locked
WSUS on 2016 Issues RRS feed

  • Question

  • I have setup WSUS on 2016, WSUS version is 10.0.14393.2007

    WSUS clients are Windows 10 and 2016

    Some clients are showing the status as not yet reported and some as 99% even though none of the patches are installed on clients. No firewall in between and none of the clients are getting patches on the clients.

    I am able to access the WSUS from cleint using http://x.x.x.x:8530/Selfupdate/iudent.cab

    WSUS DB size is 45 GB and all the patches are approved on WSUS.

    Client is I have deleted Softwaredistribution folder, after sync it becomes around 500MB and then stops.

    The error on client is "We couldn't connect to the update service....

    Sometimes WSUS service crashed which can only be resolved with a server restart. WSUS server is updated with all the patches from the Internet.

    How can I resolve this error?

    Friday, November 8, 2019 7:38 AM

All replies

  • Hi Avilt,
       

    I am able to access the WSUS from cleint using http://x.x.x.x:8530/Selfupdate/iudent.cab

    WSUS DB size is 45 GB and all the patches are approved on WSUS.

    Client is I have deleted Softwaredistribution folder, after sync it becomes around 500MB and then stops.

    The error on client is "We couldn't connect to the update service....

    Is the client with this problem in an environment that cannot access the Internet?
    If so, make sure that the following policies are configured for the group policy that this part of the client is applying:
       

    • [Windows Components > Windows Update > Windows Update for Business]
      - "Select when Feature Updates are received" 
      - "Select when Quality Updates are received"
         
    • [Windows Components > Windows Update]
      - "Do not connect to any Windows Update Internet locations"
        

    Ensure that none of these policies are configured (Enabled or Disabled).
       

    Sometimes WSUS service crashed which can only be resolved with a server restart. WSUS server is updated with all the patches from the Internet.

    How can I resolve this error?

    Consider periodically performing a cleanup wizard for the WSUS server, or clean it up with a script.
    A WSUS server that has not been cleaned for a long period of time may have a long cleanup time. Please consider performing it at the appropriate free time.
        

    Reply back with the results would be happy to help.
        

    Regards,
    Yic


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 8, 2019 8:18 AM
  • Yes, there is no Internet

    The following policies are in non configured state. Further advise is needed. This is a new setup cleanup is not applicable.

    • [Windows Components > Windows Update > Windows Update for Business]
      - "Select when Feature Updates are received" 
      - "Select when Quality Updates are received"
    • [Windows Components > Windows Update]
      - "Do not connect to any Windows Update Internet locations"


    • Edited by avilt Sunday, November 10, 2019 1:44 PM
    Friday, November 8, 2019 4:05 PM
  • Hi Avilt,
       

    Thank you for your reply.
    Let us continue to analyze this issue. If the WSUS control will crash frequently, consider first adjusting the WSUS application pool private memory in IIS:
       

    1. On your WSUS Server, launch the IIS Manager.
    2. Click 'Application Pools' is in the Connections list.
    3. Right click 'WsusPool' and select 'Advanced Settings…'
      'General' - 'Queue Length' : 25,000.
      'Rapid-Fail Protection' - 'Service Unavailable' Response: TcpLevel
      'Rapid-Fail Protection' - 'Failure Interval (minutes)' : 30
      'Rapid-Fail Protection' - 'Maximum Failures' : 60
      'Recucling' - 'Private Memory limit' : x4 times, or set to 0 (unlimited).
    4. Click 'ok' to save and restart the server.
     

    Second, notice that the environment you mentioned is newly deployed. After the first synchronization of WSUS, there will be an early update of the selected product, which will include many updates that have been replaced. Consider adding a "Supersedence" column to the update view of the console and sorting:
       


          
    Decline the following types of updates:
     This update has been superseded by another update and superseded another update as well.
     This update has been superseded by another update.
        

    Third, after completing the above operations, please be patient and wait for all clients to complete the report and approve the update with the status "Needed". The update will download the file after approval, and the client will only get the update and installation after the file is downloaded. You might consider adding a "File Status" column to the console update view to get download status information for the update file. 


         

    Reply back with the results would be happy to help.
      

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 11, 2019 2:16 AM
  • After this change now it seems like WSUS is not crashing (still under observation)

    But Windows 10/2016 clients are still not downloading the patches. Sorry the image is reverted.

    Please advise



    • Edited by avilt Monday, November 11, 2019 10:39 AM update
    Monday, November 11, 2019 9:35 AM
  • Take a look at

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

    Follow the troubleshooting.


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Monday, November 11, 2019 11:48 PM
  • Hi Avilt,
      

    The 0x80244019 error code is an HTTP 404 error and basically means that the file that the client was looking for is not present on the WSUS Server. So I think:
       

    1. Going back to the "file status".
      In the update view of the WSUS console, check the several updates mentioned in the screenshot and their file status has been successfully downloaded.
        
    2. If a download failure error occurs, please consider the update above decline and re-approve.
         
    3. If the error persists, consider generating windowsupdate.log on the client. By retrieving the error code "0x80244019" in the log, the location of the file accessed by the client during the update acquisition process is determined, thereby performing subsequent troubleshooting.
         

    Hope the above can help you.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 12, 2019 3:04 AM
  • Thank You for all the help. but none worked.

    I will stop pursuing this case now, I did a fresh setup with bare minimal approval, now Win10/2016 clients are getting the updates.

    Tuesday, November 12, 2019 4:47 PM
  • Hi Avilt,
       

    It’s great to see that it’s back to normal, and I’m sorry that the advice I provided didn’t help you.
    In order for everyone to better understand the current progress, the following is the current summary of this thread:
      

    • Issue Symptom
      WSUS Clients (OS: Windows 10 and Server 2016) cannot get updates via WSUS.

    • Error message
      (1) We couldn’t connect to the update service, We’ll try again later, or you can check now, If it doesn’t work, make sure you’re connected to the internet.
      (2) 0x80244019
         
    • Possible Cause
      The number of approved updates in the WSUS database is large (45GB), and the IIS site handles the interruption.
         
    • Solution
      Redeploy the installation of the WSUS role.
         
    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 14, 2019 6:23 AM