none
WSUS Breaks after KB3159706, released 5/5/2016

    Question

  • Hey all, just installed KB3159706 on my WS 2012 R2 WSUS Server at 2PM on 5/5/2016.  This was supposed to fix/issues when KB3148812 was released a few weeks ago.  Don't install KB3159706, it breaks WSUS.

    C'mon Microsoft, get your stuff together.  I'm tired of this amateur hour BS.



    Thursday, May 05, 2016 6:25 PM

Answers

  • Hey all, just installed KB3159706 on my WS 2012 R2 WSUS Server at 2PM on 5/5/2016.  This was supposed to fix/issues when KB3148812 was released a few weeks ago.  Don't install KB3159706, it breaks WSUS.

    C'mon Microsoft, get your stuff together.  I'm tired of this amateur hour BS.



    Shane - Did you do the manual post installation steps after installing KB3159706?

    Manual steps required to complete the installation of this update
    1. Open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    2. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    3. Restart the WSUS service.
    Thursday, May 05, 2016 7:26 PM

All replies

  • Just an update, after uninstalling KB3159706 from my server, it is now functioning correctly again.

    I'm not sure if someone rushed KB3159706 out the door, or if it was only to be installed after KB3148812 (Which they have yanked , and is now unavailable), but still... don't install it.

    Can someone from Microsoft get on this and provide a resolution?


    Thursday, May 05, 2016 6:36 PM
  • Hey all, just installed KB3159706 on my WS 2012 R2 WSUS Server at 2PM on 5/5/2016.  This was supposed to fix/issues when KB3148812 was released a few weeks ago.  Don't install KB3159706, it breaks WSUS.

    C'mon Microsoft, get your stuff together.  I'm tired of this amateur hour BS.



    Shane - Did you do the manual post installation steps after installing KB3159706?

    Manual steps required to complete the installation of this update
    1. Open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    2. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    3. Restart the WSUS service.
    Thursday, May 05, 2016 7:26 PM
  • DariceIT,

    No, I didn't follow the post installation steps.

    The reason why I did not is because the KB article did not exist online until after the update was released.  No KB pages existed for the patch at the time.

    Thanks DariceIT

    Hey Microsoft guys, are you listening?  Publish the article at the same time, or before, okay?

    Thursday, May 05, 2016 7:41 PM
  • After following the postinstall steps, it is good to go.

    Thursday, May 05, 2016 8:02 PM
  • THANK YOU.

    Its eleven PM. I rebooted my NEW WSUS SERVER. It is now broke. I did the "post" directions and now it works ----

    BUT - I am so mad. Lets do a Windows Update that BREAKS a WSUS Server..

    Thank you again. 

    Friday, May 06, 2016 3:18 AM
  • Hi guys

    Thanks for the info, but the solution didn't work for me. I realised that the problem is with KB3159706, so I uninstalled the update. That got my WSUS working again. Then I read this thread, and decided to install the update again. I rebooted after it installed, then opened the command prompt and ran the wsusutil as above. It gave me a few errors:

    1. The database is in single user mode, and there is a user connected to it.

    I then stopped the WSUS Service

    2. Then it gave me a long error about it can't be done at this time (sorry, I can't remember the error)

    So I uninstalled the update again, and that seems to get my WSUS working again

    Friday, May 06, 2016 6:49 AM
  • Pssh. I did all the steps, including the web.config steps and I can't connect to the console.  To change web.config I had to take ownership and change perms.  I even tried changing the owner back.  Complete fail.  I'm using SQL Server 2014 instead of a local database, but I can't tell if that matters.
    Friday, May 06, 2016 6:59 PM
  • Typically, the KB article is published within seconds of the update going live.  This was not a typical release (being that it was on a Thursday instead of the usual Tuesday), and there was a 90-minute gap between the two.  Note that we will always publish a KB for a WSUS update: if one hasn't shown up, then you can assume there is an unexpected delay on our side.
    Friday, May 06, 2016 8:55 PM
    Moderator
  • Ownership is irrelevant after you've edited your Web.Config file.  If you can't connect to the console, then the "wsusutil postinstall /servicing" step is the relevant one for you.  Have you run this?  Can you copy the console error to clipboard and paste it here?
    Friday, May 06, 2016 8:57 PM
    Moderator
  • You saved my day. Thank you.
    Monday, May 09, 2016 6:42 AM
  • Why is it acceptable for the update to break WSUS if the manual steps have not been followed?  I think it would be better if the new code would detect that the requirements have not been met, log an error in the event log and then revert to legacy behavior. 
    • Proposed as answer by rus.onix Wednesday, June 28, 2017 8:35 PM
    Monday, May 09, 2016 2:21 PM
  • I went through the manual steps as follows:

    1. Ran the wsusutil.exe postinstall /servicing command and waited for it to finish.
    2. Installed the HTTP activation feature
    3. Restarted the WSUS service
    4. Went to the web.config file, but didn't see the <services> section at all.
    5. Rebooted the server
    6. the services section was now present in the web.config file
    7. Did the modifications to the web.config file
    8. Restarted WSUS service
    9. Was seeing Event 18456 "Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database 'SUSDB'. [CLIENT: <named pipe>]" in application log.  No good.
    10. Restarted server.
    11. Same error.  No good.
    12. Double checked the web.config file, all was good.
    13. Re-ran the wsusutil.exe postinstall /servicing command.  
    14. Everything started working again.

    In my opinion the manual post-install directions could use a little more detail.

    Wednesday, May 11, 2016 3:25 PM
  • According https://support.microsoft.com/en-us/kb/3159706 I have :

    1. Ran the "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" command

    2. Set HTTP Activation for .NET Framework 4.5

    3. Restarted the WSUS service

    4. Modified "C:\Program Files\Update Services\WebServices\ClientWebService\Web.Config" file

    5. Restarted my WSUS server

    => My WSUS console did not work.

    Then I uninstalled KB3159706 and my WSUS console worked, I installed again KB3159706 and my WSUS console failed

    So I tried again to :

    1. Checked HTTP Activation for .NET Framework 4.5 => OK

    2. Set HTTP Activation for .NET Framework 3.5 too

    3. Noticed the "C:\Program Files\Update Services\WebServices\ClientWebService\Web.Config" file was no more correct, so I modified it once again

    4. Ran the "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" command

    5. Restarted WSUS Service

    => My WSUS console worked !

    Just to be sure I restarted my WSUS server and the WSUS console was still operational.

    I don't think HTTP Activation for .NET Framework 3.5 resolved the issue, so it's probably the "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" command at the end of modification...

    Thursday, May 12, 2016 1:33 PM
  • After installing Windows-Updates I was not able to open the Management Console and all clients could not connect to WSUS.
    Eventlog
    Windows Server Update Services
    507
    Update Services failed its initialization and stopped.

    After executing manual steps described here, all is fine again.
    H T T P S://support.microsoft.com/en-us/kb/3159706

    Thursday, May 12, 2016 2:53 PM
  • Just an FYI for everyone that here's a complete list of the steps that I performed and worked for me.

    1. Install KB3159706.
    2. Reboot the WSUS server (this step is very important and simply restarting the WSUS Service is NOT sufficient).
    3. After the server reboots then open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    4. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    5. Restart the WSUS service.
    Thursday, May 12, 2016 2:55 PM
  • Just an FYI for everyone that here's a complete list of the steps that I performed and worked for me.

    1. Install KB3159706.
    2. Reboot the WSUS server (this step is very important and simply restarting the WSUS Service is NOT sufficient).
    3. After the server reboots then open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    4. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    5. Restart the WSUS service.

    you missed an important step, when you enabled SSL for your WSUS. Please see here:

    H T T P S://support.microsoft.com/en-us/kb/3159706

    Thursday, May 12, 2016 2:57 PM
  • Stefan_b_1984 - Yes, you are correct.  I do not use SSL for WSUS so I did not perform these steps.  As I mentioned in my original post, please follow the post installation manual installation steps (all of them if they pertain to your environment) in KB3159706.
    Thursday, May 12, 2016 3:01 PM
  • When I run "4. Ran the "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" command"
    and look at the output of my the .tmp file that is created, I see this.

    2016-05-12 09:34:43  Install type is: Reinstall
    2016-05-12 09:34:43  Install type is Reinstall, but should be Upgrade.  Cannot service the database
    2016-05-12 09:34:43  Swtching DB to multi-user mode......
    2016-05-12 09:34:43  Finished setting multi-user mode
    2016-05-12 09:34:43  Starting service W3SVC
    2016-05-12 09:34:44  Starting service WSUSService
    2016-05-12 09:34:44  Postinstall completed

    Thursday, May 12, 2016 3:07 PM
  • Well it appears several people have voted this the correct answer but I had to do these steps twice seemed like step 2 needed to precede step one for me.

     I can't disagree with Shane this update was irritating, If an update can pop up with a license agreement before installing this one should have popped up with the prerequisites.  I lost a couple of hours late at night with this one.


     
    Thursday, May 12, 2016 4:04 PM
  • Why can't Microsoft release an update for this that doesn't require further work from out of house IT?  This is ridiculous.  Until this update, this has never happened before.  Just rescind the update, fix it and release it to update automatically.  Sheesh.
    • Proposed as answer by CurtisKooi112 Tuesday, June 07, 2016 2:41 PM
    Thursday, May 12, 2016 4:33 PM
  • For what it is worth - I am not using SSL for connections, but until I added the changes to the Web.config file my 6000+ clients could not connect.

    So if you are still having client connections issue I recommend inserting the needed lines....

    Friday, May 13, 2016 2:18 PM
  • En Server 2012 R2 el WSUS funcionaba bien hasta que se instaló KB3159706, luego de la instalación presentó: "La consola de administración de WSUS ha encontrado un error inesperado. Esto puede deberse a un error transitorio; intente reiniciar la consola de administración".
    Solución desinstalar:  KB3159706, luego todo volvió  a la normalidad.

    Friday, May 13, 2016 2:20 PM
  • Review the Manual steps here on this KB

    https://support.microsoft.com/en-us/kb/3159706

    • Open an elevated Command Prompt window, and then run the following command (case sensitive, assume "C" as the system volume):
      "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
    • Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.

      HTTP activation
    • Restart the WSUS service.


    IA

    Sunday, May 15, 2016 1:29 PM
  • Thanks, It works for me.

    Microsoft should give the steps while releasing the patch.

    • Proposed as answer by CurtisKooi112 Tuesday, June 07, 2016 2:41 PM
    Monday, May 16, 2016 8:08 AM
  • Just a quick FYI, I had apparently installed the WSUS role as local administrator and needed to run the post install as local administrator in order for this to work.  Otherwise I received an error message "User does not have permission to alter database 'SUSDB', the database is not in a state that allows access checks."
    Tuesday, May 17, 2016 12:03 AM
  • I agree with Rogues on the 2nd point. I certainly don't have time to read all the KB articles before installing updates, and if MS thinks all sysadmins do, they are not living in the real world.
    • Proposed as answer by CurtisKooi112 Tuesday, June 07, 2016 2:41 PM
    Wednesday, May 18, 2016 10:15 AM
  • Worked for me! Thanks!
    Thursday, May 19, 2016 5:13 PM
  • I do read all the KB articles before approving any updates in WSUS.  This is a prime example why.  KB3159706 is sitting unapproved waiting for the dust to settle. 
    Thursday, May 19, 2016 5:20 PM
  • I've tried doing this again, this time running "wsusutil.exe postinstall /servicing" at the very end, restarting the entire server, sacrificing a goat... nothing.

    In the WSUS console I try connecting to a new server and I get:

    Cannot connect to 'FakeServerName'.  The Secure Socket Layer (SSL) certificate for this server could not be validated.

    Please verify SSL is correctly configured, or contact your network administrator if the problem persists.

    The console itself is a vague error:

    The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,
    Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

    System.IndexOutOfRangeException -- Index was outside the bounds of the array.
    Source
    Microsoft.UpdateServices.BaseApi
    Stack Trace:
       at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
       at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()
       at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()
       at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)
       at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type type, Object[] args)
       at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.set_UserSelectedCulture(String value)
       at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.TrySetServerCulture(String culture)
       at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.SetServerCulture()
       at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools..ctor(CultureInfo culture, IUpdateServer updateServer)
       at Microsoft.UpdateServices.UI.SnapIn.Common.ServerTools..ctor(ServerSummaryScopeNode serverSummaryScopeNode, SnapInTools snapInTools, IUpdateServer updateServer)
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
       at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()

     

    I'm using 8531 everywhere, I tried doing wsusutil configuressl, I tried doing WsusUtil.exe postinstall SQL_INSTANCE_NAME=MYSQLSERVER /servicing (since my WSUS SQL database is off-box).  Nothing. 

    If I uninstall the update, switch the web.config file back, and reboot, everything works again.

    Also, the tmp file for the postinstall is thus:

    2016-05-19 14:28:39  Postinstall started
    2016-05-19 14:28:39  Detected role services: Api, UI, Services
    2016-05-19 14:28:39  Start: LoadSettingsForServicing
    2016-05-19 14:28:39  End: LoadSettingsForServicing
    2016-05-19 14:28:39  Stopping service WSUSService
    2016-05-19 14:28:39  Stopping service W3SVC
    2016-05-19 14:28:40  Starting service W3SVC
    2016-05-19 14:28:40  Starting service WSUSService
    2016-05-19 14:28:41  Postinstall completed


    • Edited by SaintFrag Thursday, May 19, 2016 6:30 PM
    Thursday, May 19, 2016 6:24 PM
  • Hi All,

    applying the KB3159706 and following the manual steps in https://support.microsoft.com/en-us/kb/3159706 worked in my environment(s).
    I still had to reapply my configuration setting for WSUS healthmonitoring
    which were set to default (seemingly by the update or the postinstall command). I don't know if other configuration settings might be affected as well.
    I didn't find anything of this in the KB-article so I thought it might be worth mentioning.

    Regards PIfM

    Friday, May 20, 2016 8:04 AM
  • I also killed my SUS server with the KB3159706 patch. I ran the "after update" manual steps as marked by Steve Henry:

    Manual steps required to complete the installation of this update

    1. Open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    2. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    3. Restart the WSUS service.

    Tried this several times and the console is still broken. I have uninstalled the patch and the console works again.

    Checked my temp file and found:

    2016-05-23 15:22:48  Install type is: Fresh
    2016-05-23 15:22:48  Checking if WSUS database is detached
    2016-05-23 15:22:48  WSUS database file: 'C:\Windows\WID\Data\SUSDB.mdf'
    2016-05-23 15:22:48  Install type is Fresh, but should be Upgrade.  Cannot service the database
    2016-05-23 15:22:48  Starting service W3SVC
    2016-05-23 15:22:48  Starting service WSUSService
    2016-05-23 15:22:48  Postinstall completed

    What is next?


    • Edited by Rabbtjack Monday, May 23, 2016 7:43 PM
    Monday, May 23, 2016 7:40 PM
  • Hey all,

    When I try to run 

    "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

    with an elevated command prompt, I get the following error. Can anyone help?:

    Fatal Error: Changes to the state or options of database 'SUSDB' cannot be made
    at this time. The database is in single-user mode, and a user is currently connected to it.
    ALTER DATABASE statement failed.



    C Vallejo

    Tuesday, May 24, 2016 3:57 PM
  • Is your WSUS DB installed on an SQL Server? If yes than the user that you use to run the wsusutil.exe does not have the necessary rights on the SQL server / WSUS DB.


    • Edited by rogstoec Thursday, May 26, 2016 9:28 AM
    Thursday, May 26, 2016 9:28 AM
  • Here is the real answer: uninstall KB3159706
    Friday, June 03, 2016 2:55 PM
  • So I followed these steps and it fixed our WSUS server.

    HOWEVER, this is ridiculous. WHO THE HECK IS RUNNING THINGS AT MICROSOFT!!! THIS IS AT LEAST THE 20th patch that you've pushed out that has broken one of your products.  If you don't want us using your programs just say so.   I sure the heck am not going to goto my CEO and say oh yeah we recommend AZURE or any Microsoft programs or products until you pull your heads out.  We are looking at where we can remove Microsoft pieces and put in place other OS vendors products. 

    Prior to Server 2003R2 this was a problem and every patch pushed out broke stuff. You guys fixed it with 2003R2, 2008, 2008r2, 2012, and up until this year it seemed like 2012R2 would also not have issues with patches but someone there from the pre 2003r2 days must be in charge because you obviously have no QA procedures now and are just shoveling crap out the door. Like I said earlier, tHis is the 20th patch that has broken one of our Microsoft products.  Exchange, SQL, Sharepoint all have been broken with previous patches as well. (AND THESE WERE JUST THE OS PATCHES NOT THE APP PATCHES!!!!!!!!)  


    Friday, June 03, 2016 10:31 PM
  • Thanks! This fixed it for me. 
    Saturday, June 04, 2016 4:16 AM

  • Shane - Did you do the manual post installation steps after installing KB3159706?

    Manual steps required to complete the installation of this update
    1. Open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    2. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    3. Restart the WSUS service.

    This is the amateur hour BS we are talking about.... Microsoft did you seriously get so complacent (or lazy) that your own patches can't even fully install themselves anymore? You really need to consider how much of our time and money you're wasting.... it really sucks for an enterprise with multiple WSUS hosts to have to go and finish installing your patches. 

    This is how you get people to ignore and block your patches... we're just going to stop installing them. 


    - Curtis

    Tuesday, June 07, 2016 2:40 PM
  • This just worked for me on two servers.

    Thanks a bunch.

    Friday, June 10, 2016 8:32 PM
  • This is how you get people to ignore and block your patches... we're just going to stop installing them. 

    - Curtis

    Great, please don't forget to tell your management that your taking this decision so if you get hacked because of a vulnerability that Microsoft have already provided a patch for they know who is responsible.

    Sooo.....if Microsoft notice a problem, say a vulnerability that they can patch but it might require additional steps afterwards, it's more responsible of them to just sit on it not to inconvenience their user base and let all the bad guys exploit it at will.......now THAT would be amatuer hour.

    Tuesday, June 14, 2016 4:03 PM
  • Or you get to explain to management that you got hacked because a security update wasn't installed  because a prior update to the WSUS server meant to support distribution of Windows 10 updates broke distribution of patches to all your systems, including the down-level systems.
    Tuesday, June 14, 2016 6:29 PM
  • Nothing has been done on this in over a month. Those of use with external SQL are just left in the dust, no fix or even a hint of one....
    Wednesday, June 15, 2016 2:26 PM
  • Yeah I already had to explain THIS whole fiasco to management and answer to why WSUS mysteriously stopped working for two weeks and computers were not receiving their patches. 

    Luckily we won't have to worry about distributing Windows 10 updates... that pile of doody is never coming into this environment and management is on board with that. 


    - Curtis

    Wednesday, June 15, 2016 2:38 PM
  • Good info guys. The issue described resolved our issue.

    Prior to reading this post the WSUS service continued to restart and after applying the fix described the WSUS service starts and runs as designed.

    Thursday, June 23, 2016 7:01 PM
  • Many Thanks DariceIT, it solved the mysterious issue. Doesn't Microsoft check before releasing patch update whether it is compatible with their system or not? WSUS is microsoft even.

    it really gave me hard time and i was about to reinstall WSUS server.

    I saw in some help site to restart sql service but just for my knowledge(although my issue is resovled) can anybody advise how to find the sql service as i did not get any in my services. i looked for sql, mssql etc but no luck.

    regards

    Sunday, July 03, 2016 1:47 PM
  • You won't have any SQL services due to the fact that you are using WID. The service your database is running under is "Windows Internal Database". I have tried restarting my SQL service in various order throughout the install. No dice.

    Come on M$, stop being a tool and fix the external DB issue.

    Sunday, July 03, 2016 7:53 PM
  • Hi DariceIT,

    thanks for your info. We have a Win2012 WSUS Server and an SQL DB on an
    SQL 2008 R2 Server.
        It worked perfectly as you described and after restart the WSUS Service the
    WSUS console came up and agents connected again.

    But how does one get this info ?is there a Special web page for manual fixes on auto patches ?                          Thanks & regards  Gerhard Peters, Worldline

    Wednesday, July 06, 2016 1:09 PM
  • HI,

    unfortunately this is not enough,

    if you use SCCM also, and have many products and classifications, then the WSUSpool will crashe during SCCM synchro with  error eventviewer 5002

    you have to modify WSUSpool Advanced settings in applicationspools in IIS.

    put Queue length = 3000

    and

    Private memory = 7843200


    JEFFDEG


    • Edited by JEFF DEG Tuesday, July 12, 2016 12:51 PM solution update
    • Proposed as answer by JMHahn Monday, November 14, 2016 10:26 PM
    Tuesday, July 12, 2016 12:51 PM
  • Change properties of the WSUS Application Pool was the solution. Many many thanks

    I was jsut opening a case at microsoft, to get a solution

    Best Regards

    Tuesday, July 12, 2016 2:13 PM
  • Still not working after executing the C:\Program Files\Update Services\Tools> .\WsusUtil.exe postinstall /servicing command.

    /* Server Support Specialist */

    Tuesday, July 19, 2016 4:05 AM
  • Still failed too after implementing those steps above.

    my WSUS server 4.0 on Windows Server 2012 R2 is still broken.

    The SQL server is on another box.


    /* Server Support Specialist */

    Tuesday, July 19, 2016 4:27 AM
  • Here is the real answer: uninstall KB3159706

    Yes, I agree with you !

    it is back to normal again after uninstalling KB3159706.



    /* Server Support Specialist */

    Tuesday, July 19, 2016 4:32 AM
  • Removing the patch fixed our WSUS server as well.

    Thanks!

    Vince

    Tuesday, July 19, 2016 12:53 PM
  • After postinstallation steps my wsus is working again.

    Thank you very much.

    Wednesday, July 20, 2016 1:19 AM
  • Jason, are you still down and out with a non-WID database?  I'm still looking for a solution.
    Wednesday, July 27, 2016 4:32 PM
  • I second this. I walk in after my WSUS server automatically installed this update. How did I notice it? Because WSUS wasn't working anymore. I ran the commands and there you go. You cant tell me that there isn't some type of script that couldn't have been run to do those steps...

    Also! As stated above, I understand the the KB article is posted within minutes normally... but here's how you fix that problem. Updates don't go out till someone freakin' verifies the KB article,that actually explains how to install the update in the first place, is out there! Come on! We all know that there are many well paid engineers that make this software work. All we ask is that there be some forethought for the consequences !


    Friday, July 29, 2016 1:44 PM
  • Agreed. I spent hours!!! On this trying to figure out which update broke my WSUS. I started following logs in SCCM and for WSUS. (Waste of Time) Finally called in to Microsoft support and watched the tech engineer run this command:

    Cd "C:\Program Files\Update Services\Tools"

    Wsusutil.exe postinstall /Servicing

    Can't believe an update meant to fix one WSUS issue broke WSUS and created another issue. Going to ask for my money back.


    FH

    Friday, July 29, 2016 9:41 PM
  • Worked for me too. Thanks for sharing!
    Tuesday, August 02, 2016 6:36 PM
  • Hello!

    It's now 2016-08-03 and still the kb-article doesn't show a hint that there are any necessary steps after installing:
    'This article describes an update to a feature that enables Windows Server Update Services (WSUS) to natively decrypt Electronic Software Distribution (ESD) in Windows Server 2012 and Windows Server 2012 R2. Before you install this update, see the Prerequisites section.

    Note You must install this update on any WSUS server that is intended to sync and distribute Windows 10 upgrades (and feature updates) that are released after May 1, 2016.'

    I usually read this part of all the updates every month - and checked here the prerequisites which are nothing to worry about. Again I would install this update and have a broken WSUS again ...

    By now it should be absolutly clear that the article must notify about such important necessary steps in the top part like 'prerequisites and necessary steps after applying the update'!

    I too spent (late ...) hours until I found out why our WSUS didn't work any more - as if we all have nothing else to do! Like others I just uninstalled this update.

    Regards

    Bernd Leutenecker






    Wednesday, August 03, 2016 1:32 PM
  • yeah, thats sounds super automatic... still amateur hours over at MS. 

    Wednesday, August 03, 2016 4:11 PM
  • Hey all, just installed KB3159706 on my WS 2012 R2 WSUS Server at 2PM on 5/5/2016.  This was supposed to fix/issues when KB3148812 was released a few weeks ago.  Don't install KB3159706, it breaks WSUS.

    C'mon Microsoft, get your stuff together.  I'm tired of this amateur hour BS.



    Shane - Did you do the manual post installation steps after installing KB3159706?

    Manual steps required to complete the installation of this update
    1. Open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    2. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    3. Restart the WSUS service.
    Thanks so much!!! This fixed our WSUS server. Not sure why Microsoft couldn't have automated this process, but I'm happy at least this is resolved.
    Tuesday, August 09, 2016 1:23 PM
  • Still waiting for an update from MS on this... I'm running WSUS on an external SQL database and it's still broken even after the post install steps. 

    I've posted my logs here: https://social.technet.microsoft.com/Forums/windows/en-US/768b8fec-163e-4620-94c2-5769f8ec23fd/kb3159706-breaks-wsus-even-after-postinstall-steps?forum=winserverwsus 

    Tuesday, August 23, 2016 5:10 PM
  • Same error.

    Did you solve it?

    Thanks

    Friday, August 26, 2016 12:34 PM
  • Firstly, I have SCCM using WSUS in my environment.  My WSUS server is using a remote SQL server which broke after installing KB3159706.  What I found out was wsusutil.exe postinstall SQL_INSTANCE_NAME="server\instance" CONTENT_DIR=D:\WSUS was not accurately updating the sql server accurately.  This can be determined by checking the log file or going to HKLM\Software\Microsoft\Update Services\Server\Setup and looking at the key SqlServerName.  Looking at the key underneath called Installed Role Services I noticed a DWORD UpdateServices-WidDatabase with a value of 0x00000002.  I removed that entry and added UpdateServices-Database = 0x00000002 then went through the post deployment again and it fixed my problem.  I assume the wsusutil.exe looks at that registry key to determine whether WSUS uses SQL or Windows Internal DB.
    • Edited by Ben_Kiwi Tuesday, August 30, 2016 4:38 PM
    Monday, August 29, 2016 11:31 PM
  • For those of us using SQL Server, I have a solution!!!  I wrote a how-to on it, which you can find here:

    https://community.spiceworks.com/how_to/132301-fix-wsus-using-sql-server-after-kb3159706-broke-it

    Because of the nature of this issue and the many people like myself left frustrated by this situation, I will be posting it in a few different threads.  I apologize in advance if this comes across as spam to some people.


    • Edited by SaintFrag Wednesday, August 31, 2016 8:19 PM
    • Proposed as answer by Jason R. Brown Thursday, September 01, 2016 3:14 PM
    Wednesday, August 31, 2016 8:18 PM
  • Hello!

    After installing this update on my Windows Server 2012 R2 WSUS I geting error 12072 when service starting:

    The WSUS content directory is not accessible.
    System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
       at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

    I have done all post installation steps and that not resolved the issue. Any advice would be appreciated.

    Friday, September 02, 2016 8:51 AM
  • Uninstalling KB3159706 is not a great solution as Windows 10 Anniversary Update requires this for deployment through WSUS. Without KB3159706, you cannot deploy Windows 10.

    As for HTTP Activation, my server was already configured that way, so this fix did not work for me. Can't believe this issue has plagued people for so long without a proper patch from Microsoft.

    Friday, September 02, 2016 1:11 PM
  • Just adding that I only had to do step 1 and 3.  When I checked step 2 the features were checkmarked but grey (couldn't select or unselect) and Http activation was already selected.  So I did step 1, then step 3.  
    Thursday, September 08, 2016 7:47 PM
  • Hi,

    I run the command:

    C:\Program Files\Update Services\Tools\wsusutil.exe postinstall and the WSUS is working again, please try..!!

    I have Windows Server 2012 R2 and I don' uninstall the KB3159706

    Monday, October 10, 2016 3:57 PM
  • I removed the update and all is ok after that.

    Deepak G Systems Engineer

    Wednesday, October 26, 2016 3:57 AM
  • In addition to adding "HTTP Activation" to .NET Framework 4.5, I also added it to .NET Framework  3.5 and ran the postinstall command afterwards (second time). I am able to get back into my console now.
    Wednesday, October 26, 2016 3:23 PM
  • BINGO
    Tuesday, November 08, 2016 6:36 PM
  • thank you, this worked for me!
    Wednesday, November 30, 2016 9:29 AM
  • This update should be pulled! I bricked two production WSUS servers last night with this crap! Why are all these manual steps required? It's an update patch. If you can't deploy it hands free pull it! And why do you have to brick your servers THEN FIND THE INFORMATION YOURSELF on how to FIX THEIR CRAP UPDATES!!! 

    I don't have time for this. I found the 'fix' finally and it failed repeatedly at the first hurdle. So back to BRICKED SERVER!! Try again. More hunting. More dead ends. More out of date information. STILL BRICKED SERVER!! 

    Finally rebuilt both and reconfigured. Now terrified to update anything on the server itself in case we loop back to BRICKED AGAIN!! I will find and block this patch as it's just shit. 

    Sort your act out MS 

    Wednesday, December 14, 2016 10:14 AM
  • Excellent fix. Works great and is much better than the original fix/work-around. This actually resolves the problem. WSUS working again. Thanks DariceIT  !
    • Proposed as answer by wacktech2008 Tuesday, January 17, 2017 3:34 PM
    • Unproposed as answer by wacktech2008 Tuesday, January 17, 2017 3:34 PM
    Thursday, December 29, 2016 5:35 PM
  • Shane - Did you do the manual post installation steps after installing KB3159706?

    Manual steps required to complete the installation of this update
    1. Open an elevated Command Prompt window, and then run "C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing" (case sensitive, assume C: as the system volume).
    2. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
    3. Restart the WSUS service.
    May have been a coincidence (ie, I may have done something wrong initially) but I was getting sql errors until I dropped the 'servicing' switch based on a post I saw on another forum. Once I did that and followed the remaining steps the problem was resolved.
    Tuesday, January 17, 2017 3:44 PM
  • I know this is old, BUT... if you run SFC /scannow on your WSUS server, it'll reset your web.config file to pre-KB3159706.

    Yay, right?

    Wednesday, February 08, 2017 2:34 PM
  • DariceIT

    Many Thanks.

    I experienced this issue and applied your post installation Step then WSUS working fine.

    Thursday, March 02, 2017 8:45 AM
  • According to the manual tasks needed after installing KB3159706, I ran:

    "C:\Program Files\Update Services\Tools\wsusutil.exe" <g class="gr_ gr_62 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="62" id="62">postinstall</g> /servicing

    ...but nothing would appear, and the command prompt would say that the <g class="gr_ gr_61 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace gr-progress" data-gr-id="61" id="61">postinstall</g> completed successfully; however WSUS would not work, asking to "Reset Server Node".

    (From here, "HTTP Activation" was supposed to be enabled, but before making any changes to the server, I thought it prudent to have WSUS running correctly first.)

    Following on from some more research online at https://community.spiceworks.com/topic/1567653-heads-up-kb3148812-for-wsus-servers-and-replacement-kb3159706?page=8#entry-6713995, I ran:

    "C:\Program Files\Update Services\Tools\wsusutil.exe" <g class="gr_ gr_63 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="63" id="63">postinstall</g>

    ...nothing else appeared except that the <g class="gr_ gr_64 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="64" id="64">postinstall</g> was successful according to the command prompt, but that's what got WSUS working again! *phew!*

    (As I am <g class="gr_ gr_60 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="60" id="60">sych'd</g> to Microsoft Update servers, I did not have to carry out the tasks for SSL, detailed in https://support.microsoft.com/en-us/help/3159706/update-enables-esd-decryption-provision-in-wsus-in-windows-server-2012-and-windows-server-2012-r2).

    I was then able to add the "HTTP Activation" Feature through Server Manager manually.


    Wednesday, March 15, 2017 4:56 PM
  • According to the manual tasks needed after installing KB3159706, I ran: "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing ...but nothing would appear, and the command prompt would say that the postinstall completed successfully; however WSUS would not work, asking to "Reset Server Node". (From here, "HTTP Activation" was supposed to be enabled, but before making any changes to the server, I thought it prudent to have WSUS running correctly first.) Following on from some more research online at https://community.spiceworks.com/topic/1567653-heads-up-kb3148812-for-wsus-servers-and-replacement-kb3159706?page=8#entry-6713995, I ran: "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall ...nothing else appeared except that the postinstall was successful according to the command prompt, but that's what got WSUS working again! *phew!* (As I am sych'd to Microsoft Update servers, I did not have to carry out the tasks for SSL, detailed in https://support.microsoft.com/en-us/help/3159706/update-enables-esd-decryption-provision-in-wsus-in-windows-server-2012-and-windows-server-2012-r2). I was then able to add the "HTTP Activation" Feature through Server Manager manually.

    So, I am a little confused: should I have seen a feature-dialog to activate the "HTTP Activation" option when executing the postinstall /servicing command, or was I right to add the feature in manually?

    Or does it matter at all which way the feature is added?



    Wednesday, March 15, 2017 4:59 PM
  • Question, I put this update on and follow all post install tasks.  Yes we use SSL for our WSUS server.  However after modifying the web.config file it just doesn't work.  Console works but no clients will connect at all.

    I restored the web.config file from a veeam backup of our WSUS server prior to installing this and messing with it. Now clients connect.  However I'm having an issue on Win 10 machines if I use Powershell to generate a windowsupdate.log I get /ClientWebService/client.asmx returned HTTP 500 status code.  Sure enough if I browse to that URL I get a runtime error and a blurb about setting custom error pages in web.config.

    How can I get this working?  The Microsoft steps are not clear on what to do with the web.config file.  Can't they just post a file to download and put in place?

    Monday, March 27, 2017 4:39 PM
  • I have tried multiple times to follow the steps in the KB and my WSUS continues to come to a screeching stop.  Is there an answer to this yet?  Obviously removing the update and starting over works but the update comes back and break it again.  MICROSOFT PLEASE HELP!!
    Tuesday, April 18, 2017 3:52 PM
  • I know I'm late to this party, but one thing I ran into was that I had to be logged in to the server with the service account that had permissions to the external SQL database (we aren't using WID) before running the manual commands.  Just being local administrator was not enough.
    Monday, May 01, 2017 6:46 PM
  • I think I got this working!!!

    This Ben_Kiwi's reg info mixed with the SQL info on this URL I think makes the magic happen

    https://community.spiceworks.com/how_to/132301-fix-wsus-using-sql-server-after-kb3159706-broke-it

    Add these keys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup\Installed Role Services

    Value: UpdateServices-Database

    Data: 2

    Shutdown all IIS and WSUS servers and double check there are no connections on the SQL server

    I grabbed this folder off another WSUS server and copied it to my SCCM/WSUS server (The database and the WinSxS folder wasn't on my SCCM WSUS servers)
    C:\Program Files\Update Services\Database

    Run the servicing command and  set the http activation per the KB and it will run the SQL that you copied above
    Wsusutil.exe postinstall /Servicing

    Reboot the server.  This was required for me...it sorta worked without the reboot but everything seems fine after.

    This fixed it for me hope it helps some!  It is syncing now and fully patched!  Fingers crossed!

    Thursday, May 18, 2017 7:01 PM
  • This solution worked for me. Windows Server 2012 R2.
    Monday, June 19, 2017 10:02 AM
  • Sadly it didn't work for me.

    I had sporadic Reset server node/loss of console, SQL access errors and more that anything Synchronisations completely failed! left it running over a weekend and came back to still at 0%

    I  went as far as removing WSUS and WID and reinstalling running postinstall again but came back with the same results, only upon removing KB3159706 have i got WSUS back.

    Wednesday, July 05, 2017 9:20 AM
  • This update hit my wsus server just this month.  Ran the post install steps, while the completed without errors, it still did not fix the issue.  I uninstalled KB3159706 and still no dice.  Seems like it might be fixing it for others but not for me.  I'm still dead in the water.

    I'm not running SSL or an external SQL db. It's pretty vanilla.

    Friday, July 14, 2017 12:47 AM
  • Hey all, I'm also having similar concerns with Mark Borchert above.  I have tried the post install steps and removing and adding WSUS back.  Any additional steps that we can take to alleviate this concern?
    Tuesday, September 05, 2017 8:56 PM