|
|
I'm running WSUS 3.0, not the beta. These errors are on my WSUS server and
promply show when I run: wsusutil checkhealth
All are source: Windows Server Update
Event IDs in order from older to new, but all appearing in the same second.
13042 - Self-update is not working
13002 - Client computers are installing updates with a higher than 25
percent failure rate. This is not normal.
12002 - The Reporting Web Service is not working.
12032 - The Server Synchronization Web Service is not working.
12022 - The Client Web Service is not working.
12042 - The SimpleAuth Web Service is not working.
12052 - The DSS Authentication Web Service is not working.
---------
The server is 2003 standard with sp2.
Originally I was not getting clients to show. I tweaked some folder and IIS
permissions and the clients started show up, but none are receiving the
updates. I've read several articles from MS to see if I can access certain
..cab files through IIS and I can from client machines.
----------------
Any ideas or help would be appreciated. Oh, I also installed the 3.0 update
agent and applied the KB927891 afterwards on all machines on the domain.
|
|
"Chris" <Chris[ at ]discussions.microsoft.com> wrote in message
news:EF70A1AA-E89F-4A21-956B-C04BD62A9546[ at ]microsoft.com...
[Quoted Text] > I'm running WSUS 3.0, not the beta. These errors are on my WSUS server
> and
> promply show when I run: wsusutil checkhealth
>
> All are source: Windows Server Update
> Event IDs in order from older to new, but all appearing in the same
> second.
>
> 13042 - Self-update is not working
> 13002 - Client computers are installing updates with a higher than 25
> percent failure rate. This is not normal.
> 12002 - The Reporting Web Service is not working.
> 12032 - The Server Synchronization Web Service is not working.
> 12022 - The Client Web Service is not working.
> 12042 - The SimpleAuth Web Service is not working.
> 12052 - The DSS Authentication Web Service is not working.
> I tweaked some folder and IIS
> permissions and the clients started show up, but none are receiving the
> updates.
My gut feeling is that "tweaked some folder" and "IIS permissions" is
probably the key to your issue.
Can you expand on this statement a bit, please?
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
I'm not sure what to expand on. I messed with IIS permissions and folder
permissions to get some errors to go away that are not listed below. Prior
to do the changes, no clients would show up in the MMC snap in. After
messing with permissions, the clients now show up but have a status of not
reported in yet.
I can access the .cab files on the IIS server that are related to WSUS. But
nothing else is working beyond that. I'm unable to find any articles
explaining any of the errors above that work. Google searches show some
people having similiar problems in beta, but no resolutions.
Thanks for any help you can provide.
"Lawrence Garvin (MVP)" wrote:
[Quoted Text] > "Chris" <Chris[ at ]discussions.microsoft.com> wrote in message > news:EF70A1AA-E89F-4A21-956B-C04BD62A9546[ at ]microsoft.com... > > I'm running WSUS 3.0, not the beta. These errors are on my WSUS server > > and > > promply show when I run: wsusutil checkhealth > > > > All are source: Windows Server Update > > Event IDs in order from older to new, but all appearing in the same > > second. > > > > 13042 - Self-update is not working > > 13002 - Client computers are installing updates with a higher than 25 > > percent failure rate. This is not normal. > > 12002 - The Reporting Web Service is not working. > > 12032 - The Server Synchronization Web Service is not working. > > 12022 - The Client Web Service is not working. > > 12042 - The SimpleAuth Web Service is not working. > > 12052 - The DSS Authentication Web Service is not working. > > > I tweaked some folder and IIS > > permissions and the clients started show up, but none are receiving the > > updates. > > My gut feeling is that "tweaked some folder" and "IIS permissions" is > probably the key to your issue. > > Can you expand on this statement a bit, please? > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> ..... > > > |
|
"Chris" <Chris[ at ]discussions.microsoft.com> wrote in message
news:66EBDAB7-EDFC-4ED9-A6E2-444059DA5CF0[ at ]microsoft.com...
[Quoted Text] > I'm not sure what to expand on.
Exact details would be a good start! :-)
> I messed with IIS permissions and folder permissions
That level of information is totally useless, but absolutely indicates a
potential problem!
> to get some errors to go away that are not listed below.
Specifically which IIS permissions.
Specifically which folder permissions.
What did you change them to?
> Prior to do the changes, no clients would show up in the MMC snap in.
Changing permissions is rarely the solution to such a problem. In fact, in
all of the past two years of working with WSUS, the *only* time changing
permissions has been a solution is when the client is specifically receiving
HTTP '401' errors from the WSUS server, which is almost always because
somebody/something has disabled anonymous access on the IIS virtual server.
I suspect the correct resolution is going to be to put the permissions back
to where they were and troubleshoot the original problem, and implement the
correct solution for that original problem. I'll know that for certain once
I see what you changed.
In addition, what do you have in the way of error codes from the client(s)
concerning the original "will not show up" problem?
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
First off it looks like there is an issue with those tweaked IIS settings.
Each of these events points to an issue with several of the Web Services
that are needed to ensure that WSUS is working properly. Which might
explain some of your original issues.
--
Cecil [MSFT]
Deployment, WSUS
Microsoft
This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Chris" <Chris[ at ]discussions.microsoft.com> wrote in message
news:EF70A1AA-E89F-4A21-956B-C04BD62A9546[ at ]microsoft.com...
[Quoted Text] > I'm running WSUS 3.0, not the beta. These errors are on my WSUS server
> and
> promply show when I run: wsusutil checkhealth
>
> All are source: Windows Server Update
> Event IDs in order from older to new, but all appearing in the same
> second.
>
> 13042 - Self-update is not working
> 13002 - Client computers are installing updates with a higher than 25
> percent failure rate. This is not normal.
> 12002 - The Reporting Web Service is not working.
> 12032 - The Server Synchronization Web Service is not working.
> 12022 - The Client Web Service is not working.
> 12042 - The SimpleAuth Web Service is not working.
> 12052 - The DSS Authentication Web Service is not working.
>
> ---------
>
> The server is 2003 standard with sp2.
>
> Originally I was not getting clients to show. I tweaked some folder and
> IIS
> permissions and the clients started show up, but none are receiving the
> updates. I've read several articles from MS to see if I can access
> certain
> .cab files through IIS and I can from client machines.
>
> ----------------
>
> Any ideas or help would be appreciated. Oh, I also installed the 3.0
> update
> agent and applied the KB927891 afterwards on all machines on the domain.
|
|
I guess some back story would help on the permissions thing. :)
Yes, clients were getting 401 errors, I think they were actually 401.1. So
I made sure the anonymous inetusr and domain users had access to all the WSUS
sites and folders listed in IIS. Once I did this, computers started showing
up in the wsus mmc snap in, but they all have a status of "not yet reported."
What's weird is one computer reported in on 6/1/2007 at 2:34am. But that
doesn't explain all the services errors on the server.
From a client, if I goto http://servername/selfupdate/wuident.cab, it asks
me if I want to save the cab file. That's a good sign from online support
articles. There are other cabs and they are all accessible.
Looks like I'm still getting 401, but I'm able access the path. Here's part
of the log.
__________
2007-06-04 08:46:05 1032 84c PT Initializing simple targeting cookie,
clientId = 5ffb03d7-d6b9-4914-b7dd-3efbb43cf492, target group = , DNS name =
clientname.domain.name
2007-06-04 08:46:05 1032 84c PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-04 08:46:05 1032 84c PT WARNING: GetAuthorizationCookie failure,
error = 0x80244017, soap client error = 10, soap error code = 0, HTTP status
code = 401
2007-06-04 08:46:05 1032 84c Report WARNING: Reporter failed to upload
events with hr = 80244017.
2007-06-04 09:03:59 1032 84c PT Initializing simple targeting cookie,
clientId = 5ffb03d7-d6b9-4914-b7dd-3efbb43cf492, target group = , DNS name =
clientname.domain.name
2007-06-04 09:03:59 1032 84c PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-04 09:03:59 1032 84c PT WARNING: GetAuthorizationCookie failure,
error = 0x80244017, soap client error = 10, soap error code = 0, HTTP status
code = 401
2007-06-04 09:03:59 1032 84c Report WARNING: Reporter failed to upload
events with hr = 80244017.
2007-06-04 09:29:15 1032 84c PT Initializing simple targeting cookie,
clientId = 5ffb03d7-d6b9-4914-b7dd-3efbb43cf492, target group = , DNS name =
clientname.domain.name
2007-06-04 09:29:15 1032 84c PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-04 09:29:15 1032 84c PT WARNING: GetAuthorizationCookie failure,
error = 0x80244017, soap client error = 10, soap error code = 0, HTTP status
code = 401
2007-06-04 09:29:15 1032 84c Report WARNING: Reporter failed to upload
events with hr = 80244017.
2007-06-04 09:58:19 1032 9f4 PT Initializing simple targeting cookie,
clientId = 5ffb03d7-d6b9-4914-b7dd-3efbb43cf492, target group = , DNS name =
clientname.domain.name
2007-06-04 09:58:19 1032 9f4 PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-04 09:58:19 1032 9f4 PT WARNING: GetAuthorizationCookie failure,
error = 0x80244017, soap client error = 10, soap error code = 0, HTTP status
code = 401
2007-06-04 09:58:19 1032 9f4 Report WARNING: Reporter failed to upload
events with hr = 80244017.
2007-06-04 10:11:23 1032 9f4 PT Initializing simple targeting cookie,
clientId = 5ffb03d7-d6b9-4914-b7dd-3efbb43cf492, target group = , DNS name =
clientname.domain.name
2007-06-04 10:11:23 1032 9f4 PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-04 10:11:23 1032 9f4 PT WARNING: GetAuthorizationCookie failure,
error = 0x80244017, soap client error = 10, soap error code = 0, HTTP status
code = 401
2007-06-04 10:11:23 1032 9f4 Report WARNING: Reporter failed to upload
events with hr = 80244017.
__________
So I browsed to http://servername/SimpleAuthWebService/SimpleAuth.asmx and a
page came up that says:
__________
SimpleAuth
The following operations are supported. For a formal definition, please
review the Service Description.
GetAuthorizationCookie
Ping
____________
I can click the GetAuthorizationCookie and Ping links and they come up.
Again, thanks for any help.
Chris
"Lawrence Garvin (MVP)" wrote:
[Quoted Text] > "Chris" <Chris[ at ]discussions.microsoft.com> wrote in message > news:66EBDAB7-EDFC-4ED9-A6E2-444059DA5CF0[ at ]microsoft.com... > > I'm not sure what to expand on. > > Exact details would be a good start! :-) > > > I messed with IIS permissions and folder permissions > > That level of information is totally useless, but absolutely indicates a > potential problem! > > > to get some errors to go away that are not listed below. > > Specifically which IIS permissions. > Specifically which folder permissions. > > What did you change them to? > > > Prior to do the changes, no clients would show up in the MMC snap in. > > Changing permissions is rarely the solution to such a problem. In fact, in > all of the past two years of working with WSUS, the *only* time changing > permissions has been a solution is when the client is specifically receiving > HTTP '401' errors from the WSUS server, which is almost always because > somebody/something has disabled anonymous access on the IIS virtual server. > > I suspect the correct resolution is going to be to put the permissions back > to where they were and troubleshoot the original problem, and implement the > correct solution for that original problem. I'll know that for certain once > I see what you changed. > > In addition, what do you have in the way of error codes from the client(s) > concerning the original "will not show up" problem? > > > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> ..... > > > |
|
Agreed. There were more errors previously until I played with the settings.
I didn't restrict the security on the folders/web access, I allowed more
access to them.
I followed several MS Articles and ran tools against IIS (can't remember
which, I spent like 4-6 hours on it) and all the results were what we were
looking for.
My next thought is to uninstall WSUS and delete all folders. Then uninstall
IIS and delete all folders. Reboot. Reinstall IIS and WSUS.
Thoughts?
Chris
"Cecils(MSFT)" wrote:
[Quoted Text] > First off it looks like there is an issue with those tweaked IIS settings. > Each of these events points to an issue with several of the Web Services > that are needed to ensure that WSUS is working properly. Which might > explain some of your original issues. > > -- > Cecil [MSFT] > Deployment, WSUS > Microsoft > > This posting is provided "As Is" with no warranties, and confers no rights. > Use of included script samples are subject to the terms specified at > http://www.microsoft.com/info/cpyright.htm> > "Chris" <Chris[ at ]discussions.microsoft.com> wrote in message > news:EF70A1AA-E89F-4A21-956B-C04BD62A9546[ at ]microsoft.com... > > I'm running WSUS 3.0, not the beta. These errors are on my WSUS server > > and > > promply show when I run: wsusutil checkhealth > > > > All are source: Windows Server Update > > Event IDs in order from older to new, but all appearing in the same > > second. > > > > 13042 - Self-update is not working > > 13002 - Client computers are installing updates with a higher than 25 > > percent failure rate. This is not normal. > > 12002 - The Reporting Web Service is not working. > > 12032 - The Server Synchronization Web Service is not working. > > 12022 - The Client Web Service is not working. > > 12042 - The SimpleAuth Web Service is not working. > > 12052 - The DSS Authentication Web Service is not working. > > > > --------- > > > > The server is 2003 standard with sp2. > > > > Originally I was not getting clients to show. I tweaked some folder and > > IIS > > permissions and the clients started show up, but none are receiving the > > updates. I've read several articles from MS to see if I can access > > certain > > .cab files through IIS and I can from client machines. > > > > ---------------- > > > > Any ideas or help would be appreciated. Oh, I also installed the 3.0 > > update > > agent and applied the KB927891 afterwards on all machines on the domain. > > |
|
"Chris" <Chris[ at ]discussions.microsoft.com> wrote in message
news:FE759D67-B996-4ECB-B0D1-C746BFD1B755[ at ]microsoft.com...
[Quoted Text] >I guess some back story would help on the permissions thing. :)
>
> Yes, clients were getting 401 errors, I think they were actually 401.1.
> So
> I made sure the anonymous inetusr and domain users had access to all the
> WSUS
> sites and folders listed in IIS.
Okay, let's start by remediating all of the NTFS and IIS permissions.
What are the correct IIS and NTFS permissions for WSUS?
http://wsusinfo.onsitechsolutions.com/articles/016.htm
> 2007-06-04 08:46:05 1032 84c PT Server URL =
> http://servername/SimpleAuthWebService/SimpleAuth.asmx
> 2007-06-04 08:46:05 1032 84c PT WARNING: GetAuthorizationCookie failure,
> error = 0x80244017, soap client error = 10, soap error code = 0, HTTP
> status
> code = 401
This '401' error is on the /SimpleAuthWebService virtual directory, which
should have anonymous access enabled on the virtual directory, but not
Integrated Authentication.
> So I browsed to http://servername/SimpleAuthWebService/SimpleAuth.asmx and
> a
> page came up that says:
>
> __________
> SimpleAuth
>
>
> The following operations are supported. For a formal definition, please
> review the Service Description.
Good.. but here's an important diagnostic consideration...
These v-roots need to have anonymous access. If you're browsing to them from
a console session that has administrator access, then you're getting access
through Integrated Authentication (if it's enabled) by virtue of your admin
status. Make sure you perform these tests from an UNprivileged account.
In the meantime, I'm trying to think of any other obscure scenearios that
have also generated '401' errors that might be slipping my mind.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
|
|
When I get a chance, I'll let you guys know.
"Lawrence Garvin (MVP)" wrote:
[Quoted Text]
|
|
Ok, I uninstalled WSUS and IIS yesterday, had the server reboot in the middle
of the night and reinstalled IIS then WSUS today.
I've got some great news, the majority of the errors are gone, but the bad
news is I still have one error and it seems be keeping everything from
working. :/
Source: Windows Server Update
Category: System Event
Event ID: 13042
Self-update is not working.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
It's the only error. Clients are showing up in the MMC snap in, but they
all have a status of "not yet reported" and this includes the server itself.
WindowsUpdate.log on the server:
2007-06-07 13:25:34:118 1016 13d8 PT WARNING: Cached cookie has expired or
new PID is available
2007-06-07 13:25:34:118 1016 13d8 PT Initializing simple targeting cookie,
clientId = 90b8f534-cc2e-4e34-b220-c8f9e5fba33e, target group = , DNS name =
servername.domain.name
2007-06-07 13:25:34:118 1016 13d8 PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-07 13:25:34:211 1016 13d8 PT WARNING: GetCookie failure, error =
0x8024400D, soap client error = 7, soap error code = 300, HTTP status code =
200
2007-06-07 13:25:34:211 1016 13d8 PT WARNING: SOAP Fault: 0x00012c
2007-06-07 13:25:34:227 1016 13d8 PT WARNING:
faultstring:System.Web.Services.Protocols.SoapException: Fault occurred
at
Microsoft.UpdateServices.Internal.SoapUtilities.ThrowException(ErrorCode
errorCode, String message)
at
Microsoft.UpdateServices.Internal.Authorization.AuthorizationManager.DecryptOldCookie(Cookie oldCookie)
at
Microsoft.UpdateServices.Internal.Authorization.AuthorizationManager.GetCookie(AuthorizationCookie[]
authCookies, Cookie oldCookie, DateTime lastChange, DateTime
currentClientTime, String clientProtocolVersion)
at
Microsoft.UpdateServices.Internal.ClientImplementation.GetCookie(AuthorizationCookie[]
authCookies, Cookie oldCookie, DateTime lastChange, DateTime
currentClientTime, String protocolVersion)
at
Microsoft.UpdateServices.Internal.Client.GetCookie(AuthorizationCookie[]
authCookies, Cookie oldCookie, DateTime lastChange, DateTime currentTime,
String protocolVersion)
2007-06-07 13:25:34:227 1016 13d8 PT WARNING: ErrorCode:InvalidCookie(1)
2007-06-07 13:25:34:227 1016 13d8 PT WARNING: Message:(null)
2007-06-07 13:25:34:227 1016 13d8 PT WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2007-06-07 13:25:34:227 1016 13d8 PT WARNING:
ID:27cf1729-6550-4cda-99c1-1e08f68cb1ee
2007-06-07 13:25:34:227 1016 13d8 PT WARNING: PTError: 0x80244015
2007-06-07 13:25:34:227 1016 13d8 PT WARNING: GetCookie_WithRecovery failed
: 0x80244015
2007-06-07 13:25:34:227 1016 13d8 PT WARNING: RefreshCookie failed: 0x80244015
2007-06-07 13:25:34:227 1016 13d8 PT WARNING: RefreshPTState failed:
0x80244015
2007-06-07 13:25:35:071 1016 13d8 PT WARNING: Cached cookie has expired or
new PID is available
2007-06-07 13:25:35:102 1016 13d8 PT Initializing simple targeting cookie,
clientId = 90b8f534-cc2e-4e34-b220-c8f9e5fba33e, target group = , DNS name =
servername.domain.name
2007-06-07 13:25:35:102 1016 13d8 PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-07 13:25:40:914 1016 13d8 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:25:40:914 1016 13d8 Report Reporter successfully uploaded 1
events.
2007-06-07 13:25:41:024 1016 13d8 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:25:41:024 1016 13d8 Report Reporter successfully uploaded 1
events.
2007-06-07 13:25:41:133 1016 13d8 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:25:41:133 1016 13d8 Report Reporter successfully uploaded 1
events.
2007-06-07 13:25:41:242 1016 13d8 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:25:41:242 1016 13d8 Report Reporter successfully uploaded 1
events.
2007-06-07 13:25:41:336 1016 13d8 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:25:41:336 1016 13d8 Report Reporter successfully uploaded 1
events.
WindowsUpdate.log from a PC not logged in as administrator:
2007-06-07 12:50:44:207 1120 4ac AU AU received policy change subscription
event
2007-06-07 12:56:23:307 1120 514 PT WARNING: Cached cookie has expired or
new PID is available
2007-06-07 12:56:23:307 1120 514 PT Initializing simple targeting cookie,
clientId = b00463fa-9f32-46a5-afcd-bdb16863c8ee, target group = , DNS name =
clientname.domain.name
2007-06-07 12:56:23:307 1120 514 PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-07 12:57:15:839 1120 514 PT WARNING: GetAuthorizationCookie failure,
error = 0x80244019, soap client error = 10, soap error code = 0, HTTP status
code = 404
2007-06-07 12:57:15:839 1120 514 PT WARNING: Failed to initialize Simple
Targeting Cookie: 0x80244019
2007-06-07 12:57:15:839 1120 514 PT WARNING: PopulateAuthCookies failed:
0x80244019
2007-06-07 12:57:15:839 1120 514 PT WARNING: RefreshCookie failed: 0x80244019
2007-06-07 12:57:15:839 1120 514 PT WARNING: RefreshPTState failed: 0x80244019
2007-06-07 12:57:15:839 1120 514 PT WARNING: PTError: 0x80244019
2007-06-07 12:57:15:839 1120 514 Report WARNING: Reporter failed to upload
events with hr = 80244019.
2007-06-07 13:26:14:482 1120 f08 PT WARNING: Cached cookie has expired or
new PID is available
2007-06-07 13:26:14:482 1120 f08 PT Initializing simple targeting cookie,
clientId = b00463fa-9f32-46a5-afcd-bdb16863c8ee, target group = , DNS name =
clientname.domain.name
2007-06-07 13:26:14:482 1120 f08 PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-07 13:26:14:576 1120 f08 PT WARNING: GetCookie failure, error =
0x8024400D, soap client error = 7, soap error code = 300, HTTP status code =
200
2007-06-07 13:26:14:576 1120 f08 PT WARNING: SOAP Fault: 0x00012c
2007-06-07 13:26:14:576 1120 f08 PT WARNING: faultstring:Fault occurred
2007-06-07 13:26:14:576 1120 f08 PT WARNING: ErrorCode:InvalidCookie(1)
2007-06-07 13:26:14:576 1120 f08 PT WARNING: Message:(null)
2007-06-07 13:26:14:576 1120 f08 PT WARNING:
Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2007-06-07 13:26:14:576 1120 f08 PT WARNING:
ID:0d9eec4d-7b83-4ff6-bbf7-eedb71fef02e
2007-06-07 13:26:14:576 1120 f08 PT WARNING: PTError: 0x80244015
2007-06-07 13:26:14:576 1120 f08 PT WARNING: GetCookie_WithRecovery failed :
0x80244015
2007-06-07 13:26:14:576 1120 f08 PT WARNING: RefreshCookie failed: 0x80244015
2007-06-07 13:26:14:576 1120 f08 PT WARNING: RefreshPTState failed: 0x80244015
2007-06-07 13:26:15:716 1120 f08 PT WARNING: Cached cookie has expired or
new PID is available
2007-06-07 13:26:15:716 1120 f08 PT Initializing simple targeting cookie,
clientId = b00463fa-9f32-46a5-afcd-bdb16863c8ee, target group = , DNS name =
clientname.domain.name
2007-06-07 13:26:15:716 1120 f08 PT Server URL =
http://servername/SimpleAuthWebService/SimpleAuth.asmx
2007-06-07 13:26:24:123 1120 f08 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:26:24:123 1120 f08 Report Reporter successfully uploaded 1
events.
2007-06-07 13:26:24:154 1120 f08 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:26:24:169 1120 f08 Report Reporter successfully uploaded 1
events.
2007-06-07 13:26:24:216 1120 f08 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:26:24:216 1120 f08 Report Reporter successfully uploaded 1
events.
2007-06-07 13:26:24:248 1120 f08 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:26:24:248 1120 f08 Report Reporter successfully uploaded 1
events.
2007-06-07 13:26:24:294 1120 f08 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:26:24:294 1120 f08 Report Reporter successfully uploaded 1
events.
2007-06-07 13:26:24:341 1120 f08 Report Uploading 1 events using cached
cookie, reporting URL =
http://servername/ReportingWebService/ReportingWebService.asmx
2007-06-07 13:26:24:341 1120 f08 Report Reporter successfully uploaded 1
events.
I'm going to see what I can figure out, but if you've seen this before, your
help would be appreciated. Thanks.
"Chris" wrote:
[Quoted Text]
|
|
**************
*My comments are enclosed in the *'s.
*
*Microsoft's online support recommended the following actions for the 13042
event id.
**************
User Action Self Update
Client self-update is not working correctly. WSUS creates a virtual
directory "SelfUpdate" on port 80 that is used by Automatic Update (AU)
clients. The AU client checks its version, and if the version is found to be
out of date, the AU client downloads and installs a new version. This
requires downloading a file used to check the version and then downloading
the client binaries appropriate for that computer and OS. The static content
in this directory and its subdirectories is available via anonymous access.
Note: A second SelfUpdate virtual directory will be created if the "WSUS
Administration" Web site is created on port 8530.
Possible resolutions include:
-Check network connectivity on the WSUS client computer.
Open Internet Explorer.
In the address bar, type http://<WSUSServerName>/iuident.cab where
<WSUSServerName> is the name of your WSUS server. Ensure that you are
prompted to download or open iuident.cab. This verifies network connectivity
from the WSUS client computer and the availability of the iuident.cab file on
the WSUS server.
If there are any boxes prompting you to download or save, click Cancel.
******************
*This did not work, so I looked at the file security and the Internet Guest
Account did not have Read & Execute access, so I granted it. Now I can
access the file. Also, I'm using the default port of 80.
******************
-Check for the existence of the self-update tree on port 80, which is
typically the default Web site.
Open a command window.
Type cscript <WSUSInstallDir>\setup\InstallSelfupdateOnPort80.vbs
******************
*Ran this script, says Success
******************
-Check permissions on the client Web service directory.
Open a command window.
Type cd <WSUSInstallDir>\SelfUpdate
Type cacls
The following ACEs should be set:
-BUILTIN\Users:(OI)(CI)R
-BUILTIN\Administrators:(OI)(CI)F
-NT AUTHORITY\SYSTEM:(OI)(CI)F
******************
*My results of running cacls:
*C:\Program Files\Update Services\Selfupdate>cacls *
*C:\Program Files\Update Services\Selfupdate\AU BUILTIN\Users:(OI)(CI)R
*
BUILTIN\Administrators:(OI)(CI)F
* NT AUTHORITY\SYSTEM:(OI)(CI)F
*C:\Program Files\Update Services\Selfupdate\iuident.cab BUILTIN\Users:R
*
BUILTIN\Administrators:F
* NT AUTHORITY\SYSTEM:F
*C:\Program Files\Update Services\Selfupdate\WSUS3 BUILTIN\Users:(OI)(CI)R
*
BUILTIN\Administrators:(OI)(CI)F
* NT
AUTHORITY\SYSTEM:(OI)(CI)F
*C:\Program Files\Update Services\Selfupdate\wuident.cab BUILTIN\Users:R
*
BUILTIN\Administrators:F
* NT AUTHORITY\SYSTEM:F
*Looks good, the best I can tell. For some reason wuident.cab doesn't show
(OI)(CI), these indicate inherits and the permissions are the same
regardless. When looking at it in the GUI, the *permissions are inherited.
******************
Check the IIS configuration of the reporting Web service using the IIS
script adsutil.vbs (or use the IIS Administration UI Tool). For more
information, see "Appendix C: IIS Settings for Web Services" in the WSUS 3.0
Operations Guide at http://go.microsoft.com/fwlink/?LinkId=81072
******************
*This appendix has you look at IIS vroots and their settings:
*
*ClientWebService
*Directory: %ProgramFiles%Update Services\WebServices\ClientWebService
*Application Pool: WsusPool
*Security: Anonymous Access Enabled
*Execute Permissions: Scripts Only
*Content
*Directory[the location of the WSUS content directory]
*Security: Anonymous Access Enabled
*Execute Permissions: None
*DssAuthWebService
*Directory: %ProgramFiles%Update Services\WebServices\DssAuthWebService
*Application Pool: WsusPool
*Security: Anonymous Access Enabled
*Execute Permissions: Scripts Only
*Inventory
*Directory: %ProgramFiles%Update Services\ Inventory
*Application Pool: WsusPool
*Security: Anonymous Access Enabled
*Execute Permissions: Scripts Only
*ReportingWebService
*Directory: %ProgramFiles%Update Services\WebServices\ReportingWebService
*Application Pool: WsusPool
*Security: Anonymous Access Enabled
*Execute Permissions: Scripts Only
*ServerSyncWebService
*Directory: %ProgramFiles%Update Services\WebServices\ServerSyncWebService
*Application Pool: WsusPool
*Security: Anonymous Access Enabled
*Execute Permissions: Scripts Only
*SimpleAuthWebService
*Directory: %ProgramFiles%Update Services\WebServices\SimpleAuthWebService
*Application Pool: WsusPool
*Security: Anonymous Access Enabled
*Execute Permissions: Scripts Only
*ApiRemoting30
*Directory: %ProgramFiles%Update Services\Administration
*Application Pool: WsusPool
*Security: Integrated Windows Authentication, Digest Authentication
*Execute Permissions: Scripts Only
*SelfUpdate
*Directory: %ProgramFiles%Update Services\SelfUpdate
*Security: Anonymous Access Enabled
*Execute Permissions: Scripts Only
*
*The only thing I modified was in ApiRemoting30, there was no realm
selected, so I went ahead and selected our domain name.
*****************
If ServerBindings or SecureBindings contains entries of the form X.X.X.X:80,
remove the IP address and leave only the port address, or add another binding
to the local machine 127.0.0.1:80. Type the command
<InetpubDir>\AdminScripts\adsutil.vbs set W3SVC/1/ServerBindings
"127.0.0.1:80"
*****************
*I did the above command and the results are: ServerBindings
: (LIST) "127.0.0.1:80"
*After typing this command, I now get an error in the MMC snapin that says:
*****************
The WSUS administration console was unable to connect to the WSUS Server via
the remote API.
Verify that the Update Services service, IIS and SQL are running on the
server. If the problem persists, try restarting IIS, SQL, and the Update
Services Service.
The WSUS administration console was unable to connect to the WSUS Server via
the remote API.
Verify that the Update Services service, IIS and SQL are running on the
server. If the problem persists, try restarting IIS, SQL, and the Update
Services Service.
System.Net.Sockets.SocketException -- No connection could be made because
the target machine actively refused it
Source
System
Stack Trace:
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,
SocketAddress socketAddress)
at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure,
Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState
state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)
** this exception was nested inside of the following exception **
System.Net.WebException -- Unable to connect to the remote server
Source
Microsoft.UpdateServices.Administration
Stack Trace:
at
Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
at
Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String
serverName, Boolean useSecureConnection, Int32 portNumber)
at
Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
at
Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings)
at
Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
at
Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServerAndPopulateNode(Boolean connectingServerToConsole)
at
Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.OnExpandFromLoad(SyncStatus status)
***************
*Well, this is frustrating... I restarted the services, I didn't see a sql
service to restart. I'll reboot
*the server tonight and hope for the best tomorrow.
***************
|
|
Please revisit the thread, thanks.
"Lawrence Garvin (MVP)" wrote:
[Quoted Text] > "Chris" <Chris[ at ]discussions.microsoft.com> wrote in message > news:FE759D67-B996-4ECB-B0D1-C746BFD1B755[ at ]microsoft.com... > >I guess some back story would help on the permissions thing. :) > > > > Yes, clients were getting 401 errors, I think they were actually 401.1. > > So > > I made sure the anonymous inetusr and domain users had access to all the > > WSUS > > sites and folders listed in IIS. > > Okay, let's start by remediating all of the NTFS and IIS permissions. > > What are the correct IIS and NTFS permissions for WSUS? > http://wsusinfo.onsitechsolutions.com/articles/016.htm> > > 2007-06-04 08:46:05 1032 84c PT Server URL = > > http://servername/SimpleAuthWebService/SimpleAuth.asmx> > 2007-06-04 08:46:05 1032 84c PT WARNING: GetAuthorizationCookie failure, > > error = 0x80244017, soap client error = 10, soap error code = 0, HTTP > > status > > code = 401 > > This '401' error is on the /SimpleAuthWebService virtual directory, which > should have anonymous access enabled on the virtual directory, but not > Integrated Authentication. > > > So I browsed to http://servername/SimpleAuthWebService/SimpleAuth.asmx and > > a > > page came up that says: > > > > __________ > > SimpleAuth > > > > > > The following operations are supported. For a formal definition, please > > review the Service Description. > > Good.. but here's an important diagnostic consideration... > > These v-roots need to have anonymous access. If you're browsing to them from > a console session that has administrator access, then you're getting access > through Integrated Authentication (if it's enabled) by virtue of your admin > status. Make sure you perform these tests from an UNprivileged account. > > In the meantime, I'm trying to think of any other obscure scenearios that > have also generated '401' errors that might be slipping my mind. > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> ..... > > > |
|
"Chris" <Chris[ at ]discussions.microsoft.com> wrote in message
news:AB7B9596-DBD9-4157-91A2-A1AB87EF594C[ at ]microsoft.com...
[Quoted Text] > Please revisit the thread, thanks.
What's to revisit. On June 4th I posted a reply, with this suggestion:
>> Yes, clients were getting 401 errors, I think they were actually 401.1.
>> So
>> I made sure the anonymous inetusr and domain users had access to all the
>> WSUS sites and folders listed in IIS.
> Okay, let's start by remediating all of the NTFS and IIS permissions.
>
> What are the correct IIS and NTFS permissions for WSUS?
> http://wsusinfo.onsitechsolutions.com/articles/016.htm
You've not replied to that message (until today, but still not answered the
questions).
Did you remediate *all* of the NTFS and IIS permissions on this WSUS server
in accordance with the permissions documented in the cited article?
I also pointed out, specifically, what was causing the '401' error, and the
most likely cause.
>> 2007-06-04 08:46:05 1032 84c PT Server URL =
>> http://servername/SimpleAuthWebService/SimpleAuth.asmx
>> 2007-06-04 08:46:05 1032 84c PT WARNING: GetAuthorizationCookie failure,
>> error = 0x80244017, soap client error = 10, soap error code = 0, HTTP
>> status
>> code = 401
> This '401' error is on the /SimpleAuthWebService virtual directory, which
> should have anonymous access enabled on the virtual directory, but not
> Integrated Authentication.
Did you check the /SimpleAuthWebService virtual directory to ensure it had
anonymous access enabled and not Integrated Authentication?
And, finally, I followed up with this general statement:
> These v-roots need to have anonymous access. If you're browsing to them
> from
> a console session that has administrator access, then you're getting
> access
> through Integrated Authentication (if it's enabled) by virtue of your
> admin
> status. Make sure you perform these tests from an UNprivileged account.
And said I'd do this:
> In the meantime, I'm trying to think of any other obscure scenearios that
> have also generated '401' errors that might be slipping my mind.
But without any feedback from you concerning my suggestions and questions,
I'm not going to think real hard of any other "obscure scenarios", since the
likelihood (until you tell me otherwise) is that the IIS or NTFS permissions
*are* misconfigured.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://technet2.microsoft.com/windowsserver/en/technologies/featured/wsus/default.mspx
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
I'm getting the same issues. I've checked that the web services all have the
proper settings according to Appendix C here:
http://technet2.microsoft.com/windowsserver/en/library/36a1530c-dfad-47df-9a3d-906190038a7a1033.mspx?mfr=true
I've also reset the permissions as per article 16 here:
http://wsusinfo.onsitechsolutions.com/articles/016.htm
I am getting the following error in the security log:
The WSUS administration console received a security exception. You do not
have sufficient permissions for this operation.
Verify that you are a member of either the WSUS Administrators or WSUS
Reporters group on the server you are trying to administer, and restart the
administration console.
System.Security.SecurityException -- Request for principal permission failed.
Source
Microsoft.UpdateServices.Administration
Stack Trace:
at
Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
at
Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String
serverName, Boolean useSecureConnection, Int32 portNumber)
at
Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
at
Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings)
at
Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
at
Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()
Surprisingly (to me at least) when I remove Anonymous Access from
APIRemoting30 Properties, the console will start without issue. As soon as I
enable Anonymous access, the admin console fails with the error above.
Thanks for any help you can provide. This has got to be a permission issue
of some sort.
|
|
I'm sorry I failed to mention the following:
I am running WSUS 3 on a Windows 2003 Server. I am running the Admin Console
from my workstation. WSUS has seemingly been working fine for months, and
still is as far as I can see, just that I see these errors in the event log
every day.
I HAVE noticed that exactly 10 minutes after the string of Events 12012,
13042, etc I will see a string of events informing me that these same
services ARE working correctly.
"pharmboy" wrote:
[Quoted Text] > I'm getting the same issues. I've checked that the web services all have the > proper settings according to Appendix C here: > http://technet2.microsoft.com/windowsserver/en/library/36a1530c-dfad-47df-9a3d-906190038a7a1033.mspx?mfr=true> > I've also reset the permissions as per article 16 here: > http://wsusinfo.onsitechsolutions.com/articles/016.htm> > > I am getting the following error in the security log: > > The WSUS administration console received a security exception. You do not > have sufficient permissions for this operation. > > Verify that you are a member of either the WSUS Administrators or WSUS > Reporters group on the server you are trying to administer, and restart the > administration console. > > System.Security.SecurityException -- Request for principal permission failed. > > Source > Microsoft.UpdateServices.Administration > > Stack Trace: > at > Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args) > at > Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String > serverName, Boolean useSecureConnection, Int32 portNumber) > at > Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber) > at > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings) > at > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer() > at > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools() > > Surprisingly (to me at least) when I remove Anonymous Access from > APIRemoting30 Properties, the console will start without issue. As soon as I > enable Anonymous access, the admin console fails with the error above. > > Thanks for any help you can provide. This has got to be a permission issue > of some sort. |
|
On Jul 5, 12:54 pm, pharmboy <pharm...[ at ]discussions.microsoft.com>
wrote:
[Quoted Text] > I'm sorry I failed to mention the following: > I am running WSUS 3 on a Windows 2003 Server. I am running the Admin Console > from my workstation. WSUS has seemingly been working fine for months, and > still is as far as I can see, just that I see these errors in theeventlog > every day. > > I HAVE noticed that exactly 10 minutes after the string of Events 12012, > 13042, etc I will see a string of events informing me that these same > services ARE working correctly. > > > > "pharmboy" wrote: > > I'm getting the same issues. I've checked that the web services all have the > > proper settings according to Appendix C here: > > http://technet2.microsoft.com/windowsserver/en/library/36a1530c-dfad-...> > > I've also reset the permissions as per article 16 here: > > http://wsusinfo.onsitechsolutions.com/articles/016.htm> > > I am getting the following error in the securitylog: > > > The WSUS administration console received a security exception. You do not > > have sufficient permissions for this operation. > > > Verify that you are a member of either the WSUS Administrators or WSUS > > Reporters group on the server you are trying to administer, and restart the > > administration console. > > > System.Security.SecurityException -- Request for principal permission failed. > > > Source > > Microsoft.UpdateServices.Administration > > > Stack Trace: > > at > > Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args) > > at > > Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String > > serverName, Boolean useSecureConnection, Int32 portNumber) > > at > > Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber) > > at > > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings) > > at > > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer() > > at > > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools() > > > Surprisingly (to me at least) when I remove Anonymous Access from > > APIRemoting30 Properties, the console will start without issue. As soon as I > > enable Anonymous access, the admin console fails with the error above. > > > Thanks for any help you can provide. This has got to be a permission issue > > of some sort.- Hide quoted text - > > - Show quoted text -
This is where I go to figure this stuff out:
http://kb.eventlogmanager.com/
They have a great product for event log tracking, and this is a free
service they provide.
|
|
That site is not helpful for this particular problem. It does not have info
on these errors from WSUS.
"Goon64" wrote:
[Quoted Text] > On Jul 5, 12:54 pm, pharmboy <pharm...[ at ]discussions.microsoft.com> > wrote: > > I'm sorry I failed to mention the following: > > I am running WSUS 3 on a Windows 2003 Server. I am running the Admin Console > > from my workstation. WSUS has seemingly been working fine for months, and > > still is as far as I can see, just that I see these errors in theeventlog > > every day. > > > > I HAVE noticed that exactly 10 minutes after the string of Events 12012, > > 13042, etc I will see a string of events informing me that these same > > services ARE working correctly. > > > > > > > > "pharmboy" wrote: > > > I'm getting the same issues. I've checked that the web services all have the > > > proper settings according to Appendix C here: > > > http://technet2.microsoft.com/windowsserver/en/library/36a1530c-dfad-...> > > > > I've also reset the permissions as per article 16 here: > > > http://wsusinfo.onsitechsolutions.com/articles/016.htm> > > > > I am getting the following error in the securitylog: > > > > > The WSUS administration console received a security exception. You do not > > > have sufficient permissions for this operation. > > > > > Verify that you are a member of either the WSUS Administrators or WSUS > > > Reporters group on the server you are trying to administer, and restart the > > > administration console. > > > > > System.Security.SecurityException -- Request for principal permission failed. > > > > > Source > > > Microsoft.UpdateServices.Administration > > > > > Stack Trace: > > > at > > > Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Objec-t[] args) > > > at > > > Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String > > > serverName, Boolean useSecureConnection, Int32 portNumber) > > > at > > > Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(St-ring serverName, Boolean useSecureConnection, Int32 portNumber) > > > at > > > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateSe-rver(PersistedServerSettings settings) > > > at > > > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToSe-rver() > > > at > > > Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerT-ools() > > > > > Surprisingly (to me at least) when I remove Anonymous Access from > > > APIRemoting30 Properties, the console will start without issue. As soon as I > > > enable Anonymous access, the admin console fails with the error above. > > > > > Thanks for any help you can provide. This has got to be a permission issue > > > of some sort.- Hide quoted text - > > > > - Show quoted text - > > This is where I go to figure this stuff out: > http://kb.eventlogmanager.com/> > They have a great product for event log tracking, and this is a free > service they provide. > > |
|
"pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message
news:BE7222CE-3A56-4ED5-8311-8007FBC36198[ at ]microsoft.com...
[Quoted Text] > Surprisingly (to me at least) when I remove Anonymous Access from
> APIRemoting30 Properties, the console will start without issue. As soon as
> I
> enable Anonymous access, the admin console fails with the error above.
On my freshly installed, and functioning, WSUS 3.0 server, the APIRemoting30
virtual directory does *not* have Anonymous Access, thus, given that
removing it makes the system work -- I'd say you should remove it. :-)
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
Well then...that's a bit odd.
I guess the reason I kept trying to enable Anon access there is the page
here
(http://technet2.microsoft.com/windowsserver/en/library/36a1530c-dfad-47df-9a3d-906190038a7a1033.mspx?mfr=true)
seemed to indicate it under the Appendix C heading, "Properties of the API
Remoting Web service" unless I am misunderstanding it.
In any case, I seem to have rid myself of the occasional error events (Event
Viewer Errors 13042 13002 12002 12042 12052) by doing a repair install of
..Net 2.0 and rebooting. At least so far I've not seen any errors. If it goes
the entire weekend without trouble then I'll believe it's fixed. We'll see.
Thanks for the reply Lawrence!
"Lawrence Garvin (MVP)" wrote:
[Quoted Text] > "pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message > news:BE7222CE-3A56-4ED5-8311-8007FBC36198[ at ]microsoft.com... > > > Surprisingly (to me at least) when I remove Anonymous Access from > > APIRemoting30 Properties, the console will start without issue. As soon as > > I > > enable Anonymous access, the admin console fails with the error above. > > On my freshly installed, and functioning, WSUS 3.0 server, the APIRemoting30 > virtual directory does *not* have Anonymous Access, thus, given that > removing it makes the system work -- I'd say you should remove it. :-) > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://www.microsoft.com/wsus> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> ..... > > > |
|
pharmboy wrote:
[Quoted Text]
The page you reference currently indicates that ApiRemoting30 should *not* have
anonymous access. Either they've corrected it recently (quite possible) or you
were misreading it.
Harry.
|
|
Well it still looks like it is telling me to make anon access true for
ApiRemoting30. Not sure how else to read it.
Properties of the API Remoting Web service
Property Value KeyType
(STRING) "IIsWebVirtualDir" AppRoot
(STRING) "/LM/W3SVC/WebSiteID/ROOT/ApiRemoting30" AppFriendlyName
(STRING) "ApiRemoting30" AppIsolated
(INTEGER) 2 Path (STRING) "<WSUSInstallDir>\WebServices\ApiRemoting30"
AccessFlags(INTEGER) 513
AccessExecute(BOOLEAN) False
AccessSource(BOOLEAN) False
AccessRead (BOOLEAN) True
AccessWrite (BOOLEAN) False
AccessScript (BOOLEAN) True
AccessNoRemoteExecute (BOOLEAN) False
AccessNoRemoteRead (BOOLEAN) False
AccessNoRemoteWrite (BOOLEAN) False
AccessNoRemoteScript (BOOLEAN) False
AccessNoPhysicalDir (BOOLEAN) False
AspScriptErrorSentToBrowser (BOOLEAN) False
AspEnableParentPaths (BOOLEAN) False
AuthFlags (INTEGER) 21
AuthBasic (BOOLEAN) False
[B]AuthAnonymous (BOOLEAN) True[/B]
AuthNTLM (BOOLEAN) True
AuthMD5 (BOOLEAN) True
AuthPassport (BOOLEAN) False
AppPoolId (STRING) "WsusPool"
"Harry Johnston" wrote:
[Quoted Text] > pharmboy wrote: > > > I guess the reason I kept trying to enable Anon access there is the page > > here > > ( http://technet2.microsoft.com/windowsserver/en/library/36a1530c-dfad-47df-9a3d-906190038a7a1033.mspx?mfr=true) > > seemed to indicate it under the Appendix C heading, "Properties of the API > > Remoting Web service" unless I am misunderstanding it. > > The page you reference currently indicates that ApiRemoting30 should *not* have > anonymous access. Either they've corrected it recently (quite possible) or you > were misreading it. > > Harry. > |
|
"pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message
news:A46A581B-CD4B-4C27-9891-DF1E0890F225[ at ]microsoft.com...
[Quoted Text]
I don't think you're misunderstanding it; but I do think it's wrong. First
clue: The presence of "Digest Authentication" as a permission setting.
*NOTHING* uses Digest Authentication, especially not in a LAN-based
application environment.
As noted previously (perhaps in another thread), I've not had a chance to
review the Ops Guide in detail (yet), but this issue just stepped that
prioritization up a notch. There are some notable discrepancies in the WSUS3
documentation. Some of it is carryover from WSUS2 documentation that didn't
get updated; some has been previously reported, and never got fixed; some,
like this example, just seems plain wrong.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
"Harry Johnston" <harry[ at ]scms.waikato.ac.nz> wrote in message
news:%23%23w658AwHHA.1212[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text]
Ahh.. good point, Harry. While I focused on the potential error in the
*presence* of information, I totally missed the implied absence of anonymous
access. So, to that extent, the documentation is correct. And.. I checked my
server... sonofagun if "Digest Authentication for Domain Servers" isn't
enabled!
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
"pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message
news:81A26621-0671-4BDA-9FB4-21E705EE7F4A[ at ]microsoft.com...
[Quoted Text] > Well it still looks like it is telling me to make anon access true for
> ApiRemoting30. Not sure how else to read it.
This is what's in the document:
ApiRemoting30
Directory: %ProgramFiles%Update Services\Administration
Application Pool: WsusPool
Security: Integrated Windows Authentication, Digest Authentication
Execute Permissions: Scripts Only
I'm confused as to how you're misreading that.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
"Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote in message
news:OLzBztIwHHA.2040[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > I don't think you're misunderstanding it; but I do think it's wrong. First
> clue: The presence of "Digest Authentication" as a permission setting.
> *NOTHING* uses Digest Authentication, especially not in a LAN-based
> application environment.
Apparently, the WSUS3 APIRemoting30 webservice *does* use "Digest
Authentication for Windows domain servers".
This one has me intrigued. I'm going to dig into it a bit deeper. It's also
got me to thinking how this is impacting the "requirement" that a remote
client have a domain trust with the WSUS server. There may be a 'workaround'
in the settings of the permissions for this webservice.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
Thanks for any light you can shed. Please post if you find out more, as I
am interested, even though the actual problem I was having appears to be
solved.
Thanks again.
"Lawrence Garvin (MVP)" wrote:
[Quoted Text] > "Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote in message > news:OLzBztIwHHA.2040[ at ]TK2MSFTNGP03.phx.gbl... > > > I don't think you're misunderstanding it; but I do think it's wrong. First > > clue: The presence of "Digest Authentication" as a permission setting. > > *NOTHING* uses Digest Authentication, especially not in a LAN-based > > application environment. > > Apparently, the WSUS3 APIRemoting30 webservice *does* use "Digest > Authentication for Windows domain servers". > > This one has me intrigued. I'm going to dig into it a bit deeper. It's also > got me to thinking how this is impacting the "requirement" that a remote > client have a domain trust with the WSUS server. There may be a 'workaround' > in the settings of the permissions for this webservice. > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://www.microsoft.com/wsus> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> ..... > > > |
|
pharmboy wrote:
[Quoted Text] > Well it still looks like it is telling me to make anon access true for
> ApiRemoting30. Not sure how else to read it.
So it does, in the section titled "Properties of the API Remoting Web service".
I wasn't looking down there; I was looking at the top, in the section titled
"IIS vroots":
ApiRemoting30
Directory: %ProgramFiles%Update Services\Administration
Application Pool: WsusPool
Security: Integrated Windows Authentication, Digest Authentication
Execute Permissions: Scripts Only
Both the security settings and the directory path are different in the two parts
of the document:
> (INTEGER) 2 Path (STRING) "<WSUSInstallDir>\WebServices\ApiRemoting30"
So is the Api Remoting service in WebServices\ApiRemoting30 or is it in
Administration? Or are these two different things?
Harry.
|
|
"Harry Johnston" <harry[ at ]scms.waikato.ac.nz> wrote in message
news:u1f7vrSwHHA.3684[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > Application Pool: WsusPool
>
> Security: Integrated Windows Authentication, Digest Authentication
> ApiRemoting30
>
> Directory: %ProgramFiles%Update Services\Administration
> So is the Api Remoting service in WebServices\ApiRemoting30 or is it in
> Administration? Or are these two different things?
The ~\Update Services\Administration directory cited, doesn't even exist in
an installed WSUS 3.0 deployment.
Let's just assume this Appendix has several errors, some we've probably not
yet found. :-/
At least this entry for "ApiRemoting30" in the detail listing is definitely
incorrect, on at least two points now.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
This issue is simply bizarre. I haven't seen any errors since on Friday I did
a repair install of .NET 2.0 and rebooted the server in question. Now this
morning I saw the first (and so far only) Event 12012 Error ("The API
Remoting Web Service is not working.")
Looks like it is starting to happen again. Always with these error events
on this server, exactly 10 minutes later, I get a corresponding Event telling
me that "The API Remoting Web Service is working correctly." And I noticed
last time that over a period of a few weeks, these events will increase in
frequency, though always there are corresponding "working correctly" events
10 minutes after them.
It doesn't seem to affect the actual service, as things still appear to be
syncing, updating, working correctly, but mysteries like this tend to drive
me nuts. :-)
"pharmboy" wrote:
[Quoted Text] > Thanks for any light you can shed. Please post if you find out more, as I > am interested, even though the actual problem I was having appears to be > solved. > > Thanks again. > > "Lawrence Garvin (MVP)" wrote: > > > "Lawrence Garvin (MVP)" <onsitech[ at ]community.nospam> wrote in message > > news:OLzBztIwHHA.2040[ at ]TK2MSFTNGP03.phx.gbl... > > > > > I don't think you're misunderstanding it; but I do think it's wrong. First > > > clue: The presence of "Digest Authentication" as a permission setting. > > > *NOTHING* uses Digest Authentication, especially not in a LAN-based > > > application environment. > > > > Apparently, the WSUS3 APIRemoting30 webservice *does* use "Digest > > Authentication for Windows domain servers". > > > > This one has me intrigued. I'm going to dig into it a bit deeper. It's also > > got me to thinking how this is impacting the "requirement" that a remote > > client have a domain trust with the WSUS server. There may be a 'workaround' > > in the settings of the permissions for this webservice. > > > > -- > > Lawrence Garvin, M.S., MCTS, MCP > > Independent WSUS Evangelist > > MVP-Software Distribution (2005-2007) > > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > > > Everything you need for WSUS is at > > http://www.microsoft.com/wsus> > > > And, almost everything else is at > > http://wsusinfo.onsitechsolutions.com> > ..... > > > > > > |
|
"pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message
news:1F0E63EB-29E6-4EE1-B5B8-0327DAF7E967[ at ]microsoft.com...
[Quoted Text] > Looks like it is starting to happen again. Always with these error events
> on this server, exactly 10 minutes later, I get a corresponding Event
> telling
> me that "The API Remoting Web Service is working correctly." And I
> noticed
> last time that over a period of a few weeks, these events will increase in
> frequency, though always there are corresponding "working correctly"
> events
> 10 minutes after them.
>
> It doesn't seem to affect the actual service, as things still appear to be
> syncing, updating, working correctly, but mysteries like this tend to
> drive
> me nuts. :-)
Are there any other events being recorded to the Event Logs (check *all* of
them!) that have the same frequency, or can be correlated with these
APIRemoting errors?
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
No, there really aren't any events in the System or Security logs that would
seem to correspond. No errors, nothing that seems connected. I just checked
the DC logs as well, and nothing there correlates either.
The last time it happened (Event 12012/12010 combo) was 7/9/07 at 3:49PM. It
hasn't happened again yet. I'm sure it will, but the frequency is pretty
erratic.
"Lawrence Garvin (MVP)" wrote:
[Quoted Text] > "pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message > news:1F0E63EB-29E6-4EE1-B5B8-0327DAF7E967[ at ]microsoft.com... > > > Looks like it is starting to happen again. Always with these error events > > on this server, exactly 10 minutes later, I get a corresponding Event > > telling > > me that "The API Remoting Web Service is working correctly." And I > > noticed > > last time that over a period of a few weeks, these events will increase in > > frequency, though always there are corresponding "working correctly" > > events > > 10 minutes after them. > > > > It doesn't seem to affect the actual service, as things still appear to be > > syncing, updating, working correctly, but mysteries like this tend to > > drive > > me nuts. :-) > > Are there any other events being recorded to the Event Logs (check *all* of > them!) that have the same frequency, or can be correlated with these > APIRemoting errors? > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://www.microsoft.com/wsus> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> ..... > > > |
|
"pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message
news:636A5795-1D81-4735-8DB0-1274EBAAFAA8[ at ]microsoft.com...
[Quoted Text] > No, there really aren't any events in the System or Security logs that
> would
> seem to correspond. No errors, nothing that seems connected. I just
> checked
> the DC logs as well, and nothing there correlates either.
>
> The last time it happened (Event 12012/12010 combo) was 7/9/07 at 3:49PM.
> It
> hasn't happened again yet. I'm sure it will, but the frequency is pretty
> erratic.
Hmmmm.. I must confess.. I'm out of ideas.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
Yeah last night I got two strings of all 7
(13042,12002,12012,12022,12032,12042,12052) with the accompanying "working
properly" events 10 minutes later for each.
WSUS is working correctly, in that all of the machines in the domain
correctly downloaded, installed, and reported to WSUS last night.
Don't know why this is happening, but it seems to work, so I guess it isn't
too critical. Just that I hate red X's in my server event logs. Grr. :-)
"Lawrence Garvin (MVP)" wrote:
[Quoted Text] > "pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message > news:636A5795-1D81-4735-8DB0-1274EBAAFAA8[ at ]microsoft.com... > > No, there really aren't any events in the System or Security logs that > > would > > seem to correspond. No errors, nothing that seems connected. I just > > checked > > the DC logs as well, and nothing there correlates either. > > > > The last time it happened (Event 12012/12010 combo) was 7/9/07 at 3:49PM. > > It > > hasn't happened again yet. I'm sure it will, but the frequency is pretty > > erratic. > > Hmmmm.. I must confess.. I'm out of ideas. > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > Everything you need for WSUS is at > http://www.microsoft.com/wsus> > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com> ..... > > > |
|
Hmm. I wonder. Could you tell me exactly which services under "Application
Server" you have installed? Under Application Server I have checked:
Application Server Console
Enable Network COM+ Access
IIS
Under IIS I have:
Common Files
Internet Information Services Manager
World Wide Web Service
Under World Wide Web Service I have only:
World Wide Web Service
I wonder if I missed something, as I'm pretty sure I cherry-picked the IIS6
services when I originally did this install. I was pretty uncertain at the
time as to which ones to pick.
"pharmboy" wrote:
[Quoted Text] > Yeah last night I got two strings of all 7 > (13042,12002,12012,12022,12032,12042,12052) with the accompanying "working > properly" events 10 minutes later for each. > > WSUS is working correctly, in that all of the machines in the domain > correctly downloaded, installed, and reported to WSUS last night. > > Don't know why this is happening, but it seems to work, so I guess it isn't > too critical. Just that I hate red X's in my server event logs. Grr. :-) > > "Lawrence Garvin (MVP)" wrote: > > > "pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message > > news:636A5795-1D81-4735-8DB0-1274EBAAFAA8[ at ]microsoft.com... > > > No, there really aren't any events in the System or Security logs that > > > would > > > seem to correspond. No errors, nothing that seems connected. I just > > > checked > > > the DC logs as well, and nothing there correlates either. > > > > > > The last time it happened (Event 12012/12010 combo) was 7/9/07 at 3:49PM. > > > It > > > hasn't happened again yet. I'm sure it will, but the frequency is pretty > > > erratic. > > > > Hmmmm.. I must confess.. I'm out of ideas. > > > > -- > > Lawrence Garvin, M.S., MCTS, MCP > > Independent WSUS Evangelist > > MVP-Software Distribution (2005-2007) > > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E> > > > Everything you need for WSUS is at > > http://www.microsoft.com/wsus> > > > And, almost everything else is at > > http://wsusinfo.onsitechsolutions.com> > ..... > > > > > > |
|
"pharmboy" <pharmboy[ at ]discussions.microsoft.com> wrote in message
news:574D32DA-9D26-4DDA-8E3A-5C5926A21EE5[ at ]microsoft.com...
[Quoted Text] > Hmm. I wonder. Could you tell me exactly which services under "Application
> Server" you have installed? Under Application Server I have checked:
>
> Application Server Console
> Enable Network COM+ Access
> IIS
>
> Under IIS I have:
> Common Files
> Internet Information Services Manager
> World Wide Web Service
>
> Under World Wide Web Service I have only:
> World Wide Web Service
Looking from Control Panel | Add/Remove Programs | Add/Remove Windows
Components:
Under Application Server, you *must* have ASP.NET installed. If that's not
there, lots of things won't work in WSUS. I have everything except "Message
Queuing". This machine also has WSS 2.0 and Team Foundation Server
installed, so the "DTC" may have been installed by those apps. "DTC" is not
required for WSUS 3.0.
Otherwise, the rest of your installation is consistent with the minimum
requirements to run WSUS.
> I wonder if I missed something, as I'm pretty sure I cherry-picked the
> IIS6
> services when I originally did this install. I was pretty uncertain at
> the
> time as to which ones to pick.
The *best* way to do the setup is just pick the default "Application Server"
option from the Configure Your Server wizard.
--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E
Everything you need for WSUS is at
http://www.microsoft.com/wsus
And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....
|
|
|