Clients not reporting status after upgrading from 2.0 to 3.0 kcramman 7/5/2007 3:26:01 PM My server clients and XP clients are not reporting in after upgrade. Should the SUS web site be stopped after the upgrade? Is it needed anymore? It runs on port 80 and the WSUS administration is running on 8530. Do you need any logs to look at?

Re: Clients not reporting status after upgrading from 2.0 to 3.0 "Winfried Sonntag [MVP]" <Winfried.Sonntag[ at ]gmx.de> 7/5/2007 5:45:20 PM kcramman schrieb: [Quoted Text] > My server clients and XP clients are not reporting in after upgrade. Should > the SUS web site be stopped after the upgrade? Is it needed anymore? It runs > on port 80 and the WSUS administration is running on 8530. Do you need any > logs to look at? Try both Downloads: http://WSUS-SERVER/selfupdate/wuident.cab http://WSUS-SERVER:8530/selfupdate/wuident.cab At which one comes a Download? Winfried -- http://www.microsoft.com/germany/windowsserver2003/technologien/updateservices/default.mspx http://www.wsuswiki.com/Home

Re: Clients not reporting status after upgrading from 2.0 to 3.0 kcramman 7/5/2007 6:04:01 PM If I run both links they both go to a download page. "Winfried Sonntag [MVP]" wrote: [Quoted Text] > kcramman schrieb: > > > My server clients and XP clients are not reporting in after upgrade. Should > > the SUS web site be stopped after the upgrade? Is it needed anymore? It runs > > on port 80 and the WSUS administration is running on 8530. Do you need any > > logs to look at? > > Try both Downloads: > http://WSUS-SERVER/selfupdate/wuident.cab > http://WSUS-SERVER:8530/selfupdate/wuident.cab > > At which one comes a Download? > > Winfried > -- > http://www.microsoft.com/germany/windowsserver2003/technologien/updateservices/default.mspx > http://www.wsuswiki.com/Home >

RE: Clients not reporting status after upgrading from 2.0 to 3.0 kcramman 7/5/2007 6:28:01 PM Here is the log file from the client tool run WSUS Client Diagnostics Tool Checking Machine State Checking for admin rights to run tool . . . . . . . . . PASS Automatic Updates Service is running. . . . . . . . . . PASS Background Intelligent Transfer Service is not running. PASS Wuaueng.dll version 7.0.6000.374. . . . . . . . . . . . PASS This version is WSUS 2.0 Checking AU Settings AU Option is 3 : Notify Prior to Install. . . . . . . . PASS Option is from Policy settings Checking Proxy Configuration Checking for winhttp local machine Proxy settings . . . PASS Winhttp local machine access type <Direct Connection> Winhttp local machine Proxy. . . . . . . . . . NONE Winhttp local machine ProxyBypass. . . . . . . NONE Checking User IE Proxy settings . . . . . . . . . . . . PASS User IE Proxy. . . . . . . . . . . . . . . . . NONE User IE ProxyByPass. . . . . . . . . . . . . . NONE User IE AutoConfig URL Proxy . . . . . . . . . NONE User IE AutoDetect AutoDetect not in use Checking Connection to WSUS/SUS Server WUServer = http://xxxxx:8530 WUStatusServer = http://xxxxxxx:8530 UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS VerifyWUServerURL() failed with hr=0x800710dd The operation identifier is not valid. Press Enter to Complete "kcramman" wrote: [Quoted Text] > My server clients and XP clients are not reporting in after upgrade. Should > the SUS web site be stopped after the upgrade? Is it needed anymore? It runs > on port 80 and the WSUS administration is running on 8530. Do you need any > logs to look at?

RE: Clients not reporting status after upgrading from 2.0 to 3.0 John 7/5/2007 6:54:00 PM kcramman, After my upgrade I had a similar or same issue. I discovered the upgrade created a new WsusContent share under the install directory. We have ours under Data E. I had to recreate the share under E and then point the Content Virtual Directory back to E. Until I did this, the clients were checking in, but not downloading because they could find the Content. After I did this, the clients obtained the download successfully. This was the only thing in our upgrade that did not hold original settings. Hope this helps, John "kcramman" wrote: [Quoted Text] > Here is the log file from the client tool run > WSUS Client Diagnostics Tool > > Checking Machine State > Checking for admin rights to run tool . . . . . . . . . PASS > Automatic Updates Service is running. . . . . . . . . . PASS > Background Intelligent Transfer Service is not running. PASS > Wuaueng.dll version 7.0.6000.374. . . . . . . . . . . . PASS > This version is WSUS 2.0 > > Checking AU Settings > AU Option is 3 : Notify Prior to Install. . . . . . . . PASS > Option is from Policy settings > > Checking Proxy Configuration > Checking for winhttp local machine Proxy settings . . . PASS > Winhttp local machine access type > <Direct Connection> > Winhttp local machine Proxy. . . . . . . . . . NONE > Winhttp local machine ProxyBypass. . . . . . . NONE > Checking User IE Proxy settings . . . . . . . . . . . . PASS > User IE Proxy. . . . . . . . . . . . . . . . . NONE > User IE ProxyByPass. . . . . . . . . . . . . . NONE > User IE AutoConfig URL Proxy . . . . . . . . . NONE > User IE AutoDetect > AutoDetect not in use > > Checking Connection to WSUS/SUS Server > WUServer = http://xxxxx:8530 > WUStatusServer = http://xxxxxxx:8530 > UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS > > VerifyWUServerURL() failed with hr=0x800710dd > > The operation identifier is not valid. > > > Press Enter to Complete > > "kcramman" wrote: > > > My server clients and XP clients are not reporting in after upgrade. Should > > the SUS web site be stopped after the upgrade? Is it needed anymore? It runs > > on port 80 and the WSUS administration is running on 8530. Do you need any > > logs to look at?

Re: Clients not reporting status after upgrading from 2.0 to 3.0 "Lawrence Garvin \(MVP\)" <onsitech[ at ]community.nospam> 7/6/2007 3:37:15 AM "kcramman" <kcramman[ at ]discussions.microsoft.com> wrote in message news:19FF12AC-6AAD-47C4-AA5C-9B32D57D745A[ at ]microsoft.com... [Quoted Text] > My server clients and XP clients are not reporting in after upgrade. > Should > the SUS web site be stopped after the upgrade? [a] WSUS 3 cannot be installed on a machine with SUS 1.0 still installed, so probably we should first confirm that SUS is, or is not, still installed. [b] If SUS is still installed, and the Default Web Site is *stopped*, and you were running WSUS 2.0 on port 80, and the upgrade forced WSUS 3.0 back to port 8530 -- and the DWS is still *stopped* -- this will be problematic for downlevel machines that have never used WSUS 2.0. It will be irrelevant for active WSUS 2.0 clients. > Is it needed anymore? It's still "needed" in the sense that the WSUS 3.0 Health Monitoring software expects to see a functional selfupdate site on port 80. If it's not there the server complains. > It runs > on port 80 and the WSUS administration is running on 8530. Do you need any > logs to look at? Looking at the Client Diagnostic Tool you posted: >Checking Connection to WSUS/SUS Server > WUServer = http://xxxxx:8530 > WUStatusServer = http://xxxxxxx:8530 > UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS > >VerifyWUServerURL() failed with hr=0x800710dd It's been a really long time since I saw a 0x800710dd error. Generally it's associated with a security flaw. On Windows XP systems it's sometimes associated with a defective security descriptor. This command will repair that on the WinXP machines, if that's the cause: SC sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) The other cause has been traced to misconfigured group memberships and/or permissions on the WSUS Server, which, in turn, can be caused by a number of things. The most common are: [a] Anonymous access is not properly enabled on the virtual server, selfupdate, and clientwebservice virtual directories. [b] Promoting an IIS machine to a DC; or demoting an IIS machine -- thus breaking the IUSR_MACHINENAME account permissions and group memberships. [c] The NTAUTHORITY\Authenticated Users group is not a member of the BUILTIN\Users group. [d] Trailing slashes on the configured URL which produce a defective webpath to the desired resource. [e] Disabling of administrative shares. -- Lawrence Garvin, M.S., MCTS, MCP Independent WSUS Evangelist MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E Everything you need for WSUS is at http://www.microsoft.com/wsus And, almost everything else is at http://wsusinfo.onsitechsolutions.com .....

Re: Clients not reporting status after upgrading from 2.0 to 3.0 kcramman 7/6/2007 5:18:05 PM Looks like most of my problems are due to the anonymous access issue on the virtual directories. Most clients are now reporting connections to the wsus server and I have turned the SUS site back on. I still have a few workstations and one server that is stating it has not communicated yet, not sure why but will try to figure it out. Have you guys ever ran the WSUS server cleanup wizard before to remove old updates and such, does it work? Thanks for the respones "Lawrence Garvin (MVP)" wrote: [Quoted Text] > "kcramman" <kcramman[ at ]discussions.microsoft.com> wrote in message > news:19FF12AC-6AAD-47C4-AA5C-9B32D57D745A[ at ]microsoft.com... > > My server clients and XP clients are not reporting in after upgrade. > > Should > > the SUS web site be stopped after the upgrade? > > [a] WSUS 3 cannot be installed on a machine with SUS 1.0 still installed, so > probably we should first confirm that SUS is, or is not, still installed. > > [b] If SUS is still installed, and the Default Web Site is *stopped*, and > you were running WSUS 2.0 on port 80, and the upgrade forced WSUS 3.0 back > to port 8530 -- and the DWS is still *stopped* -- this will be problematic > for downlevel machines that have never used WSUS 2.0. It will be irrelevant > for active WSUS 2.0 clients. > > > Is it needed anymore? > > It's still "needed" in the sense that the WSUS 3.0 Health Monitoring > software expects to see a functional selfupdate site on port 80. If it's not > there the server complains. > > > It runs > > on port 80 and the WSUS administration is running on 8530. Do you need any > > logs to look at? > > Looking at the Client Diagnostic Tool you posted: > > >Checking Connection to WSUS/SUS Server > > WUServer = http://xxxxx:8530 > > WUStatusServer = http://xxxxxxx:8530 > > UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS > > > >VerifyWUServerURL() failed with hr=0x800710dd > > It's been a really long time since I saw a 0x800710dd error. Generally it's > associated with a security flaw. On Windows XP systems it's sometimes > associated with a defective security descriptor. This command will repair > that on the WinXP machines, if that's the cause: > > SC sdset wuauserv > D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) > > > The other cause has been traced to misconfigured group memberships and/or > permissions on the WSUS Server, which, in turn, can be caused by a number of > things. The most common are: > [a] Anonymous access is not properly enabled on the virtual server, > selfupdate, and clientwebservice virtual directories. > [b] Promoting an IIS machine to a DC; or demoting an IIS machine -- thus > breaking the IUSR_MACHINENAME account permissions and group memberships. > [c] The NTAUTHORITY\Authenticated Users group is not a member of the > BUILTIN\Users group. > [d] Trailing slashes on the configured URL which produce a defective > webpath to the desired resource. > [e] Disabling of administrative shares. > > > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E > > Everything you need for WSUS is at > http://www.microsoft.com/wsus > > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com > ..... > > > >

Re: Clients not reporting status after upgrading from 2.0 to 3.0 John 7/6/2007 8:34:02 PM kcramman, I ran the cleanup wizard after my upgrade. I had approx 1100 something updates, selected all cleanup options, and it cleaned 106. Took about 45 minutes. I plan to do it each month. I didn't see the size of the SUSDB decrease, so I'd assume it only cleans Content. If there is a way to size down the SUSDB, I'd certainly like to know. John "kcramman" wrote: [Quoted Text] > Looks like most of my problems are due to the anonymous access issue on the > virtual directories. Most clients are now reporting connections to the wsus > server and I have turned the SUS site back on. I still have a few > workstations and one server that is stating it has not communicated yet, not > sure why but will try to figure it out. > Have you guys ever ran the WSUS server cleanup wizard before to remove old > updates and such, does it work? > > Thanks for the respones > > "Lawrence Garvin (MVP)" wrote: > > > "kcramman" <kcramman[ at ]discussions.microsoft.com> wrote in message > > news:19FF12AC-6AAD-47C4-AA5C-9B32D57D745A[ at ]microsoft.com... > > > My server clients and XP clients are not reporting in after upgrade. > > > Should > > > the SUS web site be stopped after the upgrade? > > > > [a] WSUS 3 cannot be installed on a machine with SUS 1.0 still installed, so > > probably we should first confirm that SUS is, or is not, still installed. > > > > [b] If SUS is still installed, and the Default Web Site is *stopped*, and > > you were running WSUS 2.0 on port 80, and the upgrade forced WSUS 3.0 back > > to port 8530 -- and the DWS is still *stopped* -- this will be problematic > > for downlevel machines that have never used WSUS 2.0. It will be irrelevant > > for active WSUS 2.0 clients. > > > > > Is it needed anymore? > > > > It's still "needed" in the sense that the WSUS 3.0 Health Monitoring > > software expects to see a functional selfupdate site on port 80. If it's not > > there the server complains. > > > > > It runs > > > on port 80 and the WSUS administration is running on 8530. Do you need any > > > logs to look at? > > > > Looking at the Client Diagnostic Tool you posted: > > > > >Checking Connection to WSUS/SUS Server > > > WUServer = http://xxxxx:8530 > > > WUStatusServer = http://xxxxxxx:8530 > > > UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS > > > > > >VerifyWUServerURL() failed with hr=0x800710dd > > > > It's been a really long time since I saw a 0x800710dd error. Generally it's > > associated with a security flaw. On Windows XP systems it's sometimes > > associated with a defective security descriptor. This command will repair > > that on the WinXP machines, if that's the cause: > > > > SC sdset wuauserv > > D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) > > > > > > The other cause has been traced to misconfigured group memberships and/or > > permissions on the WSUS Server, which, in turn, can be caused by a number of > > things. The most common are: > > [a] Anonymous access is not properly enabled on the virtual server, > > selfupdate, and clientwebservice virtual directories. > > [b] Promoting an IIS machine to a DC; or demoting an IIS machine -- thus > > breaking the IUSR_MACHINENAME account permissions and group memberships. > > [c] The NTAUTHORITY\Authenticated Users group is not a member of the > > BUILTIN\Users group. > > [d] Trailing slashes on the configured URL which produce a defective > > webpath to the desired resource. > > [e] Disabling of administrative shares. > > > > > > > > -- > > Lawrence Garvin, M.S., MCTS, MCP > > Independent WSUS Evangelist > > MVP-Software Distribution (2005-2007) > > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E > > > > Everything you need for WSUS is at > > http://www.microsoft.com/wsus > > > > And, almost everything else is at > > http://wsusinfo.onsitechsolutions.com > > ..... > > > > > > > >

Re: Clients not reporting status after upgrading from 2.0 to 3.0 "Lawrence Garvin \(MVP\)" <onsitech[ at ]community.nospam> 7/7/2007 11:25:20 AM "John" <John[ at ]discussions.microsoft.com> wrote in message news:CD38D013-9048-439C-9110-A4A429C8D49D[ at ]microsoft.com... [Quoted Text] > "kcramman" wrote: > >> Have you guys ever ran the WSUS server cleanup wizard before to remove >> old >> updates and such, does it work? > I ran the cleanup wizard after my upgrade. I had approx 1100 something > updates, selected all cleanup options, and it cleaned 106. Took about 45 > minutes. I plan to do it each month. I would *strongly* encourage the use of the Server Cleanup Wizard as part of the upgrade process, especially if you've never performed any file maintenance previously on your WSUS2 server. > I didn't see the size of the SUSDB > decrease, so I'd assume it only cleans Content. If there is a way to size > down the SUSDB, I'd certainly like to know. Actually, one of the enhancements of the SCW in WSUS3, over the utilities provided in WSUS2, is that it does clean up the database; however, deleting records from the database won't affect the filesize of the MDF file. That requires that you execute a database shrink command via SQL Server. The percentage of space reclaimed by the deleted content will be almost immediately reused by new metadata and/or new client reporting data, so there's really no point in trying to physically shrink the filesize -- but it will delay an autogrow event on the database file. -- Lawrence Garvin, M.S., MCTS, MCP Independent WSUS Evangelist MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E Everything you need for WSUS is at http://www.microsoft.com/wsus And, almost everything else is at http://wsusinfo.onsitechsolutions.com .....

Re: Clients not reporting status after upgrading from 2.0 to 3.0 John 7/7/2007 4:16:01 PM Lawrence, Thank you for the reply. Very helpful again. Hope this helps you too kcramman. John "Lawrence Garvin (MVP)" wrote: [Quoted Text] > "John" <John[ at ]discussions.microsoft.com> wrote in message > news:CD38D013-9048-439C-9110-A4A429C8D49D[ at ]microsoft.com... > > > "kcramman" wrote: > > > >> Have you guys ever ran the WSUS server cleanup wizard before to remove > >> old > >> updates and such, does it work? > > > I ran the cleanup wizard after my upgrade. I had approx 1100 something > > updates, selected all cleanup options, and it cleaned 106. Took about 45 > > minutes. I plan to do it each month. > > I would *strongly* encourage the use of the Server Cleanup Wizard as part of > the upgrade process, especially if you've never performed any file > maintenance previously on your WSUS2 server. > > > I didn't see the size of the SUSDB > > decrease, so I'd assume it only cleans Content. If there is a way to size > > down the SUSDB, I'd certainly like to know. > > Actually, one of the enhancements of the SCW in WSUS3, over the utilities > provided in WSUS2, is that it does clean up the database; however, deleting > records from the database won't affect the filesize of the MDF file. That > requires that you execute a database shrink command via SQL Server. The > percentage of space reclaimed by the deleted content will be almost > immediately reused by new metadata and/or new client reporting data, so > there's really no point in trying to physically shrink the filesize -- but > it will delay an autogrow event on the database file. > > -- > Lawrence Garvin, M.S., MCTS, MCP > Independent WSUS Evangelist > MVP-Software Distribution (2005-2007) > https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E > > Everything you need for WSUS is at > http://www.microsoft.com/wsus > > And, almost everything else is at > http://wsusinfo.onsitechsolutions.com > ..... > > >

Re: Clients not reporting status after upgrading from 2.0 to 3.0 Harry Johnston <harry[ at ]scms.waikato.ac.nz> 7/8/2007 6:58:40 AM Lawrence Garvin (MVP) wrote: [Quoted Text] > I would *strongly* encourage the use of the Server Cleanup Wizard as part of > the upgrade process, especially if you've never performed any file > maintenance previously on your WSUS2 server. Would you recommend cleanup before or after the upgrade? Or both? (We're looking at upgrading in the near to middle future.) Harry.

Re: Clients not reporting status after upgrading from 2.0 to 3.0 "Lawrence Garvin \(MVP\)" <onsitech[ at ]community.nospam> 7/8/2007 6:38:13 PM "Harry Johnston" <harry[ at ]scms.waikato.ac.nz> wrote in message news:OfBKr1SwHHA.3508[ at ]TK2MSFTNGP03.phx.gbl... [Quoted Text] > Lawrence Garvin (MVP) wrote: > >> I would *strongly* encourage the use of the Server Cleanup Wizard as part >> of the upgrade process, especially if you've never performed any file >> maintenance previously on your WSUS2 server. > > Would you recommend cleanup before or after the upgrade? Or both? Only after the upgrade. Everything you might do manually in WSUS 2.0 using the "Mowing The Grass" procedures, will be done automatically for you with the Server Cleanup Wizard, plus additional options never before available. There's no real impact on the upgrade process by having the 'junk' laying around during the upgrade. Plus, using the SCW as an automated tool ensures that you'll get everything. For example, the SCW allows you to clean each, any, or all of these type of things: * Unused updates and update revisions - DELETE[s] updates that are expired and haven't been approved ... and DELETE[s] old revisions of updates that haven't been approved for 30 days. In WSUS2, you needed to run the WSUSDebugTool with the "DeleteUnneededRevisions" option to accomplish this; in addition, in WSUS2 the purge applied to *all* updates in this status, whereas WSUS3 excludes those updates that are still less than 30 days old. * Computers not contacting the server - DELETE[s] computers that have not contacted the server in 30 days or more. In WSUS2, you had to use the unsupported CleanStaleComputers tool from the API Samples and Tools Kit. * Superseded updates - DECLINE[s] updates that are superceded by an approved update, are not approved, and haven't been needed by computers for [30 days] or more. In WSUS2, you had to manually identify these "unneeded" updates and individually mark them as declined, Hopefully you got all of them. Note that in WSUS3, an *approved* superceded update will not be affected by this cleanup task. Also, if any computer has reported one of these superceded updates as "Needed" in the past 30 days, it will not be cleaned out. This is a very important consideration -- because if you've not declined known superceded/unneeded updates at the time you approved the latest update, an unpatched system will still report the superceded update as "Needed", thus resetting this 30 day clock. * Unneeded update files - DELETE[s] update files that aren't needed by updates or downstream servers. This is an expansion of the features available in WSUS2. In WSUS2, you had to find and mark these updates as "Declined", in order to purge the file content using the WSUSDebugTool with the "PurgeUnneededFiles" option. Now, the only requirement is that there are no resources reporting the content as "Needed". The documentation does not specify what happens to an "Approved" update that has the content yanked out from under it. It could also be that the interpretation of "needed" is different for this functionality. I'll see if I can get some clarification on how exactly this particular feature behaves. * Expired updates - DECLINE[s] updates that aren't approved and have been expired by Microsoft. I don't really know of any updates that fit into this classification -- usually content expired are revisions in the same update. The one example I do know of is when the WUA svchost.exe patch was renumbered under a new KB. The original update was then 'expired', but many systems still had the update in the "Approved" list. This feature would automatically move such updates to "Declined" status, which would then -- Lawrence Garvin, M.S., MCTS, MCP Independent WSUS Evangelist MVP-Software Distribution (2005-2007) https://mvp.support.microsoft.com/profile=30E00990-8F1D-4774-BD62-D095EB07B36E Everything you need for WSUS is at http://www.microsoft.com/wsus And, almost everything else is at http://wsusinfo.onsitechsolutions.com .....