locked
Some Windows 10 (1709) clients failing to report status to WSUS (Server 2012 R2) RRS feed

  • Question

  • Most of our Windows 10 clients are working successfully with WSUS with no problem.
    However a small number of our Windows 10 clients, which are successfully receiving updates, are throwing an error when reporting status.
    Using Powershell, 'Get-WindowsUpdateLog' to look at the log, we see this:


    Misc            Got WSUS Client/Server URL: https://wsusserver.mydomain.net:8531/ClientWebService/client.asmx""
    ProtocolTalker  OK to reuse existing configuration
    ProtocolTalker  Existing cookie is valid, just use it
    ProtocolTalker  PTInfo: Server requested registration
    Misc            Got WSUS Reporting URL: https://wsusserver.mydomain.net:8531/ReportingWebService/ReportingWebService.asmx""
    IdleTimer       WU operation (CLegacyEventUploader::HandleEvents) started; operation # 3478; does use network; is at background priority
    WebServices     Auto proxy settings for this web service call.
    WebServices     WS error: The body of the received message contained a fault.
    <!-- SNIP -->
    WebServices     WS error: The body of the received message contained a fault.
    WebServices     WS error: Server was unable to process request. ---> Object reference not set to an instance of an object.
    WebServices     WS Error code: Server
    WebServices     WS error: <detail/>


    On our WSUS server, I enabled tracing for the ASP.NET legacy ASMX service
    by editing 'C:\Program Files\Update Services\WebServices\ReportingWebService\Web.config',
    having taken ownership of the file from 'NT Service\TrustedInstaller' to 'Administrators'.
    The gaves a few more details:

    System.Web.Services.Asmx Information: 0 : Calling Boolean ReportEventBatch(Microsoft.UpdateServices.Internal.Authorization.Cookie, System.DateTime, Microsoft.UpdateServices.Internal.Reporting.ReportingEvent[])
        Method: Microsoft.UpdateServices.Internal.Reporting.WebService#30503857::ReportEventBatch(Microsoft.UpdateServices.Internal.Authorization.Cookie#36571040=.., System.DateTime#1535499843=10/04/2018 16:51:37, Microsoft.UpdateServices.Internal.Reporting.ReportingEvent[]#23846579=[14])
        Caller: System.Web.Services.Protocols.SyncSessionlessHandler#19528889::Invoke()
        ProcessId=3584
        LogicalOperationStack=
        ThreadId=48
        DateTime=2018-04-10T16:51:38.0133177Z
        Timestamp=46143400255
    System.Web.Services.Asmx Error: 0 : Exception caught in System.Web.Services.Protocols.SyncSessionlessHandler#19528889::Invoke.
        System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.
        ProcessId=3584
        LogicalOperationStack=
        ThreadId=48
        DateTime=2018-04-10T16:51:38.0133177Z
        Timestamp=46143400968
    System.Web.Services.Asmx Error: 0 : Exception Details:
    System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
       at Microsoft.UpdateServices.Internal.Reporting.ReportingEvent.Validate()
       at Microsoft.UpdateServices.Internal.Reporting.WebService.ValidateEventBatch(ReportingEvent[] eventBatch)
       at Microsoft.UpdateServices.Internal.Reporting.WebService.ReportEventBatch(Cookie cookie, DateTime clientTime, ReportingEvent[] eventBatch)
       --- End of inner exception stack trace ---
       at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
       at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
       at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
       at System.Web.Services.Protocols.LogicalMethodInfo.Invoke(Object ta...
        ProcessId=3584
        LogicalOperationStack=
        ThreadId=48
        DateTime=2018-04-10T16:51:38.0133177Z
        Timestamp=46143401279

    I've also captured a trace with Microsoft Message Analyzer v1.4,
    and used it's ability to decode HTTPS, to look at the request being sent to the server.
    Obviously I have the full certificate for the WSUS server.
    But I had to change the cipher to 'TLS_RSA_WITH_AES_256_CBC_SHA256' so that it was decryptable,
    as its not possible to decrypt 'elliptical' ciphers.

    The clients is sending a POST request to:
      https://wsusserver.mydomain.net:8531/ReportingWebService/ReportingWebService.asmx

    with 'SOAPAction' header set to "http://www.microsoft.com/SoftwareDistribution/ReportEventBatch"
    and "Content-Type" of "text/xml;charset=utf-8".
    The Body being submitted is XML, starting with:

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <s:Body>
    <ReportEventBatch xmlns="http://www.microsoft.com/SoftwareDistribution">
    <cookie>
    ....etc, and is 22581 bytes in size. The structure of the XML body is valid, and not truncated.

    So, it looking like, for some strange reason, the WSUS server thinks the 
    XML below 'ReportEventBatch/eventBatch/ReportingEvent' is not valid.
    I checked the '../ExtendedData/ReplacementStrings' & '../ExtendedData/MiscData' elements 
    and they seem to be of reasonable size.

    The DLL's on the WSUS server in 'C:\Program Files\Update Services\WebServices\ReportingWebService\bin'
    are: Microsoft.UpdateServices.Reporting.dll, Microsoft.UpdateServices.Reporting.Rollup.dll, Microsoft.UpdateServices.WebServices.Reporting.dll,
    are all v6.3.9600.16384
    The WSUS server is running Windows 2012 R2, and is fully uptodate with hot fixes.

    I also tried using Postman to manually submit the request to the WSUS server.
    But the response back, did not really give any more clues:

            <soap:Fault>
                <faultcode>soap:Server</faultcode>
                <faultstring>System.Web.Services.Protocols.SoapException: Server was unable to process request. ---&gt; System.NullReferenceException: Object reference not set to an instance of an object.
       at Microsoft.UpdateServices.Internal.Reporting.ReportingEvent.Validate()
       at Microsoft.UpdateServices.Internal.Reporting.WebService.ValidateEventBatch(ReportingEvent[] eventBatch)
       at Microsoft.UpdateServices.Internal.Reporting.WebService.ReportEventBatch(Cookie cookie, DateTime clientTime, ReportingEvent[] eventBatch)
       --- End of inner exception stack trace ---</faultstring>
                <detail />
            </soap:Fault>

    So, now I'm stuck.
    I really need to contact the software engineer at Microsoft that is responsible for this code.


    • Edited by nwsmith-hex Tuesday, April 10, 2018 7:01 PM
    Tuesday, April 10, 2018 7:00 PM

All replies

  • First, are you using WAM? If not, you'll want to as it fixes these issues along with a boatload of other issues.

    Please have a look at the WSUS Automated Maintenance (WAM) system. It is an automated maintenance system for WSUS, the last system you'll ever need to maintain WSUS!

    https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.

    Second, if WAM doesn't fix the problem within 72 hours, Delete the computer object from the WSUS Console and then run the following client side script on any affected client in an Administrative Cmd Prompt.

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

    The combination of the 2 should resolve your issue, if the first doesn't solve it alone.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Wednesday, April 11, 2018 4:48 AM
  • install below update on WSUS server(Server 2012 R2)

    https://www.microsoft.com/en-us/download/details.aspx?id=51534

    Wednesday, April 11, 2018 5:04 AM
  • We already have that update installed:

    PS C:\> get-hotfix -id KB3095113
    Source        Description      HotFixID      InstalledBy          InstalledOn
    ------        -----------      --------      -----------          -----------
    XXXXX       Hotfix           KB3095113     NT AUTHORITY\SYSTEM  10/01/2017 00:00:00

    Wednesday, April 11, 2018 9:46 AM