locked
WSUS Sync issue on SCCM 2012 TP v1805 RRS feed

  • Question

  • Hi There

    I have a very annoying issue that I'm no longer able to troubleshoot. After having updated my lab infra to SCCM 2012 TP v1805, my site server is no longer able to initiate Wsus sync anymore.

    Here is my lab infra : 1 W2K16 Server with Site server with local SQL + 1 W2K16 Server with MP/DP + 1 W2K16 Server with SU role with local SQL. All prerequisites have been installed with the SCCM PReq. script of Nikolaj, and verified 3 times to be sure that nothing is missing. No https communication is enabled.

    Issue :

    When I initiate SU sync via SCCM console or schedule SU sync kicks in, I got :

    "Sync failed: Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown. Source: Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer" error message in WSYNCMGR.log file.

    Troubleshooting investigation :

    • Checked all connectivity between servers. No firewall in between servers (routers etc..) and local firewalls on servers are disabled.
    • All prerequisites have been verified installed multiple times. Site server is in Local administrators group on each site system.
    • All servers have been patched manullay from MS update prior installing SCCM roles.
    • Removing and reinstalling SU role + WSUS does not help. SUPSetup.log file shows no error.
    • Modified registry value DEBUGLOGGING for component SMS_WSUS_SYNC_MANAGER (HKLM\SOFTWARE\MICROSOFT\SMS\TRACING\SMS_WSUS_SYNC_MANAGER) on WSUS server and changed it to 1, but still not much information exposed in WSYNCMGR.LOG file.
    • WSUS console have been verified to be installed on Site Server. I can open the WSUS console and connect to remote WSUS server w/o any issue. WSUS IIS ports have been properly configured with 8530/8531
    • WSUSCTRL.LOG file shows no evidence of error message  : Local Wsus is working properly and DB connection works.

              Attempting connection to local WSUS server SMS_WSUS_CONTROL_MANAGER
              Successfully connected to local WSUS server SMS_WSUS_CONTROL_MANAGER
              There are no unhealthy WSUS Server components on WSUS Server XXXX.XXX SMS_WSUS_CONTROL_MANAGER                  Successfully checked database connection on WSUS server XXXX.XXX SMS_WSUS_CONTROL_MANAGER

    • WSYNCMGR.LOG file shows that there is 1SUP configured with the correct name of the Remote Wsus server.

              Starting Sync SMS_WSUS_SYNC_MANAGER
              Performing sync on local request SMS_WSUS_SYNC_MANAGER
              Read SUPs from SCF for XXXX SMS_WSUS_SYNC_MANAGER
              Found 1 SUPs SMS_WSUS_SYNC_MANAGER
              Found active SUP XXXX from SCF File. SMS_WSUS_SYNC_MANAGER

    • WCM.LOG file shows that site server is able to connect to remote WSUS server with no issue :

              Attempting connection to WSUS server: XXXX, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER
              Successfully connected to server: XXXX, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER
              Verify Upstream Server settings on the Active WSUS Server SMS_WSUS_CONFIGURATION_MANAGER
              No changes - WSUS Server settings are correctly configured and Upstream Server is set to Microsoft Update
              WSUS Server configuration has been updated. Updating Group Info. SMS_WSUS_CONFIGURATION_MANAGER
              Updating Group Info for WSUS. SMS_WSUS_CONFIGURATION_MANAGER
              Refreshing categories from WSUS server SMS_WSUS_CONFIGURATION_MANAGER
              Attempting connection to WSUS server: XXXX, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER
              Successfully connected to server: XXXX port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER
              Successfully refreshed categories from WSUS server SMS_WSUS_CONFIGURATION_MANAGER
              Attempting connection to WSUS server: XXXX, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER
              Successfully connected to server: XXXX, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER
              Attempting connection to WSUS server: XXXX, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER
              Successfully connected to server: XXXX, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER

    So far looking at WCM.LOG,  I see that site server is perfectly capable of connecting to remote WSUS with no issue.

    Further testing on the Site Server with following powershell script:

    # WSUS Connection Parameters:
    [String]$updateServer = "xxxx.xxx"
    [Boolean]$useSecureConnection = $False
    [Int32]$portNumber = 8530
     
    # Load .NET assembly
    [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
     
    # Connect to WSUS Server
    $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$useSecureConnection,$portNumber)
     
    # Perform Synchronization
    $Subscription = $Wsus.GetSubscription()
    $Subscription.StartSynchronization()
    • Result 1 : The script runs with no error and remote WSUS starts syncing, with Administrative user context.
    • Result 2 : The script runs with no error and remote WSUS starts syncing, with Site Server NT AUTHORITY\SYSTEM context using psexec -s

    So far even with the site server system account, I'm manually able to trigger wsus sync, but not Site Server.

    So I'm very much puzzled of this situation and I tried all possible ways that came up to my mind to find out what is wrong. And now I'm exhausted. 

    So any one have any idea, why only that GetUpdateServer API call fails when site server calls it.



    • Edited by T.S.K Saturday, June 2, 2018 12:31 AM typo
    Saturday, June 2, 2018 12:26 AM

All replies