none
WSUS Configuration on Client automatically switches to HTTPS RRS feed

  • Question

  • Hello,

    Found a weird issue with software update.  My infra is running with single SUP server and its configured on port 8530. Some random clients are switching the WSUS Server to HTTPS and it fails to scan with error "0x80240440"since then. Noticed that the switching happens once the system is rebooted after patching.  If I use the option "Switch to next software update point"it switches back to HTTP and start working.  Could someone help to identify the root cause for this issue? 

    on SUP, the Client connection type is set as "Allow internet and intranet client connections".  Does this create the problem? 

    Below is the details from WUAHandler.log

    Successfully completed synchronous searching of updates. WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
    1. Update: 1f595dba-012d-4237-8d8f-3d110993b8dc, 208   BundledUpdates: 1 WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
           Update: f51b3e50-7637-43be-8bb7-d999e3df879d, 208   BundledUpdates: 0 WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
    2. Update: 2bef2493-d3af-412d-aed8-ebcb0544f429, 200   BundledUpdates: 1 WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
           Update: cf19fcae-8fa1-46f4-ae4e-952eab389b86, 200   BundledUpdates: 0 WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
    3. Update: 906308cd-f0e3-4ca0-b9b1-15b414af5241, 200   BundledUpdates: 1 WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
           Update: 7e65f5f1-859e-4eff-98b9-8ccffa90d8f1, 200   BundledUpdates: 0 WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
    1. Update (Missing): 2019-02 Update for Windows 10 Version 1809 for x64-based Systems (KB4465065) (1f595dba-012d-4237-8d8f-3d110993b8dc, 208) WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
    2. Update (Missing): 2019-05 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4499405) (2bef2493-d3af-412d-aed8-ebcb0544f429, 200) WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
    3. Update (Missing): 2019-06 Security Update for Adobe Flash Player for Windows 10 Version 1809 for x64-based Systems (KB4503308) (906308cd-f0e3-4ca0-b9b1-15b414af5241, 200) WUAHandler 03/09/2019 12:01:24 14284 (0x37CC)
    Async installation of updates started. WUAHandler 03/09/2019 12:01:27 14284 (0x37CC)
    Update 1 (1f595dba-012d-4237-8d8f-3d110993b8dc) finished installing (0x00000000), Reboot Required? Yes WUAHandler 03/09/2019 12:01:52 11932 (0x2E9C)
    Update 2 (2bef2493-d3af-412d-aed8-ebcb0544f429) finished installing (0x00000000), Reboot Required? Yes WUAHandler 03/09/2019 12:03:00 12020 (0x2EF4)
    Update 3 (906308cd-f0e3-4ca0-b9b1-15b414af5241) finished installing (0x00000000), Reboot Required? Yes WUAHandler 03/09/2019 12:03:18 12020 (0x2EF4)
    Async install completed. WUAHandler 03/09/2019 12:03:18 12020 (0x2EF4)
    Installation of updates completed. WUAHandler 03/09/2019 12:03:18 3524 (0x0DC4)
    Going to search using WSUS update source. WUAHandler 03/09/2019 12:03:18 1824 (0x0720)
    Synchronous searching started using filter: 'UpdateID = '6c40d9be-f9b3-4e11-9f47-26792f72da6f' AND DeploymentAction = *'... WUAHandler 03/09/2019 12:03:18 1824 (0x0720)
    Successfully completed synchronous searching of updates. WUAHandler 03/09/2019 12:03:23 1824 (0x0720)
    1. Update: 6c40d9be-f9b3-4e11-9f47-26792f72da6f, 200   BundledUpdates: 1 WUAHandler 03/09/2019 12:03:23 1824 (0x0720)
           Update: 4cd179cb-733d-4efe-98e9-769673eae21c, 200   BundledUpdates: 0 WUAHandler 03/09/2019 12:03:23 1824 (0x0720)
    1. Update (Missing): 2019-06 Servicing Stack Update for Windows 10 Version 1809 for x64-based Systems (KB4504369) (6c40d9be-f9b3-4e11-9f47-26792f72da6f, 200) WUAHandler 03/09/2019 12:03:23 1824 (0x0720)
    Async installation of updates started. WUAHandler 03/09/2019 12:03:23 1824 (0x0720)
    Update 1 (6c40d9be-f9b3-4e11-9f47-26792f72da6f) finished installing (0x00000000), Reboot Required? Yes WUAHandler 03/09/2019 12:04:11 17304 (0x4398)
    Async install completed. WUAHandler 03/09/2019 12:04:11 17304 (0x4398)
    Installation of updates completed. WUAHandler 03/09/2019 12:04:11 14284 (0x37CC)
    CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for bundles WUAHandler 04/09/2019 09:28:28 1128 (0x0468)
    Update (14411535-1082-470a-bdda-1ebda6e0c902) has finished the post reboot operation. HResult: 0x00000000. WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Update (1f595dba-012d-4237-8d8f-3d110993b8dc) has finished the post reboot operation. HResult: 0x00000000. WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Update (2bef2493-d3af-412d-aed8-ebcb0544f429) has finished the post reboot operation. HResult: 0x00000000. WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Update (906308cd-f0e3-4ca0-b9b1-15b414af5241) has finished the post reboot operation. HResult: 0x00000000. WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Update (6c40d9be-f9b3-4e11-9f47-26792f72da6f) has finished the post reboot operation. HResult: 0x00000000. WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Scan results will include all superseded updates. WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'A3C2375D-0C8A-42F9-BCE0-28333E198407')) WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Async searching of updates using WUAgent started. WUAHandler 04/09/2019 09:28:34 1108 (0x0454)
    Async searching completed. WUAHandler 04/09/2019 09:29:04 1604 (0x0644)
    Successfully completed scan. WUAHandler 04/09/2019 09:29:04 6836 (0x1AB4)
    Scan results will include all superseded updates. WUAHandler 04/09/2019 09:29:04 4016 (0x0FB0)
    Search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'A3C2375D-0C8A-42F9-BCE0-28333E198407')) WUAHandler 04/09/2019 09:29:04 4016 (0x0FB0)
    Async searching of updates using WUAgent started. WUAHandler 04/09/2019 09:29:04 4016 (0x0FB0)
    Async searching completed. WUAHandler 04/09/2019 09:29:05 5576 (0x15C8)
    Successfully completed scan. WUAHandler 04/09/2019 09:29:06 4016 (0x0FB0)
    Its a WSUS Update Source type ({03323D58-6130-4D80-B018-81219F18C627}), adding it. WUAHandler 04/09/2019 09:41:20 13724 (0x359C)
    Enabling WUA Managed server policy to use server: https://servername.domain.com:8531 WUAHandler 04/09/2019 09:41:20 13724 (0x359C)
    Device is not MDM enrolled yet. All workloads are managed by SCCM. WUAHandler 04/09/2019 09:41:20 13896 (0x3648)
    SourceManager::GetIsWUfBEnabled - There is no Windows Update for Business settings assignment. Windows Update for Business is not enabled through ConfigMgr WUAHandler 04/09/2019 09:41:20 13896 (0x3648)
    Waiting for 120 seconds for Group Policy to notify of WUA policy change... WUAHandler 04/09/2019 09:41:20 13724 (0x359C)
    Waiting for 30 secs for policy to take effect on WU Agent. WUAHandler 04/09/2019 09:42:13 13724 (0x359C)
    Added Update Source ({03323D58-6130-4D80-B018-81219F18C627}) of content type: 2 WUAHandler 04/09/2019 09:42:43 13724 (0x359C)
    Scan results will include all superseded updates. WUAHandler 04/09/2019 09:42:43 13724 (0x359C)
    Search Criteria is (DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver') WUAHandler 04/09/2019 09:42:43 13724 (0x359C)
    Async searching of updates using WUAgent started. WUAHandler 04/09/2019 09:42:43 13724 (0x359C)
    Async searching completed. WUAHandler 04/09/2019 09:42:48 17348 (0x43C4)
    OnSearchComplete - Failed to end search job. Error = 0x80240440. WUAHandler 04/09/2019 09:42:48 13724 (0x359C)
    Scan failed with error = 0x80240440. WUAHandler 04/09/2019 09:42:48 13724 (0x359C)


    Regards Nikhil S

    Wednesday, September 4, 2019 10:15 AM

Answers

  • Hi All,

    Thank you for your responses.

    Changing the Client Connection Type to "Allow Intranet-Only client connection" is fixing this issue.


    Regards Nikhil S

    • Marked as answer by S Nikhil Tuesday, October 15, 2019 3:53 PM
    Tuesday, October 15, 2019 3:53 PM

All replies

  • Since you are not using HTTPS client communication , kindly change the settings to Allow intranet only client connection and check again
    Wednesday, September 4, 2019 10:24 AM
  • Is the SUP configured for HTTPS? If so, why?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, September 4, 2019 12:44 PM
  • Hi Jason, The SCCM infra is setup with HTTPS and using PKI. SUP is configured for HTTP but the option “Allow intranet and Internet client connections is selected.

    Regards Nikhil S

    Wednesday, September 4, 2019 12:56 PM
  • I'm not following. Why is the site set up for HTTPS but not the SUP?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, September 4, 2019 1:44 PM
  • Hi All,

    Thank you for your responses.

    Changing the Client Connection Type to "Allow Intranet-Only client connection" is fixing this issue.


    Regards Nikhil S

    • Marked as answer by S Nikhil Tuesday, October 15, 2019 3:53 PM
    Tuesday, October 15, 2019 3:53 PM