Constant WSUS issues (Connection Errors)
-
Where I work, we've been using a 3rd party tool for Windows OS updates and patches. It has had issues for a while and I'm sick of dealing with it, so now I'm finally getting my feet wet with WSUS.
I added the WSUS role to a 2012 R2 server we already have running and I completed the initial setup and configuration and let it download updates for the products I specified. Then after it was done, and before I could do anything else, I started getting this error:
So I rebooted a few times, googled it, removed and re-added the role as well as increased the memory limit on the resource pool in IIS, tried turning off Windows firewall, etc, but I still got the error.
I eventually decided to set up a brand new Windows Server 2016 on a spare server I have, solely for WSUS and ran through the setup process again, this time, using Tim_G's guide. I got to about "Step 4: Configure WSUS" when I got the same connection error again.
I'm not sure why this is happening, especially when the server is a brand new install, and it's already downloaded updates. This brand new server doesn't even have any group policy applied to it yet, as I've just joined it to the domain, FWIW.
Another screenshot:
I did notice some warnings in Event Viewer under Applications, event ID 7032:
The WSUS administration console was unable to connect to the WSUS Server via the remote API.
Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC. System.IO.IOException -- The handshake failed due to an unexpected packet format.I guess the item listed in the event log is the reason for the connection error, but I have no idea why it's happening. I have been messing with this all week and I can't seem to get WSUS to bloody work.
-
Did you do this:
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC. System.IO.IOException -- The handshake failed due to an unexpected packet format.Other thing to try is the "Last WSUS Script Youll Ever Need" from Overdrive on SW, or whatever he calls it now.
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsus -
@momurda said in Constant WSUS issues (Connection Errors):
Did you do this:
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC. System.IO.IOException -- The handshake failed due to an unexpected packet format.Other thing to try is the "Last WSUS Script Youll Ever Need" from Overdrive on SW, or whatever he calls it now.
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsuslmao no, my eyes just glossed over after reading part way through the event log. I'm so used to them not helping me... I just deleted it, so I'll see if that helps. Checking out the script now too.
-
WSUS sucks to manage. Good luck.
-
@jaredbusch said in Constant WSUS issues (Connection Errors):
WSUS sucks to manage. Good luck.
Well hey there Mr helpful.
- Why does it suck?
- What else would you recommend for managing Windows updates that doesn't suck?
-
@dave247 said in Constant WSUS issues (Connection Errors):
- Why does it suck?
Because the WSUS instance itself needs maintenance weeklyish or it bogs down and pukes.
- What else would you recommend for managing Windows updates that doesn't suck?
Sadly, no. I let Windows do it and just force reboots weekly.
This does not help you and your need for compliance reporting. -
@jaredbusch said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
- Why does it suck?
Because the WSUS instance itself needs maintenance weeklyish or it bogs down and pukes.
- What else would you recommend for managing Windows updates that doesn't suck?
Sadly, no. I let Windows do it and just force reboots weekly.
This does not help you and your need for compliance reporting.ok well I have a bunch of servers and workstations and I'd like to be able to have some form of management over the updates. Also, I don't want to have them all reaching out to Microsoft to download updates..
-
WSUS is your only option. Yes it sucks.
Unless you want to pay many thousands for a 3rd party solution.
Delete that corrupt profile. Use that script. -
@momurda said in Constant WSUS issues (Connection Errors):
WSUS is your only option. Yes it sucks.
Unless you want to pay many thousands for a 3rd party solution.
Delete that corrupt profile. Use that script.Well we already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.
-
@dave247 said in Constant WSUS issues (Connection Errors):
already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.Alright, so what are the RAM and Storage on this server? What CPU resources have you provided to this system?
Also take a look at Adamj's WSUS Script
http://www.adamj.org/clean-wsus.html
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsus -
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.Alright, so what are the RAM and Storage on this server? What CPU resources have you provided to this system?
Also take a look at Adamj's WSUS Script
http://www.adamj.org/clean-wsus.html
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsusDell PowerEdge R420
CPU: Xeon E5-2430 @ 2.20 GHz (2 Processors)
RAM: 56.0 GB
Storage: Data volume is 1.72 TB (with only about 40 GB used)I will check out those scripts here shortly.
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.Alright, so what are the RAM and Storage on this server? What CPU resources have you provided to this system?
Also take a look at Adamj's WSUS Script
http://www.adamj.org/clean-wsus.html
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsusDell PowerEdge R420
CPU: Xeon E5-2430 @ 2.20 GHz (2 Processors)
RAM: 56.0 GBI will check out those scripts here shortly.
You have a Hardware Host Dedicated to WSUS? What else is on this server?
-
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.Alright, so what are the RAM and Storage on this server? What CPU resources have you provided to this system?
Also take a look at Adamj's WSUS Script
http://www.adamj.org/clean-wsus.html
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsusDell PowerEdge R420
CPU: Xeon E5-2430 @ 2.20 GHz (2 Processors)
RAM: 56.0 GBI will check out those scripts here shortly.
You have a Hardware Host Dedicated to WSUS? What else is on this server?
Yes, this server is set up as a dedicated WSUS server and a fresh install of Server 2016 and the WSUS role (if anything just to test and try out WSUS). Nothing else running on here at all.
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.Alright, so what are the RAM and Storage on this server? What CPU resources have you provided to this system?
Also take a look at Adamj's WSUS Script
http://www.adamj.org/clean-wsus.html
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsusDell PowerEdge R420
CPU: Xeon E5-2430 @ 2.20 GHz (2 Processors)
RAM: 56.0 GBI will check out those scripts here shortly.
You have a Hardware Host Dedicated to WSUS? What else is on this server?
Yes, this server is set up as a dedicated WSUS server and a fresh install of Server 2016 and the WSUS role (if anything just to test and try out WSUS). Nothing else running on here at all.
WOW, I would not waste that much on a WSUS Server, I would have setup a VM on a Hyper-V Server 2016 Host and use a VM with 2 vCPU, 16 GB RAM and 500 GB of space.
-
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.Alright, so what are the RAM and Storage on this server? What CPU resources have you provided to this system?
Also take a look at Adamj's WSUS Script
http://www.adamj.org/clean-wsus.html
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsusDell PowerEdge R420
CPU: Xeon E5-2430 @ 2.20 GHz (2 Processors)
RAM: 56.0 GBI will check out those scripts here shortly.
You have a Hardware Host Dedicated to WSUS? What else is on this server?
Yes, this server is set up as a dedicated WSUS server and a fresh install of Server 2016 and the WSUS role (if anything just to test and try out WSUS). Nothing else running on here at all.
WOW, I would waste that much on a WSUS Server, I would have setup a VM on a Hyper-V Server 2016 Host and use a VM with 2 vCPU, 16 GB RAM and 500 GB of space.
ok, I really don't want to get off topic like this... I am just trying get WSUS to work to try it out and see how well I can manage Windows updates. I haven't even activated Windows 2016 because I plan to move this to a virtual machine later. It's not the point. Again, this is just to try out WSUS and get it working, which I have been yet to do.
-
@dave247 said in Constant WSUS issues (Connection Errors):
I'm so used to them not helping me...
That might be a problem going forward. All event logs have information and tell you every possible problem, just have to get used to reading them. Never just gloss them over.
I'm assuming you are opening the snapin via the local machine versus a remote. That screen happens when you can't connect to it. Your error in the event log means that it can't connect to the site via SSL. Open IIS and make sure that it has a self-signed cert generated for the site. Or make sure the site is up on HTTP and open it that way in MMC. That should fix the problem.
-
Hi, I ran in to this before and have the fix for it on the wiki at work.
Give me a bit to grab it. It has to do with AppPool settings if I remember correctly, on the IIS server.
Edit: I'm just gonna do screenshots because I'm feeling lazy atm, sorry.
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
@dbeato said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
already purchased Desktop Central from ManageEngine a while back.. that was in the thousands.. however, we got an IT audit and it showed that we were missing a lot of past updates. When doing a Windows Update search on the host itself, I often find that it discovers missing updates. When I check DesktopCentral, it says it's not missing updates. Checking with DesktopCentral support, they tell me that Windows updates and patches can supersede old ones. Based on research and shit, I think it's just a matter of the Windows registry making it appear that we are missing updates. However, I still think some of my machines are actually missing updates. Hense why I want to use WSUS to comb through my systems with Microsoft's own product, to try to find any missing updates, vs doing it manually.
It seems like no matter what I do though, this is going to be a huge pain in my assholes.Alright, so what are the RAM and Storage on this server? What CPU resources have you provided to this system?
Also take a look at Adamj's WSUS Script
http://www.adamj.org/clean-wsus.html
https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsusDell PowerEdge R420
CPU: Xeon E5-2430 @ 2.20 GHz (2 Processors)
RAM: 56.0 GBI will check out those scripts here shortly.
You have a Hardware Host Dedicated to WSUS? What else is on this server?
Yes, this server is set up as a dedicated WSUS server and a fresh install of Server 2016 and the WSUS role (if anything just to test and try out WSUS). Nothing else running on here at all.
WOW, I would waste that much on a WSUS Server, I would have setup a VM on a Hyper-V Server 2016 Host and use a VM with 2 vCPU, 16 GB RAM and 500 GB of space.
ok, I really don't want to get off topic like this... I am just trying get WSUS to work to try it out and see how well I can manage Windows updates. I haven't even activated Windows 2016 because I plan to move this to a virtual machine later. It's not the point. Again, this is just to try out WSUS and get it working, which I have been yet to do.
I didn’t think I went off topic. Let’s go through yourur setup. What Database are you using WID or SQL?
-
-
I wouldn't download all available updates. That's going to kill your available capacity.
Instead, set it to only download approved updates.
I've been doing WSUS for a long time. I really don't ever have to worry about it, other than approving updates manually. They can be set to be approved automatically, but I just can't yet.
