locked
Strange problem with WSUS and Windows Server 2012 RRS feed

  • Question

  • Hi guys,

    I have kind of strange issue with Windows Server 2012 and WSUS. First some info about the structure:

    We had WSUS installed on Windows Server 2012 R2 - 1 master server and 3 replica servers

    We've changed now to 1 master and 1 replica servers with Windows Server 2016 and 2 replica servers still Windows Server 2012 R2. 

    we have actually only 2 windows server 2012 connected to the replica server with 2012 R2 (local one). 

    I found out that the local replica server is showing that 38 are available, not approved and needed when actually 36 of them are Language packs. We don't use any language packs - only English on the servers. At the same time the master server is showing that only 2 updates are needed which is the right. I've checked also with Windows Update and it shows as well only 2 updates. 

    on the servers with windows server 2012 I've performed Windows update troubleshooting tools, deleting the content of Software distribution folder but still it shows in replica WSUS server that 36 Language packs are needed.

    I've performed also a WSUS cleanup but with the same result. 

    I've checked also the settings in WSUS about languages, products and classifications but the settings for Language Packs are not active.

    The strange thing is that this happens only with windows server 2012 when we are having also Windows server 2008 R2, 2012 R2, 2016 even Windows server 2008.

    Does somebody have an idea what to do?

    Thanks in advance

    Wednesday, December 6, 2017 9:31 AM

Answers

  • The solution which helped was to completely remove the WSUS and re-create again:

    - uninstall WSUS and IIS Roles including WID

    - remove all the folders from WID 

    - remove all the updates and change the name of the folder

    - remove all the registry keys related to Update Services

    After this and installing the WSUS with a new sync to the master WSUS everything worked ok.

    • Marked as answer by kondio Monday, March 5, 2018 12:10 PM
    Monday, March 5, 2018 12:10 PM

All replies

  • Hello,

    Is there any error message in event log? 

    Would you please create a new Windows 2012 server and set it point to the replica server as WSUS server and check whether the issue still occur.

    Regards,

    Yan


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 7, 2017 7:54 AM
  • Hi Li,

    in the logs (Application and System) everything looks normal. There are some events but the one connected to WSUS are only that the some clients didn't reported.

    I could try with creating a new 2012 but so far everything worked well. I mean the servers are there for more than a year and so far it went smoothly. 

    Thursday, December 7, 2017 12:17 PM
  • Please try below command to remove the client and readd it:

    net stop wuauserv 
    reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f 
    reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f 
    reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f  
    reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f 
    net start wuauserv  
    


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Yan Li_ Friday, December 8, 2017 3:16 AM
    Friday, December 8, 2017 3:16 AM
  • Hi Li,

    I had only the last 2 reg keys:

    KLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation

    I've deleted them but still the same result. The interesting thing is that I approved one small update this week and I've installed it on the 2 server 2012 (using control panel and checking for updates) and WSUS very fast show one update less which means that obviously to connection is ok and the servers reported. But the reason why this Language packs are still as "needed" is for me unknown. Even Microsoft Update doesn't show these packs.

    Friday, December 8, 2017 9:04 AM
  • Are all language packs on the Upstream WSUS Server declined? If not, they must ALL be declined if you're not going to be using them.

    Lang packs are different - they only 'apply' if you've INSTALLED the lang pack manually.

    Take example - I work for a Japanese company. A couple of our Japanese workers like using their computer in Japanese. They use the Region and Languages option to install the Japanese writing tools, and they get a notification a Language pack is available, and then they can install it manually.

    With Lang packs, it works more along the lines of PRESENTING the user with the updates, rather than forcefully installing them.

    From what I understand, you have an inconsistency with your upstream and downstream servers which is a result of doing the WSUS maintenance in the wrong order with a sync in between that confuses the databases.

    Please setup my script on all WSUS Servers (upstream and downstream). They will perform the proper maintenance on the database, declining of updates, etc on each system. It's very possible that my script will fix your issue. If it does not, your best bet is to remove the downstream server's WSUS Roles, delete the database and files, re-install WSUS and re-initialize it as a downstream replica and then setup my script on it.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Saturday, December 9, 2017 4:59 AM
  • Forgot to add my script's info:

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Saturday, December 9, 2017 4:59 AM
  • Hi Adam,

    your script is very good, I've tested it already once and it worked great. I will try to execute it again on this server and see what will happen. Unfortunately I have to do it over weekend outside of the business hours. I will update the information here.

    Wednesday, December 13, 2017 12:16 PM
  • Hi Adam,

    sorry for the delay. I've run again the script and it removed around 10 GB but the problem with language packs is still present. Is there anyway to test without new installation of the WSUS? I want to avoid downloading 100 GB over WAN connection.

    Thursday, January 4, 2018 10:13 AM
  • What switch did you use when you ran my script? If you ran it before using -FirstRun, it should be running daily via the scheduled task. Use my contact form on my website to contact me and then when I reply, email me the output of:

    .\Clean-WSUS.ps1 -FirstRun -HelpMe


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Thursday, January 4, 2018 5:51 PM
  • The solution which helped was to completely remove the WSUS and re-create again:

    - uninstall WSUS and IIS Roles including WID

    - remove all the folders from WID 

    - remove all the updates and change the name of the folder

    - remove all the registry keys related to Update Services

    After this and installing the WSUS with a new sync to the master WSUS everything worked ok.

    • Marked as answer by kondio Monday, March 5, 2018 12:10 PM
    Monday, March 5, 2018 12:10 PM