firstcom Posted April 13, 2014 Report post Posted April 13, 2014 Hey guys. I've been having a really hard time trying to figure out why software updates aren't being downloaded and deployed with my configuration. I'm pulling my hair out and really hope someone can help me out here. To start, we have a central server -- site code FCC, server name ConfigManagerCentral, running Windows Server 2008 We have an external WSUS server that is part of the central server, FCC site code, listed as wsus.domain.local. It runs Server 2012. We have a primary site, ConfigManager, that has site code HQ1, running Windows Server 2008. We also have two other primary sites that we use from time to time for special projects. I'm not really worried about these, so disregard them. I've enabled the SUP role for wsus.domain.local, and when I view log files I can see that the updates are sync'ing. Everything seems to be okay with the wsus server and central site when I enable wsus.domain.local as a SUP. When I enable the SUP role on the primary site, however, it doesn't seem to ever sync and seems to try to connect to itself even though the sync status page shows its source is wsus.domain.local. The admin console is installed on both the ConfigManagerCentral and ConfigManager servers. This is the log from wsusctrl.log: Microsoft.UpdateServices.Administration.WsusInvalidServerException: Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown.~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:57:51.731+300><thread=6580 (0x19B4)> Failed to set WSUS Local Configuration. Will retry configuration in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:57:51.753+300><thread=6580 (0x19B4)> Attempting connection to local WSUS server $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:57:51.776+300><thread=6580 (0x19B4)> Microsoft.UpdateServices.Administration.WsusInvalidServerException: Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown.~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:57:51.799+300><thread=6580 (0x19B4)> Failures reported during periodic health check by the WSUS Server configmanager.firstcom.local. Will retry check in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:57:51.824+300><thread=6580 (0x19B4)> ~Waiting for changes for 1 minutes $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:57:51.846+300><thread=6580 (0x19B4)> Timed Out...~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:51.872+300><thread=6580 (0x19B4)> Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:51.894+300><thread=6580 (0x19B4)> Checking runtime v2.0.50727...~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:51.918+300><thread=6580 (0x19B4)> Found supported assembly Microsoft.UpdateServices.Administration version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:51.944+300><thread=6580 (0x19B4)> Found supported assembly Microsoft.UpdateServices.BaseApi version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:51.971+300><thread=6580 (0x19B4)> Supported WSUS version found~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:51.997+300><thread=6580 (0x19B4)> Attempting connection to local WSUS server $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:52.021+300><thread=6580 (0x19B4)> Microsoft.UpdateServices.Administration.WsusInvalidServerException: Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown.~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:52.045+300><thread=6580 (0x19B4)> Failed to set WSUS Local Configuration. Will retry configuration in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:52.069+300><thread=6580 (0x19B4)> Attempting connection to local WSUS server $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:52.093+300><thread=6580 (0x19B4)> Microsoft.UpdateServices.Administration.WsusInvalidServerException: Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown.~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:52.117+300><thread=6580 (0x19B4)> Failures reported during periodic health check by the WSUS Server configmanager.firstcom.local. Will retry check in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:52.140+300><thread=6580 (0x19B4)> ~Waiting for changes for 1 minutes $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:58:52.162+300><thread=6580 (0x19B4)> Timed Out...~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.185+300><thread=6580 (0x19B4)> Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.211+300><thread=6580 (0x19B4)> Checking runtime v2.0.50727...~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.238+300><thread=6580 (0x19B4)> Found supported assembly Microsoft.UpdateServices.Administration version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.272+300><thread=6580 (0x19B4)> Found supported assembly Microsoft.UpdateServices.BaseApi version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.299+300><thread=6580 (0x19B4)> Supported WSUS version found~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.321+300><thread=6580 (0x19B4)> Attempting connection to local WSUS server $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.343+300><thread=6580 (0x19B4)> Microsoft.UpdateServices.Administration.WsusInvalidServerException: Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown.~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.373+300><thread=6580 (0x19B4)> Failed to set WSUS Local Configuration. Will retry configuration in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.402+300><thread=6580 (0x19B4)> Attempting connection to local WSUS server $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.424+300><thread=6580 (0x19B4)> Microsoft.UpdateServices.Administration.WsusInvalidServerException: Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown.~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.448+300><thread=6580 (0x19B4)> Failures reported during periodic health check by the WSUS Server configmanager.firstcom.local. Will retry check in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.473+300><thread=6580 (0x19B4)> ~Waiting for changes for 1 minutes $$<SMS_WSUS_CONTROL_MANAGER><04-12-2014 19:59:52.496+300><thread=6580 (0x19B4)> This is wcm.log: Changes in active SUP list detected. New active SUP List is:~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.388+300><thread=3772 (0xEBC)> SUP0: configmanager.domain.local, group = , nlb = ~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.405+300><thread=3772 (0xEBC)> Updating active SUP groups...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.421+300><thread=3772 (0xEBC)> Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.440+300><thread=3772 (0xEBC)> Checking runtime v2.0.50727...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.459+300><thread=3772 (0xEBC)> Found supported assembly Microsoft.UpdateServices.Administration version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.479+300><thread=3772 (0xEBC)> Found supported assembly Microsoft.UpdateServices.BaseApi version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.500+300><thread=3772 (0xEBC)> Supported WSUS version found~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.517+300><thread=3772 (0xEBC)> Using firstcom\administrator credentials for network connections~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.544+300><thread=3772 (0xEBC)> Attempting connection to WSUS server: configmanager.domain.local, port: 8530, useSSL: False $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:51.561+300><thread=3772 (0xEBC)> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 172.31.36.61:8530~~ at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)~~ at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)~~ --- End of inner exception stack trace ---~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:53.619+300><thread=3772 (0xEBC)> Done using firstcom\administrator credentials~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:53.661+300><thread=3772 (0xEBC)> Remote configuration failed on WSUS Server.~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:53.699+300><thread=3772 (0xEBC)> STATMSG: ID=6600 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONFIGURATION_MANAGER" SYS=configmanager.domain.local SITE=HQ1 PID=2224 TID=3772 GMTDATE=Sun Apr 13 00:49:53.730 2014 ISTR0="configmanager.domain.local" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:53.730+300><thread=3772 (0xEBC)> Setting new configuration state to 3 (WSUS_CONFIG_FAILED)~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:53.784+300><thread=3772 (0xEBC)> Waiting for changes for 7 minutes $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:49:53.813+300><thread=3772 (0xEBC)> Wait timed out after 7 minutes while waiting for at least one trigger event. $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:09.852+300><thread=3772 (0xEBC)> Timed Out...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:19.889+300><thread=3772 (0xEBC)> Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:19.923+300><thread=3772 (0xEBC)> Checking runtime v2.0.50727...~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:19.952+300><thread=3772 (0xEBC)> Found supported assembly Microsoft.UpdateServices.Administration version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:19.985+300><thread=3772 (0xEBC)> Found supported assembly Microsoft.UpdateServices.BaseApi version 3.1.6001.1, file version 3.1.7600.256~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:20.018+300><thread=3772 (0xEBC)> Supported WSUS version found~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:20.046+300><thread=3772 (0xEBC)> Using firstcom\administrator credentials for network connections~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:20.179+300><thread=3772 (0xEBC)> Attempting connection to WSUS server: configmanager.domain.local, port: 8530, useSSL: False $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:20.212+300><thread=3772 (0xEBC)> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 172.31.36.61:8530~~ at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)~~ at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)~~ --- End of inner exception stack trace ---~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:22.246+300><thread=3772 (0xEBC)> Done using firstcom\administrator credentials~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:22.264+300><thread=3772 (0xEBC)> Remote configuration failed on WSUS Server.~ $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:22.279+300><thread=3772 (0xEBC)> STATMSG: ID=6600 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONFIGURATION_MANAGER" SYS=configmanager.domain.local SITE=HQ1 PID=2224 TID=3772 GMTDATE=Sun Apr 13 00:57:22.306 2014 ISTR0="configmanager.domain.local" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:22.306+300><thread=3772 (0xEBC)> Waiting for changes for 60 minutes $$<SMS_WSUS_CONFIGURATION_MANAGER><04-12-2014 19:57:22.339+300><thread=3772 (0xEBC)> Can anyone help? Quote Share this post Link to post Share on other sites More sharing options...
Edenost Posted April 13, 2014 Report post Posted April 13, 2014 Do you have the wsus service installed on your central server? From what I remember, the SUP needs wsus installed. You can configure it to talk to your main wsus server with upstream/downstream setups. Maybe its that? Quote Share this post Link to post Share on other sites More sharing options...
firstcom Posted April 13, 2014 Report post Posted April 13, 2014 Do you have the wsus service installed on your central server? From what I remember, the SUP needs wsus installed. You can configure it to talk to your main wsus server with upstream/downstream setups. Maybe its that? The admin console is installed on the central server and pointed to our external wsus server. I know this part works because the central server is actually syncing downloads. It's the primary server that is experiencing the aforementioned issue. The primary server also has the admin console installed. Quote Share this post Link to post Share on other sites More sharing options...
firstcom Posted April 14, 2014 Report post Posted April 14, 2014 Hey all, I was messing around all weekend with this... wcm.log seems to indicate that it cannot connect to the server. It's pointing to itself, which I believe it's supposed to do? My wsus server is external and on a Server 2012 box, so it uses port 8350, but the primary site that I'm having trouble with is Server 2008 with only the WSUS Admin Console, so I believe it's port 80. Which port do I need to configure my primary site for? If it's 80 I'm getting a 404 error in wcm.log. So a) which port do I use, and if it's 80, why would I get a 404 error, and if it's 8350 then why would I be getting a closed connection? IIS is installed on all boxes. Quote Share this post Link to post Share on other sites More sharing options...
firstcom Posted April 14, 2014 Report post Posted April 14, 2014 By the way, I'm offering a LinkedIn recommendation to whoever can walk me through this and figure it out. Willing to do a conference call with any SCCM experts out there as well. Quote Share this post Link to post Share on other sites More sharing options...
oxyle Posted April 14, 2014 Report post Posted April 14, 2014 You could try to add the SCCM computer account to the local administrators group on the WSUS server? In our environment the WSUS is running on our CAS server, and the 2 other primary sites retrieve their updates from it. Did you run the post installation wizard on the central site aswell? I didn't the first time, and ConfigMgr could not connect to the WSUS server. After I ran the post installation wizard(Not the configuration Wizard) it started to connect succesfully. Maybe you'll benefit from the picture below: Also the log is saying that the remote configuration failed to server: 172.31.36.61, is this your ConfigMgr or your WSUS server? Quote Share this post Link to post Share on other sites More sharing options...
firstcom Posted April 14, 2014 Report post Posted April 14, 2014 The sync and everything else seems to be fine on the central server, just not the ConfigManager primary server, so I know WSUS is set up correctly. This seems to be a connection issue. That IP is the IP of our ConfigMgr primary server. I have no idea why it's pointing to itself and that's something I've been questioning -- isn't it supposed to be pointing to the wsus server? The sync page suggests it syncs from the external wsus server, but when you look at logs on the primary site it tries to connect to itself. You could try to add the SCCM computer account to the local administrators group on the WSUS server? In our environment the WSUS is running on our CAS server, and the 2 other primary sites retrieve their updates from it. Did you run the post installation wizard on the central site aswell? I didn't the first time, and ConfigMgr could not connect to the WSUS server. After I ran the post installation wizard(Not the configuration Wizard) it started to connect succesfully. Maybe you'll benefit from the picture below: Also the log is saying that the remote configuration failed to server: 172.31.36.61, is this your ConfigMgr or your WSUS server? Quote Share this post Link to post Share on other sites More sharing options...
Kazi Posted April 14, 2014 Report post Posted April 14, 2014 Firstcom, have you tried adding your WSUS server name to the Administrator's group on the WSUS server? Also have you installed the WSUS Administration console on your site server? Quote Share this post Link to post Share on other sites More sharing options...
firstcom Posted April 15, 2014 Report post Posted April 15, 2014 I was able to fix this by installing a full WSUS server on the primary server as well as a few other changes to ports. This is something we didn't have to do in our previous environment, but it's all working now. Thanks everyone for your help! Quote Share this post Link to post Share on other sites More sharing options...