locked
Clients connecting, to WSUS but no longer reporting. RRS feed

  • Question

  • Hi,

    I am running WSUS on a Server 2016 (fully patched), recently half of my windows 10 clients have stopped reporting in.  

    They still contact the WSUS server, but the last status report date does not update.

    Some of my clients have a last contact date of today and a last status report of 12th December.

    They are still downloading updates from WSUS, there is no error when i press check for updates.

    I've tried:

    wuauclt.exe /detectnow

    wuauclt.exe /reportnow

    wuauclt.exe /resetauthorization /detectnow

    Stopping wuauserv, deleting C:\Windows\SoftwareDistribution\DataStore\ and Download, Starting wuauserv and wuauclt.exe /detectnow

    Deleting the clients from WSUS console.

    None of this has helped.

    On the affected machines, there are some WebServices errors in the WindowsUpdate.log:

    2018/01/10 09:01:33.3768286 4796  160   WebServices     WS error: The body of the received message contained a fault.

    2018/01/10 09:01:33.3768836 4796  160   WebServices     WS error: Server was unable to process request. ---> Object reference not set to an instance of an object.
    2018/01/10 09:01:33.3768902 4796  160   WebServices     WS Error code: Server
    2018/01/10 09:01:33.3771150 4796  160   WebServices     WS error: <detail/>

    Full log is available here (I have replaced out wsus cname with wsus.company.net):

    https://pastebin.com/7e8YrKSy

    I can access:

    https://wsus.company.net:8531/ClientWebService/client.asmx

    https://wsus.company.net:8531/selfupdate/iuident.cab

    Thanks

    Steve 

    Wednesday, January 10, 2018 5:28 PM

Answers

  • I've managed to get a client reporting in by:

    Stopping the windows update service

    Deleting the whole C:\Windows\SoftwareDistribution\ directory

    Starting the windows update service.

    I previously just tried deleting C:\Windows\SoftwareDistribution\DataStore\ and C:\Windows\SoftwareDistribution\Downloads\ this had no effect.


    • Marked as answer by SVeeve Thursday, January 11, 2018 4:52 PM
    Thursday, January 11, 2018 11:21 AM

All replies

  • I am seeing a similar issue in our organization today as well. I have some systems showing no pending patches, while some have Jan patches. In my quick research, I believe it could be related to MS stopping patches for the Spectre issue with AMD. These are all VMs, but it could be related. Not sure yet, I have reached out to our MS rep. 
    Wednesday, January 10, 2018 6:09 PM
  • I don't think its related to the Spectre patches in my instance, as some of my clients have not reported in since mid December.  Also I don't think we have any AMD CPUs here.  The clients not reporting in are all Win 10 x64, a mixture of laptops and desktops mainly HP.  We are 95% Windows 10 1709.
    Thursday, January 11, 2018 8:55 AM
  • I've managed to get a client reporting in by:

    Stopping the windows update service

    Deleting the whole C:\Windows\SoftwareDistribution\ directory

    Starting the windows update service.

    I previously just tried deleting C:\Windows\SoftwareDistribution\DataStore\ and C:\Windows\SoftwareDistribution\Downloads\ this had no effect.


    • Marked as answer by SVeeve Thursday, January 11, 2018 4:52 PM
    Thursday, January 11, 2018 11:21 AM
  • I've got the same problem in my test and production environment.

    The problem began after installing KB4055266 on the WSUS servers.

    2018-01-10 16:18:12 WindowsUpdateClient, 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Server 2012 R2 for x64 (KB4055266)

    2018-01-10 16:28:19 Windows Server Update Services 12002 9   "The Reporting Web Service is not working".

    And from that time, no computer can send in reports to my WSUS servers.

    Server 2012 R2 x64 CU 2018-01. Both virtual in ESXi 6.0.0.

    / Jesper

    Thursday, January 11, 2018 2:29 PM
  • WAM usually fixes this (stopping of reporting by machines, even though they contact the WSUS Server fine and grab updates)

    Please have a look at the WSUS Automated Maintenance (WAM) system. It is an automated maintenance system for WSUS, the last system you'll ever need to maintain WSUS!

    https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    Thursday, January 11, 2018 3:27 PM