Jump to content


  • 0
joengelhart

System Center Issues with wsus

Question

Hello,

 

I have been searching the internet looking for a solution to why my wsus updates are not installing on my clients but can not find one.

 

I have System Center 2012 R2 install on windows server 2012 R2.

I have installed and configured my Boundaries as well as the DP, MP, SUP

I have created a Software update package for my windows 7 clients

I have a gpo that sets the wsus server for SCCM

Installed software center on my client machines. (Applications will come through and install without a problem)

 

The weird thing is I had one or two machines that have downloaded and installed wsus updates through system center without a problem. The rest of my test machines (15) will not. I know they are not geting updates as IE10 is in my updates and most of the machines are on IE9. When I consult the logs on one machine here is what I am seeing:

 

UpdatesDeployment Log:

 

![LOG[user logon system task]LOG]!><time="16:45:17.606+420" date="04-21-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="3424" file="systemtasks.cpp:90">
<![LOG[EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0]LOG]!><time="16:45:38.500+420" date="04-21-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="3792" file="updatesmanager.cpp:945">
<![LOG[EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0]LOG]!><time="16:45:43.511+420" date="04-21-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="3792" file="updatesmanager.cpp:945">
<![LOG[EnumerateUpdates for action (UpdateActionInstall) - Total actionable updates = 0]LOG]!><time="16:45:44.316+420" date="04-21-2014" component="UpdatesDeploymentAgent" context="" type="1" thread="4208" file="updatesmanager.cpp:945">

 

WUAHandler Log:

 

<![LOG[Async searching completed.]LOG]!><time="16:29:00.180+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="4988" file="cwuahandler.cpp:2068">
<![LOG[successfully completed scan.]LOG]!><time="16:29:03.238+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="4788" file="cwuahandler.cpp:3557">
<![LOG[scan results will include all superseded updates.]LOG]!><time="16:29:04.216+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="3840" file="cwuahandler.cpp:2913">
<![LOG[search Criteria is ((DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'BFE5B177-A086-47A0-B102-097E4FA1F807') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'E6CF1350-C01B-414D-A61F-263D14D133B4') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains 'CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '3B4B8621-726E-43A6-B43B-37D07EC7019F') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '28BC880E-0592-4CBF-8F95-C79B17911D5F') OR (DeploymentAction=* AND Type='Software' AND CategoryIDs contains '68C5B0A3-D1A6-4553-AE49-01D3A7827828'))]LOG]!><time="16:29:04.216+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="3840" file="cwuahandler.cpp:2916">
<![LOG[Async searching of updates using WUAgent started.]LOG]!><time="16:29:04.361+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="3840" file="cwuahandler.cpp:579">
<![LOG[Async searching completed.]LOG]!><time="16:29:28.927+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="940" file="cwuahandler.cpp:2068">
<![LOG[successfully completed scan.]LOG]!><time="16:29:32.018+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="3840" file="cwuahandler.cpp:3557">
<![LOG[CWuaHandler::SetCategoriesForStateReportingExclusion called with E0789628-CE08-4437-BE74-2495B842F43B;E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for leaves and E0789628-CE08-4437-BE74-2495B842F43B,A38C835C-2950-4E87-86CC-6911A52C34A3; for bundles]LOG]!><time="16:38:36.000+420" date="04-21-2014" component="WUAHandler" context="" type="1" thread="3216" file="cwuahandler.cpp:2527">

 

Windows update Log:

 

2014-04-21 16:39:08:534 948 568 AU Initializing featured updates
2014-04-21 16:39:08:534 948 568 AU Found 0 cached featured updates
2014-04-21 16:39:08:534 948 568 AU Successfully wrote event for AU health state:0
2014-04-21 16:39:08:534 948 568 AU Successfully wrote event for AU health state:0
2014-04-21 16:39:08:534 948 568 AU AU finished delayed initialization
2014-04-21 16:39:13:546 948 d14 Report CWERReporter finishing event handling. (00000000)

 

The content is on my DP and in good health.

 

One other weird thing. We get alerts when accounts get "locked out" on the domain. On the computers I have been trying to get to download updates on they have been locking out the account "administrator" which is the account I have been logging into on the local machines (Its a local account). It seems to be trying to authenticate the local admin account with our Domain Controller for some reason.

 

Any thoughts or ideas would be greatly appricaited. This is driving me crazy and I can't find the solution for it :(

Share this post


Link to post
Share on other sites

8 answers to this question

Recommended Posts

  • 0

You shouldn't need the GPO for the updates server and that may be part of the issue. I know that I ran into the issue in my environment where the GPO and the client were fighting each other. Check the UpdateTrustedSites.log to make sure that your computer is adding your SCCM server to a trusted location. This was my issue.

 

Is the administrator configured in the Users (Administration workspace)?

Share this post


Link to post
Share on other sites

  • 0

You shouldn't need the GPO for the updates server and that may be part of the issue. I know that I ran into the issue in my environment where the GPO and the client were fighting each other. Check the UpdateTrustedSites.log to make sure that your computer is adding your SCCM server to a trusted location. This was my issue.

 

Is the administrator configured in the Users (Administration workspace)?

Thanks for the reply. I will try removing the gpo and see if that changes anything as well as checking the logs.

 

I don't follow your question about the administration account? The admin account is the default local admin on the computer. We only log into it when we are doing work on computers.

Share this post


Link to post
Share on other sites

  • 0

Here is the trusted sites log.

 

[LOG[CSoftwareCatalogUpdateHandler::AddDefaultPortalToTrustedSites: Catalog Url should be added to the trusted sites zone.]LOG]!><time="21:25:56.070+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:118">

<![LOG[AddDefaultPortalToTrustedSites: url = http://Servername:8888/CMApplicationCatalog, zone = 258]LOG]!><time="21:25:56.070+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:126">

<![LOG[AddDefaultPortalToTrustedSites: The URL is already in trusted site zone.]LOG]!><time="21:25:56.102+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:168">

<![LOG[successfually added url = http://Servernane:8888/CMApplicationCatalog, zone = 258 to trusted sites registry key tracking]LOG]!><time="21:25:56.102+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:170">

<![LOG[AddDefaultPortalToTrustedSites: Existing URL is empty or add to trusted sites is true and the default URL hasn't changed. Not deleting the existing URL from trusted sites list.]LOG]!><time="21:25:56.102+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:92">

<![LOG[CSoftwareCatalogUpdateHandler::AddDefaultPortalToTrustedSites: Catalog Url should be added to the trusted sites zone.]LOG]!><time="21:25:56.102+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:118">

<![LOG[AddDefaultPortalToTrustedSites: url = http://Servername:8888/CMApplicationCatalog, zone = 2]LOG]!><time="21:25:56.102+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:126">

<![LOG[AddDefaultPortalToTrustedSites: The URL is already in trusted site zone.]LOG]!><time="21:25:56.398+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:168">

<![LOG[successfually added url = http://Serbername:8888/CMApplicationCatalog, zone = 2 to trusted sites registry key tracking]LOG]!><time="21:25:56.398+420" date="04-21-2014" component="UpdateTrustedSites" context="" type="1" thread="4756" file="updatetrustedsites.cpp:170">

 

 

The only thing I think looks weird is the port number? Thoughts?

Share this post


Link to post
Share on other sites

  • 0

Port 88 is not a standard port for WSUS... WSUS normally uses something like 8530 or 8531.

 

On the trustedSites log it lists the server name using port 8888 "Successfually added url = http://Myserver:8888/CMApplicationCatalog",

 

Yet the wsus server is using 8530. It lists as "Enabling WUA Managed server policy to use server: http://myserver.mydomain.net:8530"

 

Why in the trustedsites would it be putting port 8888

Share this post


Link to post
Share on other sites

  • 0

Sorry, I didn't read the log file good enough... The port 8888 is of your application catalog and not of your WSUS.

 

I also just read your initial post.. First get rid of the GPO pointing to your ConfigMgr, it will only cause problems. By enabling the ConfigMgr client for software update (via the client settings) the ConfigMgr client will set a local policy that will point to the Software Update Point. Make sure this is in place an that the updates are deployed to the clients (via a Software Update Group).

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.