Jump to content


admlshake

WSUS server went south and now I can't get SCCM to link to new one

Recommended Posts

Our old SCCM 08 box went south about a month ago and I replaced it with a VM running server 2012. I set the new one with the same name as the old, deleted all the info out of SCCM and reset it up like it was new, but I found out the other day that it's not syncing properly and the machines are apparently getting their updates from the internet and the SCCM server isn't showing that it's getting any of the updates from the WSUS server. When I look in the wsyncmgr.log I see this:

Starting Sync 3/28/2014 8:00:00 AM 808 (0x0328)
Performing sync on retry schedule 3/28/2014 8:00:00 AM 808 (0x0328)
Read SUPs from SCF for Cor-sccm-02.FRIVER.LOCAL 3/28/2014 8:00:00 AM 808 (0x0328)
Found 1 SUPs 3/28/2014 8:00:00 AM 808 (0x0328)
Found active SUP wsus-01.friver.local from SCF File. 3/28/2014 8:00:00 AM 808 (0x0328)
Sync failed: WSUS update source not found on site FR1. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource 3/28/2014 8:00:00 AM 808 (0x0328)
STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=Cor-sccm-02.FRIVER.LOCAL SITE=FR1 PID=3868 TID=808 GMTDATE=Fri Mar 28 12:00:00.986 2014 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source not found on site FR1. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 3/28/2014 8:00:00 AM 808 (0x0328)
Sync failed. Will retry in 60 minutes 3/28/2014 8:00:00 AM 808 (0x0328)
Setting sync alert to active state on site FR1 3/28/2014 8:00:01 AM 808 (0x0328)
Sync time: 0d00h00m00s 3/28/2014 8:00:01 AM 808 (0x0328)

then when I go to the WCM.log I see this:

WSUS Server configuration has been updated. Updating Group Info. 3/28/2014 8:37:34 AM 940 (0x03AC)
Updating Group Info for WSUS. 3/28/2014 8:37:34 AM 940 (0x03AC)
Refreshing categories from WSUS server 3/28/2014 8:37:34 AM 940 (0x03AC)
Attempting connection to WSUS server: wsus-01.friver.local, port: 8530, useSSL: False 3/28/2014 8:37:34 AM 940 (0x03AC)
Successfully connected to server: wsus-01.friver.local, port: 8530, useSSL: False 3/28/2014 8:37:34 AM 940 (0x03AC)
Successfully refreshed categories from WSUS server 3/28/2014 8:37:42 AM 940 (0x03AC)
Attempting connection to WSUS server: wsus-01.friver.local, port: 8530, useSSL: False 3/28/2014 8:37:47 AM 940 (0x03AC)
Successfully connected to server: wsus-01.friver.local, port: 8530, useSSL: False 3/28/2014 8:37:47 AM 940 (0x03AC)
Category Company:94d731de-22a6-4458-dc4d-b5267de026fc (Adobe Systems, Inc.) not found on WSUS 3/28/2014 8:37:47 AM 940 (0x03AC)
Starting WSUS category sync from upstream... 3/28/2014 8:37:47 AM 940 (0x03AC)
Microsoft.SystemsManagementServer.WSUS.WSUSMSPException: WSUS sync failed with UssNotFound: ~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.IsSyncRunning() 3/28/2014 8:37:52 AM 940 (0x03AC)
Failed to set Subscriptions on the WSUS Server. Error:(-2146233088)Unknown error 0x80131500 3/28/2014 8:37:52 AM 940 (0x03AC)
STATMSG: ID=6603 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONFIGURATION_MANAGER" SYS=Cor-sccm-02.FRIVER.LOCAL SITE=FR1 PID=3868 TID=940 GMTDATE=Fri Mar 28 12:37:52.841 2014 ISTR0="wsus-01.friver.local" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 3/28/2014 8:37:52 AM 940 (0x03AC)

I'm not sure what it means when it says it failed to set the subscriptions, are those the auto deployment rules??

Share this post


Link to post
Share on other sites

So you have WSUS installed on a separate box? Try opening the WSUS console (not SCCM) on your SCCM server and see if you can connect, look at the syncs if you can. The first point of business is to see whether your WSUS server is getting updates from the internet. Where is your SQL, your Computer account on the SCCM server should probably be admin on that and the SQL box, as well as SA or at least owner of the database. Is this a local database, in that case to check it out you have to install sql management studio locally and turn on the ability to connect to the box remotely so you can look at the database permissions.

 

Not sure if your clients are connecting to your WSUS server, but typically you look at the IIS logs on that server to tell if they are able to connect, i.e. no 404 errors etc... that's c:\inetpub\logs\w3svc something something

 

Also make sure your SCCM server knows to use 8530 assuming your WSUS is set up to do 8530 (which it thinks it is).

 

First step, open wsus console on SCCM and make sure you can connect. Second step check/open up permissions on WSUS/SQL to your SCCM server's Computer account (and your admin account for testing). If you're not getting good synchs, try doing "synchronize now". Also try the WSUSUTIL /reset type commands found on your WSUS server under c:\program files\update services\yada yada

 

Hope that helps, have gone round and round with WSUS a few times.

post-6999-0-14190300-1396014138_thumb.png

post-6999-0-57945200-1396014716_thumb.png

Share this post


Link to post
Share on other sites

I verified that the wsus server is syncing with MS and downloading updates. Our clients are supposed to be pulling the updates from SCCM, which gets the updates from the WSUS server. SQL for SCCM is on the SCCM server. Whats confusing me about this that the SCCM server is saying it's talking to the wsus server in the logs. So I'm pretty sure it's connecting to it alright. But then forwhatever reason it fails due to these subscritpions.

Share this post


Link to post
Share on other sites

If you look at the client log, windowsupdate.log found in c:\windows\ does it say that it's reaching out to YOUR WSUS server or the internet. It should say it's reaching out to your server like this pic, if it's not reporting that "SERVER URL = YOUR SERVER:8530/8531" then the client hasn't been made aware you have a new WSUS Server. I think it might have been a mistake to reuse the same computer name as it's now confusing whether the client is trying to hit the new or old machine. Did you remove the computer account from the domain and create a new account or just reuse?

 

Follow the path of the client from the windowsupdate.log to your IIS logs, make sure the client is reaching out correctly.

 

You say it's having trouble with the ADR subscriptions, if your sync is working properly then you should look whether the clients have an issue reaching out to your server. You can test connectivingy to http://yoursite:8530/simplewebservice/simpleauth.asmx or one of those links in the windowsupdate.log. You may have some pre-requisites missing in your IIS installation, I'd go back and check more of the authentication options, i.e. windows authentication etc... But you should see errors in the IIS logs of the WSUS server if your clients can't access the source for the files, i.e. if you're having an authentication issue etc...

post-6999-0-46256200-1396017042_thumb.png

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.