locked
WSUS ERROR RRS feed

  • Question

  • Hi friends

    Today, but it was happend a one week ago and more, wsus not responding. The error is:

    The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

    Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

    The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 

    Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.


    System.IO.IOException -- The handshake failed due to an unexpected packet format.

    Source
    System

    Stack Trace:
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
       at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.ConnectStream.WriteHeaders(Boolean async)
    ** this exception was nested inside of the following exception **


    System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send.

    Source
    Microsoft.UpdateServices.Administration

    Stack Trace:
       at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings)
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()

    i tried restart IIS, SQL (Windows Internal Database, and the Update Services Service) end delete the preferences. What else?

    Monday, September 24, 2018 6:49 AM

Answers

All replies

  • Hello,
     
    I find the following solution which solves many of the same problems as you. Please check if it works.
     
    http://www.butsch.ch/post/WSUS-Error-on-2012R2-WSUS-Server-ERROR-Connection-Error-console.aspx
     
    Best Regards,
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by LTEX85 Monday, October 1, 2018 6:30 AM
    Tuesday, September 25, 2018 2:59 AM
  • Hi Ray,

    i try the command "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

    but then the feature "http activaction" was was already selected in the framework 4.6. I work with windows server 2016.

    For what comes next I did not understand what I have to do. It seems that I have to add something but the required configurations are already present

    Add the multipleSiteBindingsEnabled = "true" attribute to the bottom of the Web.Config file, as shown:
    </ Bindings>
    <serviceHostingEnvironment aspNetCompatibilityEnabled = "true" multipleSiteBindingsEnabled = "true" />
    </system.serviceModel

    my configuration

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <!--For IIS 7 when virtual application is run in integrated mode-->
        <system.webServer>
            <handlers accessPolicy="Read, Script">
                <remove name="WebServiceHandlerFactory-Integrated-4.0"/>
                <add name="ClientWebServiceAsmxHandler"
                     path="*.asmx"
                     verb="*"
                     type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                     preCondition="integratedMode,runtimeVersionv4.0" />
            </handlers>
        </system.webServer>

        <!--
        This section is required for converting an ASMX web service to WCF
        -->
        <system.web>
            <compilation>
                <buildProviders>
                    <remove extension=".asmx" />
                    <add extension=".asmx"
                         type="System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
                </buildProviders>
            </compilation>

            <!--  GLOBALIZATION
            This section sets the globalization settings of the application. 
            -->
            <globalization 
                    requestEncoding="utf-8" 
                    responseEncoding="utf-8" 
            />

            <!-- DOCUMENTATION
                  Turn off documentation by default
            -->
            <webServices>
                <protocols>
                    <remove name="Documentation"/>
                </protocols>

                <!-- Run SOAP Header Filter with ClientWebService -->
                <soapExtensionTypes>
                    <add type="Microsoft.UpdateServices.WUShield,WUShield"
                        priority="1"
                        group="0" />
                </soapExtensionTypes> 
            </webServices>

            <!-- MAXREQUESTLENGTH
                  Limit the size of incoming requests to 4096 kbytes.
            -->
            <httpRuntime maxRequestLength="4096" />
        </system.web>

        <appSettings>
            <!-- The maximim number of locales that a client can pass to GetExtendedUpdateInfo.
             An InvalidParameters exception is thrown if this limit is exceeded.
        -->
            <add key="maxLocales" value="100"/>

            <!-- The maximim number of update IDs that a client can pass to SyncUpdates,
             SyncPrinterCatalogs, or RefreshCache.
             An InvalidParameters exception is thrown if this limit is exceeded.
        -->
            <add key="maxCachedUpdates" value="22000"/>

            <!-- The maximim number of installed prerequisites a client can pass to SyncUpdates
             or SyncPrinterCatalog.
             An InvalidParameters exception is thrown if this limit is exceeded.
        -->
            <add key="maxInstalledPrerequisites" value="400"/>

            <!-- The maximum number of hardware IDs passed to spGetDriver. The web service trims
             the system spec against the list of hardware IDs for which a driver exists in
             the DB. Typically this results in a trimmed system spec containing only one or
             two hardware IDs. Only the first maxPrunedHardwareIDs are submitted to the
             driver query.
        -->
            <add key="maxPrunedHardwareIDs" value="20"/>

            <!-- The order prerequisite clauses are sorted in the internal data-structures used by
             SyncUpdates.
        -->
            <add key="detectoidTypes" value="ProductFamily;Product;Application Locale;Windows Locale"/>
            <!--  
            The value of the following key is made part of the SQL connection's
            ApplicationName property to improve sql tracing.
        -->
            <add key="ApplicationNameForDatabaseConnection" value="ClientWS"/>
        </appSettings>

        <system.serviceModel>
            <diagnostics performanceCounters="All">
                <messageLogging logEntireMessage="false"
                                logMalformedMessages="false"
                                logMessagesAtServiceLevel="false"
                                logMessagesAtTransportLevel="false"
                                maxMessagesToLog="30000" />
            </diagnostics>
            <services>
                <service
                    name="Microsoft.UpdateServices.Internal.Client"
                    behaviorConfiguration="ClientWebServiceBehaviour">
                    <!-- 
                      These 4 endpoint bindings are required for supporting both http and https
                    -->
                    <endpoint address=""
                            binding="basicHttpBinding"
                            bindingConfiguration="SSL"
                            contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                    <endpoint address="secured"
                            binding="basicHttpBinding" 
                            bindingConfiguration="SSL"
                            contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                    <endpoint address=""
                            binding="basicHttpBinding"
                            bindingConfiguration="ClientWebServiceBinding"
                            contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                    <endpoint address="secured"
                            binding="basicHttpBinding" 
                            bindingConfiguration="ClientWebServiceBinding"
                            contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                </service>
            </services>
            <behaviors>
                <serviceBehaviors>
                    <behavior name="ClientWebServiceBehaviour" >
                        <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                        <serviceDebug includeExceptionDetailInFaults="true" />
                    </behavior>
                </serviceBehaviors>
            </behaviors>
            <!--binding configuration schema reference http://msdn.microsoft.com/en-us/library/ms731399.aspx -->
            <bindings>
                <basicHttpBinding>
                    <!-- WCF buffer pool settings set to 1MB/128MB to handle RefreshCache load (see 310779) -->
                    <binding name="ClientWebServiceBinding"
                            closeTimeout="00:01:00"
                            openTimeout="00:01:00"
                            receiveTimeout="00:10:00"
                            sendTimeout="00:01:00"
                            maxReceivedMessageSize="1048576"
                            maxBufferSize="1048576"
                            maxBufferPoolSize="134217728"
                            messageEncoding="Text"
                            textEncoding="utf-8">
                        <readerQuotas maxDepth="32"
                                    maxStringContentLength="8192"
                                    maxArrayLength="16384"
                                    maxBytesPerRead="4096"
                                    maxNameTableCharCount="16384" />
                        <!-- 
                        The security mode should be Transport only when the service is available over https
                        -->
                    </binding>
                    <binding name="SSL"
                            closeTimeout="00:01:00"
                            openTimeout="00:01:00"
                            receiveTimeout="00:10:00"
                            sendTimeout="00:01:00"
                            maxReceivedMessageSize="1048576"
                            maxBufferSize="1048576"
                            maxBufferPoolSize="134217728"
                            messageEncoding="Text"
                            textEncoding="utf-8">
                        <readerQuotas maxDepth="32"
                                    maxStringContentLength="8192"
                                    maxArrayLength="16384"
                                    maxBytesPerRead="4096"
                                    maxNameTableCharCount="16384" />
                        <security mode="Transport">
                            <transport clientCredentialType="None" />
                        </security>
                    </binding>
                </basicHttpBinding>
            </bindings>
            <!-- Requires AspNetCompatibility mode -->
            <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
        </system.serviceModel>
    </configuration>

    Tuesday, September 25, 2018 7:14 AM
  • Hello,
     
    Thanks for the feedback.
     
    Try using following script to run the WSUS Maintenance, and check if it works.
     
    https://gallery.technet.microsoft.com/scriptcenter/WSUS-Maintenance-w-logging-d507a15a
     
    Best Regards,
    Ray

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 25, 2018 8:30 AM
  • Are you performing the proper WSUS maintenance including but not limited to running the Server Cleanup Wizard (SCW), declining superseded updates, running the SQL Indexing script, etc.?

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-8-wsus-server-maintenance/

    You can also try:

    * Make the following "Advanced Settings" for WSUS Application Pool in IIS:
        - Queue Length: 25000 from 1000
        - Limit Interval (minutes): 15 from 5
        - "Service Unavailable" Response: TcpLevel from HttpLevel
    * (Stop IIS first) Edit the web.config ( C:\Program Files\Update Services\WebServices\ClientWebService\web.config ) for WSUS:
        - Replace <httpRuntime maxRequestLength="4096" /> with <httpRuntime maxRequestLength="204800" executionTimeout="7200"/>
    * Adjust the private memory limit.
        - If you have WSUS Automated Maintenance (WAM), from the WAM Shell run:
            .\Clean-WSUS.ps1 -SetApplicationPoolMemory 4096
        - If you don't have WAM, edit the pool's configuration directly to change it to 4194304 (4GB)


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Wednesday, September 26, 2018 2:46 AM
  • Hi Ray

    a week has passed and for the moment this command has been decisive

    "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

     
    Monday, October 1, 2018 6:31 AM