Share via

Defender Definitions from WSUS "InternalDefinitionUpdateServer" error - server name could not be resolved?

SB-IT 21 Reputation points
2021-09-09T17:03:47.82+00:00

Hello-

I'm trying to get my PCs to download Windows Defender definitions from my WSUS server. WSUS has downloaded the definitions and it shows the client computers need the definition updates.

I've configured a GPO for WSUS, and for Windows Defender definitions updates I've enabled the setting: Define the order of sources for downloading definition updates" and entered a value of "InternalDefinitionUpdateServer".

The problem I'm having is that on my Win10 computers, when I go to Settings > Update & Security > Windows Security > Virus & threat protection > Check for updates, the updates fail to download. Checking the Windows Defender Event Viewer log I get an error 0x80072ee7 "The server name or address could not be resolved".

I've done a lot of searching but haven't found anyone posting a similar issue. What am I doing wrong? Does there need to be a DNS entry for InternalDefinitionUpdateServer or does it need to be defined somewhere? I'm not sure how the client knows what the address of the InternalDefinitionUpdateServer should be.

Thanks

Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Rita Hu -MSFT 9,661 Reputation points
    2021-09-23T01:08:45.527+00:00

    @SB-IT

    Thanks for your response.

    I noticed that the latest version Security Intelligence Update for Microsoft Defender Antivirus - KB2667602 is 1.349.732.0 in your envirnoment.

    I'm not sure why the security intelligence updates shown as not downloaded yet, perhaps the updates isn't up to date. But it's OK if the latest Security Itelligence Update is ready for installation in the disconnected WSUS server. The clients could get the latest version.

    But it is so weird that the latest Cumulative Update for Windows 10 2004/20H2/21H1 shown as not downloaded yet. As far as I know, the three Cumulative Updates are the same update which are named C5B235B81AE5ACD9D11FF35EDEE287B663E5861A.cab and located into the same folder.
    It seems that the WSUS can't recognize the updates for a long time. Perhaps we could run the wsusutil.exe reset command again on the disconnected WSUS server. It will reset the metadata.

    Hope the above will be helpful. Please remember to accept the answer if the above answers are helpful.

    Thanks for your time and looking forware for your feedback.

    Regards,
    Rita

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

11 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SB-IT 21 Reputation points
    2021-09-14T16:34:45.437+00:00

    Hi Rita,

    I'm still tweaking the process of downloading WSUS updates on a server connected to the Internet, then copying them across to a server on a closed network. I feel pretty confident I have everything dialed-in and have gotten regular Windows updates to be successful.

    I have one definition update which the air-gapped WSUS server knows the client Win10 machine needs and which is approved for installation. I discovered under "File Status" for that update it says the "file for this update has not yet been downloaded" (that's the only update which says this). On the Internet connected WSUS server the definition update is approved and there is not message about the update not being downloaded yet.

    Both the Internet connected WSUS server and the one on the air-gapped network were using the Default Automatic Approval Rule for updates. I have read that when importing the updates' metadata, if an update is not approved it may show as needing to be downloaded even though the update file was copied across and is actually there. I think this might be where I need to be looking to see why the Definition update is downloaded and approved on the Internet connected WSUS, but showing that it's not downloaded yet approved once it gets copied across to the air-gapped WSUS server.

    I notice under "File URL" for the definition update that says it has not yet downloaded there are many "Slim_Delta" and "Delta" patch files. I'm wondering if the problem is that one or many of those have a problem? They all list their location as being on the correct server, port 8530/Content/... folder. Maybe some of the delta files were deleted because they were seen as superseded(?). Still digging for a solution...

    Thanks - Tim

    0 comments
  2. Rita Hu -MSFT 9,661 Reputation points
    2021-09-15T02:49:01.413+00:00

    In fact, all the metadata will be exported on the connected WSUS and imported into the disconnected WSUS server. And then the clients report to the disconnected WSUS server and the required updates shown as needed on the disconnected WSUS server console. I suspect that the needed updates are not approved on the connected WSUS server. So the Binary update files did not be copied and printed to the connected WSUS server. So the needed updates could not downloaded.

    Please follow the below screenshots to confirm whether the the Binary update files stay on the disconected WSUS server.
    132192-15.png

    132212-16.png

    We should try to copy and print Binary update Files again if the Binary update Files didn't stay on the disconnected WSUS server. Please try to approve the updates on the connected WSUS server. And then we should copy Binary update Files and print into the disconnected WSUS server. Note that remember to export and import the metadata again from the connected WSUS server to the disconnected WSUS server.

    Hope the above will be helpful.

    Regards,
    Rita

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. SB-IT 21 Reputation points
    2021-09-15T17:39:05.5+00:00

    Hi Rita,

    Thanks for sticking with me, I've tried researching my problem but I just can't find any solution that works.

    I checked one of the updates on my disconnected WSUS server that says the file hasn't been downloaded yet. My connected and disconnected WSUS servers look the same, the update is approved on both servers, and the file is on both servers in the same Content folder location. The update is available on the connected WSUS server, but the disconnected server shows the file needs to be downloaded, yet the update is approved and the update file is in the Content folder where it should be.

    Here are a few screenshots from the disconnected WSUS for an update it says hasn't been downloaded yet. I haven't been able to pickup on any pattern behind the updates that WSUS says haven't been downloaded, it's only happening to a few. What step am I missing?

    132456-update-approved.png

    132475-file-is-there.png

    132512-updates-not-downloaded.png

    Thanks again - Tim

  4. SB-IT 21 Reputation points
    2021-09-16T20:07:46.383+00:00

    Hi Rita,

    I exported the metadata again this morning on the connected WSUS server, and imported it on the disconnected server. The same updates still show as not beging downloaded yet.

    Here's a screenshot of the properties for the Content folders and the "1A" folders on both servers.

    -Tim

    132725-int-vs-ext.png

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.