locked
The WSUS administration console was unable to connect to the WSUS Server via the remote API. RRS feed

  • Question

  • After the monthly update cycle, I now have a WSUS server that will not allow local connection via WSUS Console.

    In the past, uninstalling KB2720211 has helped, but not this time. 

    The OS installed is Server 2012 R2

    I have tried the following...

    "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing


    C:\Windows\system32>"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
    Log file is located at C:\Users\bpadmin\AppData\Local\Temp\tmpBC8D.tmp
    Post install is starting
    Post install has successfully completed

    Completed this: (Insert https : / /  in front - I'm not allowed to put full address it seems - nice)

    support.microsoft.com/en-us/kb/3159706 

    Tried removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

    Restarting the following services does not fix issue.
    The Windows Internal Database service
    Update Services
    World Wide Web Publishing Service

    I have tried (Insert http in front - I'm not allowed to put full address) jackstromberg.com/2013/10/windows-update-services-multiple-errors-in-event-viewer-event-id-1205212042-12022-12032-12012-1200213042/

    Now, running a wsusutil checkhealth the following errors are created in application log.  They were not present before the update.

    The DSS Authentication Web Service is not working.
    Event ID 12052

    The SimpleAuth Web Service is not working.
    Event ID 12042

    The Client Web Service is not working.
    Event ID 12022

    The Server Synchronization Web Service is not working.
    Event ID 12032

    The API Remoting Web Service is not working.
    Event ID 12012

    The Reporting Web Service is not working.
    Event ID 12002

    Many client computers have not reported back to the server in the
    last 30 days. 32 have been detected so far.
    Event ID 13032

    Error generated from console.


    The WSUS administration console was unable to connect to the WSUS Server via the remote API.

    Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

    The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

    Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.


    System.IO.IOException -- The handshake failed due to an unexpected packet format.

    Source
    System

    Stack Trace:
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
       at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.ConnectStream.WriteHeaders(Boolean async)
    ** this exception was nested inside of the following exception **


    System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send.

    Source
    Microsoft.UpdateServices.Administration

    Stack Trace:
       at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
       at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()

    Monday, October 17, 2016 2:57 AM

Answers

  • After three weeks of working on this WSUS issue that appeared after an update from MS, I had no choice other than contacting MS.  This is the second time in 30 years of server administration.

    I removed and reinstalled the WSUS role six times.  It failed to remove itself correctly.  I used SQL management studio to verify the data bases had been removed after the removal of the role.   It would not create its data bases, and IIS had missing files during WSUS installation.   The MS tech removed the role and had exactly the same issues.

    This server was deployed only three months ago, and had no funky issues.  In the third month, an update broke WSUS.  Very disappointing on many points.  Every 2012 R2 server that we look after that has WSUS installed has faulted with this update.  This was the only server that I could not repair.  Why doesn’t the uninstaller do its job?  Conversely, why doesn’t the installer correctly recreate its data bases and IIS site?    After all, they are a role in the OS.  More importantly, why are these updates not tested more carefully before they are let loose?   I can see that I am not the only one that this has happened to.     

    This issue is now resolved.  Sorry, but none of the suggestions worked.  MS had to replace missing IIS files, and perform many manual steps.

    Terry

    Sunday, October 30, 2016 10:18 PM

All replies

  • Hi TJRobison,

    Please check if you have installed KB3159706 on the WSUS server?

    If yes, you need to do manual steps to finish the installation, please check the following article for detailed information:

    https://support.microsoft.com/en-us/kb/3159706

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 17, 2016 6:39 AM
  • Hi Anne,

    Yes, I have KB3159706 installed, and have performed the manual steps in your referenced link.  No joy.

    Terry

    Monday, October 17, 2016 8:00 AM
  • Hi TJRobison,

    Please try restarting IIS service and run Cd /d C:\program files\update services\tools>wsustil reset in CMD.

    Also check WSUS IIS site:

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, October 18, 2016 9:26 AM
  • Hi Anne,

    I have just restarted the server, and tried a wsustil reset with an elevated command prompt.

    There is not difference.  I have tried this before, same result.  Removing KB3159706 and restarting will produce fewer errors.  All of these errors disappear... but I can't connect. 

          The DSS Authentication Web Service is not working.
          Event ID 12052

          The SimpleAuth Web Service is not working.
          Event ID 12042

          The Client Web Service is not working.
          Event ID 12022

          The Server Synchronization Web Service is not working.
          Event ID 12032

          The API Remoting Web Service is not working.
          Event ID 12012

          The Reporting Web Service is not working.
          Event ID 12002

    Now if I reinstall KB3159706, the errors above return.  I have had 6 other 2012 R2 WSUS servers fault.  Quality testing on MS end.  Most of the time removing KB3159706 has allowed the console to work again until MS manages to reinstall it.  The other 40 servers I manage (not 2012 R2) do not have this issue.

    Terry

    Terry

     

    Tuesday, October 18, 2016 11:21 AM
  • Hi TJRobision,

    What is the situation after you remove KB3159706. We'd better make it work without KB3159706, then reinstall the KB.

    Please try if increase Private Memory Limit could help:

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by LA.Martín Thursday, August 30, 2018 8:30 AM
    Wednesday, October 19, 2016 8:18 AM
  • Hi Anne,

    After removing patch it still does not work.  I have also tried the increasing the memory earlier with on effect.  I have tried every thing listed in this forum that I could find on this topic.  Nothing has helped.

    Why can't the authors of the product release patches that don't break production boxes.  Every windows 2012 R2 WSUS server I administer has faulted with the release of MS patch multiply times.  I fix it, then a month or two later, it's broken.  This is the only one I can't recover.  Sorry for venting, but so unprofessional.  All the servers I administer are in the medical field, and are difficult to schedule down time repeatability for the same reoccurring issue.

    Terry 

    Wednesday, October 19, 2016 10:19 PM
  • All services are running, but I have the following errors in the event logs.

    Windows Setup Log

    • Windows update "Update for Microsoft Windows (KB3159706)" requires a computer restart to finish uninstalling. (Command line: "wusa  /uninstall /kb:3159706 /norestart")
    • Windows update "Update for Microsoft Windows (KB3159706)" was successfully uninstalled. (Command line: "wusa  /uninstall /kb:3159706 /norestart")
    • Package KB3159706 was successfully changed to the Absent state.
      Initiating changes for package KB3159706. Current state is Absent. Target state is Staged. Client id: WindowsUpdateAgent.
    • Package KB3159706 failed to be changed to the Staged state. Status: 0x800f0816.
    • Initiating changes for package KB3159706. Current state is Resolved. Target state is Installed. Client id: WindowsUpdateAgent.
    • Package KB3159706 was successfully changed to the Installed state.


    Errors in the Application Log

    • The DSS Authentication Web Service is not working.
    • The SimpleAuth Web Service is not working.
    • The Client Web Service is not working.
    • The Server Synchronization Web Service is not working.
    • The API Remoting Web Service is not working.
    • The Reporting Web Service is not working.
    • The WSUS content directory is not accessible.
           System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
         at System.Net.HttpWebRequest.GetResponse()
         at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

    Thursday, October 20, 2016 5:47 AM
  • Hi TJRobison,

    I understand the inconvenience you got and pity for that. Generally, doing the manual steps for KB3159706 may fix the issue. While seems it's not such easy to your issue.

    Since it has been a period of time that you are suffering, and if your WSUS server is really in a mess, I would suggest re-installing the WSUS role. Usually, it will be easier to reinstall compare to troubleshooting.

    If you decide to re-install, then you may do the following things:

    1. Remove WSUS role;

    2. Remove SUSDB in C:\Windows\WID\Data, SUSDB.mdf and SUSDB_log.ldf, it's better to install SQL server management studio 2012 to verify if the SUSDB is removed;

    3. Remove WSUS content; If you don't want to re-download, you may also backup it and do a migrate after re-installing;

    4. Remove WSUS IIS site;

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.




    Friday, October 21, 2016 3:55 AM
  • Hi Anne,

    I tried the above twice.  Failure both attempts. 

    SQL server management studio has been installed and the WSUS database was not connected before the reinstall. 

    Unable to open the physical file "C:\Windows\WID\Data\SUSDB.mdf"

    In SQL Management Studio, after the reinstall, I have SUSDB (Recovery Pending).  There is no SUSDB.mdf or SUSDB_log.ldf.

    2016-10-21 23:03:07  Postinstall started
    2016-10-21 23:03:07  Detected role services: Api, UI, WidDatabase, Services
    2016-10-21 23:03:07  Start: LoadSettingsFromParameters
    2016-10-21 23:03:07  Content local is: True
    2016-10-21 23:03:07  Content directory is: C:\WSUS
    2016-10-21 23:03:07  SQL instname is:
    2016-10-21 23:03:07  End: LoadSettingsFromParameters
    2016-10-21 23:03:07  Start: Run
    2016-10-21 23:03:07  Fetching WsusAdministratorsSid from registry store
    2016-10-21 23:03:07  Value is S-1-5-21-3220866179-542948053-1401830000-1107
    2016-10-21 23:03:07  Fetching WsusReportersSid from registry store
    2016-10-21 23:03:07  Value is S-1-5-21-3220866179-542948053-1401830000-1108
    2016-10-21 23:03:18  Configuring content directory...
    2016-10-21 23:03:18  Configuring groups...
    2016-10-21 23:03:18  Starting group configuration for WSUS Administrators...
    2016-10-21 23:03:18  Found group in regsitry, attempting to use it...
    2016-10-21 23:03:18  Searching for existing group...
    2016-10-21 23:03:18  Existing group was found
    2016-10-21 23:03:18  Writing group to registry...
    2016-10-21 23:03:18  Finished group creation
    2016-10-21 23:03:18  Starting group configuration for WSUS Reporters...
    2016-10-21 23:03:18  Found group in regsitry, attempting to use it...
    2016-10-21 23:03:18  Searching for existing group...
    2016-10-21 23:03:18  Existing group was found
    2016-10-21 23:03:18  Writing group to registry...
    2016-10-21 23:03:18  Finished group creation
    2016-10-21 23:03:18  Configuring permissions...
    2016-10-21 23:03:18  Fetching content directory...
    2016-10-21 23:03:18  Fetching ContentDir from registry store
    2016-10-21 23:03:18  Value is C:\WSUS
    2016-10-21 23:03:18  Fetching group SIDs...
    2016-10-21 23:03:18  Fetching WsusAdministratorsSid from registry store
    2016-10-21 23:03:18  Value is S-1-5-21-3220866179-542948053-1401830000-1107
    2016-10-21 23:03:18  Fetching WsusReportersSid from registry store
    2016-10-21 23:03:18  Value is S-1-5-21-3220866179-542948053-1401830000-1108
    2016-10-21 23:03:18  Creating group principals...
    2016-10-21 23:03:18  Granting directory permissions...
    2016-10-21 23:03:18  Granting permissions on content directory...
    2016-10-21 23:03:18  Granting registry permissions...
    2016-10-21 23:03:18  Granting registry permissions...
    2016-10-21 23:03:18  Granting registry permissions...
    2016-10-21 23:03:18  Configuring shares...
    2016-10-21 23:03:18  Configuring network shares...
    2016-10-21 23:03:18  Fetching content directory...
    2016-10-21 23:03:18  Fetching ContentDir from registry store
    2016-10-21 23:03:18  Value is C:\WSUS
    2016-10-21 23:03:18  Fetching WSUS admin SID...
    2016-10-21 23:03:18  Fetching WsusAdministratorsSid from registry store
    2016-10-21 23:03:18  Value is S-1-5-21-3220866179-542948053-1401830000-1107
    2016-10-21 23:03:18  Content directory is local, creating content shares...
    2016-10-21 23:03:19  Creating share "UpdateServicesPackages" with path "C:\WSUS\UpdateServicesPackages" and description "A network share to be used by client systems for collecting all software packages (usually applications) published on this WSUS system."
    2016-10-21 23:03:19  Creating share...
    2016-10-21 23:03:19  Share successfully created
    2016-10-21 23:03:19  Creating share "WsusContent" with path "C:\WSUS\WsusContent" and description "A network share to be used by Local Publishing to place published content on this WSUS system."
    2016-10-21 23:03:19  Creating share...
    2016-10-21 23:03:19  Share successfully created
    2016-10-21 23:03:19  Creating share "WSUSTemp" with path "C:\Program Files\Update Services\LogFiles\WSUSTemp" and description "A network share used by Local Publishing from a Remote WSUS Console Instance."
    2016-10-21 23:03:19  Creating share...
    2016-10-21 23:03:19  Share successfully created
    2016-10-21 23:03:19  Finished creating content shares
    2016-10-21 23:03:19  Stopping service WSUSService
    2016-10-21 23:03:19  Stopping service W3SVC
    2016-10-21 23:03:20  Configuring WID database...
    2016-10-21 23:03:20  Configuring the database...
    2016-10-21 23:03:20  Establishing DB connection...
    2016-10-21 23:03:20  Checking to see if database exists...
    2016-10-21 23:03:20  Database exists
    2016-10-21 23:03:20  Switching database to single user mode...
    2016-10-21 23:03:20  System.Data.SqlClient.SqlException (0x80131904): Unable to open the physical file "C:\Windows\WID\Data\SUSDB.mdf". Operating system error 2: "2(The system cannot find the file specified.)".
    Unable to open the physical file "C:\Windows\WID\Data\SUSDB.mdf". Operating system error 2: "2(The system cannot find the file specified.)".
    Could not restart database "SUSDB". Reverting to the previous status.
    ALTER DATABASE statement failed.
    File activation failure. The physical file name "C:\Windows\WID\Data\SUSDB_log.ldf" may be incorrect.
    File activation failure. The physical file name "C:\Windows\WID\Data\SUSDB_log.ldf" may be incorrect.
       at Microsoft.UpdateServices.DatabaseAccess.DBConnection.DrainObsoleteConnections(SqlException e)
       at Microsoft.UpdateServices.DatabaseAccess.DBConnection.ExecuteCommandNoResult()
       at Microsoft.UpdateServices.Administration.ConfigureDB.ConnectToDB()
       at Microsoft.UpdateServices.Administration.ConfigureDB.Configure()
       at Microsoft.UpdateServices.Administration.ConfigureDB.Run(String instanceName, Action`1 logWriter, Boolean contentLocal)
       at Microsoft.UpdateServices.Administration.PostInstall.Run()
       at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
    ClientConnectionId:faba8a2e-03a2-4fa4-b506-e267158ef207
    Error Number:5120,State:101,Class:16

    Friday, October 21, 2016 12:41 PM
  • Hi Anne,

    I remove and reinstalled two more times, same issue.  Next I copied the original SUSDB.mdf and SUSDB_log.ldf files to C:\Windows\WID\Data.  Then stated the WSUS console.  It connected.  The WSUSContent directory is empty.  Should I copy the original content back in?  Or hopefully let it populate.

    I will look in a day or two to see it workstations are connecting.  The removal of WSUS and manual removal of databases didn't really work as I would think they should.  They were not connected in management studio, and the reinstallation of WSUS failed to recreate the databases.  I am happy I moved them to a temp holding place as the installer would not create these.

    Terry

    Friday, October 21, 2016 1:05 PM
  • Hi Anne,

    This morning, I checked - no computers have contacted WSUS.

    Application Log generates this error after:  WsusUtil.exe checkhealth

    • The Client Web Service is not working.  Event ID: 12022

    I have also performed a: WsusUtil.exe reset

    Terry

    Saturday, October 22, 2016 3:37 AM
  • please check the below link.

    https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=.NET%20Framework&ProdVer=2.0.50727&EvtID=12022&EvtSrc=Windows%20Server%20Update%20Services&LCID=1033


    Regards,
    Sandeep Poonia
    Please verify the answer if it helps you.

    Saturday, October 22, 2016 3:55 AM
  • Sandeep,  Sorry no difference.

    Terry

    Saturday, October 22, 2016 7:19 AM
  • Hi TJRobison,

    >Unable to open the physical file "C:\Windows\WID\Data\SUSDB.mdf"

    >In SQL Management Studio, after the reinstall, I have SUSDB (Recovery Pending).  There is no SUSDB.mdf or SUSDB_log.ldf.

    What is the message do you get when you unable to open the physical file?

    Also check if the following article could help:

    https://blogs.technet.microsoft.com/reshard_sharps_blog/2013/08/18/wsus-post-deployment-configuration-fails-on-windows-server-2012/

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 26, 2016 3:24 AM
  • After three weeks of working on this WSUS issue that appeared after an update from MS, I had no choice other than contacting MS.  This is the second time in 30 years of server administration.

    I removed and reinstalled the WSUS role six times.  It failed to remove itself correctly.  I used SQL management studio to verify the data bases had been removed after the removal of the role.   It would not create its data bases, and IIS had missing files during WSUS installation.   The MS tech removed the role and had exactly the same issues.

    This server was deployed only three months ago, and had no funky issues.  In the third month, an update broke WSUS.  Very disappointing on many points.  Every 2012 R2 server that we look after that has WSUS installed has faulted with this update.  This was the only server that I could not repair.  Why doesn’t the uninstaller do its job?  Conversely, why doesn’t the installer correctly recreate its data bases and IIS site?    After all, they are a role in the OS.  More importantly, why are these updates not tested more carefully before they are let loose?   I can see that I am not the only one that this has happened to.     

    This issue is now resolved.  Sorry, but none of the suggestions worked.  MS had to replace missing IIS files, and perform many manual steps.

    Terry

    Sunday, October 30, 2016 10:18 PM
  • This works for me. PERFECT.

    SO windows 2016.

    Thanks.

    Thursday, August 30, 2018 8:30 AM
  • The solution of WSUS post install problem on Windows Server 2012 R2 and 2016:

    https://www.kjctech.net/fixing-failed-to-start-and-configure-the-wsus-service-in-windows-server-2012-r2/

    See the second option.

    The second option works for me! Solved my Wsus install problem on Windows Server 2016 server.

    You could re-run WSUS post install on Win2016 by using commands:

    cd "c:\Program Files\Update Services\Tools"

    c:\Program Files\Update Services\Tools>WsusUtil.exe postinstall CONTENT_DIR=D:\WSUS

    Please change Wsus CONTENT_DIR according to your setup environment.

    Friday, February 22, 2019 7:13 PM