none
Does Win10 1703 support DNS aliases RRS feed

  • Question

  • Hi!

    I've setup a new deployment environment to deploy win10 1703 with MDT to new laptops and virtual machines.

    Long story short, after the installation (clean image from 1703 ISO) + office + couple of 3rd party software ; the latops and VMs are unable to fetch updates from internal wsus-server.

    I tried pretty  much everything, including uninstalling antivirus, disabling all firewalls, rebooting several times, removing softwaredistribution etc.

    Finally installed wireshark on WSUS server and noticed that no packets are received from clients, when they hit "check now" or "retry" button. I could ping the wsus.domain.local and I can browse to wsus.domain.local:8530 from win10 machines. After I changed the windows update policy to use server01.domain.local:8530 instead of alias wsus.domain.local:8530 win10 machines got their updates instantly. Funny thing, there's no problem with win7 machines, using the same alias wsus.domain.local

    So.. should 1703 support dns alias, or is there something else going on ?

    E: no ssl set up on WSUS


    Wednesday, August 9, 2017 9:26 AM

Answers

  • I think I found a possible reason. In MDT i had no http:// defined in "wsusserver" setting. That probably mixes up win10 so much, it wont get a correct location from GPO even after reboot. (noticed that gpupdate /force corrects the problem) . Corrected the setting and deploying again.
    • Marked as answer by Kari Hyvönen Thursday, August 10, 2017 7:48 AM
    Wednesday, August 9, 2017 11:46 AM

All replies

  • Hi.

    1703 works with dns-alias, so there is probably some other reason this is not working.

    1. Can you ping wsus.domain.local
    2. Can you browse the wsus server from thw windows 10 machines? http://wsus.domain.local:8530/ClientWebService/client.asmx
    3. Can you provide wsus-logs from one of the windows 10 machines when trying to access the alias? Use Get-WindowsUpdateLog (https://support.microsoft.com/en-us/help/3036646/how-to-read-windows-update-logs-in-windows-10-version-1607)



    Best regards, Anders Please remember to mark the replies as answers if they help.

    Wednesday, August 9, 2017 10:07 AM
  • Hi!

    Thank you for your reply.

    As stated above, I can ping and browse to wsus.domain.local:8530.

    I reinstalled the machine (now with gpo set to server01.domain.local:8530) and again the VM wont fetch the updates. So this is probably something else than dns alias problem.

    2017.08.09 14.03.50.4952558 5852  7996  AppAU           [0]16DC.1F3C::08/09/2017-14:03:50.495 [dll]* START *
    2017.08.09 14.03.50.4953075 5852  7996  AppAU           [0]16DC.1F3C::08/09/2017-14:03:50.495 [dll]Flight settings ring provisioned default, range-checked minimum search interval: 20 hours
    2017.08.09 14.03.50.4981136 5852  7996  AppAU           [0]16DC.1F3C::08/09/2017-14:03:50.498 [dll]* START * Finding app updates
    2017.08.09 14.03.50.4981746 5852  7996  AppAU           [0]16DC.1F3C::08/09/2017-14:03:50.498 [dll]Desktop OOBE is complete.
    2017.08.09 14.03.50.4981887 5852  7996  AppAU           [0]16DC.1F3C::08/09/2017-14:03:50.498 [dll]Watching user key Software\Microsoft\Windows\CurrentVersion\AppReadiness\S-1-5-21-2305429756-3945522640-733290202-4117 for app readiness state
    2017.08.09 14.03.50.4981892 5852  7996  AppAU           [0]16DC.1F3C::08/09/2017-14:03:50.498 [dll]Waiting for UserState to match 3
    2017.08.09 14.04.44.4704822 3792  4056  Misc            [0]0ED0.0FD8::08/09/2017-14:04:44.470 [endpointproviders]EP: error: 0x80072EE6: Failed to construct full endpoint URL
    2017.08.09 14.04.44.4704839 3792  4056  Misc            [0]0ED0.0FD8::08/09/2017-14:04:44.470 [endpointproviders]Failed to obtain WSUS Client/Server URL, error = 0x80072EE6
    2017.08.09 14.04.44.4704878 3792  4056  ProtocolTalker  [0]0ED0.0FD8::08/09/2017-14:04:44.470 [agent]CAgentProtocolTalkerContext::DetermineServiceEndpoint failed, hr=0x80072ee6
    2017.08.09 14.04.44.4704908 3792  4056  ProtocolTalker  [0]0ED0.0FD8::08/09/2017-14:04:44.470 [agent]Initialization failed for Protocol Talker Context 0x80072ee6
    2017.08.09 14.06.07.3700268 3792  5252                  Unknown( 10): GUID=1bce64d0-3b5c-3a28-bd28-0e6a0b1dc374 (No Format Information found).
    2017.08.09 14.06.07.3702494 3792  5252  IdleTimer       [0]0ED0.1484::08/09/2017-14:06:07.370 [agent]WU operation (SR.UpdateOrchestrator ID 16) started; operation # 78; does<NULL> use network; is not at background priority<NULL>
    2017.08.09 14.06.07.3790643 3792  6612  IdleTimer       [0]0ED0.19D4::08/09/2017-14:06:07.379 [agent]WU operation (SR.UpdateOrchestrator ID 16, operation # 78) stopped; does<NULL> use network; is not at background priority<NULL>
    2017.08.09 14.06.07.3803526 3792  4712                  Unknown( 18): GUID=1bce64d0-3b5c-3a28-bd28-0e6a0b1dc374 (No Format Information found).
    2017.08.09 14.06.07.3804474 3792  4712                  Unknown( 10): GUID=a2b43708-af59-32cd-48bc-7cf111dee98e (No Format Information found).
    2017.08.09 14.06.07.3810177 3792  4712  IdleTimer       [0]0ED0.1268::08/09/2017-14:06:07.381 [agent]WU operation (CSearchCall::Init ID 17) started; operation # 81; does<NULL> use network; is not at background priority<NULL>
    2017.08.09 14.06.07.4223724 3792  4712  Agent           [0]0ED0.1268::08/09/2017-14:06:07.422 [agent]* START * Queueing Finding updates [CallerId = UpdateOrchestrator  Id = 17]
    2017.08.09 14.06.07.4223767 3792  4712  Agent           [0]0ED0.1268::08/09/2017-14:06:07.422 [agent]Removing service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 from sequential scan list
    2017.08.09 14.06.07.4223797 3792  4712  Agent           [0]0ED0.1268::08/09/2017-14:06:07.422 [agent]Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is not in sequential scan list
    2017.08.09 14.06.07.4223831 3792  4712  Agent           [0]0ED0.1268::08/09/2017-14:06:07.422 [agent]Added service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 to sequential scan list
    2017.08.09 14.06.07.4224642 3792  7244  Agent           [0]0ED0.1C4C::08/09/2017-14:06:07.422 [agent]Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 is in sequential scan list
    2017.08.09 14.06.07.4388335 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.438 [agent]* END * Queueing Finding updates [CallerId = UpdateOrchestrator  Id = 17]
    2017.08.09 14.06.07.4547918 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.454 [agent]* START * Finding updates CallerId = UpdateOrchestrator  Id = 17
    2017.08.09 14.06.07.4547926 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.454 [agent]Online = Yes; Interactive = Yes; AllowCachedResults = No; Ignore download priority = No
    2017.08.09 14.06.07.4548007 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.454 [agent]Criteria = IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1""
    2017.08.09 14.06.07.4548042 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.454 [agent]ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2017.08.09 14.06.07.4548046 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.454 [agent]Search Scope = {Machine}
    2017.08.09 14.06.07.4548076 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.454 [agent]Caller SID for Applicability: S-1-5-21-2305429756-3945522640-733290202-4117
    2017.08.09 14.06.07.4548080 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.454 [agent]ProcessDriverDeferrals is set
    2017.08.09 14.06.07.4667834 3792  6916  Misc            [0]0ED0.1B04::08/09/2017-14:06:07.466 [endpointproviders]EP: error: 0x80072EE6: Failed to construct full endpoint URL
    2017.08.09 14.06.07.4667843 3792  6916  Misc            [0]0ED0.1B04::08/09/2017-14:06:07.466 [endpointproviders]Failed to obtain WSUS Client/Server URL, error = 0x80072EE6
    2017.08.09 14.06.07.4667856 3792  6916  ProtocolTalker  [0]0ED0.1B04::08/09/2017-14:06:07.466 [agent]CAgentProtocolTalkerContext::DetermineServiceEndpoint failed, hr=0x80072ee6
    2017.08.09 14.06.07.4667877 3792  6916  ProtocolTalker  [0]0ED0.1B04::08/09/2017-14:06:07.466 [agent]Initialization failed for Protocol Talker Context 0x80072ee6
    2017.08.09 14.06.07.5165776 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.516 [agent]Exit code = 0x80072EE6
    2017.08.09 14.06.07.5165780 3792  6916  Agent           [0]0ED0.1B04::08/09/2017-14:06:07.516 [agent]* END * Finding updates CallerId = UpdateOrchestrator  Id = 17
    2017.08.09 14.06.07.5188402 3792  6916  IdleTimer       [0]0ED0.1B04::08/09/2017-14:06:07.518 [agent]WU operation (CSearchCall::Init ID 17, operation # 81) stopped; does<NULL> use network; is not at background priority<NULL>
    2017.08.09 14.06.07.5208932 3792  3876                  Unknown( 13): GUID=a2b43708-af59-32cd-48bc-7cf111dee98e (No Format Information found).
    2017.08.09 14.06.07.5212345 3792  3876                  Unknown( 15): GUID=a2b43708-af59-32cd-48bc-7cf111dee98e (No Format Information found).
    2017.08.09 14.06.07.5212388 3792  3876                  Unknown( 16): GUID=a2b43708-af59-32cd-48bc-7cf111dee98e (No Format Information found).
    2017.08.09 14.06.07.5213477 3792  7980                  Unknown( 22): GUID=1bce64d0-3b5c-3a28-bd28-0e6a0b1dc374 (No Format Information found).
    2017.08.09 14.06.07.5213635 3792  4712                  Unknown( 19): GUID=1bce64d0-3b5c-3a28-bd28-0e6a0b1dc374 (No Format Information found).
    2017.08.09 14.06.07.5215899 3792  5252                  Unknown( 10): GUID=262b5116-43af-397f-9aa2-1037c99270fc (No Format Information found).
    2017.08.09 14.06.07.5217086 3792  5252                  Unknown( 10): GUID=262b5116-43af-397f-9aa2-1037c99270fc (No Format Information found).
    2017.08.09 14.06.12.5169419 3792  4056  Reporter        [0]0ED0.0FD8::08/09/2017-14:06:12.516 [reporting]REPORT EVENT: {B0E152A5-40B7-4B17-93BC-D562FA5A88A9} 2017-08-09 14:06:07:639+0300 1 148 [AGENT_DETECTION_FAILED] 101 {00000000-0000-0000-0000-000000000000} 0 80072ee6 UpdateOrchestrator Failure Software Synchronization Windows Update Client failed to detect with error 0x80072ee6.

    Wednesday, August 9, 2017 11:14 AM
  • I guess, it boils down to these lines:

    2017.08.09 14.06.07.4667834 3792  6916  Misc            [0]0ED0.1B04::08/09/2017-14:06:07.466 [endpointproviders]EP: error: 0x80072EE6: Failed to construct full endpoint URL

    2017.08.09 14.06.07.4667843 3792  6916  Misc            [0]0ED0.1B04::08/09/2017-14:06:07.466 [endpointproviders]Failed to obtain WSUS Client/Server URL, error = 0x80072EE6

    2017.08.09 14.06.07.4667856 3792  6916  ProtocolTalker  [0]0ED0.1B04::08/09/2017-14:06:07.466 [agent]CAgentProtocolTalkerContext::DetermineServiceEndpoint failed, hr=0x80072ee6

    Wednesday, August 9, 2017 11:14 AM
  • I think I found a possible reason. In MDT i had no http:// defined in "wsusserver" setting. That probably mixes up win10 so much, it wont get a correct location from GPO even after reboot. (noticed that gpupdate /force corrects the problem) . Corrected the setting and deploying again.
    • Marked as answer by Kari Hyvönen Thursday, August 10, 2017 7:48 AM
    Wednesday, August 9, 2017 11:46 AM
  • WSUS does not like aliases. You need to use the FQDN (preferred) or the netbios name of the server. I'm surprised the Win7 machines worked.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, August 10, 2017 4:06 AM
  • Working perfectly now with DNS alias after I corrected settings in MDT's customsettings.ini
    Thursday, August 10, 2017 7:46 AM