locked
Clients unable to retrieve updates from WSUS RRS feed

  • Question

  • Hello Everyone,

    I'm experiencing an issue where all client machines are unable to contact the WSUS Server in regards to retrieving updates. There seems to be some sort of communication between the two as all of the computers show up on WSUS.

    When running Solarwinds WSUS Agent Diagnostics tool I get one error which is:
      clientwebservice/client.asmx:                      Error:Client found response content type of 'text/html', but expected 'text/xml'.

    I'm able to provide any info that you need.

    Thanks for your time.

    Fabian


    • Edited by FFadeyi Monday, December 11, 2017 11:52 AM
    Monday, December 11, 2017 11:51 AM

All replies

  • Hi,

    As you mentioned , all clients are unable to connect to WSUS server .

    Generally , we may first check the GPO setting or the local group policy setting to ensure the clients are targeting to correct WSUS server .

    Then, test the network connection between WSUS and clients .

    Try to disable any firewall between WSUS and clients .

    Is there any proxy setting between WSUS and clients ? If it exists ,please try to remove it to narrow the issue down .

    After that , please post the error code when you try to check updates from client side . Also ,please detail the WSUS server and client OS version .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 12, 2017 3:16 AM
  • Try to download the WSUS iuident CAB file from the client.

    http://server.domain.local:8530/selfupdate/iuident.cab
    https://server.domain.local:8531/selfupdate/iuident.cab

    or try to browse to

    http://server.domain.local:8530/ClientWebService/client.asmx
    https://server.domain.local:8531/ClientWebService/client.asmx

    If you can download it or browse to it, that's the port/url to use in your GPO. If you can't, check firewall settings and port settings.

    If you've established that it is responding and you can see those files/download them but still the issue persists, make sure the WsusPool Application Pool i started in IIS. If that is, then run my script below as it fixes these types of issues.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.

    If after 24-72 hours those systems don't report in properly, then run the following client side script on one of the affected clients from an Administrative Command Prompt:

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    • Proposed as answer by Elton_Ji Wednesday, January 10, 2018 4:00 PM
    Tuesday, December 12, 2017 3:19 AM