locked
Windows Updates - Checks update status from Microsoft RRS feed

  • Question

  • We have a bunch of Windows 2016 servers in VMM where I am trying to Remediate using the WSUS server configured on a separate server.

    We know the VMM is configured correctly as it is working fine for other operating systems such as 2012 R2 & Windows 2008 R2.

    When I run the scan on a Windows 2016 Server, it seems to be going out to Microsoft to check the update compliance before it attempts to download it from my WSUS server (if required) - I see this in the log files after I execute command Get-WindowsUpdateLog:

    ProtocolTalker  ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx

    This is not so good for us if we like to keep all servers consistent with same patches - as soon as one of the patches get superseded by Microsoft, it no longer downloads this from our local WSUS Server.

    Is there a way around this? We would like to run the scan (and download) from the local WSUS server and not Microsoft?

    Monday, February 6, 2017 10:24 AM

Answers

All replies

  • Hi Latif Yahya,

    1. Please check if the GPO settings that point the win2016 to WSUS server is applied correctly, you may check the register keys in HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU;

    2. Please show us the detailed windows update log for one scan, let's check the detailed scan progress.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 7, 2017 6:56 AM
  • Hi Anne,

    I have checked the above registry and can see useWUServer with a value of 1.

    Next, I have run compliance scan from VMM and once that finished successfully, I have executed command Get-WindowsUpdateLog from Windows PowerShell and below are the windows update log for this scan:

    2017/02/07 10:41:40.1587682 1588  4076  Shared          * START * Service startup
    2017/02/07 10:41:40.1707996 1588  4076  Agent           WU client version 10.0.14393.0
    2017/02/07 10:41:40.1711974 1588  4076  Agent           SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
    2017/02/07 10:41:40.1712839 1588  4076  Agent           Base directory: C:\Windows\SoftwareDistribution
    2017/02/07 10:41:40.1720832 1588  4076  Agent           Datastore directory: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
    2017/02/07 10:41:40.1877222 1588  4076  Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
    2017/02/07 10:41:40.1877625 1588  4076  Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
    2017/02/07 10:41:40.1884074 1588  4076  Shared          Network state: Connected
    2017/02/07 10:41:40.1914717 1588  4076  Misc            LoadHistoryEventFromRegistry completed, hr = 8024000C
    2017/02/07 10:41:40.1924088 1588  4076  Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
    2017/02/07 10:41:40.1924162 1588  4076  Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
    2017/02/07 10:41:40.1924231 1588  4076  Shared          Power status changed
    2017/02/07 10:41:40.1938911 1588  4076  Agent           Initializing global settings cache
    2017/02/07 10:41:40.1938919 1588  4076  Agent           WSUS server: http://WSUSSERVER01.DOMAIN.com:8830
    2017/02/07 10:41:40.1938922 1588  4076  Agent           WSUS status server: http://WSUSSERVER01.DOMAIN.com:8830
    2017/02/07 10:41:40.1938926 1588  4076  Agent           Target group: (Unassigned Computers)
    2017/02/07 10:41:40.1938930 1588  4076  Agent           Windows Update access disabled: No
    2017/02/07 10:41:40.1942772 1588  4076  Agent               Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2017-02-07 11:43:48, not idle-only, not network-only
    2017/02/07 10:41:40.1994617 1588  4076  Agent           Initializing Windows Update Agent
    2017/02/07 10:41:40.1995680 1588  4076  DownloadManager Download manager restoring 0 downloads
    2017/02/07 10:41:40.1996417 1588  4076  Agent           CPersistentTimeoutScheduler | GetTimer, returned hr = 0x00000000
    2017/02/07 10:41:40.2096185 1588  3800  DownloadManager PurgeExpiredFiles::Found 0 expired files to delete.
    2017/02/07 10:41:40.2199648 1588  3800  DownloadManager PurgeExpiredUpdates::Found 332 non expired updates.
    2017/02/07 10:41:40.2880970 1588  3800  DownloadManager PurgeExpiredUpdates::Found 0 expired updates.
    2017/02/07 10:41:40.2908992 1588  3800  Shared          Effective power state: AC
    2017/02/07 10:41:40.2908995 1588  3800  DownloadManager Power state change detected. Source now: AC
    2017/02/07 10:43:52.0148149 1612  7844  ComApi          * START *   Init Search ClientId = NULL
    2017/02/07 10:43:52.0148160 1612  7844  ComApi          * START *   Search ClientId = NULL
    2017/02/07 10:43:52.0665847 1588  10196 Agent           * START * Queueing Finding updates [CallerId = <<PROCESS>>: vmmAgent.exe  Id = 1]
    2017/02/07 10:43:52.0665898 1588  10196 Agent           Added service 00000000-0000-0000-0000-000000000000 to sequential scan list
    2017/02/07 10:43:52.0667515 1612  7844  ComApi          Search ClientId = NULL
    2017/02/07 10:43:52.0676109 1588  9264  Agent           * END * Queueing Finding updates [CallerId = <<PROCESS>>: vmmAgent.exe  Id = 1]
    2017/02/07 10:43:52.0683093 1588  9264  Agent           * START * Finding updates CallerId = <<PROCESS>>: vmmAgent.exe  Id = 1
    2017/02/07 10:43:52.0683101 1588  9264  Agent           Online = Yes; AllowCachedResults = No; Ignore download priority = No
    2017/02/07 10:43:52.0683104 1588  9264  Agent           Criteria = (IsInstalled = 0 and IsHidden = 0) OR (IsInstalled = 1)""
    2017/02/07 10:43:52.0683134 1588  9264  Agent           ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
    2017/02/07 10:43:52.0683137 1588  9264  Agent           Search Scope = {Machine}
    2017/02/07 10:43:52.0683159 1588  9264  Agent           Caller SID for Applicability: S-1-5-18
    2017/02/07 10:43:52.0683159 1588  9264  Agent           RegisterService is set
    2017/02/07 10:43:52.0699104 1588  9264  SLS             Retrieving SLS response from server using ETAG ltWsyjl36fnzgR4MZLDNwWkS+BpTJFrLWZwzas2Z+9Y=_1440"..."
    2017/02/07 10:43:52.0699951 1588  9264  SLS             Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.14393.0/0?CH=949&L=en-US&P=&PT=0x8&WUA=10.0.14393.0
    2017/02/07 10:45:06.8064166 1588  9264  Misc            StatusCode for transaction returned from WinHttpQueryHeaders is 304
    2017/02/07 10:45:06.8175351 1588  9264  Misc            Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir Client/Server URL: https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx""
    2017/02/07 10:45:07.0687647 1588  9264  ProtocolTalker  ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx
    2017/02/07 10:45:07.0687786 1588  9264  ProtocolTalker  OK to reuse existing configuration
    2017/02/07 10:45:07.0687841 1588  9264  ProtocolTalker  Cached cookie has expired or new PID is available
    2017/02/07 10:45:07.0688036 1588  9264  ProtocolTalker  PTWarn: Anonymous plug-in skipped for WU
    2017/02/07 10:45:07.0688281 1588  9264  WebServices     Auto proxy settings for this web service call.

    Attached above is the log file and as you can see besides the WSUS server, it is still hitting out to fe2.update.microsoft.com (highlighted). Is this normal?

    Thanks.


    • Edited by Latif Yahya Tuesday, February 7, 2017 11:17 AM
    Tuesday, February 7, 2017 11:00 AM
  • Hi Latif Yahya,

    >http://WSUSSERVER01.DOMAIN.com:8830

    WSUS port use http port 8530.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, February 15, 2017 6:07 AM
  • Hi,

    Just to check if the above reply could be of help? If yes, you may mark useful reply as answer, if not, welcome to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 28, 2017 9:45 AM
  • I am unsure how to use the port settings.  Could someone possibly offer additional explanation please?  Thanks. 

    jameshnelson2003@yahoo.com

    Wednesday, July 18, 2018 11:44 PM