Discussion:
Some client fails to report
(too old to reply)
Thomas Olsson
2008-04-30 07:00:00 UTC
Permalink
We have been using WSUS for quite some time and are now using WSUS 3.0.
Now three of the computers fails to show up in the list of computers.
If I run "wuauclt /resetauthorization /detectnow" they will show up for a
while (10 minutes?) and then they are gone again. It seems like updates are
detected and installed correctly though.
Looking at the WindowsUpdate.log I can see the following error or on all of
the machines. I do not see this on the machines that work.
Two of the machines that fails are Windows 2003 Server and one is a new
Windows 2008 Server. The two older machines used to work, but I am not sure
if the 2008 machine ever worked.
I don't know exactly when this problem started. The things we have done
fairly recently is to install the SP for WSUS and to replace the https
certificate for the WSUS server in IIS.


2008-04-30 07:37:32:538 980 1ac PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2008-04-30 07:37:32:538 980 1ac PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
https://wsuserver:8531/ClientWebService/client.asmx
2008-04-30 07:37:32:631 980 1ac PT WARNING: Cached cookie has expired or
new PID is available
2008-04-30 07:37:32:631 980 1ac PT Initializing simple targeting cookie,
clientId = 7cc650b5-b214-45d8-80bc-b85f383fa7a1, target group = Servers, DNS
name = chartserver1.corp.vinga.se
2008-04-30 07:37:32:631 980 1ac PT Server URL =
https://wsuserver:8531/SimpleAuthWebService/SimpleAuth.asmx
2008-04-30 07:37:32:975 980 1ac PT WARNING: GetCookie failure, error =
0x8024400D, soap client error = 7, soap error code = 300, HTTP status code =
200
2008-04-30 07:37:32:975 980 1ac PT WARNING: SOAP Fault: 0x00012c
2008-04-30 07:37:32:975 980 1ac PT WARNING: faultstring:Fault occurred
2008-04-30 07:37:32:975 980 1ac PT WARNING: ErrorCode:ServerChanged(4)
2008-04-30 07:37:32:975 980 1ac PT WARNING: Message:Server rolled back
since last call to GetCookie
2008-04-30 07:37:32:975 980 1ac PT WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2008-04-30 07:37:32:975 980 1ac PT WARNING:
ID:17e78c2b-645d-4de4-b624-26d6fe357202
2008-04-30 07:37:32:975 980 1ac PT WARNING: PTError: 0x80244015
2008-04-30 07:37:32:975 980 1ac PT WARNING: GetCookie_WithRecovery failed :
0x80244015
2008-04-30 07:37:32:975 980 1ac PT WARNING: RefreshCookie failed: 0x80244015
2008-04-30 07:37:32:975 980 1ac PT WARNING: RefreshPTState failed: 0x80244015
2008-04-30 07:37:32:975 980 1ac PT WARNING: Sync of Updates: 0x80244015
2008-04-30 07:37:33:022 980 1ac PT WARNING: Cached cookie has expired or
new PID is available
2008-04-30 07:37:33:022 980 1ac PT Initializing simple targeting cookie,
clientId = 7cc650b5-b214-45d8-80bc-b85f383fa7a1, target group = Servers, DNS
name = chartserver1.corp.vinga.se
2008-04-30 07:37:33:022 980 1ac PT Server URL =
https://wsuserver:8531/SimpleAuthWebService/SimpleAuth.asmx
2008-04-30 07:37:33:459 980 1ac Agent * WARNING: Failed to synchronize,
error = 0x80244015
2008-04-30 07:37:33:459 980 1ac DnldMgr File locations for service
3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 changed
2008-04-30 07:37:33:459 980 1ac Agent Server changed and need resyncing
with server
2008-04-30 07:37:33:569 980 1ac PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2008-04-30 07:37:33:569 980 1ac PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
https://wsuserver:8531/ClientWebService/client.asmx
2008-04-30 07:37:35:053 980 1ac PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2008-04-30 07:37:35:053 980 1ac PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
https://wsuserver:8531/ClientWebService/client.asmx
--
Thomas Olsson
Vinga System AB
Lawrence Garvin [MVP]
2008-05-01 00:57:11 UTC
Permalink
Post by Thomas Olsson
I don't know exactly when this problem started. The things we have done
fairly recently is to install the SP for WSUS and to replace the https
certificate for the WSUS server in IIS.
The certificate would be my highest probability of diagnostic effort; but
there are also issues documented in the Release Notes that you should
research.

As for the error codes...
Post by Thomas Olsson
0x80244015
0x80244015
2008-04-30 07:37:32:975 980 1ac PT WARNING: Sync of Updates: 0x80244015
2008-04-30 07:37:33:459 980 1ac Agent * WARNING: Failed to synchronize,
error = 0x80244015
2008-04-30 07:37:33:459 980 1ac DnldMgr File locations for service
3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 changed
2008-04-30 07:37:33:459 980 1ac Agent Server changed and need resyncing
with server
From Appendix G of the WSUS Operations Guide
http://technet2.microsoft.com/windowsserver/en/library/061d0423-f7f1-401e-9ef7-b7d02cd50b7a1033.mspx?mfr=true

0x80244015
WU_E_PT_REFRESH_CACHE_REQUIRED
The reply from the server indicates that the server was changed or the
cookie was invalid; refresh the state of the internal cache and retry.

Now, you've noted that 'wuauclt /resetauthorization /detectnow' temporarily
resolves the issue, but then they "disappear" again. Yet, this is most
interesting because there's no feature in WSUS to make a client system
"disappear" from the admin console.

In any event, the starting place is [a] The Release Notes, and [b] The
certificate replacement (including, perhaps, a brief explanation of why you
replaced the certificate, and what procedure(s) you used to effect this
replacement -- including how you updated the clients with respect to knowing
about this new certificate).

Incidentally.. if you disable =SSL=, does the problem go away?
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Thomas Olsson
2008-05-01 07:08:01 UTC
Permalink
There must be some kind of mechanism where WSUS removes the clients from the
list on the server. When I look for this problem on the internet I found
several others with exactly the same problem. For instance:
http://www.wsus.info/forums/index.php?showuser=18548
http://www.wsus.info/forums/index.php?showtopic=11508&pid=40492&st=0&entry40492

We use a certificate server for the certificate (this is something we have
done since WSUS 1.0). I replaced the certificate since the old one had
expired.

I have tried using "plain" http instead of https. It makes not difference.

I have read the release notes but found nothing that explains my problem.
--
Thomas Olsson
Vinga System AB
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
I don't know exactly when this problem started. The things we have done
fairly recently is to install the SP for WSUS and to replace the https
certificate for the WSUS server in IIS.
The certificate would be my highest probability of diagnostic effort; but
there are also issues documented in the Release Notes that you should
research.
As for the error codes...
Post by Thomas Olsson
0x80244015
0x80244015
2008-04-30 07:37:32:975 980 1ac PT WARNING: Sync of Updates: 0x80244015
2008-04-30 07:37:33:459 980 1ac Agent * WARNING: Failed to synchronize,
error = 0x80244015
2008-04-30 07:37:33:459 980 1ac DnldMgr File locations for service
3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 changed
2008-04-30 07:37:33:459 980 1ac Agent Server changed and need resyncing
with server
From Appendix G of the WSUS Operations Guide
http://technet2.microsoft.com/windowsserver/en/library/061d0423-f7f1-401e-9ef7-b7d02cd50b7a1033.mspx?mfr=true
0x80244015
WU_E_PT_REFRESH_CACHE_REQUIRED
The reply from the server indicates that the server was changed or the
cookie was invalid; refresh the state of the internal cache and retry.
Now, you've noted that 'wuauclt /resetauthorization /detectnow' temporarily
resolves the issue, but then they "disappear" again. Yet, this is most
interesting because there's no feature in WSUS to make a client system
"disappear" from the admin console.
In any event, the starting place is [a] The Release Notes, and [b] The
certificate replacement (including, perhaps, a brief explanation of why you
replaced the certificate, and what procedure(s) you used to effect this
replacement -- including how you updated the clients with respect to knowing
about this new certificate).
Incidentally.. if you disable =SSL=, does the problem go away?
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Lawrence Garvin [MVP]
2008-05-01 14:41:14 UTC
Permalink
Post by Thomas Olsson
There must be some kind of mechanism where WSUS removes the clients from the
list on the server.
There is. It's a manual mechanism.

1. You right click on the computer object and select Delete (Remove?).
2. You run the Server Cleanup Wizard, which deletes non-reporting systems.

In addition, we know of a scenario where computers who share SusClientID
values will replace each other in the console. This typically happens when
machines are cloned from an improperly prepared master image. I discounted
this option in your case since you have this occurrence with =one= Windows
Server 2008 system. (Unless this system was upgraded from Windows Server
2003, and then it's a possibility.)

There is no known scenario (until now) where a computer simply 'disappears'
from the list.
Post by Thomas Olsson
When I look for this problem on the internet I found
http://www.wsus.info/forums/index.php?showuser=18548
http://www.wsus.info/forums/index.php?showtopic=11508&pid=40492&st=0&entry40492
Well.. I can't account for what's being posted on other forums; I can only
comment on what's being posted here.

I do note, however, that both threads are posted by the same user, so, at
best, there's =one= other instance similar to yours.

I also noted nobody has posted a =solution= to joe90's problem.

One suggestion worth pursuing: Contact that poster "joe90", and see if you
can share information. No doubt your unique scenario has something in common
with the scenario in "joe90"s installation. Better yet.. start a dialog with
"joe90" on www.wsus.info!!
Post by Thomas Olsson
We use a certificate server for the certificate (this is something we have
done since WSUS 1.0). I replaced the certificate since the old one had
expired.
Great! But you didn't answer any of my questions concerning "replacing" this
certificate, and quite frankly, my money is still on something related to
this certificate "replacement".
Post by Thomas Olsson
Post by Lawrence Garvin [MVP]
Incidentally.. if you disable =SSL=, does the problem go
away?
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Thomas Olsson
2008-05-01 15:51:01 UTC
Permalink
See inline below
--
Thomas Olsson
Vinga System AB
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
There must be some kind of mechanism where WSUS removes the clients from the
list on the server.
There is. It's a manual mechanism.
1. You right click on the computer object and select Delete (Remove?).
2. You run the Server Cleanup Wizard, which deletes non-reporting systems.
In addition, we know of a scenario where computers who share SusClientID
values will replace each other in the console. This typically happens when
machines are cloned from an improperly prepared master image. I discounted
this option in your case since you have this occurrence with =one= Windows
Server 2008 system. (Unless this system was upgraded from Windows Server
2003, and then it's a possibility.)
None of our machines are cloned. The W2008 is a fresh installation, but the
other two with the same problem have been around for some time and has worked
fine until now.
I have tried to remove the WSUS client ID from the registry.
Post by Lawrence Garvin [MVP]
There is no known scenario (until now) where a computer simply 'disappears'
from the list.
Post by Thomas Olsson
When I look for this problem on the internet I found
http://www.wsus.info/forums/index.php?showuser=18548
http://www.wsus.info/forums/index.php?showtopic=11508&pid=40492&st=0&entry40492
Well.. I can't account for what's being posted on other forums; I can only
comment on what's being posted here.
I do note, however, that both threads are posted by the same user, so, at
best, there's =one= other instance similar to yours.
When I searched for this I found several other discussions around the same
problem, but none of them with a solution.
Post by Lawrence Garvin [MVP]
I also noted nobody has posted a =solution= to joe90's problem.
One suggestion worth pursuing: Contact that poster "joe90", and see if you
can share information. No doubt your unique scenario has something in common
with the scenario in "joe90"s installation. Better yet.. start a dialog with
"joe90" on www.wsus.info!!
I have already asked him but have not yet received an answer.
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
We use a certificate server for the certificate (this is something we have
done since WSUS 1.0). I replaced the certificate since the old one had
expired.
Great! But you didn't answer any of my questions concerning "replacing" this
certificate, and quite frankly, my money is still on something related to
this certificate "replacement".
There are several issues regarding certificates with WSUS and as far as I
understand they all have to do with the certificates generated by WSUS. As
far as I can see the certificates are not used for anything else than for SSL
in IIS. The issues you can run into is to make the client computers trust the
certificate generated by WSUS. Since we use certificates generated by our own
certificate server that is already trusted on the domain, we do not have any
of those issues.
If IIS is already configured with a certificate when you install WSUS, it
will use that one and that is the method we have used since we started to use
WSUS a long time ago.
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
Post by Lawrence Garvin [MVP]
Incidentally.. if you disable =SSL=, does the problem go
away?
I answered that and said that I have tried "plain" http instead of https and
that it made no difference.

I am a bit curious with the error message in the log that reads

2008-04-30 07:37:32:975 980 1ac PT WARNING: ErrorCode:ServerChanged(4)
2008-04-30 07:37:32:975 980 1ac PT WARNING: Message:Server rolled back
since last call to GetCookie

What does "ServerChanged" mean?

/Thomas
Lawrence Garvin [MVP]
2008-05-01 18:28:52 UTC
Permalink
Post by Thomas Olsson
Post by Lawrence Garvin [MVP]
Incidentally.. if you disable =SSL=, does the problem go
away?
I answered that and said that I have tried "plain" http instead of https and
that it made no difference.
My apologies, I did not interpret the statement above as indicating you had
actually completely disabled SSL, changed the URLs, and retried the effort.

Merely changing the URL from https://wsusserver:8531 to
http://wsusserver:8530 will not provide any useful results, which is what I
interpreted that statement to mean.


Would it be possible for you to post the logs of the detection performed
without SSL?

Truth is, it's much easier to diagnose a failure if SSL isn't a variable in
the process.
Post by Thomas Olsson
2008-04-30 07:37:32:975 980 1ac PT WARNING: ErrorCode:ServerChanged(4)
2008-04-30 07:37:32:975 980 1ac PT WARNING: Message:Server rolled back
since last call to GetCookie
What does "ServerChanged" mean?
This is related to the 0x80244015 error, but as to the internal details, I
don't know either.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Thomas Olsson
2008-05-01 21:07:00 UTC
Permalink
What do you mean by "disable SSL"? Do you mean disable it in IIS?

/Thomas
--
Thomas Olsson
Vinga System AB
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
Post by Lawrence Garvin [MVP]
Incidentally.. if you disable =SSL=, does the problem go
away?
I answered that and said that I have tried "plain" http instead of https and
that it made no difference.
My apologies, I did not interpret the statement above as indicating you had
actually completely disabled SSL, changed the URLs, and retried the effort.
Merely changing the URL from https://wsusserver:8531 to
http://wsusserver:8530 will not provide any useful results, which is what I
interpreted that statement to mean.
Would it be possible for you to post the logs of the detection performed
without SSL?
Truth is, it's much easier to diagnose a failure if SSL isn't a variable in
the process.
Post by Thomas Olsson
2008-04-30 07:37:32:975 980 1ac PT WARNING: ErrorCode:ServerChanged(4)
2008-04-30 07:37:32:975 980 1ac PT WARNING: Message:Server rolled back
since last call to GetCookie
What does "ServerChanged" mean?
This is related to the 0x80244015 error, but as to the internal details, I
don't know either.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Lawrence Garvin [MVP]
2008-05-01 23:14:05 UTC
Permalink
Post by Thomas Olsson
What do you mean by "disable SSL"? Do you mean disable it in IIS?
Yes... remove the port 8531 assignment from the properties, and uncheck all
instances of "Require Secure Channel (SSL)" on any WSUS resource.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Thomas Olsson
2008-05-02 08:17:02 UTC
Permalink
I have now tried to turn off SSL in IIS and configure the clients to use http
instead of https. Unfortenately it makes no difference.
The log file still looks the same. The server shows up in WSUS first with
status "Not yet reported" and then as reported and 100% installed (as
expected). However, when I checked back 10 minutes later, the server was gone
from the list.
This time I had a network sniffer running while I waited for the server to
disapear from the list. I could then see that no data was sent between the
machine that disapeared and the WSUS machine. I monitored port 8530 and 80.
The client is thus not actively "revoking" its registration. It must be the
WSUS server that for some reason removes it from its list. There are not
messages in the Event Log on the WSUS machine.
I guess the next step is to reinstall WSUS...

2008-05-02 08:41:59:216 980 908 AU Triggering AU detection through
DetectNow API
2008-05-02 08:41:59:216 980 908 AU Triggering Online detection
(non-interactive)
2008-05-02 08:41:59:216 980 9c8 AU #############
2008-05-02 08:41:59:216 980 9c8 AU ## START ## AU: Search for updates
2008-05-02 08:41:59:216 980 9c8 AU #########
2008-05-02 08:41:59:216 980 9c8 AU <<## SUBMITTED ## AU: Search for updates
[CallId = {356027A2-F46B-4EF5-9438-A89D0106E8F7}]
2008-05-02 08:41:59:216 980 a54 Agent *************
2008-05-02 08:41:59:216 980 a54 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2008-05-02 08:41:59:216 980 a54 Agent *********
2008-05-02 08:41:59:216 980 a54 Agent * Online = Yes; Ignore download
priority = No
2008-05-02 08:41:59:216 980 a54 Agent * Criteria = "IsInstalled=0 and
DeploymentAction='Installation' or IsPresent=1 and
DeploymentAction='Uninstallation' or IsInstalled=1 and
DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and
DeploymentAction='Uninstallation' and RebootRequired=1"
2008-05-02 08:41:59:216 980 a54 Agent * ServiceID =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2008-05-02 08:41:59:216 980 a54 Setup Checking for agent SelfUpdate
2008-05-02 08:41:59:216 980 a54 Setup Client version: Core: 7.1.6001.65
Aux: 7.1.6001.65
2008-05-02 08:41:59:216 980 a54 Misc Validating signature for
C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2008-05-02 08:41:59:231 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:231 980 a54 Misc Validating signature for
C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2008-05-02 08:41:59:231 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:231 980 a54 Misc Validating signature for
C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2008-05-02 08:41:59:231 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:231 980 a54 Misc Validating signature for
C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2008-05-02 08:41:59:247 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:247 980 a54 Setup Determining whether a new setup
handler needs to be downloaded
2008-05-02 08:41:59:247 980 a54 Setup SelfUpdate handler is not found. It
will be downloaded
2008-05-02 08:41:59:247 980 a54 Setup Evaluating applicability of setup
package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.1.6001.65"
2008-05-02 08:41:59:263 980 a54 Setup Setup package
"WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.1.6001.65" is already
installed.
2008-05-02 08:41:59:263 980 a54 Setup Evaluating applicability of setup
package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65"
2008-05-02 08:41:59:278 980 a54 Setup Setup package
"WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65" is
already installed.
2008-05-02 08:41:59:278 980 a54 Setup Evaluating applicability of setup
package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65"
2008-05-02 08:41:59:294 980 a54 Setup Setup package
"WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65" is
already installed.
2008-05-02 08:41:59:294 980 a54 Setup SelfUpdate check completed.
SelfUpdate is NOT required.
2008-05-02 08:41:59:685 980 a54 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2008-05-02 08:41:59:685 980 a54 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsuserver:8530/ClientWebService/client.asmx
2008-05-02 08:41:59:794 980 a54 PT WARNING: SyncUpdates failure, error =
0x8024400D, soap client error = 7, soap error code = 300, HTTP status code =
200
2008-05-02 08:41:59:794 980 a54 PT WARNING: SOAP Fault: 0x00012c
2008-05-02 08:41:59:794 980 a54 PT WARNING: faultstring:Fault occurred
2008-05-02 08:41:59:794 980 a54 PT WARNING:
ErrorCode:FileLocationChanged(11)
2008-05-02 08:41:59:794 980 a54 PT WARNING: Message:(null)
2008-05-02 08:41:59:794 980 a54 PT WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"
2008-05-02 08:41:59:794 980 a54 PT WARNING:
ID:928ed7dd-d473-4510-9158-6d255f742193
2008-05-02 08:41:59:794 980 a54 PT WARNING: No updates found from server;
serverID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2008-05-02 08:41:59:872 980 a54 PT WARNING: PTError: 0x80244025
2008-05-02 08:41:59:872 980 a54 PT WARNING: SyncUpdates_WithRecovery
failed.: 0x80244025
2008-05-02 08:41:59:872 980 a54 PT WARNING: Sync of Updates: 0x80244025
2008-05-02 08:41:59:872 980 a54 Agent * WARNING: Failed to synchronize,
error = 0x80244025
2008-05-02 08:41:59:872 980 a54 DnldMgr File locations for service
3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 changed
2008-05-02 08:41:59:872 980 a54 Agent Server changed and need resyncing
with server
2008-05-02 08:41:59:872 980 a54 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2008-05-02 08:41:59:872 980 a54 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsuserver:8530/ClientWebService/client.asmx
2008-05-02 08:42:02:466 980 a54 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2008-05-02 08:42:02:466 980 a54 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsuserver:8530/ClientWebService/client.asmx
2008-05-02 08:42:02:606 980 a54 Agent * Found 0 updates and 38 categories
in search; evaluated appl. rules of 313 out of 339 deployed entities
2008-05-02 08:42:02:622 980 a54 Agent *********
2008-05-02 08:42:02:622 980 a54 Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2008-05-02 08:42:02:622 980 a54 Agent *************
2008-05-02 08:42:02:622 980 664 AU >>## RESUMED ## AU: Search for updates
[CallId = {356027A2-F46B-4EF5-9438-A89D0106E8F7}]
2008-05-02 08:42:02:622 980 664 AU # 0 updates detected
2008-05-02 08:42:02:622 980 664 AU #########
2008-05-02 08:42:02:622 980 664 AU ## END ## AU: Search for updates
[CallId = {356027A2-F46B-4EF5-9438-A89D0106E8F7}]
2008-05-02 08:42:02:622 980 664 AU #############
2008-05-02 08:42:02:622 980 a54 Inv #############
2008-05-02 08:42:02:622 980 a54 Inv ## START ## Inv: Inventory Collection
2008-05-02 08:42:02:622 980 a54 Inv #########
2008-05-02 08:42:02:622 980 a54 Inv # Talking to WSUS server =
http://wsuserver:8530
2008-05-02 08:42:02:622 980 664 AU AU setting next detection timeout to
2008-05-02 13:15:53
2008-05-02 08:42:02:622 980 a54 Inv # Downloading Rule file from =
http://wsuserver:8530/Inventory/InventoryRules.cab
2008-05-02 08:42:02:622 980 664 AU Setting AU scheduled install time to
2008-05-03 03:00:00
2008-05-02 08:42:02:622 980 a54 Misc Validating signature for
C:\Windows\SoftwareDistribution\Inventory\InventoryRule\InventoryRules.cab:
2008-05-02 08:42:02:622 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:42:02:622 980 a54 Inv # Inventory Rule id =
8226C3A1-70D4-4848-B441-1555AC820A23, version = 1.0
2008-05-02 08:42:04:356 980 a54 Inv #########
2008-05-02 08:42:04:356 980 a54 Inv ## END ## Inv: Inventory Collection
2008-05-02 08:42:04:356 980 a54 Inv #############
2008-05-02 08:42:07:622 980 a54 Report REPORT EVENT:
{7A1BEB22-88A9-47E0-A84E-32C34787D152} 2008-05-02
08:42:02:622+0200 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software
Synchronization Windows Update Client successfully detected 0 updates.
2008-05-02 08:42:07:622 980 a54 Report REPORT EVENT:
{434E06ED-4A2E-4271-A9F4-CD01F8A1DF8E} 2008-05-02
08:42:02:622+0200 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
2008-05-02 08:42:07:622 980 a54 Report REPORT EVENT:
{95C8AC09-010A-42F5-9EFF-967F39C8AB28} 2008-05-02
08:42:04:356+0200 1 126 104 {00000000-0000-0000-0000-000000000000} 0 0 InventoryEngine Success Inventory
processing Inventory: Successfully collected the inventory data
2008-05-02 08:43:21:308 980 a54 Report Uploading 3 events using cached
cookie, reporting URL =
http://wsuserver:8530/ReportingWebService/ReportingWebService.asmx
2008-05-02 08:43:21:308 980 a54 Report Reporter successfully uploaded 3
events.
--
Thomas Olsson
Vinga System AB
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
What do you mean by "disable SSL"? Do you mean disable it in IIS?
Yes... remove the port 8531 assignment from the properties, and uncheck all
instances of "Require Secure Channel (SSL)" on any WSUS resource.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Thomas Olsson
2008-05-02 10:40:01 UTC
Permalink
I have now uninstalled WSUS and selected the option to remove the database
and downloaded upgrades. I checked to see that there were no traces found of
WSUS on the disk.
I then installed a fresh copy of WSUS 3.0 SP1 and selected to install it in
IIS as a separate web site (port 8530/8531).
The server is currently synchronizing with Windows Update. The interesting
thing is that I have blocked these ports in the firewall until I have
finnished configuring the new WSUS.
Despite that the clients are blocked, there is a list of computers in the
WSUS admin tool. The have IP "Unknown", Windows 0.0 and status "Not yet
reported" and the tooltip says "This computer has not yet contacted". The
interesting thing is that this list contains all computers except the ones
that previously refused to work properly. I have a feeling that there is a
connection here.

From where does this initial list in WSUS come? From AD? From WINS?

/Thomas
--
Thomas Olsson
Vinga System AB
Post by Thomas Olsson
I have now tried to turn off SSL in IIS and configure the clients to use http
instead of https. Unfortenately it makes no difference.
The log file still looks the same. The server shows up in WSUS first with
status "Not yet reported" and then as reported and 100% installed (as
expected). However, when I checked back 10 minutes later, the server was gone
from the list.
This time I had a network sniffer running while I waited for the server to
disapear from the list. I could then see that no data was sent between the
machine that disapeared and the WSUS machine. I monitored port 8530 and 80.
The client is thus not actively "revoking" its registration. It must be the
WSUS server that for some reason removes it from its list. There are not
messages in the Event Log on the WSUS machine.
I guess the next step is to reinstall WSUS...
2008-05-02 08:41:59:216 980 908 AU Triggering AU detection through
DetectNow API
2008-05-02 08:41:59:216 980 908 AU Triggering Online detection
(non-interactive)
2008-05-02 08:41:59:216 980 9c8 AU #############
2008-05-02 08:41:59:216 980 9c8 AU ## START ## AU: Search for updates
2008-05-02 08:41:59:216 980 9c8 AU #########
2008-05-02 08:41:59:216 980 9c8 AU <<## SUBMITTED ## AU: Search for updates
[CallId = {356027A2-F46B-4EF5-9438-A89D0106E8F7}]
2008-05-02 08:41:59:216 980 a54 Agent *************
2008-05-02 08:41:59:216 980 a54 Agent ** START ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2008-05-02 08:41:59:216 980 a54 Agent *********
2008-05-02 08:41:59:216 980 a54 Agent * Online = Yes; Ignore download
priority = No
2008-05-02 08:41:59:216 980 a54 Agent * Criteria = "IsInstalled=0 and
DeploymentAction='Installation' or IsPresent=1 and
DeploymentAction='Uninstallation' or IsInstalled=1 and
DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and
DeploymentAction='Uninstallation' and RebootRequired=1"
2008-05-02 08:41:59:216 980 a54 Agent * ServiceID =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2008-05-02 08:41:59:216 980 a54 Setup Checking for agent SelfUpdate
2008-05-02 08:41:59:216 980 a54 Setup Client version: Core: 7.1.6001.65
Aux: 7.1.6001.65
2008-05-02 08:41:59:216 980 a54 Misc Validating signature for
2008-05-02 08:41:59:231 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:231 980 a54 Misc Validating signature for
2008-05-02 08:41:59:231 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:231 980 a54 Misc Validating signature for
2008-05-02 08:41:59:231 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:231 980 a54 Misc Validating signature for
2008-05-02 08:41:59:247 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:41:59:247 980 a54 Setup Determining whether a new setup
handler needs to be downloaded
2008-05-02 08:41:59:247 980 a54 Setup SelfUpdate handler is not found. It
will be downloaded
2008-05-02 08:41:59:247 980 a54 Setup Evaluating applicability of setup
package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.1.6001.65"
2008-05-02 08:41:59:263 980 a54 Setup Setup package
"WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.1.6001.65" is already
installed.
2008-05-02 08:41:59:263 980 a54 Setup Evaluating applicability of setup
package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65"
2008-05-02 08:41:59:278 980 a54 Setup Setup package
"WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65" is
already installed.
2008-05-02 08:41:59:278 980 a54 Setup Evaluating applicability of setup
package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65"
2008-05-02 08:41:59:294 980 a54 Setup Setup package
"WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.1.6001.65" is
already installed.
2008-05-02 08:41:59:294 980 a54 Setup SelfUpdate check completed.
SelfUpdate is NOT required.
2008-05-02 08:41:59:685 980 a54 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2008-05-02 08:41:59:685 980 a54 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsuserver:8530/ClientWebService/client.asmx
2008-05-02 08:41:59:794 980 a54 PT WARNING: SyncUpdates failure, error =
0x8024400D, soap client error = 7, soap error code = 300, HTTP status code =
200
2008-05-02 08:41:59:794 980 a54 PT WARNING: SOAP Fault: 0x00012c
2008-05-02 08:41:59:794 980 a54 PT WARNING: faultstring:Fault occurred
ErrorCode:FileLocationChanged(11)
2008-05-02 08:41:59:794 980 a54 PT WARNING: Message:(null)
Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/SyncUpdates"
ID:928ed7dd-d473-4510-9158-6d255f742193
2008-05-02 08:41:59:794 980 a54 PT WARNING: No updates found from server;
serverID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2008-05-02 08:41:59:872 980 a54 PT WARNING: PTError: 0x80244025
2008-05-02 08:41:59:872 980 a54 PT WARNING: SyncUpdates_WithRecovery
failed.: 0x80244025
2008-05-02 08:41:59:872 980 a54 PT WARNING: Sync of Updates: 0x80244025
2008-05-02 08:41:59:872 980 a54 Agent * WARNING: Failed to synchronize,
error = 0x80244025
2008-05-02 08:41:59:872 980 a54 DnldMgr File locations for service
3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 changed
2008-05-02 08:41:59:872 980 a54 Agent Server changed and need resyncing
with server
2008-05-02 08:41:59:872 980 a54 PT +++++++++++ PT: Synchronizing server
updates +++++++++++
2008-05-02 08:41:59:872 980 a54 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsuserver:8530/ClientWebService/client.asmx
2008-05-02 08:42:02:466 980 a54 PT +++++++++++ PT: Synchronizing extended
update info +++++++++++
2008-05-02 08:42:02:466 980 a54 PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://wsuserver:8530/ClientWebService/client.asmx
2008-05-02 08:42:02:606 980 a54 Agent * Found 0 updates and 38 categories
in search; evaluated appl. rules of 313 out of 339 deployed entities
2008-05-02 08:42:02:622 980 a54 Agent *********
2008-05-02 08:42:02:622 980 a54 Agent ** END ** Agent: Finding updates
[CallerId = AutomaticUpdates]
2008-05-02 08:42:02:622 980 a54 Agent *************
2008-05-02 08:42:02:622 980 664 AU >>## RESUMED ## AU: Search for updates
[CallId = {356027A2-F46B-4EF5-9438-A89D0106E8F7}]
2008-05-02 08:42:02:622 980 664 AU # 0 updates detected
2008-05-02 08:42:02:622 980 664 AU #########
2008-05-02 08:42:02:622 980 664 AU ## END ## AU: Search for updates
[CallId = {356027A2-F46B-4EF5-9438-A89D0106E8F7}]
2008-05-02 08:42:02:622 980 664 AU #############
2008-05-02 08:42:02:622 980 a54 Inv #############
2008-05-02 08:42:02:622 980 a54 Inv ## START ## Inv: Inventory Collection
2008-05-02 08:42:02:622 980 a54 Inv #########
2008-05-02 08:42:02:622 980 a54 Inv # Talking to WSUS server =
http://wsuserver:8530
2008-05-02 08:42:02:622 980 664 AU AU setting next detection timeout to
2008-05-02 13:15:53
2008-05-02 08:42:02:622 980 a54 Inv # Downloading Rule file from =
http://wsuserver:8530/Inventory/InventoryRules.cab
2008-05-02 08:42:02:622 980 664 AU Setting AU scheduled install time to
2008-05-03 03:00:00
2008-05-02 08:42:02:622 980 a54 Misc Validating signature for
2008-05-02 08:42:02:622 980 a54 Misc Microsoft signed: Yes
2008-05-02 08:42:02:622 980 a54 Inv # Inventory Rule id =
8226C3A1-70D4-4848-B441-1555AC820A23, version = 1.0
2008-05-02 08:42:04:356 980 a54 Inv #########
2008-05-02 08:42:04:356 980 a54 Inv ## END ## Inv: Inventory Collection
2008-05-02 08:42:04:356 980 a54 Inv #############
{7A1BEB22-88A9-47E0-A84E-32C34787D152} 2008-05-02
08:42:02:622+0200 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software
Synchronization Windows Update Client successfully detected 0 updates.
{434E06ED-4A2E-4271-A9F4-CD01F8A1DF8E} 2008-05-02
08:42:02:622+0200 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
{95C8AC09-010A-42F5-9EFF-967F39C8AB28} 2008-05-02
08:42:04:356+0200 1 126 104 {00000000-0000-0000-0000-000000000000} 0 0 InventoryEngine Success Inventory
processing Inventory: Successfully collected the inventory data
2008-05-02 08:43:21:308 980 a54 Report Uploading 3 events using cached
cookie, reporting URL =
http://wsuserver:8530/ReportingWebService/ReportingWebService.asmx
2008-05-02 08:43:21:308 980 a54 Report Reporter successfully uploaded 3
events.
--
Thomas Olsson
Vinga System AB
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
What do you mean by "disable SSL"? Do you mean disable it in IIS?
Yes... remove the port 8531 assignment from the properties, and uncheck all
instances of "Require Secure Channel (SSL)" on any WSUS resource.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Lawrence Garvin [MVP]
2008-05-02 23:52:04 UTC
Permalink
Post by Thomas Olsson
I have now uninstalled WSUS and selected the option to remove the database
and downloaded upgrades. I checked to see that there were no traces found of
WSUS on the disk.
I then installed a fresh copy of WSUS 3.0 SP1 and selected to install it in
IIS as a separate web site (port 8530/8531).
The server is currently synchronizing with Windows Update. The interesting
thing is that I have blocked these ports in the firewall until I have
finnished configuring the new WSUS.
Despite that the clients are blocked, there is a list of computers in the
WSUS admin tool. The have IP "Unknown", Windows 0.0 and status "Not yet
reported" and the tooltip says "This computer has not yet contacted". The
interesting thing is that this list contains all computers except the ones
that previously refused to work properly. I have a feeling that there is a
connection here.
From where does this initial list in WSUS come? From AD? From WINS?
Thomas... have you actually read any of the WSUS Documentation?

1. Blocking the ports in the firewall won't prevent =outbound= connections,
unless you've expressly blocked =outbound= connections, which most firewalls
do not do by default, and is impossible using the Windows Firewall on
Windows Server 2003, if that's what you're referring to.

2. Blocking the ports in the firewall isn't going to prevent your clients
from contacting the server on the =LAN= -- and blocking the ports via
Windows Firewall is obviously not what you've done, or else you missed
blocking port 8530 -- because that's where the communications are coming
from that are allowing these systems to register with the WSUS Server and
appear in the console.

3. Noting that the current list contains all computers except the ones that
previously worked properly, I hereby predict that as soon as one of those
computers that "refused to work properly" contacts your server, one of those
machines already in the list will "disappear" OR, as soon as the second of
those computers that "refused to work properly" contacts your server, the
first computer of those that "refused to work properly" will then disappear.

This behavior I describe in #3 is quite well known, and reinstalling the
WSUS Server won't make it stop. But you've already insisted that you have no
duplication of ClientIDs, so that pretty much leaves us all at an impasse.

So, if you would humor me... and go delete all the registry values from this
registry key on the three machines that "refused to work properly"

HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate

and then reboot them.

If they come back online, and the behavior continues, then I'll be
appropriately humored, as well as baffled.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Thomas Olsson
2008-05-03 07:12:00 UTC
Permalink
Please stop patronizing me. If I say that I have blocked these ports, then
they are blocked. The WSUS server must find the initial list of machines from
somewhere else. No clients have been able to contact the WSUS server. The
list of machines was there _directly_ after installation of WSUS. They did
not show up one by one over a period of time. The status of the machines is
“has not contacted yet”, which further indicates that they have not contacted
the server.
When I uninstalled, I selected to remove everything. When I installed WSUS
again, I selected to use a newly created instance of SQL Server 2005 SP2. The
previous installation used the default instance. If the list of servers has
“survived”, it must have been stored somewhere else.

I have already tried do remove the registry keys and tried to remove the
%Windows%SoftwareDistribution directory.
--
Thomas Olsson
Vinga System AB
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
I have now uninstalled WSUS and selected the option to remove the database
and downloaded upgrades. I checked to see that there were no traces found of
WSUS on the disk.
I then installed a fresh copy of WSUS 3.0 SP1 and selected to install it in
IIS as a separate web site (port 8530/8531).
The server is currently synchronizing with Windows Update. The interesting
thing is that I have blocked these ports in the firewall until I have
finnished configuring the new WSUS.
Despite that the clients are blocked, there is a list of computers in the
WSUS admin tool. The have IP "Unknown", Windows 0.0 and status "Not yet
reported" and the tooltip says "This computer has not yet contacted". The
interesting thing is that this list contains all computers except the ones
that previously refused to work properly. I have a feeling that there is a
connection here.
From where does this initial list in WSUS come? From AD? From WINS?
Thomas... have you actually read any of the WSUS Documentation?
1. Blocking the ports in the firewall won't prevent =outbound= connections,
unless you've expressly blocked =outbound= connections, which most firewalls
do not do by default, and is impossible using the Windows Firewall on
Windows Server 2003, if that's what you're referring to.
2. Blocking the ports in the firewall isn't going to prevent your clients
from contacting the server on the =LAN= -- and blocking the ports via
Windows Firewall is obviously not what you've done, or else you missed
blocking port 8530 -- because that's where the communications are coming
from that are allowing these systems to register with the WSUS Server and
appear in the console.
3. Noting that the current list contains all computers except the ones that
previously worked properly, I hereby predict that as soon as one of those
computers that "refused to work properly" contacts your server, one of those
machines already in the list will "disappear" OR, as soon as the second of
those computers that "refused to work properly" contacts your server, the
first computer of those that "refused to work properly" will then disappear.
This behavior I describe in #3 is quite well known, and reinstalling the
WSUS Server won't make it stop. But you've already insisted that you have no
duplication of ClientIDs, so that pretty much leaves us all at an impasse.
So, if you would humor me... and go delete all the registry values from this
registry key on the three machines that "refused to work properly"
HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate
and then reboot them.
If they come back online, and the behavior continues, then I'll be
appropriately humored, as well as baffled.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Lawrence Garvin [MVP]
2008-05-03 14:26:15 UTC
Permalink
Post by Thomas Olsson
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
From where does this initial list in WSUS come? From AD? From WINS?
Thomas... have you actually read any of the WSUS Documentation?
Please stop patronizing me.
I asked that question because the answer is pretty basic, and it's well
documented in the WSUS Overview and WSUS Deployment Guide.

I'm not patronizing; though I do confess I might have been a bit
condescending, as I get a bit annoyed at people asking questions =before=
they try the most obvious self-help tool (reading the Documentation); and
copping an attitude in response to a situation where you're obviously
unfamiliar with the basics of the product, and need help, won't do well if
you alienate those who are actually willing to help you.

Furthemore, there's a very significant dichotomy between what you say you've
done and what behavior you've reported, so I'm merely trying to clarify what
you actually did vs what you claim you did.
Post by Thomas Olsson
If I say that I have blocked these ports, then they are blocked.
Fine. Time will tell whether they are, or are not. At this point there is no
evidence to confirm that they are blocked, and there is evidence to suggest
that whatever blocking you configured was pointless.
Post by Thomas Olsson
The WSUS server must find the initial list of machines from
somewhere else.
You can =think= what you want until the cows come home, but that won't
change the actual fact of how the system works. The WSUS Server does
*nothing* in this process, it is a passive =server=. All of the WORK is
performed by the client system, which, btw, is quite excellently documented
in the WSUS Overview and WSUS Deployment Guide.
Post by Thomas Olsson
No clients have been able to contact the WSUS server.
The mere fact that you have machines listed in the console suggest that
either:
[a] You connected to a preexisting database, or
[b] Clients have, in fact, "contacted" the server.
Post by Thomas Olsson
The list of machines was there _directly_ after installation of WSUS.
Then you did *not* delete the database, as you originally claimed you had
done. Because, it's extremely unlikely that an entirely collection of
machines would simultaneously contact a brand new WSUS Server.
Post by Thomas Olsson
When I installed WSUS
again, I selected to use a newly created instance of SQL Server 2005 SP2. The
previous installation used the default instance. If the list of servers has
“survived”, it must have been stored somewhere else.
The list of clients is stored in the =database=. If you deleted the database
when you uninstalled, then there is no database with a list of clients to
connect to.

So, look... there's only THREE possibilities:

[1] Either you had a preexisting database already populated with these
systems that you somehow re-attached to (in which case the firewall
discussion is moot).

[2] All of these systems =simultaneously= executed a client detection and
"registered" with this new server, in which case your firewall port blocking
had zero impact.

[3] The list of clients was built over a period of time, perhaps as little
as an hour if you've configured your client systems with a one hour
detection interval, (which also means your firewall port blocking did
nothing). Alternatively, if you reconfigured Group Policy concurrent with
installing/deploying this server, it's possible that the GP refresh
triggered detections -- but even that round of detections would have been
spread across a 30-90 minute time period as GP refreshes cycled through the
network (unless you also have a one hour detection).


One thing is absolutely certain: The WSUS Server did not "Scan the network"
and build a list of systems on the network -- so pick your next best option.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Thomas Olsson
2008-05-03 20:03:00 UTC
Permalink
See in-line below.
--
Thomas Olsson
Vinga System AB
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
From where does this initial list in WSUS come? From AD? From WINS?
Thomas... have you actually read any of the WSUS Documentation?
Please stop patronizing me.
I asked that question because the answer is pretty basic, and it's well
documented in the WSUS Overview and WSUS Deployment Guide.
I'm not patronizing; though I do confess I might have been a bit
condescending, as I get a bit annoyed at people asking questions =before=
they try the most obvious self-help tool (reading the Documentation); and
copping an attitude in response to a situation where you're obviously
unfamiliar with the basics of the product, and need help, won't do well if
you alienate those who are actually willing to help you.
Furthemore, there's a very significant dichotomy between what you say you've
done and what behavior you've reported, so I'm merely trying to clarify what
you actually did vs what you claim you did.
I think have reported exactly what I have done and that it has been accurate.
I do not ask for help until I have tried most other sources. I have read the
documentation and I have searched for the answer thoroughly before posting my
problem here.
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
If I say that I have blocked these ports, then they are blocked.
Fine. Time will tell whether they are, or are not. At this point there is no
evidence to confirm that they are blocked, and there is evidence to suggest
that whatever blocking you configured was pointless.
They are blocked. I even used a network sniffer to verify that no traffic
was sent on these ports.
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
The WSUS server must find the initial list of machines from
somewhere else.
You can =think= what you want until the cows come home, but that won't
change the actual fact of how the system works. The WSUS Server does
*nothing* in this process, it is a passive =server=. All of the WORK is
performed by the client system, which, btw, is quite excellently documented
in the WSUS Overview and WSUS Deployment Guide.
Actually there is another way!
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
No clients have been able to contact the WSUS server.
The mere fact that you have machines listed in the console suggest that
[a] You connected to a preexisting database, or
[b] Clients have, in fact, "contacted" the server.
Post by Thomas Olsson
The list of machines was there _directly_ after installation of WSUS.
Then you did *not* delete the database, as you originally claimed you had
done. Because, it's extremely unlikely that an entirely collection of
machines would simultaneously contact a brand new WSUS Server.
I did indeed delete the database.
Post by Lawrence Garvin [MVP]
Post by Thomas Olsson
When I installed WSUS
again, I selected to use a newly created instance of SQL Server 2005 SP2. The
previous installation used the default instance. If the list of servers has
“survived”, it must have been stored somewhere else.
The list of clients is stored in the =database=. If you deleted the database
when you uninstalled, then there is no database with a list of clients to
connect to.
[1] Either you had a preexisting database already populated with these
systems that you somehow re-attached to (in which case the firewall
discussion is moot).
[2] All of these systems =simultaneously= executed a client detection and
"registered" with this new server, in which case your firewall port blocking
had zero impact.
[3] The list of clients was built over a period of time, perhaps as little
as an hour if you've configured your client systems with a one hour
detection interval, (which also means your firewall port blocking did
nothing). Alternatively, if you reconfigured Group Policy concurrent with
installing/deploying this server, it's possible that the GP refresh
triggered detections -- but even that round of detections would have been
spread across a 30-90 minute time period as GP refreshes cycled through the
network (unless you also have a one hour detection).
One thing is absolutely certain: The WSUS Server did not "Scan the network"
and build a list of systems on the network -- so pick your next best option.
Those are the obvious solutions that I could think of as well. But I ruled
them out. I was hoping someone else would have had the same problem as me and
would recognize this scenario. A more humble opinion might help...

I did eventually find the problem! There is one more way.
It turned out that there had once been a trial version of the System Center
Essentials product (SCE) installed on that machine. It was supposed to be
uninstalled, but it seems like the uninstallation has failed, because there
were still a process running (Microsoft.Mom.ConfigServiceHost.exe) that I
think belonged to SCE.
When reading the SCE documentation it looks like SCE works together with
WSUS and actually populates the list of computers in WSUS. I bet that this
service is responsible for putting that initial list in WSUS and also is the
one that removes the computers from the list after a while. Since SCE is
supposed to be uninstalled it does probably not work and has an old/invalid
list of computers.
I have now stopped that service and reinstalled WSUS. Then there was no
inital list of servers and when I opened up the firewall, the clients
reported as they should.

Thank you for your help anyway. Next time, perhaps you should be a bit more
open minded.

/Thomas
Continue reading on narkive:
Loading...