none
SUS 6.3.96 Client Web Service is not working Error Event 12022 on Windows Server 2012 R2. No other WSUS errors RRS feed

  • Question

  • Hi there,

    The background information to this is that we initially installed the WSUS on Windows Server 2012, and then upgraded to Server 2012 R2, and everything continued to work fine. Now we added the McAfee Application Whitelisting software - Solidcore - to the server, and with Solidcore disabled everything still works fine. When we enable Solidcore in the monitor-only mode or in the allow-update mode, the WSUS "Client Web Service is not working" Error Event 12022 is generated and the WSUS stops forwarding windows updates. When checking for updates, Windows 2012 R2 clients return error code 8024401F. On the WSUS server, in IIS Manager, when I try to view the ClientWebService\App_Data ASP.NET Applcations Settings the following popup occurs:

    There was an error while performing this operation.
    Details:
    Filename: \\?\C:\Program Files\Update Services\WebServices\ClientWebService\web.config
    Line number: 114
    Error: Configration file is not well-formed XML

    It seems that the server name is somehow getting lost with Solidcore enabled. The refered to web.config file has what appear to be comments enclosed in <!-- --> on lines 113 to 116.

    I have looked at the microsoft technet support on Event ID 12022

    http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=.NET+Framework&ProdVer=2.0.50727&EvtID=12022&EvtSrc=Windows+Server+Update+Services&LCID=1033

    and the permissions for the clientwebservices folder are identical with and without Solidcore running. They are as follows:

    Also the IIS configuration is identical with and without Solidcore running. The only difference to the settings provided in the technet support page on Event ID 12022 is that the AppIsolated property is 0.

    Thank you for your help in solving this.
    Thursday, August 13, 2015 6:28 PM

Answers

  • It turned out that McAfee released a hot fix to Solidcore last week. Installing this hotfix fixed the problem and WSUS is working fine on the server now.
    • Marked as answer by M a r k Thursday, August 13, 2015 10:35 PM
    Thursday, August 13, 2015 10:35 PM

All replies

  • is mcafee blocking ports 8530/8531 on the wsus server (unless you are using non-standard ports)?

    are you able to browse IIS pages:

    http://wsusserver

    http://wsusserver:8530/selfupdate/wuident.cab

    it would seem like mcafee is blocking IIS if the web.config file seems corrupted/modified. wouldn't it make more sense to contact mcafee about this to find out how to put in an exception in?

    Thursday, August 13, 2015 7:49 PM
  • No. McAfee is not blocking ports 8530/8531.

    Browsing to http://my-wsus-server   displays a Windows Server Internet Information Services Welcome Page.

    Browsing to wuident.cab displays a popup allowing me to download the cab.

    I already have a case open with McAfee for a few weeks. They are very conversant with their software but not so much with WSUS.

    I forgot to mention that I have run Procmon over the time period from when a client sends an update request to the timeout with Solidcore enabled and disabled, looking for DENIED in the Results column and I could not see any difference. We can do this again once the WSUS ClientWebService is running.

    Also we are running Hyper-V on our WSUS server.

    • Edited by M a r k Thursday, August 13, 2015 8:57 PM
    Thursday, August 13, 2015 8:31 PM
  • It turned out that McAfee released a hot fix to Solidcore last week. Installing this hotfix fixed the problem and WSUS is working fine on the server now.
    • Marked as answer by M a r k Thursday, August 13, 2015 10:35 PM
    Thursday, August 13, 2015 10:35 PM