Answered by:
Join existing WSUS server to a new domain
Question
-
I find a lot of posts on here but only on "migrating WSUS" to new domain or moving to new hardware etc. Not my specific problem/situation
I have an existing 2012 R2 server running WSUS (as it installs from Roles). It was working perfectly fine on its ABC domain. We've been told to abandon that domain and join it to the DEF domain. Un-joining Windows server from one domain and joining to another is simple and we did so. On a client machine though, even though I edit the registry where it references the wsus server, to change the domain name here, when I Check for Updates, it says none are needed, which I know is wrong since it shows last updated several months ago. So, I'm wondering if the problem may be that Wsus still has the old domain name referenced somewhere? I'd spent quite some time configuring wsus on it and am hoping to avoid redoing it all. SURELY there has to be a way to do this, without having to do a "wsus migration" (and where do i migrate it to? I don't want to put it on a new server) Besides I tried a "wsus migration" in the past and found it did a poor job.
- Edited by dilbert2015 Friday, January 22, 2016 9:54 PM
Friday, January 22, 2016 9:47 PM
Answers
-
Looks like I may have figured it out.
On one client server that DID see the wsus server (and detect updates properly), I noticed we had put in a target group, and had specified other settings in the AU key. When I stopped it's wuauserv service, exported the \WindowsUpdate reg key to the non-functioning client server (that was missing these reg settings), and also did the "resetauthorization detectnow" as you described, it began working.
See below:
We're installing the patches right now, and if it fails I'll post back. If not, we can assume all is well.
Yes, I do the 3 maintenance steps you mention, but am a little behind currently. Will do this ASAP. I already ran the SCW though.
Thanks for the advice Don.
- Edited by dilbert2015 Tuesday, January 26, 2016 2:55 PM
- Marked as answer by dilbert2015 Tuesday, January 26, 2016 5:46 PM
Monday, January 25, 2016 10:25 PM
All replies
-
On a client machine though, even though I edit the registry where it references the wsus server, to change the domain name here, when I Check for Updates, it says none are needed, which I know is wrong since it shows last updated several months ago.
WSUS is AD-agnostic, it does not require to be domain-joined at all, since WSUS clients do not authenticate to WSUS (it's all done as anonymous).
Clients receive a cookie when they contact WSUS and the client performs a type of "registration" in the client database stored in c:\windows\software distribution\datastore\datastore.edb (which is one of the reasons why deleting c:\windows\software distribution\ is sometimes suggested)
on the client, stop the AU service (net stop wuauserv)
rename the c:\windows\windowsupdate.log on the client.
start the AU service on the client (net start wuauserv)
[this will cause a fresh log to be created and you can then easily examine the log for issues/errors]it may be necessary to perform a wuauclt /resetauthorization /detectnow (this will regenerate the registration and cookie, and force a detection).
depending on the results/errors, it may also be necessary to dump the client database, if so;
net stop wuauserv
rename the folder c:\windows\softwaredistribution
net start wuauservalso it's worth examining the logs on the WSUS for issues/errors (event logs and also logfiles @ c:\program files\update services\logs\ )
Don [doesn't work for MSFT, and they're probably glad about that ;]
- Proposed as answer by Anne HeMicrosoft contingent staff Monday, January 25, 2016 1:56 AM
Friday, January 22, 2016 10:53 PM -
Hi dibert2015,
In addition to DonPick, we may also check if the client could ping the WSUS server and resolve the WSUS server's new FQDN, as it joined to a new domain.
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
Monday, January 25, 2016 2:03 AM -
Whoa Anne from Microsoft, hold on there proposing as "answer", I barely had a chance to try Don's suggestions! And yes, pinging the wsus server by fqdn and IP both work fine.
Don, I tried the first two ideas you mention and it didn't help. Client shows "Your PC is up to date" and "Updates were installed: Never" When I check online for updates though, it shows22 important, 11 optional update needed.
When I did the wuauclt /resetauthorization /detectnow, the wuauserve service was running. Was it supposed to be stopped?
Something else that may (or may not) matter. The entire server holding the WSUS role was restored from tape backup, since a co-worker accidentally uninstalled WSUS from it. (It was restored on Jan 22nd from a backup made on Jan 16th.) I'm thinking this isn't relevant, since updates weren't run on the affected client servers, since well before Jan 16th. And of course the wsus server windows OS shows the current date properly....
My windowsupdate.log file shows a few warnings or errors. (names changed of servers/domains to protect the innocent) Let me know if you think I need to move on to dumping the client database, or do something else:
2016-01-25 07:57:12:448 992 4420 Misc WARNING: Network Cost is assumed to be not supported as something failed with trying to get handles to wcmapi.dll
2016-01-25 07:57:12:464 992 4420 AU # AU disabled through Policy
2016-01-25 07:57:12:464 992 4420 AU # Will interact with non-admins (Non-admins are elevated (User preference))
2016-01-25 07:57:12:464 992 4420 Misc WARNING: IsSessionRemote: WinStationQueryInformationW(WTSIsRemoteSession) failed for session 3, GetLastError=2250
2016-01-25 07:57:12:464 992 4420 AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037
2016-01-25 07:57:12:464 992 4420 AU AU finished delayed initialization
2016-01-25 07:57:12:464 992 1a14 DnldMgr Asking handlers to reconcile their sandboxes
2016-01-25 07:57:21:682 992 3df4 IdleTmr Incremented idle timer priority operation counter to 1
2016-01-25 07:57:25:073 992 2cbc AU Triggering AU detection through DetectNow API
2016-01-25 07:57:25:073 992 2cbc AU Triggering Online detection (interactive)
2016-01-25 07:57:25:073 992 4420 AU #############
2016-01-25 07:57:25:073 992 4420 AU ## START ## AU: Search for updates
2016-01-25 07:57:25:073 992 4420 AU #########
2016-01-25 07:57:25:073 992 4420 IdleTmr WU operation (CSearchCall::Init ID 1) started; operation # 7; does use network; is not at background priority
2016-01-25 07:57:25:073 992 4420 IdleTmr Incremented PDC RefCount for Network to 1
2016-01-25 07:57:25:073 992 4420 IdleTmr Incremented idle timer priority operation counter to 2
2016-01-25 07:57:25:135 992 4420 Report *********** Report: Initializing static reporting data ***********
2016-01-25 07:57:25:135 992 4420 Report * OS Version = 6.3.9600.0.0.196880
2016-01-25 07:57:25:135 992 4420 Report * OS Product Type = 0x00000007
2016-01-25 07:57:25:135 992 4420 Report * Computer Brand = Xen
2016-01-25 07:57:25:135 992 4420 Report * Computer Model = HVM domU
2016-01-25 07:57:25:135 992 4420 Report * Platform Role = 1
2016-01-25 07:57:25:135 992 4420 Report * AlwaysOn/AlwaysConnected (AOAC) = 0
2016-01-25 07:57:25:135 992 4420 Report * Bios Revision = 4.4.1-xs104305
2016-01-25 07:57:25:135 992 4420 Report * Bios Name = Revision: 1.221
2016-01-25 07:57:25:135 992 4420 Report * Bios Release Date = 2015-09-01T00:00:00
2016-01-25 07:57:25:135 992 4420 Report * Bios Sku Number unavailable.
2016-01-25 07:57:25:135 992 4420 Report * Bios Vendor = Xen
2016-01-25 07:57:25:135 992 4420 Report * Bios Family unavailable.
2016-01-25 07:57:25:135 992 4420 Report * Bios Major Release = 4
2016-01-25 07:57:25:135 992 4420 Report * Bios Minor Release = 4
2016-01-25 07:57:25:135 992 4420 Report * Locale ID = 1033
2016-01-25 07:57:25:151 992 4420 Agent *** START *** Queueing Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:25:151 992 4420 AU <<## SUBMITTED ## AU: Search for updates [CallId = {880626EF-99AC-47CA-875F-AFB8F9C71227} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2016-01-25 07:57:25:151 992 41fc Agent *** END *** Queueing Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:25:151 992 41fc Agent *************
2016-01-25 07:57:25:151 992 41fc Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:25:151 992 41fc Agent *********
2016-01-25 07:57:25:151 992 41fc Agent * Online = Yes; Ignore download priority = No
2016-01-25 07:57:25:151 992 41fc Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2016-01-25 07:57:25:151 992 41fc Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2016-01-25 07:57:25:151 992 41fc Agent * Search Scope = {Machine & All Users}
2016-01-25 07:57:25:151 992 41fc Agent * Caller SID for Applicability: S-1-5-21-1627380392-146987931-3406612311-1701
2016-01-25 07:57:25:151 992 41fc EP Got WSUS Client/Server URL: "http://mywsusserver.def.domain:8530/ClientWebService/client.asmx"
2016-01-25 07:57:25:167 992 41fc Setup Checking for agent SelfUpdate
2016-01-25 07:57:25:167 992 41fc Setup Client version: Core: 7.9.9600.16422 Aux: 7.9.9600.16384
2016-01-25 07:57:25:167 992 41fc EP Got WSUS SelfUpdate URL: "http://mywsusserver.def.domain:8530/selfupdate"
2016-01-25 07:57:25:167 992 41fc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2016-01-25 07:57:25:182 992 41fc Misc Microsoft signed: Yes
2016-01-25 07:57:25:182 992 41fc Misc Infrastructure signed: Yes
2016-01-25 07:57:25:182 992 41fc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\TMP5B9D.tmp:
2016-01-25 07:57:25:182 992 41fc Misc Microsoft signed: Yes
2016-01-25 07:57:25:182 992 41fc Misc Infrastructure signed: Yes
2016-01-25 07:57:25:182 992 41fc Setup Skipping SelfUpdate check based on the /SKIP directive in wuident
2016-01-25 07:57:25:182 992 41fc Setup SelfUpdate check completed. SelfUpdate is NOT required.
2016-01-25 07:57:26:088 992 41fc PT +++++++++++ PT: Synchronizing server updates +++++++++++
2016-01-25 07:57:26:088 992 41fc PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://mywsusserver.def.domain:8530/ClientWebService/client.asmx
2016-01-25 07:57:26:088 992 41fc PT WARNING: Cached cookie has expired or new PID is available
2016-01-25 07:57:26:088 992 41fc EP Got WSUS SimpleTargeting URL: "http://mywsusserver.def.domain:8530"
2016-01-25 07:57:26:088 992 41fc PT Initializing simple targeting cookie, clientId = 79e6aa17-9bfa-4319-a3f1-d2550febd1a1, target group = , DNS name = ddc.def.domain
2016-01-25 07:57:26:088 992 41fc PT Server URL = http://mywsusserver.def.domain:8530/SimpleAuthWebService/SimpleAuth.asmx
2016-01-25 07:57:26:120 992 41fc Agent Reading cached app categories using lifetime 604800 seconds
2016-01-25 07:57:26:120 992 41fc Agent Read 1 cached app categories
2016-01-25 07:57:27:745 992 41fc PT + SyncUpdates round trips: 2
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{4DEB7F5F-D14D-43E2-93FA-F81B10846CF7}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installable rule, updateId = {{4DEB7F5F-D14D-43E2-93FA-F81B10846CF7}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{22FFD207-0EB5-4FCF-9F6A-67078327D7A3}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{A4ECF96E-FE76-4933-B1A9-FAA712DC2A3B}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installable rule, updateId = {{A4ECF96E-FE76-4933-B1A9-FAA712DC2A3B}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{9941EB5F-4953-446D-99A2-C5989C596283}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installable rule, updateId = {{9941EB5F-4953-446D-99A2-C5989C596283}.200}, hr = 80070057
2016-01-25 07:57:28:463 992 41fc PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2016-01-25 07:57:28:463 992 41fc PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://mywsusserver.def.domain:8530/ClientWebService/client.asmx
2016-01-25 07:57:28:885 992 41fc Agent * Found 0 updates and 79 categories in search; evaluated appl. rules of 922 out of 1505 deployed entities
2016-01-25 07:57:28:917 992 41fc Agent Reporting status event with 63 installable, 10 installed, 0 installed pending, 0 failed and 0 downloaded updates
2016-01-25 07:57:28:917 992 41fc Agent *********
2016-01-25 07:57:28:917 992 41fc Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:28:917 992 41fc Agent *************
2016-01-25 07:57:28:917 992 41fc IdleTmr WU operation (CSearchCall::Init ID 1, operation # 7) stopped; does use network; is not at background priority
2016-01-25 07:57:28:917 992 41fc IdleTmr Decremented PDC RefCount for Network to 0
2016-01-25 07:57:28:917 992 41fc IdleTmr Decremented idle timer priority operation counter to 1
2016-01-25 07:57:28:917 992 3448 AU >>## RESUMED ## AU: Search for updates [CallId = {880626EF-99AC-47CA-875F-AFB8F9C71227} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2016-01-25 07:57:28:917 992 3448 AU # 0 updates detected
2016-01-25 07:57:28:917 992 3448 AU #########
2016-01-25 07:57:28:917 992 3448 AU ## END ## AU: Search for updates [CallId = {880626EF-99AC-47CA-875F-AFB8F9C71227} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2016-01-25 07:57:28:917 992 3448 AU #############
2016-01-25 07:57:28:917 992 3448 AU All AU searches complete.
- Edited by dilbert2015 Monday, January 25, 2016 3:58 PM
Monday, January 25, 2016 3:22 PM -
You can un-mark as answer :)Whoa Anne from Microsoft, hold on there proposing as "answer", I barely had a chance to try Don's suggestions! And yes, pinging the wsus server by fqdn and IP both work fine.
Don [doesn't work for MSFT, and they're probably glad about that ;]
Monday, January 25, 2016 9:41 PM -
ok, that suggests that the WUAgent on the client machine is functional - it's performing a detection against WU/MU successfullyDon, I tried the first two ideas you mention and it didn't help. Client shows "Your PC is up to date" and "Updates were installed: Never" When I check online for updates though, it shows22 important, 11 optional update needed.
Nope, that's fine.When I did the wuauclt /resetauthorization /detectnow, the wuauserv service was running. Was it supposed to be stopped?
Hmm, that's suggestive of a WSUS db (server-side) related issue, which kind of correlates with "the client can detect against WU/MU successfully"Something else that may (or may not) matter. The entire server holding the WSUS role was restored from tape backup, since a co-worker accidentally uninstalled WSUS from it. (It was restored on Jan 22nd from a backup made on Jan 16th.) I'm thinking this isn't relevant, since updates weren't run on the affected client servers, since well before Jan 16th. And of course the wsus server windows OS shows the current date properly....
The first part of the log is missing (where the service starts up), but..My windowsupdate.log file shows a few warnings or errors. (names changed of servers/domains to protect the innocent) Let me know if you think I need to move on to dumping the client database, or do something else:
This is kind of normal, this is WUAgent trying to figure out if the machine is connected to a (costly) metered internet connection, if true, then don't continue. Although this machine has thrown an unusual "something failed.." result. I haven't seen this one before.2016-01-25 07:57:12:448 992 4420 Misc WARNING: Network Cost is assumed to be not supported as something failed with trying to get handles to wcmapi.dll
These two mean: "machine is capable of TS/RDS but is this a remote session UI?" and "what types of network connections are available/should WU use for this session". Both of these are normal/expected.2016-01-25 07:57:12:464 992 4420 AU # AU disabled through Policy
2016-01-25 07:57:12:464 992 4420 AU # Will interact with non-admins (Non-admins are elevated (User preference))
2016-01-25 07:57:12:464 992 4420 Misc WARNING: IsSessionRemote: WinStationQueryInformationW(WTSIsRemoteSession) failed for session 3, GetLastError=2250
2016-01-25 07:57:12:464 992 4420 AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037
2016-01-25 07:57:12:464 992 4420 AU AU finished delayed initialization
2016-01-25 07:57:12:464 992 1a14 DnldMgr Asking handlers to reconcile their sandboxes
2016-01-25 07:57:21:682 992 3df4 IdleTmr Incremented idle timer priority operation counter to 1
2016-01-25 07:57:25:073 992 2cbc AU Triggering AU detection through DetectNow API
2016-01-25 07:57:25:073 992 2cbc AU Triggering Online detection (interactive)
2016-01-25 07:57:25:073 992 4420 AU #############
2016-01-25 07:57:25:073 992 4420 AU ## START ## AU: Search for updates
2016-01-25 07:57:25:073 992 4420 AU #########
2016-01-25 07:57:25:073 992 4420 IdleTmr WU operation (CSearchCall::Init ID 1) started; operation # 7; does use network; is not at background priority
2016-01-25 07:57:25:073 992 4420 IdleTmr Incremented PDC RefCount for Network to 1
2016-01-25 07:57:25:073 992 4420 IdleTmr Incremented idle timer priority operation counter to 2
2016-01-25 07:57:25:135 992 4420 Report *********** Report: Initializing static reporting data ***********
2016-01-25 07:57:25:135 992 4420 Report * OS Version = 6.3.9600.0.0.196880
2016-01-25 07:57:25:135 992 4420 Report * OS Product Type = 0x00000007
2016-01-25 07:57:25:135 992 4420 Report * Computer Brand = Xen
2016-01-25 07:57:25:135 992 4420 Report * Computer Model = HVM domU
2016-01-25 07:57:25:135 992 4420 Report * Platform Role = 1
2016-01-25 07:57:25:135 992 4420 Report * AlwaysOn/AlwaysConnected (AOAC) = 0
2016-01-25 07:57:25:135 992 4420 Report * Bios Revision = 4.4.1-xs104305
2016-01-25 07:57:25:135 992 4420 Report * Bios Name = Revision: 1.221
2016-01-25 07:57:25:135 992 4420 Report * Bios Release Date = 2015-09-01T00:00:00
2016-01-25 07:57:25:135 992 4420 Report * Bios Sku Number unavailable.
2016-01-25 07:57:25:135 992 4420 Report * Bios Vendor = Xen
2016-01-25 07:57:25:135 992 4420 Report * Bios Family unavailable.
2016-01-25 07:57:25:135 992 4420 Report * Bios Major Release = 4
2016-01-25 07:57:25:135 992 4420 Report * Bios Minor Release = 4
2016-01-25 07:57:25:135 992 4420 Report * Locale ID = 1033
2016-01-25 07:57:25:151 992 4420 Agent *** START *** Queueing Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:25:151 992 4420 AU <<## SUBMITTED ## AU: Search for updates [CallId = {880626EF-99AC-47CA-875F-AFB8F9C71227} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2016-01-25 07:57:25:151 992 41fc Agent *** END *** Queueing Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:25:151 992 41fc Agent *************
2016-01-25 07:57:25:151 992 41fc Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:25:151 992 41fc Agent *********
2016-01-25 07:57:25:151 992 41fc Agent * Online = Yes; Ignore download priority = No
2016-01-25 07:57:25:151 992 41fc Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2016-01-25 07:57:25:151 992 41fc Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2016-01-25 07:57:25:151 992 41fc Agent * Search Scope = {Machine & All Users}
2016-01-25 07:57:25:151 992 41fc Agent * Caller SID for Applicability: S-1-5-21-1627380392-146987931-3406612311-1701
2016-01-25 07:57:25:151 992 41fc EP Got WSUS Client/Server URL: "http://mywsusserver.def.domain:8530/ClientWebService/client.asmx"
2016-01-25 07:57:25:167 992 41fc Setup Checking for agent SelfUpdate
2016-01-25 07:57:25:167 992 41fc Setup Client version: Core: 7.9.9600.16422 Aux: 7.9.9600.16384
2016-01-25 07:57:25:167 992 41fc EP Got WSUS SelfUpdate URL: "http://mywsusserver.def.domain:8530/selfupdate"
2016-01-25 07:57:25:167 992 41fc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2016-01-25 07:57:25:182 992 41fc Misc Microsoft signed: Yes
2016-01-25 07:57:25:182 992 41fc Misc Infrastructure signed: Yes
2016-01-25 07:57:25:182 992 41fc Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\TMP5B9D.tmp:
2016-01-25 07:57:25:182 992 41fc Misc Microsoft signed: Yes
2016-01-25 07:57:25:182 992 41fc Misc Infrastructure signed: Yes
2016-01-25 07:57:25:182 992 41fc Setup Skipping SelfUpdate check based on the /SKIP directive in wuident
2016-01-25 07:57:25:182 992 41fc Setup SelfUpdate check completed. SelfUpdate is NOT required.
2016-01-25 07:57:26:088 992 41fc PT +++++++++++ PT: Synchronizing server updates +++++++++++
2016-01-25 07:57:26:088 992 41fc PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://mywsusserver.def.domain:8530/ClientWebService/client.asmx
2016-01-25 07:57:26:088 992 41fc PT WARNING: Cached cookie has expired or new PID is available
2016-01-25 07:57:26:088 992 41fc EP Got WSUS SimpleTargeting URL: "http://mywsusserver.def.domain:8530"
2016-01-25 07:57:26:088 992 41fc PT Initializing simple targeting cookie, clientId = 79e6aa17-9bfa-4319-a3f1-d2550febd1a1, target group = , DNS name = ddc.def.domain
2016-01-25 07:57:26:088 992 41fc PT Server URL = http://mywsusserver.def.domain:8530/SimpleAuthWebService/SimpleAuth.asmx
2016-01-25 07:57:26:120 992 41fc Agent Reading cached app categories using lifetime 604800 seconds
2016-01-25 07:57:26:120 992 41fc Agent Read 1 cached app categories
2016-01-25 07:57:27:745 992 41fc PT + SyncUpdates round trips: 2
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{4DEB7F5F-D14D-43E2-93FA-F81B10846CF7}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installable rule, updateId = {{4DEB7F5F-D14D-43E2-93FA-F81B10846CF7}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{22FFD207-0EB5-4FCF-9F6A-67078327D7A3}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{A4ECF96E-FE76-4933-B1A9-FAA712DC2A3B}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installable rule, updateId = {{A4ECF96E-FE76-4933-B1A9-FAA712DC2A3B}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installed rule, updateId = {{9941EB5F-4953-446D-99A2-C5989C596283}.200}, hr = 80070057
2016-01-25 07:57:27:901 992 41fc Agent WARNING: Failed to evaluate Installable rule, updateId = {{9941EB5F-4953-446D-99A2-C5989C596283}.200}, hr = 80070057
2016-01-25 07:57:28:463 992 41fc PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2016-01-25 07:57:28:463 992 41fc PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://mywsusserver.def.domain:8530/ClientWebService/client.asmx
2016-01-25 07:57:28:885 992 41fc Agent * Found 0 updates and 79 categories in search; evaluated appl. rules of 922 out of 1505 deployed entities
2016-01-25 07:57:28:917 992 41fc Agent Reporting status event with 63 installable, 10 installed, 0 installed pending, 0 failed and 0 downloaded updates
2016-01-25 07:57:28:917 992 41fc Agent *********
2016-01-25 07:57:28:917 992 41fc Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdatesWuApp Id = 1]
2016-01-25 07:57:28:917 992 41fc Agent *************
2016-01-25 07:57:28:917 992 41fc IdleTmr WU operation (CSearchCall::Init ID 1, operation # 7) stopped; does use network; is not at background priority
2016-01-25 07:57:28:917 992 41fc IdleTmr Decremented PDC RefCount for Network to 0
2016-01-25 07:57:28:917 992 41fc IdleTmr Decremented idle timer priority operation counter to 1
2016-01-25 07:57:28:917 992 3448 AU >>## RESUMED ## AU: Search for updates [CallId = {880626EF-99AC-47CA-875F-AFB8F9C71227} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2016-01-25 07:57:28:917 992 3448 AU # 0 updates detected
2016-01-25 07:57:28:917 992 3448 AU #########
2016-01-25 07:57:28:917 992 3448 AU ## END ## AU: Search for updates [CallId = {880626EF-99AC-47CA-875F-AFB8F9C71227} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2016-01-25 07:57:28:917 992 3448 AU #############
2016-01-25 07:57:28:917 992 3448 AU All AU searches complete.
Ok, so a connection to your WSUS succeeded (which is good) and a detection occurred against your WSUS (which is good).But several updates seem to have improper detection rules within their XML within the WSUS db (bad).I can't find these updateid's in the WU/MU catalog . That suggests that something is injecting them from another source (maybe ConfigMgr or local publishing, or, that they have been somehow corrupted/tainted within the db). I thin kthese need to be removed from the db, and, that their presence in a partial/corrupted form, is disrupting the detection process. this logfile also shows that 63 updates were detected as installable, but it looks like it won't progress past the failing updateid's. you may find some record of these updateid's in the logfiles for WSUS. or, the WSUS Server Cleanup Wizard (SCW) in the console may be able to reconcile them out.
Are you in the habit of regularly declining superseded updates?
Run the SCW monthly?
reindex database monthly?
Don [doesn't work for MSFT, and they're probably glad about that ;]
- Edited by DonPick Monday, January 25, 2016 10:07 PM
Monday, January 25, 2016 9:56 PM -
Looks like I may have figured it out.
On one client server that DID see the wsus server (and detect updates properly), I noticed we had put in a target group, and had specified other settings in the AU key. When I stopped it's wuauserv service, exported the \WindowsUpdate reg key to the non-functioning client server (that was missing these reg settings), and also did the "resetauthorization detectnow" as you described, it began working.
See below:
We're installing the patches right now, and if it fails I'll post back. If not, we can assume all is well.
Yes, I do the 3 maintenance steps you mention, but am a little behind currently. Will do this ASAP. I already ran the SCW though.
Thanks for the advice Don.
- Edited by dilbert2015 Tuesday, January 26, 2016 2:55 PM
- Marked as answer by dilbert2015 Tuesday, January 26, 2016 5:46 PM
Monday, January 25, 2016 10:25 PM
