locked
WSUS server and clients out of synch after restore of server RRS feed

  • Question

  • A company I work for recently experienced a ransomware attack that corrupted their servers but seemingly left their workstations intact.  I restored all of the servers from backups made a few days earlier and their business operations are running properly, as is their anti-virus server.

    However, WSUS isn’t working properly, and I believe that it’s due to the clients finding a server that pre-dates the last one they were interacting with.  The WSUS server correctly identifies and downloads the updates for each client and displays how many and what ones are pending.  But the workstations always report being up-to-date when you check for updates from the server.  When you check for the updates for an individual client online, it finds the exact ones displayed in the console.  But after they’re downloaded and installed, the number shown as pending in the console never changes.

    wuauclt /resetauthorization /detectnow doesn’t make any difference.  Can anyone suggest a way to get everything back in synch?

    Thursday, May 21, 2020 9:46 PM

Answers

  • Problem solved:  the wsuscontent files are stored on an external drive, and it was assigned a different letter when the machine was restored.  Not only that, but the files it contained were corrupted along with everything else on or connected to our servers -- it had to be completely reformatted.

    For getting WSUS running again, this article was invaluable:

    https://docs.microsoft.com/en-us/archive/blogs/sus/recreating-the-susdb-and-wsus-content-folder-for-a-windows-server-2012-based-wsus-computer

    The section that applied to me begins

    If you are not removing the SUSDB, but are removing the content and need to re-download files for updates you have already approved, do the following to initiate the download:

    • Marked as answer by ArtSnob Sunday, May 24, 2020 8:32 PM
    Sunday, May 24, 2020 8:32 PM

All replies

  •   

    Hi ArtSnob,

    Thanks for your posting.

    Please consider the following steps to troubleshoot:
    1. Please consider checking for connection between WSUS server and the client by the below link:

    http://wsusname:portname/ClientWebService/client.asmx



    2. Please check the policy settings. Open the registry and follow the following path to check client group policy settings:
    Registry path: Registry Editor\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate



    3. Please confirm that the following services are running on the client



    If you have any updates about this issue, please keep us in touch.

    Regards,
    Rita 


    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, May 22, 2020 7:38 AM
  • Thanks for the reply.  I've localized the problem while discovering two mistakes in my original post.

    The biggest mistake:  Some files that had arrived at the time the WSUS server went down -- subsequent to the time of the restored backup -- now list as not having been downloaded.  And retrying doesn't work.  

    Also, machines updated online DO eventually show as being updated on the WSUS console.  If I can find some way to get these files to download, everything should be fixed.

    Friday, May 22, 2020 5:19 PM
  • When I do a download retry on one of the files:

    Friday, May 22, 2020 9:20 PM
  • Problem solved:  the wsuscontent files are stored on an external drive, and it was assigned a different letter when the machine was restored.  Not only that, but the files it contained were corrupted along with everything else on or connected to our servers -- it had to be completely reformatted.

    For getting WSUS running again, this article was invaluable:

    https://docs.microsoft.com/en-us/archive/blogs/sus/recreating-the-susdb-and-wsus-content-folder-for-a-windows-server-2012-based-wsus-computer

    The section that applied to me begins

    If you are not removing the SUSDB, but are removing the content and need to re-download files for updates you have already approved, do the following to initiate the download:

    • Marked as answer by ArtSnob Sunday, May 24, 2020 8:32 PM
    Sunday, May 24, 2020 8:32 PM
  • Hi ArtSnob,
     
    Good to hear that you have solved this issue by yourself. In addition, thanks for sharing your solution in the forum as it would be helpful to anyone who encounters similar issues.
    If there is anything else we can do for you, please feel free to post in the forum.
     
    Best Regards,
    Rita

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 25, 2020 12:47 AM