WSUS on Svr2019 stops working with Svr2019 clients

Hugo Raddon 1 Reputation point
2021-03-26T15:27:01.04+00:00

WSUS is running on Server 2019 and we have client machines running Server 2012, 2012R2 and 2019 Standard which are connected. Everything has been working without any problems for a number of months until suddenly the 2019 servers stop reporting their status. The last contact column updates OK and the servers are able to pull and install updates, just no reporting. The 2012 servers continue working OK. This happened about 6 months ago, we investigated with all the usual tricks, deleting the software distribution folder, resetting wsus client id's etc on some client machines but nothing worked. For no apparent reason all the 2019 servers started to work again. This time, everything stopped about 2 weeks ago. The SUSDB and the download folder have been deleted and all of WSUS reset in case the problem is with the WSUS server itself. This has not fixed the problem. As another test, stood up a 2012 R2 box, installed WSUS and pointed a couple servers over it. They report after about 15mins. Point them back to the original server and they will not report. Does this suggest that there is a problem with version 10 of WSUS running on Windows Server 2019? Any help, thoughts or suggestions gratefully received as I've no clue why this happens.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,126 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Adam J. Marshall 8,626 Reputation points MVP
    2021-03-27T00:55:30.247+00:00

    No problems here - running Server 2019, WSUS 2019, and have 20+ server 2019's and a 2016 reporting without issue.

    I know you've said you've done it - but run through my guide. Big thing - delete the computer from the WSUS MMC Console first, and then run the client side script.

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

    If that doesn't fix it, run through the troubleshooting section below that and it will help you pin-point what the issue is.

    1 person found this answer helpful.
    0 comments
  2. Hugo Raddon 1 Reputation point
    2021-03-29T10:54:48.3+00:00

    We've been running WSUS 2019 with 2019 servers for about a year now and for the most part they have been working without any problems. We currently have 30 2019 servers connected so it suggests that this is more of a problem with the server than with all the clients. As mentioned, this is not the first time that we have seen this problem which is also perplexing.

    I've deleted a couple of servers from the WSUS console and run the commands to stop services and delete the four items from the registry. After the check for updates which is triggered by the last line, a couple of hours has been allow to pass. Both servers reappear in the WSUS console and the last contact date/time stamp is updated but neither client reports.

    I've previously come across the article that you've linked to and been able to download the cab file and reach the client.aspx page from the servers. We do not use a GPO to push settings to the machines, instead settings are injected into the registry directly through our own scripts which also create an additional framework for our Windows Update process. This is partly done as we have machines in different domains all coming back to the one update server. The servers being tested at this stage are all in the same domain and IP subnet as the update server to ensure there are no additional factors which may be causing problems.

    IPv6 is disabled on all our servers, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer is set to 1 and the results of the PowerShell command state that the Windows Server Update Service is the default (True) while Windows Update returns false.

    The evidence does suggest that it is the WSUS server which is why we took the step to drop the database and reset all of WSUS so it was factory new again. To reduce the number of updates that would be available, only the Windows Defender definitions were synchronised with Microsoft Update and still the client servers won't report!!

    Would welcome any other thoughts or suggestions.

    0 comments
  3. Adam J. Marshall 8,626 Reputation points MVP
    2021-03-29T12:14:08.447+00:00

    Turn on IPv6 on both the WSUS server and on the client.

    Link in my blog tells you why.

    0 comments
  4. Adam J. Marshall 8,626 Reputation points MVP
    2021-03-29T12:16:28.133+00:00

    Also, to quote myself:
    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-8-wsus-server-maintenance/

    Just because you’ve installed a new WSUS server, doesn’t mean that it’s clean or optimized; it just means that it’s NEW!

    0 comments
  5. Hugo Raddon 1 Reputation point
    2021-03-29T14:24:05.88+00:00

    Thanks for the suggestions above.

    For the purposes of trying to understand what on earth is going on here, IPv6 has been enabled on two client servers running 2019 and the WSUS itself. All have been rebooted to ensure that all services came up knowing that IPv6 is both enabled and available. Both clients were asked to check for updates, which completes without error, the Last Contact column updates but still not reporting. Left the machines for an hour as it can take time for reporting information to come through but still nothing.

    Totally understand that, "just because it's new doesn't mean it's clean or optimised." However, it is not an unreasonable expectation for a new installation to work out of the box either. Surely this especially true when the least number of updates (Defender definitions only) have been synchronised for it to distribute?

    Any thoughts on why these 2019 servers report to 2012 WSUS when they will not to a 2019 one?

    0 comments