Support Tip: Clients are unable to download 3rd party updates when the WSUS content is on a DFS share
~ Subbulakshmi Kumar | Support Engineer
I was recently working with a customer who found that he was unable to download third party updates from System Center 2012 Configuration Manager (ConfigMgr 2012) when the WSUS content was on a DFS share. The 3rd party updates could be successfully published to it via System Center Update Publisher (SCUP) but when he tried to download them it would fail.
He also found the following errors in patchdownloader.log:
HttpSendRequest failed HTTP_STATUS_NOT_FOUND Software Updates Patch Downloader
ERROR: DownloadContentFiles() failed with hr=0x80070194 Software Updates Patch Downloader
The reason this was happening was because the download was using the Network Service account for authentication, and the Network Service account does not have permissions to the DFS share (which is by design).
If you happen to come across the same problem, to work around this simply change the access authentication to a specific user (or group) on the DFS share in the content virtual directory of the WSUS site in IIS, then give permissions to that user (or group) on the DFS share. This allows the download to complete successfully.
Hope this helps!
Subbulakshmi Kumar | Support Engineer | Microsoft GBS Management and Security Division
Get the latest System Center news on Facebook and Twitter :
System Center All Up: https://blogs.technet.com/b/systemcenter/
Configuration Manager Support Team blog: https://blogs.technet.com/configurationmgr/
Data Protection Manager Team blog: https://blogs.technet.com/dpm/
Orchestrator Support Team blog: https://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: https://blogs.technet.com/momteam/
Service Manager Team blog: https://blogs.technet.com/b/servicemanager
Virtual Machine Manager Team blog: https://blogs.technet.com/scvmm
Microsoft Intune: https://blogs.technet.com/b/microsoftintune/
WSUS Support Team blog: https://blogs.technet.com/sus/
The RMS blog: https://blogs.technet.com/b/rms/
App-V Team blog: https://blogs.technet.com/appv/
MED-V Team blog: https://blogs.technet.com/medv/
Server App-V Team blog: https://blogs.technet.com/b/serverappv
The Surface Team blog: https://blogs.technet.com/b/surface/
The Application Proxy blog: https://blogs.technet.com/b/applicationproxyblog/
The Forefront Endpoint Protection blog : https://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : https://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: https://blogs.technet.com/b/isablog/
The Forefront UAG blog: https://blogs.technet.com/b/edgeaccessblog/
Comments
- Anonymous
February 21, 2015
Can you provide instructions on how to change the access authentication to a specific user or group for the content virtual directory? I looked at the content virtual directory in IIS but I don't see where to change it to be accessed by a specific user and configure WSUS to access the content directory as that user or group.