locked
KB4054519 - breaks wsus connection RRS feed

  • Question

  • Hi,

    The past few months, whenever we have installed the security monthly rollup, the 2012R2 WSUS servers (3no) we use to deploy patches will not check into themselves. We have to uninstall the rollup for it to check in, report and download any future patches.

    I have seen the web.config file is changed following the rollup, following this thread https://social.technet.microsoft.com/Forums/lync/en-US/fbf4912e-5d1f-4168-832d-31102c2b0d16/clients-failing-to-connect-to-wsus-80244008?forum=winserverwsus didn't resolve the situation. The port is definitely set correctly.

    Any ideas would be most helpful as we would like to install the rollup.<u1:p></u1:p><o:p></o:p>

    Regards,

    Matthew



    <u1:p></u1:p>
    • Edited by noxidelm Thursday, December 14, 2017 1:24 PM
    Thursday, December 14, 2017 1:23 PM

All replies

  • Hi,

    >>the 2012R2 WSUS servers (3no) we use to deploy patches will not check into themselves.

    Do you mean the WSUS server will not get updates from it self ?

    Is there any clue in windows update log ?

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, December 17, 2017 1:03 PM
  • is IPv6 Disabled on any of your systems? IPv6 should be and remain enabled as Windows Server 2008+ uses IPv6 to communicate with each other and itself in the case of WSUS.

    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Sunday, December 17, 2017 4:07 PM
  • Hi Elton,

    Answers below:

    "Do you mean the WSUS server will not get updates from it self ?" - correct. On the day after Patch Tuesday, we download the new patches to one WSUS server and install the patches to test if it breaks anything on it. The security monthly rollup breaks its ability to check in, check for new updates and report in.

    "Is there any clue in windows update log?"- this is the main error I see continuously throughout the log:

    2017-12-13    06:28:04:286     760    1080    Misc    WARNING: Send failed with hr = 80072ee2.
    2017-12-13    06:28:04:286     760    1080    Misc    WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
    2017-12-13    06:28:04:286     760    1080    Misc    WARNING: Send request failed, hr:0x80072ee2
    2017-12-13    06:28:04:286     760    1080    Misc    WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=802&L=en-US&P=&PT=0x7&WUA=7.9.9600.18696>. error 0x80072ee2
    2017-12-13    06:28:04:286     760    1080    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
    2017-12-13    06:28:04:286     760    1080    Misc    WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
    2017-12-13    06:28:04:286     760    1080    Misc    WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
    2017-12-13    06:28:04:286     760    1080    SLS    FATAL: SLS:CSLSDownloader::GetUrlContent: DoFileDownload failed with 0x80072ee2.
    2017-12-13    06:28:04:286     760    1080    SLS    FATAL: GetResponse failed with hresult 0x80072ee2...
    2017-12-13    06:28:04:286     760    1080    EP    FATAL: EP: CSLSEndpointProvider::GetWUClientData - failed to get SLS data, error = 0x80072EE2
    2017-12-13    06:28:04:286     760    1080    EP    FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data, error = 0x80072EE2
    2017-12-13    06:28:04:286     760    1080    EP    Got WSUS Client/Server URL: "http://***.***.***.***/ClientWebService/client.asmx"
    2017-12-13    06:28:04:286     760    1080    Setup    Checking for agent SelfUpdate
    2017-12-13    06:28:04:286     760    1080    Setup    Client version: Core: 7.9.9600.18696  Aux: 7.9.9600.18696
    2017-12-13    06:28:04:286     760    1080    EP    Got WSUS SelfUpdate URL: "http://***.***.***.***/selfupdate"
    2017-12-13    06:28:04:286     760    1080    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
    2017-12-13    06:28:04:301     760    1080    Misc     Microsoft signed: NA
    2017-12-13    06:28:04:364     760    1080    Misc     Infrastructure signed: Yes
    2017-12-13    06:28:04:364     760    1080    Misc    WARNING: Cab does not contain correct inner CAB file.
    2017-12-13    06:28:04:364     760    1080    Misc    Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
    2017-12-13    06:28:04:364     760    1080    Misc     Microsoft signed: NA
    2017-12-13    06:28:04:364     760    1080    Misc     Infrastructure signed: Yes
    2017-12-13    06:28:04:427     760    1080    Setup    Skipping SelfUpdate check based on the /SKIP directive in wuident
    2017-12-13    06:28:04:427     760    1080    Setup    SelfUpdate check completed.  SelfUpdate is NOT required.

    Monday, December 18, 2017 1:47 PM
  • Hi Adam,

    I can see that IPv6 is disabled on all our patch servers, I shall speak to Infrastructure to see why this is. I believe we do not use IPv6 across much of our estate.

    Monday, December 18, 2017 2:19 PM
  • Hi Adam,

    I can see that IPv6 is disabled on all our patch servers, I shall speak to Infrastructure to see why this is. I believe we do not use IPv6 across much of our estate.

    Some reading material

    https://blogs.technet.microsoft.com/askpfeplat/2013/06/16/ipv6-for-the-windows-administrator-why-you-need-to-care-about-ipv6/


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Monday, December 18, 2017 2:22 PM
  • Same problem here. After installing of KB4054519 clients (300 and more) and servers did not report to WSUS server (Windows 2012 R2).

    After the uninstall of KB4054519 from WSUS server all works again.

    Regards,

    Milena.

    Thursday, January 4, 2018 10:28 AM
  • Hi,

    When clients show Error 8024401F after patching the WSUS server itself you know its one of the updates that caused this.

    So far updates that cause this:

    KB4025336/KB4025331

    KB4034681

    KB4054519

    Remove these upates and test again.  Apply them one at a time to see which caused it.

    Russ

    Monday, January 22, 2018 3:08 PM