locked
WSUS Client will not report to WSUS Server Windows Server Core RRS feed

  • Question

  • I have a Windows Server 2016 Core server (Lets call it SERVER01) that will now report to our WSUS Server (Lets call it WSUS01). Our WSUS Server is also Windows Server 2016 Core. We configure our products, classifications, and auto approvals from the WSUS01 but point our servers to download all updates from Microsoft so we don't download any to our WSUS01. In the WSUS console it lists SERVER01 in the correct computer group however it lists it as "Not yet reported" "0% Installed / Applicable". Here are some troubleshooting steps I have tried.

    -Disabled Firewall on Both WSUS01 and SERVER01

    -Reset Windows Update Components on SERVER01. This includes renaming the updates folders and stopping and restarting the services as well as running "wuauclt" commands for it to re-register and report.

    -Disabled Antivirus

    -Also moved SERVER01 to a different policy group so that it point to Microsoft instead of our WSUS01 and it saw updates and took them just fine.

    Any help on how to get this server to check in and report to our WSUS would be great.

    Thanks in Advance!

     
    Friday, August 24, 2018 4:06 PM

All replies

  • Hello,

    Is your WSUS newly installed?

    Since your client could get updates from MS, the problem should be in connectivity or WSUS.
     

      

    On your client, make sure you have set the correct WSUS server and port. Could it download the file via : http://WSUSServerName/selfupdate/wuident.cab?

    Try following Tool on the client

    Reset Windows Update Agent 

    https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc#content

     
    On the WSUS, try to reset IIS and check if it works.
     
    And you could upload the windowsupdate.log for detailed troubleshooting.
     
    Best Regards,
    Ray Jia   


    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 27, 2018 1:09 AM
  • Adam,

    Please stop giving generic information that leads to your website where you sell stuff. I have seen your spam all over Technet / Spiceworks / Experts ect.... its not helpful.

    Thanks,

    Magoo.

    Tuesday, August 28, 2018 6:53 PM
  • Ray,

    This is 1 of many clients of the same OS and build. We just have a couple that seem to not want to report / check in. Also I have reset the Windows update agent.

    Here is what I get in the windowsupdate.log

    *RESUMED* Search ClientId = UpdateOrchestrator
    Updates found = 0
    Exit code = 0x00000000, Result code = 0x8024401C
    * END *   Search ClientId = UpdateOrchestrator
    ISusInternal:: DisconnectCall failed, hr=8024000C

    Thanks,

    Magoo.

    Tuesday, August 28, 2018 6:58 PM
  • Adam,

    Please stop giving generic information that leads to your website where you sell stuff. I have seen your spam all over Technet / Spiceworks / Experts ect.... its not helpful.

    Thanks,

    Magoo.

    Not helpful maybe because you haven't gone through it. For those who wish to purchase WSUS Automated Maintenance, they can, but I'm not requiring anyone to. I've published the guide with great information that WORKS (and I may say WITHOUT purchasing WAM). I've even pointed out that you should update your ADMX files because there are new versions that have different settings since the RTM release of Windows Server 2016 (latest are within the link I gave).

    From an Administrative Command Prompt on an affected client, run the following:
    gpresult /h gpo.htm
    and share the result with your favourite method or pastebin it so that we can see it.


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Tuesday, August 28, 2018 7:52 PM
  • Also, you can try to run the client side script from an admin command prompt on the affected systems.

    net stop bits
    net stop wuauserv
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
    rd /s /q "C:\WINDOWS\SoftwareDistribution"
    net start bits
    net start wuauserv
    wuauclt /resetauthorization /detectnow
    PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Tuesday, August 28, 2018 7:54 PM
  • Your Windows Update log shows you are receiving error:

    0x8024401c -2145107940 WU_E_PT_HTTP_STATUS_REQUEST_TIMEOUT Http status 408 - server timed out waiting for request.

    I would start by checking connectivity issues. Check that the port number and address for your WSUS server in its WSUS Config settings matches what is in the registry of server01 in key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU 

    Also, try browsing to your WSUS server from SERVER01 at http://<WSUSServerName>/iuident.cab and see whether it can download the cab file.

    Also, pls check the Sync status on your WSUS server and make sure it is getting the latest updates.


    Charlie Coverdale

    Disclaimer: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights.


    Tuesday, August 28, 2018 9:54 PM
  • You could also try some house cleaning on your WSUS server - here is a useful script.

    https://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus


    Charlie Coverdale

    Disclaimer: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights.

    Tuesday, August 28, 2018 10:02 PM
  • You could also try some house cleaning on your WSUS server - here is a useful script.

    https://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus


    Charlie Coverdale

    Disclaimer: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights.

    Charlie, it's a subscription license now - very affordable, but a subscription license - just pointing out: https://www.ajtek.ca/wam/previous-wsus-automated-maintenance-wam-users/

    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Wednesday, August 29, 2018 1:02 AM
  • Hi MisterMagooCT

    Have you had any progress with this?

    Have any of the suggestions proved helpful?


    Charlie Coverdale

    Disclaimer: This posting is provided 'AS IS' with no warranties or guarantees, and confers no rights.

    Friday, August 31, 2018 9:38 PM