Posts Tagged ‘Windows Update Services’
Recently on adding some machines and updates to a existing WSUS server that had been stable for a whole year, I was getting the server being unresponsive , and the reset server node would not work
After restarting the Windows Update Server Service , the error below would display in the event log :
The WSUS content directory is not accessible. System.Net.WebException: The remote server returned an error: (503) Server Unavailable. at System.Net.HttpWebRequest.GetResponse() at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
Running IISRest in the Command prompt brought the site back online , however clearly this was a workaround to teh crash , Turns out you need some tweaking of the Website in IIS to stop this!
- On your WSUS Server, launch the IIS Manager
- Open Application Pools
- Right click ‘WsusPool’ and select ‘Advanced Settings…’
- To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000
- If your server is NUMA aware, change ‘Maximum Worker Processes’ from the default 1 to 0. If you don’t know if your server is NUMA aware, leave this value default
- Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel
- Change ‘Failure Interval (minutes) from the default 5 to 30
- Change ‘Maximum Failures’ from the default 5 to 60
- Click ‘OK’ to save the App Pool changes
- From an administrative command prompt, type IISRESET
This is also a good Cleanup script to schedule :
The first step is to make sure you see the actual WSUS server name in the log – if not that indicates a policy or registry setting used for the policy is not in place.
Next get the errors for the client trying to contact WSUS and check the error code against the error code reference for Windows Update agent. For a reference see:
Windows Update information is stored in c:\%windir%\Windowsupdate.log.
Perform the following on the client workstation.
1. Delete the registry keys in
2. Restart Automatic Updates service.
3. Issue the command wuauclt /resetauthorization /detectnow.
Updates will start downloading
Removing managed by your system administrator message to update them manually
Set Group Policy Manually
Start -> Run -> gpedit.msc
Computer configuration -> Administrative Templates -> Windows Components -> Windows Update
Configure Automatic updates
Choose option 5 – Allow local admin to choose setting
User configuration -> Administrative Templates -> Windows Components -> Windows Update
Remove access to use all Windows Update features
After above clients where still not showing up in the WSUS gui after downloading the updates from the server. I checked
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate (SusClientId) which was cloned across all the servers. We had to run this:
Rem - Batch script to delete duplicate SusClientIDs
Rem - Implement this script as a "Startup" or "Logon" script
Rem - Script creates an output file called %Systemdrive%\SUSClientID.log
Rem - If the %Systemdrive%\SUSClientID.log is already present, then the script simply exits
if exist %systemdrive%\SUSClientID.log goto end
net stop wuauserv
net stop bits
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f > %systemdrive%\SUSClientID.log 2>&1
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f >> %systemdrive%\SUSClientID.log 2>&1
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f >> %systemdrive%\SUSClientID.log 2>&1
net start wuauserv
wuauclt.exe /resetauthorization /detectnow