WSUS 3.0 SP2 on Windows Server 2008 R2.
I built a new box to replace my old WSUS box which was still on Server 2003.
All clients using the WSUS server can't find updates and don't report status.
C:\Windows\WindowsUpdate.log on one of the clients:
2013-05-09 10:04:48:629 764 494 AU Triggering AU detection through DetectNow API
2013-05-09 10:04:48:629 764 494 AU Triggering Online detection (non-interactive)
2013-05-09 10:04:48:630 764 7b0 AU #############
2013-05-09 10:04:48:630 764 7b0 AU ## START ## AU: Search for updates
2013-05-09 10:04:48:630 764 7b0 AU #########
2013-05-09 10:04:48:630 764 7b0 AU <<## SUBMITTED ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:48:630 764 64c Agent *************
2013-05-09 10:04:48:630 764 64c Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-05-09 10:04:48:630 764 64c Agent *********
2013-05-09 10:04:48:630 764 64c Agent * Online = Yes; Ignore download priority = No
2013-05-09 10:04:48:630 764 64c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-05-09 10:04:48:630 764 64c Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-05-09 10:04:48:630 764 64c Agent * Search Scope = {Machine}
2013-05-09 10:04:48:630 764 64c Setup Checking for agent SelfUpdate
2013-05-09 10:04:48:630 764 64c Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
2013-05-09 10:04:48:630 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-05-09 10:04:48:637 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:897 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-05-09 10:04:50:901 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:902 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-05-09 10:04:50:907 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:909 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-05-09 10:04:50:913 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:927 764 64c Setup Determining whether a new setup handler needs to be downloaded
2013-05-09 10:04:50:927 764 64c Setup SelfUpdate handler is not found. It will be downloaded
2013-05-09 10:04:50:928 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:931 764 64c Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:931 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:955 764 64c Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:955 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:990 764 64c Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:990 764 64c Setup SelfUpdate check completed. SelfUpdate is NOT required.
2013-05-09 10:04:51:205 764 64c PT +++++++++++ PT: Synchronizing server updates +++++++++++
2013-05-09 10:04:51:205 764 64c PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-server.company.local/ClientWebService/client.asmx
2013-05-09 10:04:51:266 764 64c PT WARNING: Cached cookie has expired or new PID is available
2013-05-09 10:04:51:266 764 64c PT Initializing simple targeting cookie, clientId = 9f4df40d-f61e-41d5-9fd2-3cdce1823f45, target group = Servers, DNS name = wsus-server.company.local
2013-05-09 10:04:51:266 764 64c PT Server URL = http://wsus-server.company.local/SimpleAuthWebService/SimpleAuth.asmx
2013-05-09 10:04:51:286 764 64c PT WARNING: GetCookie failure, error = 0x8024400D, soap client error = 7, soap error code = 300, HTTP status code = 200
2013-05-09 10:04:51:286 764 64c PT WARNING: SOAP Fault: 0x00012c
2013-05-09 10:04:51:286 764 64c PT WARNING: faultstring:System.Web.Services.Protocols.SoapException: Fault occurred
at Microsoft.UpdateServices.Internal.SoapUtilities.ThrowException(ErrorCode errorCode, String message, String[] clientIds)
at Microsoft.UpdateServices.Internal.ClientImplementation.GetCookie(AuthorizationCookie[] authCookies, Cookie oldCookie, DateTime lastChange, DateTime currentClientTime, String protocolVersion)
2013-05-09 10:04:51:286 764 64c PT WARNING: ErrorCode:ConfigChanged(2)
2013-05-09 10:04:51:286 764 64c PT WARNING: Message:(null)
2013-05-09 10:04:51:286 764 64c PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2013-05-09 10:04:51:286 764 64c PT WARNING: ID:f50afcf7-2117-495c-9123-9aa4bf683520
2013-05-09 10:04:51:296 764 64c PT WARNING: Cached cookie has expired or new PID is available
2013-05-09 10:04:51:296 764 64c PT Initializing simple targeting cookie, clientId = 9f4df40d-f61e-41d5-9fd2-3cdce1823f45, target group = Servers, DNS name = wsus-server.company.local
2013-05-09 10:04:51:296 764 64c PT Server URL = http://wsus-server.company.local/SimpleAuthWebService/SimpleAuth.asmx
2013-05-09 10:04:55:116 764 64c PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2013-05-09 10:04:55:116 764 64c PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-server.company.local/ClientWebService/client.asmx
2013-05-09 10:04:55:170 764 64c PT WARNING: GetExtendedUpdateInfo failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200
2013-05-09 10:04:55:170 764 64c PT WARNING: SOAP Fault: 0x000190
2013-05-09 10:04:55:170 764 64c PT WARNING: faultstring:System.Web.Services.Protocols.SoapException: Fault occurred
at Microsoft.UpdateServices.Internal.SoapUtilities.ThrowException(ErrorCode errorCode, Exception e, Int32 eventLogEntryId, String[] clientIds, Boolean logToEventLog)
at Microsoft.UpdateServices.Internal.ClientImplementation.GetExtendedUpdateInfo(Cookie cookie, Int32[] revisionIds, XmlUpdateFragmentType[] fragmentTypes, String[] locales)
2013-05-09 10:04:55:170 764 64c PT WARNING: ErrorCode:InternalServerError(5)
2013-05-09 10:04:55:170 764 64c PT WARNING: Message:(null)
2013-05-09 10:04:55:170 764 64c PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetExtendedUpdateInfo"
2013-05-09 10:04:55:170 764 64c PT WARNING: ID:37740867-4b9f-4394-b58b-12aad48d7b97
2013-05-09 10:04:55:170 764 64c PT WARNING: PTError: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: GetExtendedUpdateInfo_WithRecovery: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: Sync of Extended Info: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: SyncServerUpdatesInternal failed : 0x8024400e
2013-05-09 10:04:55:171 764 64c Agent * WARNING: Exit code = 0x8024400E
2013-05-09 10:04:55:171 764 64c Agent *********
2013-05-09 10:04:55:171 764 64c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-05-09 10:04:55:171 764 64c Agent *************
2013-05-09 10:04:55:171 764 64c Agent WARNING: WU client failed Searching for update with error 0x8024400e
2013-05-09 10:04:55:180 764 bf4 AU >>## RESUMED ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:55:180 764 bf4 AU # WARNING: Search callback failed, result = 0x8024400E
2013-05-09 10:04:55:180 764 bf4 AU # WARNING: Failed to find updates with error code 8024400E
2013-05-09 10:04:55:180 764 bf4 AU #########
2013-05-09 10:04:55:180 764 bf4 AU ## END ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:55:180 764 bf4 AU #############
2013-05-09 10:04:55:180 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:04:55:180 764 bf4 AU AU setting next detection timeout to 2013-05-09 13:04:55
2013-05-09 10:04:55:181 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:04:55:181 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:05:00:171 764 64c Report REPORT EVENT: {1C2D6590-41BD-464D-AE18-289CB7D6E254} 2013-05-09 10:04:55:171+0200 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400e AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x8024400e.
2013-05-09 10:05:00:191 764 64c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-05-09 10:05:00:191 764 64c Report WER Report sent: 7.6.7600.256 0x8024400e 00000000-0000-0000-0000-000000000000 Scan 101 Managed
2013-05-09 10:05:00:191 764 64c Report CWERReporter finishing event handling. (00000000)
I found several old blogs and forum entries that link this to a fault in Office 2003 SP1, with the fix being to decline/approve/decline that update, but this hasn't fixed it for me.
The Microsoft WSUS client & server diagnostic tools don't run on x64 systems.
Anybody had any luck with this before?
update: I find this in C:\Program Files\UpdateServices\LogFiles\SoftwareDistribution.log:
2013-05-13 14:02:46.437 UTC Warning w3wp.6 SoapUtilities.CreateException ThrowException: actor = http://wsus-server.company.local/ClientWebService/client.asmx, ID=4db89865-40da-4520-a126-d196e3db07b6, ErrorCode=ConfigChanged, Message=, Client=d9ce7281-379b-49b8-8944-7f593c32397b
2013-05-13 14:02:50.867 UTC Error w3wp.6 ClientImplementation.GetExtendedUpdateInfo System.ArgumentException: The database does not contain a URL for the file 3F7E7915F44A6133B990A22A87604854C34BDF4E.
Google fails me completely if I search for "3F7E7915F44A6133B990A22A87604854C34BDF4E", so I'm not sure exactly what that is, but it seems that its DB entry is somehow incomplete. Sync logs with the upstream WSUS show no errors.
update 2: So it seems as if there's something weird with my upstream. I've found that if I install a new WSUS instance & sync it from Microsoft, all works perfectly well. If I make it a downstream replica of my existing WSUS server, either during the configuration, or afterwards, it breaks. Even more strange, my upstream itself and another existing replica appear to be functioning just fine. It looks as if I'm just going to build new WSUS instances in all 3 sites and start fresh, ignoring the existing upstream.
update 3: I built a new WSUS upstream server, started clean so as to not bring over whatever weirdness was going on in the original upstream's DB. Pointed my 2 replicas at my new upstream. Everything was fine for several days. 5 days ago the replicas stopped getting status updates from clients again. WTF?!?!
update 4: I have logged a support request with Microsoft on this, hopefully some good will come out of it.
update 5: After Microsoft product support spent countless hours checking and re-checking all the same stuff I'd already checked, I suspect I have stumbled upon the cause. Our Junior sysadmin recently discovered Local Update Publisher and started using it to push Adobe & Java updates to workstations. The time of Local Update Publisher's installation coincides perfectly with the time the downstream clients last reported status. I am going through the product documentation to determine what I need to do to fix this.
I had a similar issue not to long ago when migrating to WSUS 3.0 SP2 on Windows Server 2008 R2. After quite a few frustrating hours I finally resolved it with KB2720211. I'm not sure why it worked since it doesn't seem to directly address the error code I was receiving from clients at the time (800b0001), however it seemed logical to make sure the WSUS version was fully patched before getting further into diagnostics.
You can use the instructions from http://support.microsoft.com/kb/2720211
Since my setup only involved one WSUS server I only had to use the following instructions from the site after downloading the patch.
1.Set up WSUS. To do this, at a command prompt, type one of the following commands, as applicable to your system:
WSUS-KB2720211-x64.exe /q C:\MySetup.logWSUS-KB2720211-x86.exe /q C:\MySetup.log
The update will install immediately, without any prompts.
2.Review the setup log to verify the upgrade was successful. To do this, at a command prompt, type
C:\MySetup.log.3.Make sure that IIS and the WSUS service are stopped. To do this, at a command prompt, type the following commands:
iisreset/stopnet stop wsusservice
The 0x8024400D/SOAP 0x12c errors are almost always (these days) a manifestation of clients with duplicate SusClientIDs. See Microsoft KB903262 for remediation instructions.
The 0x8024400E/SOAP 0x190 errors are typically manifestations of bad updates in the WSUS database. Make sure you have declined all expired updates (the ones typically that are "bad), as well as decline all superseded/not-needed updates.
So nearly 3 months later and after dozens of hours spent by Microsoft PSS on this, I finally stumbled on the answer.
It turns out that the root cause was an incomplete implementation of Local Update Publisher.
When you implement Local Update Publisher, you are supposed to distribute the WSUS SSL certificate to all WSUS clients as a Trusted Publisher and Trusted Root Certificate Authority. It turns out that my colleague who implemented it only distributed it to workstations, not servers.
I'm not clear on the exact details under the hood, but as soon as I distributed the SSL certificate to all WSUS clients, they started receiving their updates and reporting status as per normal.