none
WSUS Fail -- Cookie: 0x8024400e -- SOAP Fault: 0x000190

    Question

  • No clients are reporting in at all.

    • I have wiped the server and started fresh, 2012 R2, no AV no nothing. 
    • GPO is pointing correctly at the server (RSOP and Windowsupdate.log show correct server)
    • All clients are not checking in at all
    • Network appears OK, and the IIS web on WSUS server is reachable
    • IIS memory settings were adjusted to account for longer timeouts
    • The clients have had the resetauth and detect now, nothing.
    • The softwaredistribution folder content was completely deleted, nothing.

    I am truelly stumped

    Here is a snippet from one of the clients that are failing.

    ==============================

    2018-09-12 16:40:55:515  164 bd4 AU Setting AU scheduled install time to 2018-09-15 02:00:00
    2018-09-12 16:40:55:515  164 bd4 AU Successfully wrote event for AU health state:0
    2018-09-12 16:40:55:515  164 bd4 AU Successfully wrote event for AU health state:0
    2018-09-12 16:41:00:421  164 1618 Report REPORT EVENT: {923037DA-D004-4C0B-85B6-5CADA9CC3653} 2018-09-12 16:40:55:421-0800 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed.
    2018-09-12 16:50:17:468  164 1618 PT WARNING: Cached cookie has expired or new PID is available
    2018-09-12 16:50:17:468  164 1618 PT Initializing simple targeting cookie, clientId = 742b1df2-4fa8-41d7-834b-e6ad7fc1c2c2, target group = All Computers;, DNS name = SERVER.com
    2018-09-12 16:50:17:468  164 1618 PT   Server URL = http://192.168.1.23:8530/SimpleAuthWebService/SimpleAuth.asmx
    2018-09-12 16:50:17:468  164 1618 PT WARNING: GetAuthorizationCookie failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200
    2018-09-12 16:50:17:468  164 1618 PT WARNING: SOAP Fault: 0x000190
    2018-09-12 16:50:17:468  164 1618 PT WARNING:     faultstring:Fault occurred
    2018-09-12 16:50:17:468  164 1618 PT WARNING:     ErrorCode:InternalServerError(5)
    2018-09-12 16:50:17:468  164 1618 PT WARNING:     Message:(null)
    2018-09-12 16:50:17:468  164 1618 PT WARNING:     Method:"http://www.microsoft.com/SoftwareDistribution/Server/SimpleAuthWebService/GetAuthorizationCookie"
    2018-09-12 16:50:17:468  164 1618 PT WARNING:     ID:c7366332-87d2-4ee3-9337-da2aef80c949
    2018-09-12 16:50:17:468  164 1618 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x8024400e
    2018-09-12 16:50:17:468  164 1618 PT WARNING: PopulateAuthCookies failed: 0x8024400e
    2018-09-12 16:50:17:468  164 1618 PT WARNING: RefreshCookie failed: 0x8024400e
    2018-09-12 16:50:17:468  164 1618 PT WARNING: RefreshPTState failed: 0x8024400e
    2018-09-12 16:50:17:468  164 1618 PT WARNING: PTError: 0x8024400e
    2018-09-12 16:50:17:468  164 1618 Report WARNING: Reporter failed to upload events with hr = 8024400e.


    BlankMonkey

    Thursday, September 13, 2018 1:09 AM

Answers

  • Sorry I missed this as not being answered.

    We found the targeting was the problem.  The GPO, which WAS being applied correctly (through us off at first) was also asking the clients to be sorted in WSUS.  While it was the default location, as soon as we removed the entry, and let it do it on its own thing, boom, everything came together.

    Specifically the key was; Computer Conf > Policies > Admin Templates > Win Comp > Windows Update > Enable client-side targeting


    BlankMonkey

    • Marked as answer by BlankMonkey Wednesday, September 19, 2018 6:32 PM
    Wednesday, September 19, 2018 6:32 PM

All replies

  • Hi,

    Thanks for your information.

    Could you please check the port number when setting the GPO.


    Besides, you can use wuauclt/reportnow or UsoClient.exe StartScan to report status of client to the WSUS. There are time for cool down period after run the command. You just need to wait for all clients checking in. 

    Best regards,
    Johnson
    =====================
    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    Thursday, September 13, 2018 6:22 AM
    • The GPO is set same as the picture, port 8530
    • wuauclt/reportnow has no effect
    • We have waited for days

    BlankMonkey

    Thursday, September 13, 2018 5:18 PM
  • Please follow my 8 part blog series on How to Setup, Manage, and Maintain WSUS. It has the answers you're looking for (really, it does - if you set it up like my setup, everything just 'works')

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/

    Try to download the WSUS iuident CAB file from the client machine.

    http://server.domain.local:8530/selfupdate/iuident.cab
    https://server.domain.local:8531/selfupdate/iuident.cab

    and then try to browse to:

    http://server.domain.local:8530/ClientWebService/client.asmx
    https://server.domain.local:8531/ClientWebService/client.asmx

    If you can download it and browse to it, that's the port/url to use in your GPO. If you can't, check firewall settings and port settings.

    Also, you SHOULD be using the FQDN, not an IP (best practices).

    Also, run the following on each of the affected clients that are not reporting in from an Administrative Command Prompt (if they show up in the WSUS MMC, delete the computer objects first).

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\Windows\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

    If you need to remove/reinstall WSUS, my guide can help you so that you don't have any issues - https://www.ajtek.ca/wsus/how-to-remove-wsus-completely-and-reinstall-it/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Friday, September 14, 2018 12:59 AM
  • Hi,

    The possible reason is that duplicate clients using the same WSUS SID. Each computer in WSUS should be given a unique identifier used by WSUS. If you clone a machine, you clone that key.

    To delete The SID:
    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow

    Then, after waiting ~5-15 minutes, run the following on the clients and then refresh the console in the WSUS server:
    wuauclt /reportnow


    For more causes and solution, you can read the following article:
    https://community.spiceworks.com/how_to/91430-wsus-computers-are-not-showing-up-in-the-console-what-s-wrong

    Best regards,
    Johnson
    =====================
    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 14, 2018 1:28 AM
  • Sorry I missed this as not being answered.

    We found the targeting was the problem.  The GPO, which WAS being applied correctly (through us off at first) was also asking the clients to be sorted in WSUS.  While it was the default location, as soon as we removed the entry, and let it do it on its own thing, boom, everything came together.

    Specifically the key was; Computer Conf > Policies > Admin Templates > Win Comp > Windows Update > Enable client-side targeting


    BlankMonkey

    • Marked as answer by BlankMonkey Wednesday, September 19, 2018 6:32 PM
    Wednesday, September 19, 2018 6:32 PM