Windows Server 2012 R2 WSUS not able to Sync Updates

Question

Hi,

We have Windows Server 2012 R2 hosting WSUS Server. WSUS Synchronizations have been failing for weeks with below error.

Some background; our WSUS Server is connected to internet through Proxy Server and proxy server only whitelist all the required Microsoft Windows Update URLs. I am not sure if its due to proxy or WSUS itself having issue. I have tried to access all the URLs and I face message "Active content removed Active content removed" and subsequently redirected to another page "Find Windows Update using your Start Screen". I believe if its blocked by proxy I will received totally different message from Proxy Server itself. Could someone advise? Thanks in advanced.

WSUS Sync error:

WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

Answer 1

Hi All,

thanks for all the help. Unfortunately, none of the above has fix in my particular issue. I have installed the .Net Framework, installed all the above patches provided, modified registry but nothing helps.

I then found out its because of the recent security fixed which I have done. I have modified Cipher Suite list from below link to exclude some weak ciphers. It then break the WSUS sync. After rolling back the changes, WSUS sync works fine again.
https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls

Anyway thanks all for the help!

Answer 2

Hi FirhanJailani-4766,

Please help to follow the below pictures to check whether there are any other Event ID on the Windows Server 2012R2.

Open the Event Viewer and create a custom View:

And then filter out the Event ID information as the following picture:

In addition, please help to confirm whether the KB3159706 update has been installed on the Windows Server 2012R2 or not? If not, please try to install it first. To apply this update in Windows Server 2012 R2, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed.
Reference link: https://support.microsoft.com/en-us/help/3159706/update-enables-esd-decryption-provision-in-wsus-in-windows-server-2012

Regards,
Rita

Answer 3

**** Updated/Removed as no longer correct ***

https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-3-windows-as-a-service-waas-and-group-policy-administrative-templates/

Answer 4

Also, for some history, KB3159706 supersedes KB3148812 because KB3148812 did not do what it was intended to do. It was re-released under the new KB shortly after KB3148812 was released. It was then silently (because it's not superseded) embedded into the Cumulative updates.

I'm sorry. I was confusing 2 KB's - KB3148812 was the one that was released and then shortly later KB3159706 was released. It was NOT KB2919355

Answer 5

I'm sorry. I was confusing 2 KB's - KB3148812 was the one that was released and then shortly later KB3159706 was released. It was NOT KB2919355