question

HugoRaddon-7303 avatar image
0 Votes"
HugoRaddon-7303 asked RitaHu-MSFT commented

WSUS on Svr2019 stops working with Svr2019 clients

WSUS is running on Server 2019 and we have client machines running Server 2012, 2012R2 and 2019 Standard which are connected. Everything has been working without any problems for a number of months until suddenly the 2019 servers stop reporting their status. The last contact column updates OK and the servers are able to pull and install updates, just no reporting. The 2012 servers continue working OK. This happened about 6 months ago, we investigated with all the usual tricks, deleting the software distribution folder, resetting wsus client id's etc on some client machines but nothing worked. For no apparent reason all the 2019 servers started to work again. This time, everything stopped about 2 weeks ago. The SUSDB and the download folder have been deleted and all of WSUS reset in case the problem is with the WSUS server itself. This has not fixed the problem. As another test, stood up a 2012 R2 box, installed WSUS and pointed a couple servers over it. They report after about 15mins. Point them back to the original server and they will not report. Does this suggest that there is a problem with version 10 of WSUS running on Windows Server 2019? Any help, thoughts or suggestions gratefully received as I've no clue why this happens.

windows-server-update-services
· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Hugo Raddon,

Thanks for posting here.

What is the meaning of The SUSDB and the download folder have been deleted and all of WSUS reset in case the problem is with the WSUS server itself ?
You uninstalled the WSUS Server and recreate a new one. Right?

0 Votes 0 ·

Hi Rita,

Thank you for your reply, no, the WSUS role was not uninstalled. The guide found here was followed: https://techcommunity.microsoft.com/t5/configuration-manager-archive/recreating-the-susdb-and-wsus-content-folder-for-a-windows/ba-p/274122


0 Votes 0 ·

Did the windows server 2019 client installed the latest updates (cumulative updates and services stack updates)? Please help to confirm the windows server 2019 client version.

Open RUN and post winver command to confirm on the windows server 2019:
Reference picture in my environment:
83505-22.png

If the latest updates haven't been installed, please try to install on the windows server 2019 clients first.

Hope the above will be helpful.

0 Votes 0 ·
22.png (20.3 KiB)
Show more comments

@HugoRaddon-7303
Any updates about this issue? Have you tired to install the latest updates for the windows server 2019 clients? In my opinion, the link is suitable for windows server 2012/2012R2 server.
84657-3.png

In addition, have you clean up the superseded updates on the WSUS console? Please try to clean up the superseded updates on the WSUS console first if you haven't clean up recently.

Hope the above will be helpful. Have a nice day.


0 Votes 0 ·
3.png (14.9 KiB)
Show more comments
AJTek-Adam-J-Marshall avatar image
1 Vote"
AJTek-Adam-J-Marshall answered

No problems here - running Server 2019, WSUS 2019, and have 20+ server 2019's and a 2016 reporting without issue.

I know you've said you've done it - but run through my guide. Big thing - delete the computer from the WSUS MMC Console first, and then run the client side script.

https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

If that doesn't fix it, run through the troubleshooting section below that and it will help you pin-point what the issue is.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HugoRaddon-7303 avatar image
0 Votes"
HugoRaddon-7303 answered

We've been running WSUS 2019 with 2019 servers for about a year now and for the most part they have been working without any problems. We currently have 30 2019 servers connected so it suggests that this is more of a problem with the server than with all the clients. As mentioned, this is not the first time that we have seen this problem which is also perplexing.

I've deleted a couple of servers from the WSUS console and run the commands to stop services and delete the four items from the registry. After the check for updates which is triggered by the last line, a couple of hours has been allow to pass. Both servers reappear in the WSUS console and the last contact date/time stamp is updated but neither client reports.

I've previously come across the article that you've linked to and been able to download the cab file and reach the client.aspx page from the servers. We do not use a GPO to push settings to the machines, instead settings are injected into the registry directly through our own scripts which also create an additional framework for our Windows Update process. This is partly done as we have machines in different domains all coming back to the one update server. The servers being tested at this stage are all in the same domain and IP subnet as the update server to ensure there are no additional factors which may be causing problems.

IPv6 is disabled on all our servers, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer is set to 1 and the results of the PowerShell command state that the Windows Server Update Service is the default (True) while Windows Update returns false.

The evidence does suggest that it is the WSUS server which is why we took the step to drop the database and reset all of WSUS so it was factory new again. To reduce the number of updates that would be available, only the Windows Defender definitions were synchronised with Microsoft Update and still the client servers won't report!!

Would welcome any other thoughts or suggestions.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

Turn on IPv6 on both the WSUS server and on the client.

Link in my blog tells you why.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

Also, to quote myself:
https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-8-wsus-server-maintenance/

Just because you’ve installed a new WSUS server, doesn’t mean that it’s clean or optimized; it just means that it’s NEW!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HugoRaddon-7303 avatar image
0 Votes"
HugoRaddon-7303 answered

Thanks for the suggestions above.

For the purposes of trying to understand what on earth is going on here, IPv6 has been enabled on two client servers running 2019 and the WSUS itself. All have been rebooted to ensure that all services came up knowing that IPv6 is both enabled and available. Both clients were asked to check for updates, which completes without error, the Last Contact column updates but still not reporting. Left the machines for an hour as it can take time for reporting information to come through but still nothing.

Totally understand that, "just because it's new doesn't mean it's clean or optimised." However, it is not an unreasonable expectation for a new installation to work out of the box either. Surely this especially true when the least number of updates (Defender definitions only) have been synchronised for it to distribute?

Any thoughts on why these 2019 servers report to 2012 WSUS when they will not to a 2019 one?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.