Some clients fail to use alternative SSL port?

Discussion:

(too old to reply)

LeaUK

2010-03-23 17:31:02 UTC

WSUS 3 SP2

Clients XP SP2
Running SSL on an alternative port
wuauserv.dll - 5.4.37090.2180

Hi All

One client laptop is fine, the other insists on trying to connect to port
443 and not the alternative port set in its registry... Therefore it never
registers in the console.

Driving me nuts :(

Checked registry - OK
Watched TCPView connection and can see attempts on port 443 - but reg keys
state alternative port!
Rebooted
Waited hours - just incase
Reset Hardware ID run /detectnow

Run out of ideas :(

Please help.

Many thanks
Lea

LeaUK

2010-03-23 18:12:06 UTC

Permalink

Forgot to mention...

https://myserver:1234/iuident.cab
https://myserver:1234/selfupdate/iuident.cab
https://myserver:1234/clientwebservice/wusserverversion.xml
https://myserver:1234/simpleauthwebservice/simpleauth.asmx

All OK.

telnet myserver 1234 - connection is established

NO FW on client machine.

Regards
Lea

Post by LeaUK
WSUS 3 SP2
Clients XP SP2
Running SSL on an alternative port
wuauserv.dll - 5.4.37090.2180
Hi All
One client laptop is fine, the other insists on trying to connect to port
443 and not the alternative port set in its registry... Therefore it never
registers in the console.
Driving me nuts :(
Checked registry - OK
Watched TCPView connection and can see attempts on port 443 - but reg keys
state alternative port!
Rebooted
Waited hours - just incase
Reset Hardware ID run /detectnow
Run out of ideas :(
Please help.
Many thanks
Lea

Lawrence Garvin [MVP]

2010-03-23 21:52:11 UTC

Permalink

Post by LeaUK
Forgot to mention...
https://myserver:1234/iuident.cab
https://myserver:1234/selfupdate/iuident.cab
https://myserver:1234/clientwebservice/wusserverversion.xml
https://myserver:1234/simpleauthwebservice/simpleauth.asmx

Post by LeaUK
wuauserv.dll - 5.4.37090.2180

In addition to not supporting SSL, this ancient version of the AU client
also only supports connectivity to web servers on port 80.

--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)

My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Lawrence Garvin [MVP]

2010-03-23 21:51:09 UTC

Permalink

Post by LeaUK
wuauserv.dll - 5.4.37090.2180

This is a critical defect. The Windows Update Agent here is ancient. This
version of the AU client does not support SSL connectivity.

Likely you'll need to download the WUAgent from the Download center
[WindowsUpdateAgent30-x86.exe] and install it to this machine from the
command line.

LeaUK

2010-03-24 10:44:01 UTC

Permalink

Post by Lawrence Garvin [MVP]

Post by LeaUK
wuauserv.dll - 5.4.37090.2180

This is a critical defect. The Windows Update Agent here is ancient. This
version of the AU client does not support SSL connectivity.
Likely you'll need to download the WUAgent from the Download center
[WindowsUpdateAgent30-x86.exe] and install it to this machine from the
command line.

Thanks Lawrence, can you believe it, I typo'd, the actual version is:

5.4.3790.2180

It connects fine on one laptop yet another (huge batch) will fail :(

Both laptops are Win XP SP2 (so not too ancient) with the same dll version,
one connects on custom port the other tries connecting on :443 and fails.

Very confused and panicking now as I really don't want to work out how to
manually push the later version out to clients.

If I open port 80 will clients be able to update this dll/service without
having to manually distribute?

Please help…

Many thanks
Lea

Post by Lawrence Garvin [MVP]
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)
My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

LeaUK

2010-03-24 11:12:03 UTC

Permalink

I updated the failing client using windowsupdateagent30-x86 v 6.2.29.0 and
surprisingly wuauserv.dll remained at 5.4.3790.2180 but on test the laptop
connected to the WSUS server on the custom port instantly and perfectly! :)
:) :)

So the obvious next question...is there anyway to update clients via WSUS?
I suspect I will have to point clients at a standard port first (80) then
change them to the custom port at a latter time but that's not nice....

Any help always appreciated..

Lea

Post by LeaUK

Post by Lawrence Garvin [MVP]

Post by LeaUK
wuauserv.dll - 5.4.37090.2180

This is a critical defect. The Windows Update Agent here is ancient. This
version of the AU client does not support SSL connectivity.
Likely you'll need to download the WUAgent from the Download center
[WindowsUpdateAgent30-x86.exe] and install it to this machine from the
command line.

5.4.3790.2180
It connects fine on one laptop yet another (huge batch) will fail :(
Both laptops are Win XP SP2 (so not too ancient) with the same dll version,
one connects on custom port the other tries connecting on :443 and fails.
Very confused and panicking now as I really don't want to work out how to
manually push the later version out to clients.
If I open port 80 will clients be able to update this dll/service without
having to manually distribute?
Please help…
Many thanks
Lea

Lawrence Garvin [MVP]

2010-03-24 13:10:42 UTC

Permalink

Post by LeaUK
So the obvious next question...is there anyway to update clients via WSUS?

Well, yes, by upgrading the WSUS Server. :-)

WSUS v3 SP2 distributes the v7.4 WUAgent
WSUS v3 SP1 distributes the v7.1 WUAgent
WSUS v3 RTW distributes the v7.0 WUAgent

For brand new installs of Windows XP, if they're deployed to XP Service Pack
2, they should automatically selfupdate the 'SP2' agent to the agent
provided by your WSUS server, presuming that the /selfupdate feature is
available on port 80 of the WSUS Server.

LeaUK

2010-03-25 11:07:02 UTC

Permalink

Post by Lawrence Garvin [MVP]

Post by LeaUK
So the obvious next question...is there anyway to update clients via WSUS?

Well, yes, by upgrading the WSUS Server. :-)
WSUS v3 SP2 distributes the v7.4 WUAgent
WSUS v3 SP1 distributes the v7.1 WUAgent
WSUS v3 RTW distributes the v7.0 WUAgent
For brand new installs of Windows XP, if they're deployed to XP Service Pack
2, they should automatically selfupdate the 'SP2' agent to the agent
provided by your WSUS server, presuming that the /selfupdate feature is
available on port 80 of the WSUS Server.

Clients are all WinXP SP2, but were failing to autoupdate. I tracked down
the cause. I noticed in the event log that the API remoting service was
failing and this was caused by wsusutil configuressl being set with the
external DNS name (at install I thought this was the correct option), however
changing this to the internal server name resolved the event log messages.
Running wsusutil checkhealth reveals all is OK and clients can now receive
latest WU files - checked via their windowsupdate.log files.

With regards to the dll versions, I have realised why the dll doesn't change
version, I'm looking at the service dll not the 'heart' of WSUS. Wuaueng.dll
is the file to review WU version.

This is a useful script:

Dim oAgentInfo, ProductVersion
Set oAgentInfo = CreateObject("Microsoft.Update.AgentInfo")
Wscript.Echo "C:\Windows\System32\wuapi.dll version: " &
oAgentInfo.GetInfo("ProductVersionString")
Wscript.Echo "WUA version : " & oAgentInfo.GetInfo("ApiMajorVersion") & "."
& oAgentInfo.GetInfo("ApiMinorVersion")

Thanks Lawrence..

LeaUK

2010-03-27 09:52:01 UTC

Permalink

Post by LeaUK

Post by Lawrence Garvin [MVP]

Post by LeaUK
So the obvious next question...is there anyway to update clients via WSUS?

Well, yes, by upgrading the WSUS Server. :-)
WSUS v3 SP2 distributes the v7.4 WUAgent
WSUS v3 SP1 distributes the v7.1 WUAgent
WSUS v3 RTW distributes the v7.0 WUAgent
For brand new installs of Windows XP, if they're deployed to XP Service Pack
2, they should automatically selfupdate the 'SP2' agent to the agent
provided by your WSUS server, presuming that the /selfupdate feature is
available on port 80 of the WSUS Server.

No they cant :( Some update correctly, most do not. A bit frustrating.
All register with the console, majority fail to selfupdate. All fail to
report.

Run the WU 7.4 update, all report immediately.

Due to timescales I have had to resort to pushing the WU 7.4 update out by
GPO, but I do need to resolve this for my 1000's of external clients.

No http(s) proxy
Connection to selfupdate cab files via IE all OK
Will review update.log for clues

More fun :)

Post by LeaUK
With regards to the dll versions, I have realised why the dll doesn't change
version, I'm looking at the service dll not the 'heart' of WSUS. Wuaueng.dll
is the file to review WU version.
Dim oAgentInfo, ProductVersion
Set oAgentInfo = CreateObject("Microsoft.Update.AgentInfo")
Wscript.Echo "C:\Windows\System32\wuapi.dll version: " &
oAgentInfo.GetInfo("ProductVersionString")
Wscript.Echo "WUA version : " & oAgentInfo.GetInfo("ApiMajorVersion") & "."
& oAgentInfo.GetInfo("ApiMinorVersion")
Thanks Lawrence..