3

For the past few weeks i'm struggling to get WSUS working with Windows-servers as client (AD-environment). Those server don't have external internet access. Thats the reason i've setup WSUS.

I've added in the Group Policy that the Windows server (client) needs to connect to an intranet server to receive its updates. I also enabled the rule "Don't connect to any Windows Update Internet Location.

I do see the clients in my WSUS Console, some of them are 100% some 90 or less, but none of them are downloading any package. On the client i also get errors

In the event log i see;

Fault bucket , type 0
Event Name: WindowsUpdateFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 10.0.14393.1770
P2: 8024401c
P3: 00000000-0000-0000-0000-000000000000
P4: Scan
P5: 0
P6: 0
P7: 0
P8: UpdateOrchestrator
P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
P10: 0

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_10.0.14393.1770_c2f588faa424321de2a589ce99567a235212f6ce_00000000_135319d6

Analysis symbol: 
Rechecking for solution: 0
Report Id: 0e82d1e0-223e-11e8-9106-005056bd8d79
Report Status: 96
Hashed bucket: 

What every I try, they wouldn't download anything. Also a fresh install of Windows without any kind of updates is ont receiving anything and only producing the error above.

I also tried disable the option "Do not connect to any Windows update internet location" but eventhough that does not help.

The output of Get-Windowsupdatelogs does not say anything; GUIDxxxxxxxx No information Found.

Furtger more I've tried the following;

  • removed content from c:\windows\softwaredistribution, and checked again for updates.
  • removed some SUID's in the registery but that didn't work either.
  • Using tools from Systernals (TCPView) to see what is going on, and when I check It looks that is still trying to connect to the internet.
  • WSUS downloads the express install files.

I'm out of any idea's who to get this working. The clients and wsus are on other subnets but the switch and firewall are allowing that traffic. I've disabled any port-filtering to be sure that its not an firewall issue or what so ever.

When I enable internet again, I'll receive all kind of updates so I'm 100% sure that; - their were updates - its downloading his update directly from the internet. - it has something to do with "no-internet"

hope someone can help me

Best regards

Dave Greebe

Dave Greebe
  • 109
  • 1
  • 2
  • 6
  • Hi, can you paste your GPO settings you have for your client please – yagmoth555 Mar 08 '18 at 14:47
  • like @yagmoth555 said, the GPO config would be interesting. Also: you did configure the correct updates/products in WSUS and approved these updates for your clients, yes? – Lenniey Mar 08 '18 at 14:55
  • @yagmoth555 My GPO config has 2 settings enabled; Specify intranet Microsoft update service location with the first 2 entry's like http://fqdnofwsus.domain.ext:8530. I also used the "set alternate download server" to that same address, except for the portnumber. The other setting is "Do not connect to any Windows Update internet locations" that is set to enable. Those are the only settings – Dave Greebe Mar 08 '18 at 15:05
  • @Lenniey Yes, i did approve some updates that I knew for sure that those needed to be installed (like the 2018-02 updates for Windows 2016) and those are approved to that group in WSUS where my computer sits in. The strange thing is, is that i get errors and not like "no updates available". Those errors are my biggest concurn – Dave Greebe Mar 08 '18 at 15:09
  • @DaveGreebe - You shouldn't set `Alternate Download URL`; you should check if the `Update Orchestrator Service` is running in the clients(Windows 10). I hope this would resolve the problem. – Am_I_Helpful Mar 11 '18 at 10:08

1 Answers1

2

The problem lies in the fact somewhere on the client (windows 2016 server) i think the registry is messed-up.

I installed a totaly clean Windows 2016 server and without changing any other settings I've added this server to my WSUS and after a check for new updates, my updates where available for downloading. This machine had NO internet so i was sure it came from WSUS.

Until now I have no idea what is messed-up in my registry. I've look for tools to fix/clean up my registry but haven't found anything that will fix the issue on any other existing servers. My server was builed from a VMWare template that I used for allot of servers so I have allot of work.

Dave Greebe
  • 109
  • 1
  • 2
  • 6