locked
The server is failing to download some updates RRS feed

  • Question

  • This is kind of a double-post but my other post is an add-on to an earlier, similar post and it's not getting any hits.

    Good afternoon, my WSUS server was working fine until about a month ago. I now have a lot of workstations that aren't getting their updates and the only pertinent message showing up in the WSUS server's Event Log is Event ID 10032 and the only text is "The server is failing to download some updates." That message shows up daily at 0200, 0800, 1400 and 2000 and the data in the error doesn't help me much either: 

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Windows Server Update Services" /> 
      <EventID Qualifiers="0">10032</EventID> 
      <Level>2</Level> 
      <Task>7</Task> 
      <Keywords>0x80000000000000</Keywords> 
      <TimeCreated SystemTime="2020-06-09T09:00:49.000000000Z" /> 
      <EventRecordID>841646</EventRecordID> 
      <Channel>Application</Channel> 
      <Computer>srv-Appy.link.com</Computer> 
      <Security /> 
      </System>
    - <EventData>
      <Data>The server is failing to download some updates.</Data> 
      </EventData>
      </Event>

    I use Nexpose to find workstations with vulnerabilities and when I run Windows Update Online from those workstations I find several to many updates that need to be installed. I've looked for errors in those workstation's Event Logs under WindowsUpdateClient but I've never found errors in that log. 

    Anybody have any ideas on what to look for?

    Thanks,

    Joe B

    Sunday, June 14, 2020 11:13 PM

All replies

  •      

    Hi JBruyet,

    Thanks for your posting.

    To further investigate your current issue, please consider checking according to the following steps:
    1. Not sure if you have a downstream WSUS server. If present, please consider checking that upstream and downstream synchronization is complete correctly.

    2. The client performs checking online for updates from Microsoft updates. Please check what updates are missing from the client. Please check whether these updates are syncing properly on the WSUS server or not.

    3. Please consider checking the status of client reports. Please refer to the image below to check the client's last contact status.


    4. Please consider following the link below to check upstream and downstream WSUS server connections:

    http://wsusname:portname/selfupdate/iuident.cab

    5. Please consider checking for the following services for the WSUS server to be working properly:
     WSUS service、 IIS 、Database service
    Please consider checking that the following services are working properly on the client:
     Bits service、 Windows Updates service

    If you have any updates, please let me know.

    Regards,
    Rita


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 15, 2020 3:03 AM
  • Hi,
     
    It seems there is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?
     
    If you have any questions, please keep us in touch.
     
    Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 17, 2020 1:33 AM
  • My apologies! I was just checking this thread and saw that my reply never made it. I'll try this again... 

    1) I only have the one WSUS server so I have no upstream or downstream issues. 

    2) I'm a little confused - I thought that one of the benefits of the WSUS server was to minimize network traffic for updates. I did a check on one of my workstations and when I clicked on "Check for updates" I received a notice that the workstation was up to date. When I clicked on "Check online for updates from Microsoft Update" I had five updates for Office, two updates for Windows 10, and one each for Adobe, .NET, and Leonvo. 

    3) I couldn't find that report. I looked both on the server and on the client. 

    4) Again, I only have the one WSUS server. 

    5) I found that many of my workstations did not have the BITS service running. I kludged together a PowerShell script to start all BITS services and then created a GP to start it automatically. 
    Wednesday, June 17, 2020 11:27 PM
  • Yesterday my reply didn't go through the first time and the reply I just wrote disappeared when I clicked on Submit. There's not much I can do incorrectly in clicking Submit...  

    In doing my testing I can turn on the BITS service on a workstation but it turns back off after a couple of minutes. I checked online and I've seen posts where this is normal behavior for the BITS service. I checked my workstation this morning and my results were the same as Number 2) listed above only with a couple more updates. Do you have any more diagnostic steps I can take? I would really like to keep my workstations to keep up with their updates. 

    Thanks, 

    Joe B 

    Thursday, June 18, 2020 5:47 PM
  • Hi JBruyet,
     
    Thanks for your time.
     
    It is recommended to refer the following picture to check for client's updates states on the WSUS console:
     

    If the client reports normally, consider checking Windowsupdates.log on the client. 
    Specific steps:Open the PowerShell as an administrator and enter get-windowsupdatelog to check for client errors.  
     
    If the client report is not correct, please consider checking the time when the client last contacted the WSUS server by referring to the following picture:


    If you have any updates, please keep us in touch. Wish you have a good weekend.
     
    Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 19, 2020 9:06 AM
  • Good afternoon Rita, 

    I checked the Last Status Report column and all but two of my workstations are current to within two days. Those two workstations are problem children that I'm working on. 

    I checked the Installed/Not Applicable Percentage column and the two workstations mentioned above are at 98%. Everything else is either 99% or 100%. 

    What other things can I check to find out why my workstations aren't pulling their updates down from my WSUS server ?

    Thanks,

    Joe B 

    Monday, June 22, 2020 7:13 PM
  • Hi Joe B,

    Thanks for your time.

    As you mentioned, two clients reported unhealthy status. This is why the client can't get updates from the WSUS properly. Consider referring to the picture to check the status of the client's contact with the WSUS server. This facilitates checking the status of WSUS-client connectivity.



    If the client is in a normal contact status with the WSUS server, the connection between the WSUS and the client is normal.  It is recommended to refer to this link to clean up the database first.

    It is recommended to check Windowsupdate.log on the client. Open Powershell as an administrator and enter get-windowsupdatelog to get this log.

    If you have any issues, please let me know.

    Best regards,
    Rita    


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 23, 2020 2:44 AM
  • Good morning Rita, 

    Those two clients aren't necessarily the computers that are having problems with their updates. Per my initial post I have "...a lot of workstations that aren't getting their updates..." Please let me try to state my problem more clearly.

    Using my Nexpose (vulnerability) server I have noticed that many workstations aren't getting updated. It's not all the same workstations all the time. When Nexpose lists vulnerabilities associated with Microsoft products I manually run "Check for updates." Rarely will this update the workstations. Then, when I run "Check online for updates from Microsoft Update," I usually have several updates that get downloaded and installed. I believe the problem is with my WSUS server because, again, per my initial post, my WSUS server has several occurrences of this error in the event log, "The server is failing to download some updates." I don't know how to find out which updates aren't getting downloaded. 

    I just ran a Synchronization Report for the date range 5/24/20 to 6/23/20 but the report has only one page and the range only goes back to 6/10/20. Fortunately there were some updates downloaded on the 10th. Hopefully this helps you figure out what the problem is with my my WSUS server.  

    Thanks, 

    Joe B 

    Tuesday, June 23, 2020 6:08 PM
  • Hi Joe B,
     
    Thanks for posting on this forum again.
     
    Please consider assisting in checking the WSUS server for other Event ID errors in Event Viewer. The EventID 10032 is just a generic rollup error noting that downloads are failing. 
     
    Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 24, 2020 8:14 AM
  • Good afternoon Rita, 

    The only WSUS errors in the App log are the 10032 errors. There are a couple of random ASP.NET errors but that's it. There are no WSUS errors in the Sys log and some NTFS errors related to VSS on backups. 

    Thanks, 

    Joe B 

    Tuesday, June 30, 2020 7:12 PM
  • Hi Joe B,
     
    Thanks for your time.
     
    Please check for SoftwareDistribution.log in the WSUS server. The log's location:
    C:\Program Files\Update Services\LogFiles
     
    If there is any error code, please post on this forum. Please refer the following to check error code:
     

    If you have any updates, please keep us in touch. Hope you have a nice day.
     
    Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 2, 2020 7:25 AM
  • Good afternoon Rita, 

    There are no "Exit code" errors in the log. I did, however, find a repeating group of errors and they happen daily at the same time. See below for the specifics on the errors: 

    2020-07-01 07:08:05.190 UTC	Info	WsusService.40	CatalogSyncAgent.UpdateServerHealthStatusBasedOnError	ServerHealth: Updating Server Health for Component: CatalogSyncAgent, Marking as Not Running
    
    2020-07-01 07:08:07.752 UTC	Error	WsusService.37	ContentSyncAgent.WakeUpWorkerThreadProc	Importing file 65800D83C93AD4BC7FF77C4B374CED4875CEFC10 caught exception at VerifyFile: System.IO.FileNotFoundException: Could not find file 'e:\wsus1\WsusContent\10\65800D83C93AD4BC7FF77C4B374CED4875CEFC10.cab'.
    File name: 'e:\wsus1\WsusContent\10\65800D83C93AD4BC7FF77C4B374CED4875CEFC10.cab'
       at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
       
    2020-07-01 15:01:45.032 UTC	Info	WsusService.14	CatalogSyncAgent.UpdateServerHealthStatusBasedOnError	ServerHealth: Updating Server Health for Component: CatalogSyncAgent, Marking as Not Running
    
    2020-07-02 07:08:05.200 UTC	Info	WsusService.41	CatalogSyncAgent.UpdateServerHealthStatusBasedOnError	ServerHealth: Updating Server Health for Component: CatalogSyncAgent, Marking as Not Running
    
    2020-07-02 07:08:07.529 UTC	Error	WsusService.12	ContentSyncAgent.WakeUpWorkerThreadProc	Importing file 65800D83C93AD4BC7FF77C4B374CED4875CEFC10 caught exception at VerifyFile: System.IO.FileNotFoundException: Could not find file 'e:\wsus1\WsusContent\10\65800D83C93AD4BC7FF77C4B374CED4875CEFC10.cab'.
    File name: 'e:\wsus1\WsusContent\10\65800D83C93AD4BC7FF77C4B374CED4875CEFC10.cab'
       at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
    
    2020-07-02 15:00:38.642 UTC	Info	WsusService.14	CatalogSyncAgent.UpdateServerHealthStatusBasedOnError	ServerHealth: Updating Server Health for Component: CatalogSyncAgent, Marking as Not Running
    

    It's always the same .cab file. I was going to ask - how long does it take for my WSUS server to update itself when Microsoft pushes out new updates? Maybe I'm not waiting long enough for my WSUS server download them? 

    Thanks, 

    Joe B 

     
    Thursday, July 2, 2020 9:21 PM
  • Hi Joe B,
     
    We may try the following steps to check for the WSUS Server healthy.
     
    1. Open CMD as an administrator, navigate to wsusutil.exe tool and enter "wsusutil.exe checkhealth".
    2. Open Event View to check error information.
     
    Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 13, 2020 8:33 AM
  • You can start fresh, format and re-install.  A thread related to WSUS that has persisted this long should be deleted
    Wednesday, July 15, 2020 1:27 AM
  • Good morning Rita, 

    I ran the utility and the only thing that showed up in the event viewer was this one error in the App log: 

    The server is failing to download some updates.

    I was hoping to recover this WSUS install but maybe gettn is right; maybe I should cut my losses and put this on another server. I can't reformat this one because it's being used for other production purposes. 

    Thanks,

    Joe B 

    Wednesday, July 15, 2020 4:31 PM
  • 1 stop troubleshooting page

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

    At the end, if you come to the end, you'll find out it's WSUS and you can choose to reinstall it or WAM it.

    Also verify that the updates that are needed are approved. Please see part 6 of my blog series that deals with the Approvals process.

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-6-selecting-your-test-systems-the-approvals-process/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Wednesday, July 15, 2020 6:52 PM
  • Hi JBruyet,
     
    It is recommended to rebuild the WSUS role on another server. It will save a lot of time. We may follow the below steps to remove the WSUS role and rebuild it.
     
    To remove WSUS completely, you need to:
    1. Remove the following server roles and features through Server Manager:
    Roles: Windows Server Update Server
    features: Windows Server Update Services Tools(at Remote Server Administration Tools -> Role Administration Tools)
    Follow the wizard prompts to complete the deletion. Then restart the server.

    2. After the server is restarted, manually delete the folder or file of the following path:
    - C:\WSUS (this depends on where you choose to install WSUS)
    - C:\Program Files\Update Services

    3. Delete database files
    If you use SQL Server Management Studio to delete a database, you can try as follow.
    In Object Explorer, connect to an instance of the SQL Server Database Engine, and then expand that instance.Expand Databases, right-click the database to delete, and then click Delete.Confirm the correct database is selected, and then click OK.

    If you use a WID database, it is recommended to delete the following path folders:
    C:\Windows\WID

    4. In the IIS Information Services (IIS) Manager, manually remove the WSUS Administration site. Then restart the server. 
    Or, you can also consider using the Powershell command Remove-WebSite -Name "WSUS Administration" for deletion.
     
    Rebuild the WSUS role, please refer the following link:
    https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services
     
    Regards,
    Rita 

    "WSUS" forum will be migrating to a new home on Microsoft Q&A!
    We invite you to post new questions in the "WSUS" forum's new home on Microsoft Q&A!
    For more information, please refer to the sticky post.

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 16, 2020 1:54 AM