizing the WSUS database by installing the SQL CLR types and SQL command line tools and execute DB maintenance:

    https://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61



    Friday, August 23, 2019 3:45 PM
  • gettnmorebetter thanks for jumping in, but your assumptions are wrong. It's a quad core server with 6MB of memory which is more than enough for something that's only going to host WSUS. The 1TB WD hard drive (2 of them, but only one attached at the moment) is less than a year old and was wiped clean and server 2012 standard reloaded from scratch. As for your Sever 2019 setup, that doesn't even use the same version of WSUS. So informing me of what works for you really isn't of any help unfortunately. Wish it were.

    As far as rebuilding the index, I'm sure that others assumed I've done that and were choosing not to insult my intelligence by suggesting the obvious.... at least not yet. It just seems odd that this same exact scenario was experienced with others with my same setup back in 2018 and while it wasn't admitted to outright by Microsoft, it appears to have been an issue on there end. From my perspective either the issue wasn't fixed on their end, or it was just patched and now the band-aid has fallen off.

    I've checked out for the updates referenced by Yic LV and the stack update was already installed. I assume as an update or perhaps it was already included in the ISO I downloaded and installed. (Yes, I've already installed the license successfully via DISM first thing after completing the install.) But still, attempts to install KB3095113 and KB3159706 terminate with "this update is not applicable to your computer". A check of installed updates confirms those two are not installed either. I've also confirmed all update standalone packages I downloaded were for 2012 standard with GUI and not for just a core install or for 2012R2. 

    Friday, August 23, 2019 7:07 PM
  • I guess in this case 4th time was the charm. Since I wasn't getting any feedback here or elsewhere I was posting on this issue, I completely wiped the HD and reloaded from the OS up. But this time WSUS was the first role installed. Then for the first sync I worked through products selecting only those that apply (why is window XP still selected by default?) and under classifications selected only definition updates. Started the sync and it completed in about 45 minutes successfully with no errors. Then selected critical updates and synced again with no errors. It's syncing updates as I type this and I'm confident I'm good now.

    I also notice that Windows 10 client computers are showing up labeled as such in WSUS, whereas before they were appearing as Windows Vista.

    The only other role this server will have will be to set it up as an RD Gateway server. But I'll deal with that once everything is caught up with WSUS updates on the this server.

    • Marked as answer by Carl1959 Sunday, August 25, 2019 12:43 AM
    Sunday, August 25, 2019 12:43 AM