locked
Downstream wsus server 3.2 not rollup to upstream wsus server 6.2 !!! RRS feed

  • Question

  • Hi,

    We have recently upgraded upstream server  to 6.2 (server 2012) but  downstream server is on  3.2 (2008R2). The synchronization works well in downstream server,downstream server gets updates from upstream server and all the clients in downstream server gets updates as well.  

    Problem is downstream server status in upstream server console says " not rolled up yet", through downstream server gets all updates from upstream server. Because of this, we are not getting reports from downstream server through upstream server. The mode of downstream server also says" autonomous" which does not make sense as we have set up downstream server as replica.  

    we have followed up all instruction from Microsoft to upgrade upstream server.  I am getting only one error below in the downstream server software distribution log . There is no error reported in upstream server IIS log.

    UTC Error Wsusservice.3 Rollupagetn.wakeupworkierthereadproc Rollup failed. Error = The request failed with HTTP status 401 :unauthorized.  at microsfot.updateservices.internal.reporting.rollup.rollupagetn.wakeupworkerthreadproc() 

    I have checked all IIS config  in both servers,  Anonymous Access for the "WSUS Administration" virtual server has been enable. 

    Is that a version mismatch causing a problem? 





    • Edited by pritesh07 Tuesday, August 5, 2014 2:03 AM
    Tuesday, August 5, 2014 1:30 AM

Answers

  • I already mention in the post that there is no error reported in upstream server IIS logs.

    Sorry. You did. Missed that. That means it's not a *WSUS* error. So now you need to find the device that's returning the HTTP 401 errors.

    hmm..I have checked event viewer on downstream server and found error " The API reporting web service is not working"

    That's an entirely different issue, and would only affect *console* connections to the downstream server. It would not have anything to do with the downstream server connecting to the upstream server.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Daniel JiSun Thursday, September 11, 2014 9:44 AM
    Wednesday, August 13, 2014 12:10 AM

All replies

  • Is KB2734608 installed on your downstream server?

    Are the TIMES of both servers consistent? (Part of the authentication process between an upstream and downstream server is time-based, and we've seen incidents throughout history where reporting rollup has failed because the time was incorrect on one or both servers involved.)


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Tuesday, August 5, 2014 4:30 PM
  • Hi Lawrence,

    Thanks for reply. I have already been to you your other post and already checked kb2734608, it's installed on the downstream server. The downstream WSUS version shows up 3.2.7600.256.

    Both server getting a time from NTP servers, only 40 seconds time difference on downstream server which shouldn't be a big deal, I guess.

    There is only one error below in the downstream server software distribution log .

    UTC Error Wsusservice.3 Rollupagetn.wakeupworkerthereadproc Rollup failed. Error = The request failed with HTTP status 401 :unauthorized.  at microsfot.updateservices.internal.reporting.rollup.rollupagent.wakeupworkerthreadproc() 

     The only error getting in event log for upstream server for port 8530 when I check wsus health.

     Because port 8530 is blocked on downstream server and  only port 80 and 443 is open up. I can see in the log that it's upstream server communicating with downstream server through port 80 successfully. No problem with this. 

    Problem is downstream server status in upstream server console says " not rolled up yet", through downstream server gets all updates from upstream server. Because of this, we are not getting reports from downstream server through upstream server. The mode of downstream server also says" autonomous" which does not make sense as we have set up downstream server as replica.  

     

    Wednesday, August 6, 2014 2:22 AM
  • The only error getting in event log for upstream server for port 8530 when I check wsus health.

    Because port 8530 is blocked on downstream server and  only port 80 and 443 is open up. I can see in the log that it's upstream server communicating with downstream server through port 80 successfully. No problem with this. 

    Can you please explain this in a bit more detail?

    If your upstream server is WSUS v6, then it's published on port 8530, and the downstream servers MUST establish that connection on port 8530. What I'm reading here is that you've blocked port 8530 on the downstream server, so consider that's a direct cause of the communication issue.

    I'm not sure what you mean by the DSS and USS are communicating on port 80, because WSUS v6 doesn't use port 80!


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Wednesday, August 6, 2014 9:52 PM
  • Lawrence,

    I have run C:\Program Files\Update Services\Tools\WSUSutil usecustomwebsite command. (because 8530 is default in WSUS 2012). So, we are not using custom website for wsus.

    We have around 1000 servers in our environment, some of them are in DMZ and stand alone. I know, we can manage it through GPO for servers join to domain but It's really hard for us to manage firewall Changes if we are opening 8530 port for those machines. 

    The only thing is not working is Rollup -downstream server status in upstream server console says " not rolled up yet". 

    I don't believe if port 8530 is the reason behind it. But logically, If it's sync properly working with upstream server then it should roll up because roll up is part of syncing process, I guess.

    Thursday, August 7, 2014 12:46 AM
  • Okay, let's go back and diagnose this from the server side.

    The downstream server is reporting an HTTP 401 error from the upstream server, so please go into the IIS logs on the upstream server and find the error message where that '401' was sent to the downstream server, and post one of them here.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, August 8, 2014 12:40 AM
  • I already mention in the post that there is no error reported in upstream server IIS logs. I have looked at once again today, no error found. 

    hmm..I have checked event viewer on downstream server and found error " The API reporting web service is not working" 

    • Edited by pritesh07 Friday, August 8, 2014 5:47 AM
    Friday, August 8, 2014 5:04 AM
  • I already mention in the post that there is no error reported in upstream server IIS logs.

    Sorry. You did. Missed that. That means it's not a *WSUS* error. So now you need to find the device that's returning the HTTP 401 errors.

    hmm..I have checked event viewer on downstream server and found error " The API reporting web service is not working"

    That's an entirely different issue, and would only affect *console* connections to the downstream server. It would not have anything to do with the downstream server connecting to the upstream server.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    • Marked as answer by Daniel JiSun Thursday, September 11, 2014 9:44 AM
    Wednesday, August 13, 2014 12:10 AM