WSUS update server not updating clients?

MV 96 Reputation points
2021-01-30T00:16:29.74+00:00

I have a network with 5 servers that have no access to the internet with strong firewall rules limiting the access inbound and outbound. My WSUS server does have access to the internet and is up to date. Today I saw that only one of my servers had checked in and was at 100%, worked on my other servers and got them to check in and now they are at 100%. What I speculate is that these servers are actually not downloading the updates at all... here is why. I run a vulnerability scanner that scans these machines and they all are missing updates I approved last week. I looked at the WindowsUpdateLog but couldn't figure out what the problem is.

2021/01/29 14:36:39.7671827 17884 18996 Shared          InitializeSus
2021/01/29 14:36:39.7684673 17884 18996 IdleTimer       Non-AoAc machine.  Aoac operations will be ignored.
2021/01/29 14:36:39.7688935 17884 18996 Agent           WU client version 10.0.17763.1554
2021/01/29 14:36:39.7699841 17884 18996 Agent           SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2021/01/29 14:36:39.7702873 17884 18996 Agent           Base directory: C:\Windows\SoftwareDistribution
2021/01/29 14:36:39.7725010 17884 18996 Agent           Datastore directory: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
2021/01/29 14:36:39.7748725 17884 18996 DataStore       JetEnableMultiInstance succeeded - applicable param count: 5, applied param count: 5
2021/01/29 14:36:41.1319674 17884 18996 Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
2021/01/29 14:36:41.1326773 17884 18996 Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2021/01/29 14:36:41.1359405 17884 18996 Shared          Network state: Connected
2021/01/29 14:36:41.3224242 17884 18996 Misc            *FAILED* [8024000C] LoadHistoryEventFromRegistry completed
2021/01/29 14:36:41.3226913 17884 18996 Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
2021/01/29 14:36:41.3227048 17884 18996 Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2021/01/29 14:36:41.3227165 17884 18996 Shared          Power status changed
2021/01/29 14:36:41.3261715 17884 18996 Agent           Initializing global settings cache
2021/01/29 14:36:41.3261751 17884 18996 Agent           WSUS server: http://wsus:8530
2021/01/29 14:36:41.3261924 17884 18996 Agent           WSUS status server: http://wsus:8530
2021/01/29 14:36:41.3261955 17884 18996 Agent           Alternate Download Server: http://wsus:8530
2021/01/29 14:36:41.3261971 17884 18996 Agent           Fill Empty Content Urls: No
2021/01/29 14:36:41.3261990 17884 18996 Agent           Target group: (Unassigned Computers)
2021/01/29 14:36:41.3262006 17884 18996 Agent           Windows Update access disabled: No
2021/01/29 14:36:41.3262029 17884 18996 Agent           Do not connect to Windows Update Internet locations: Yes
2021/01/29 14:36:41.3301560 17884 18996 Agent               Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2021-01-30 20:41:35, not idle-only, not network-only
2021/01/29 14:36:41.3400853 17884 18996 Agent           Initializing Windows Update Agent
2021/01/29 14:36:41.3401975 17884 18996 DownloadManager Download manager restoring 0 downloads
2021/01/29 14:36:41.3402826 17884 18996 Agent           CPersistentTimeoutScheduler | GetTimer, returned hr = 0x00000000
2021/01/29 14:36:41.3415618 17884 18996 IdleTimer       IdleTimer::NetworkStateChanged. Network connected? Yes
2021/01/29 14:36:41.3720486 17884 17640 DownloadManager Received power state change notification: Old: <unknown>; New: AC.
2021/01/29 14:36:41.3720517 17884 17640 DownloadManager Power state changed from <unknown> to AC.
2021/01/29 14:37:25.9171909 17884 18996 Shared          Power status changed
2021/01/29 14:37:25.9173444 17884 17640 DownloadManager Received power state change notification: Old: AC; New: AC.
2021/01/29 14:46:39.7849772 17884 13788 Agent           Earliest future timer found: 
2021/01/29 14:46:39.7850208 17884 13788 Agent               Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2021-01-30 20:41:35, not idle-only, not network-only
2021/01/29 14:46:40.7862653 17884 18996 Shared          UninitializeSUS
2021/01/29 14:46:40.7862758 17884 18996 Misc            CSusClientGlobal::DoServicePreShutdown
2021/01/29 14:46:40.7864007 17884 18996 IdleTimer       Idle timer disabled in preparation for service shutdown
2021/01/29 14:46:40.7864202 17884 18996 Misc            WUTaskManager uninit
2021/01/29 14:46:40.7864321 17884 18996 Agent           Earliest future timer found: 
2021/01/29 14:46:40.7864599 17884 18996 Agent               Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2021-01-30 20:41:35, not idle-only, not network-only
2021/01/29 14:46:40.7966563 17884 18996 Misc            CreateSessionStateChangeTrigger, TYPE:2, Enable:No
2021/01/29 14:46:40.7966669 17884 18996 Misc            CreateSessionStateChangeTrigger, TYPE:4, Enable:No
2021/01/29 14:46:40.8039377 17884 18996 Misc            Agent uninit
2021/01/29 14:46:40.8057601 17884 18996 Misc            Reporter uninit
2021/01/29 14:46:40.8088737 17884 18996 Misc            network cost manager uninit
2021/01/29 14:46:40.8088989 17884 18996 Misc            Eventer uninit
2021/01/29 14:46:41.8164365 17884 18996 Misc            ServiceManager uninit
2021/01/29 14:46:41.8164873 17884 18996 Misc            PersistentTimeoutScheduler uninit
2021/01/29 14:46:41.8164925 17884 18996 Misc            datastore uninit
2021/01/29 14:46:41.9084131 17884 18996 Misc            setting cache uninit
2021/01/29 14:46:41.9084176 17884 18996 Misc            security checker uninit
2021/01/29 14:46:41.9084477 17884 18996 Misc            Test Hook uninit
2021/01/29 14:46:41.9084508 17884 18996 Misc            IdleTimer uninit
2021/01/29 14:46:41.9096167 17884 18996 Shared          * END * Service exit Exit code = 0x240001
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,394 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rita Hu -MSFT 9,641 Reputation points
    2021-02-02T01:33:14.16+00:00

    Hi MV-7184,

    Thanks for your response.

    According to the information you provided above, it seems that the clients did not connect to any updates service. Also I noticed the you have enabled the defer policies. The policies will bypass the WSUS and connect to the Internet to get updates. I recommend to apply the Do not allow update deferral policies to cause scans against Windows Update policy on the clients first to prevent the clients to scanning updates from the Internet. Then we could check the default update source by PowerShell.

    Reference picture:
    62647-5.png

    If there are any updates about this issue, please feel free to keep us in touch.

    Regards,
    Rita


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


4 additional answers

Sort by: Most helpful
  1. Adam J. Marshall 9,591 Reputation points MVP
    2021-01-30T01:24:38.917+00:00

    It is likely that the client systems are not checking in properly with WSUS. Review the troubleshooting on my guide here:

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

    The troubleshooting is below the client side script (which solves most problems with clients).


  2. Rita Hu -MSFT 9,641 Reputation points
    2021-02-01T03:07:29.98+00:00

    Hello,

    Thanks for your posting on this forum.

    It seems that the clients didn't check in the 3DA21691-E39D-4da6-8A4B-B43877BCB1B7 service. The service is indicate that the client connect to the WSUS Server to get updates.
    62256-3.png
    Perhaps we could open the PowerShell as an administrator and post the below scripts to confirm what is the default update source is:

    $MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"   
      
    $MUSM.Services | select Name, IsDefaultAUService  
    
     
    

    Here is a related picture for your reference:
    62293-4.png

    If there are any updates about this issue, please remember to inform me.

    Regards,
    Rita


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Juan Sobrado - MSFT 421 Reputation points Microsoft Employee
    2021-02-01T03:31:11.033+00:00

    Hi @MV

    From the extract of the WU log you copied, I see that Agent WSUS server: http://wsus:8530

    Is the WSUS URL stripped on purpose or is this the actual WSUS server? If it is, can you double check the WSUS server defined in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate ? As mentioned by @Rita Hu -MSFT this client does not seem to be connecting to WSUS services.

    Thanks,

    Juan S


  4. Adam J. Marshall 9,591 Reputation points MVP
    2021-02-01T19:56:21.083+00:00

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.