question

MattC91-8101 avatar image
0 Votes"
MattC91-8101 asked MattC91-8101 answered

WSUS Client reports 'couldn't connect to the update service' but then randomly connects succesfully!

I have a Windows 2016 server which when manually checking for updates from WSUS reports "We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet."

However if I just leave the server overnight, it successfully communicates with the WSUS and reports 0 updates available.

In the server event viewer under Applications and Services Logs> Microsoft> Windows> Windows Update Client> Operational, I am receiving many Errors with Event ID 25 : 'Windows Update failed to check for updates' with error 0x80072EFD.

But then in amongst these errors, I am receiving random Information events Event ID 26: 'Windows Update successfully found 0 updates' and reports back to the WSUS.

I've tried deleting the server from WSUS and it re-registers no problem due to the applied group policies.

I've tried the Windows Updates Troubleshooting, I've tried without the firewall at either end, I've tried deleting the SoftwareDistribution folder, I've tried deleting SUSClientID Registry Settings, I've checked and checked again the settings on the network card.

The server does NOT have access to the internet as it runs medical software, however I have many other servers with identical group policy/ registry settings which are working with no issue.

Does anyone have any idea why the server may only sporadically check for updates at its own accord?

windows-serverwindows-server-update-services
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I should also add, I have tried wuauclt /resetauthorization /detect now

0 Votes 0 ·
AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered MattC91-8101 commented

First - /detectnow is deprecated and doesn't do anything on Win10+ or Server2016+

https://www.ajtek.ca/wsus/does-wuauclt-exe-detectnow-reportnow-work/

Second - run the client side script (yes, I know you probably have done this) after deleting it from the WSUS MMC, and then if that still doesn't work, continue down the troubleshooting section.

https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

H Adam.

Thank you for your response. I found your trouble shooting guide very useful. Using $(New-Object -ComObject "Microsoft.Update.ServiceManager").Services | Select-Object Name, IsDefaultAUService I was able to identify that the default AU service was Windows Update NOT WSUS.

I have no idea why, as all other servers in the same OU with the same GPO applied do have WSUS as their default AU Service.

I found some info on how to force this to switch using local group policy editor, but this yielded frustrating results as the server then proceeded to connect, download and install a number of updates automatically bypassing my 'download and notify for install' setting on my GPO.

I've reverted the local settings I changed and the default AU service reverted to Windows Update. I guess I need to create a test GPO and see if I can get it to force the server to use WSUS as its default AU.

0 Votes 0 ·
AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered MattC91-8101 commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Quite possibly. But I also think there's something going on with group policy. Anyhow, you've got me further than I was and I've got some more avenues to explore.

Thanks very much.

0 Votes 0 ·
MattC91-8101 avatar image
0 Votes"
MattC91-8101 answered

Just as an update, it may save someone the days it took me to fix this:

I got to the bottom of this in the end. Using $(New-Object -ComObject "Microsoft.Update.ServiceManager").Services | Select-Object Name, IsDefaultAUService I was able to monitor the default AU service as I made changes.

I manually compared registry settings to other servers which were working and found a difference which was HKLM>Software>Microsoft>WindowsUpdate>UX>Settings > DeferUpgrade REG_DWORD which was set to 1.

This was set to 0 on our other servers.

The registry setting directly relates to the Windows Update advanced option 'Defer feature updates'. I'm annoyed it took me this long to find that this pesky switch was over riding my WSUS preferences set by group policy!!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.