locked
Windows 2012 R2 unable to update from WSUS - Not yet reported, RRS feed

  • Question

  • I have a number of Windows 2012 R2 servers that I am trying to run Windows Update on. They use a WSUS server in their network. These server do not have contact with the Internet and are in a closed network.  In the WSUS Server their status is not yet reported. I have many other Windows 2012 R2 servers that have no trouble updating from the same WSUS server that is running Windows 2012 R2. All the problem servers have wuaueng.dll version 7.9.9600.17415.  They show that they have never been updated. I am trying to fix this on a server in a test network so I don't disturb production.  I have tried installing KB3138615 to update the wuaueng.dll. However, it was updated to version 7.9.9600.18235, which still does not work. I tried the following steps from an article I have seen here and other places. If the file version is 7.9.9600.18235, .18340, .18621, .18628, then need to follow the below solution. (We can delete the system from WSUS then can try the following option) 1. Open the command prompt with the administrative privilege 2. Run the command: net stop wuauserv. (To stop the Windows update service) 3. Close the Windows update console 4. Delete the following registry keys: Note: Export the targeted registry before deleting for safer side and as a best practice 1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientId 2. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIdValidation 1. Rename the file C:\Windows\WindowsUpdate.log as  C:\Windows\WindowsUpdate_old.log 2. Rename the folder “C:\Windows\Software Distribution” as “C:\Windows\Software Distribution_old” 3. net start wuauserv (To start the Windows update service) 4. wuauclt /resetauthorization /detectnow (Windows update agent will initiate the connection (termed as contact) with WSUS, after a while it will report with the WSUS ) Note: WSUS reporting and updating is a time consuming process. 5. Confirm the new two key values are appeared on the path : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" 10.  Check for the updates, once you got the confirmation the AD support team. 11.  Delete the folder “C:\Windows\Software Distribution_old” and C:\Windows\WindowsUpdate_old.log This does not work. The server still searches for updates "for ever" and still shows up as not yet reported in the WSUS server. I tried once more and it took overnight for the registry keys to show up. It also still had “Not Yet Reported” Also there is another Windows 2012 R2 server with the 17415 wuaueng.dll that does not either of the registry keys listed above. Also another person here tried a manual update on a server with the 17415 wuaueng.dll and it also failed.

    Is there a wuaueng.dll out there newer than 7.9.9600.18235 out there than I can use?

    Thanks in advance.

    Tuesday, April 7, 2020 4:11 PM

Answers

  • Earlier this afternoon I tried installing the KB4540725 and KB4541505 updates starting with KB4540725 manually. The Windows  Update Standalone Installer got stuck on "Searching for updates on this computer". This is similar to it getting stuck on "Checking for Updates" when using the WSUS server.  Another SA had the same issue with trying a standalone install on his server that has the same problem as mine.

    Thank you for your reply.
    The quickest solution to this situation is to adjust the Windows Update "IMPORTANT UPDATES" option of the client to "NEVER CHECK FOR UPDATES (NOT RECOMMENDED)", and then install the offline update package. 
      

       
    But this does not seem to be the key point to solve the problem you encountered. If WSUS-related group policies are applied, this option may not be adjusted. So I suggest that you may consider extracting some clients for testing, try to cancel the WSUS group policy or local policy of these clients first, release the management capabilities of Windows Update, and then modify the selection of "IMPORTANT UPDATES", the test installation completes the latest SSU and summary update, after then restore the client's WSUS group policy or local policy, and verify the report.
        

    Reply back with the results would be happy to help.
        

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by LMBalla Friday, April 10, 2020 4:53 PM
    Thursday, April 9, 2020 1:30 AM

All replies

  • Hi LMBalla,
       

    Please consider the following steps to troubleshoot problems that the client does not report to WSUS:
       

    1. Located on the client, the registry location of the WSUS server configuration storage is as follows:
      [HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows \ WindowsUpdate]
      - "WUServer"=" http://<WSUSSERVER:PORT >
      - "WUStatusServer"= http://<WSUSSERVER:PORT >
      In case you are using a registry modification or local policy make sure that the same is applied.
          
    2. Located on the client, make sure that you can access the site:
      - http://WSUSSERVER:PORT/selfupdate/iuident.cab
      and download the file without errors. If this fails then some possible reasons include:
      a. There is a name resolution issue on the client.
      b. There is network related issue (e.g. there's a proxy configuration issue, etc.).
          
    3. Located on the client, download the Windows Update Troubleshooter, and fix problems with Windows Update .
         

    Reply back with the results would be happy to help.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 8, 2020 1:52 AM
  • Hi,

    Please refer this guidance.

    https://gallery.technet.microsoft.com/Troubleshooting-WSUS-d63da113?redir=0

    This may be useful you to fix

    Wednesday, April 8, 2020 8:42 AM
  • Thanks for your help.

    The server in question is in a different domain than the WSUS server so I am using the IP address with the 8530 port. The server in question is a VM on Hyper-V and other VM's and the host are not having this problem. There are also other Windows 2012 R2 servers over in the same domain with the WSUS server having the same problem when other servers with the same OS are working fine.

    I can use IE and get to the WSUS Server with port 8530 and download the iuident.cab file with no problem. 

    I tried the Windows Update Troubleshooter and it said that it couldn't identify the problem.

    Earlier this afternoon I tried installing the KB4540725 and KB4541505 updates starting with KB4540725 manually. The Windows  Update Standalone Installer got stuck on "Searching for updates on this computer". This is similar to it getting stuck on "Checking for Updates" when using the WSUS server.  Another SA had the same issue with trying a standalone install on his server that has the same problem as mine.

    Wednesday, April 8, 2020 8:03 PM
  • Earlier this afternoon I tried installing the KB4540725 and KB4541505 updates starting with KB4540725 manually. The Windows  Update Standalone Installer got stuck on "Searching for updates on this computer". This is similar to it getting stuck on "Checking for Updates" when using the WSUS server.  Another SA had the same issue with trying a standalone install on his server that has the same problem as mine.

    Thank you for your reply.
    The quickest solution to this situation is to adjust the Windows Update "IMPORTANT UPDATES" option of the client to "NEVER CHECK FOR UPDATES (NOT RECOMMENDED)", and then install the offline update package. 
      

       
    But this does not seem to be the key point to solve the problem you encountered. If WSUS-related group policies are applied, this option may not be adjusted. So I suggest that you may consider extracting some clients for testing, try to cancel the WSUS group policy or local policy of these clients first, release the management capabilities of Windows Update, and then modify the selection of "IMPORTANT UPDATES", the test installation completes the latest SSU and summary update, after then restore the client's WSUS group policy or local policy, and verify the report.
        

    Reply back with the results would be happy to help.
        

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by LMBalla Friday, April 10, 2020 4:53 PM
    Thursday, April 9, 2020 1:30 AM
  • Thank you for your help!

    I took the WSUS GPO off of the OU where my server is so I could change Windows Update to never check for updates. After running GPUPDATE /Force, I noticed a change right away. I was able to install the KB4540725 and KB4541505 updates. I ran one other manual update after those two. After the wuaueng.dll was a version newer than 7.9.9600.18235. I was able to get the server shown properly on the WSUS server and was able to get the updates from WSUS successfully.

    I have 3-4 more servers like this I have to fix in this little software test domain. After that, I have several in the production domain with this problem to fix. These servers show that they have never been updated. I would just like to update them starting from the beginning if I can. 

    Thursday, April 9, 2020 4:42 PM
  • Hi LMBalla,
       

    Glad to see progress.
    Any follow-up please keep our communication.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 10, 2020 1:13 AM
  • On 2 of the servers yesterday, I installed KB4540725 and KB4541505 after blocking inheritance of the WSUS GPO on their respective OU's. After  getting them back on the GPO, I was able to do the updates from the WSUS server.  I will be able to do the rest of the servers soon.

    Friday, April 10, 2020 4:52 PM