locked
KB3159706 broke our WSUS environment RRS feed

  • Question

  • Installed KB3159706 and followed the post install instructions on our 5 WSUS servers.

    Our main WSUS is in a DMZ as well as one of the replica. Both those servers are still working.

    Our 3 other WSUS are outside the DMZ and can no longer connect in the WSUS console.

    Getting the following error:

    --------------------

    The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

    Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

    The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 

    Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.


    System.IO.IOException -- The handshake failed due to an unexpected packet format.

    Source
    System

    Stack Trace:
       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
       at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
       at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
       at System.Net.ConnectStream.WriteHeaders(Boolean async)
    ** this exception was nested inside of the following exception **


    System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send.

    Source
    Microsoft.UpdateServices.Administration

    Stack Trace:
       at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
       at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()

    --------------------------

    Is it possible that this KB changed the port WSUS uses to communicate?

    Tuesday, June 14, 2016 5:49 PM

Answers

  • This article solved my issue.

    https://blogs.technet.microsoft.com/configurationmgr/2015/03/23/configmgr-2012-support-tip-wsus-sync-fails-with-http-503-errors/

    Just needed to increase the memory in IIS.

    • Marked as answer by Shawn Legault Thursday, June 16, 2016 5:39 PM
    Thursday, June 16, 2016 5:39 PM

All replies

  • Hi Shawn Legault,

    What is the database for the WSUS servers that still can't work?

    Try reindex WSUS database, check if it could work:

    https://technet.microsoft.com/en-us/library/dd939795%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, June 15, 2016 7:27 AM
  • Installed KB3159706 and followed the post install instructions on our 5 WSUS servers.

    Did you correctly modify the web.config file, in the article section "If SSL is  enabled..." and restart IIS/WSUS ?

    Don [doesn't work for MSFT, and they're probably glad about that ;]


    • Edited by DonPick Wednesday, June 15, 2016 8:17 AM
    Wednesday, June 15, 2016 8:17 AM
  • This article solved my issue.

    https://blogs.technet.microsoft.com/configurationmgr/2015/03/23/configmgr-2012-support-tip-wsus-sync-fails-with-http-503-errors/

    Just needed to increase the memory in IIS.

    • Marked as answer by Shawn Legault Thursday, June 16, 2016 5:39 PM
    Thursday, June 16, 2016 5:39 PM