WSUS server fails to find computers.
Hi,
I've set up two WSUS Servers ver 3.0. One works as expected and the other
does not.
The failing machine is not being populated with any computers (including
itself). At first, my computer options were set to the default "use the
update service console". After a few days, I changed this to use the group
policy (on both the working and failing servers). Again the working server
acted as expected and the failing has yet to find any computers.
My check is to view "All Computers" and "Unassigned Computers" as well as my
own computer group. The "status" is set to "Any" in all folders.
At the various clients, I've run rsop.msc and found that the GPO's are
properly received.
The GPO, "Specify intranet Microsoft update service location" has both
entries set as follows:
Working machine (wsus ver 3): http://rc-server-4
Failing machine (wsus ver 3): http://oh-server-3:8530
Working machine (wsus ver 1): http://oh-server-2:8530
When I visit the urls, I'm presented with the following web pages:
Working machine (wsus ver 3): Under Construction
Failing machine (wsus ver 3): You are not authorized to view this page
(HTTP 401.1)
Working machine (wsus ver 1): The website declined to show this webpage
(HTTP 403)
I suppose there is something amiss in IIS, but I don't know what. Any ideas
what could be wrong?
--
Bob
RE: WSUS server fails to find computers.
I reinstalled WSUS 3.0. Below are the event - Application logs:
================================
Event Type: Information
Event Source: Windows Server Update Services
Event Category: Update Services Service
Event ID: 501
Date: 6/1/2007
Time: 3:59:26 PM
User: N/A
Computer: OH-SERVER-3
Description:
Update Services Service Started
================================
Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11707
Date: 6/1/2007
Time: 3:59:33 PM
User: OPERATIONHOPE\Robert Cody
Computer: OH-SERVER-3
Description:
Product: Microsoft Windows Server Update Services 3.0 -- Installation
completed successfully.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 37 37 38 34 36 42 35 {77846B5
0008: 32 2d 31 34 43 39 2d 34 2-14C9-4
0010: 46 43 34 2d 42 45 36 33 FC4-BE63
0018: 2d 46 45 30 36 41 46 35 -FE06AF5
0020: 30 31 34 34 32 7d 01442}
================================
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Clients
Event ID: 13042
Date: 6/1/2007
Time: 3:59:45 PM
User: N/A
Computer: OH-SERVER-3
Description:
Self-update is not working.
================================
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Web Services
Event ID: 12002
Date: 6/1/2007
Time: 3:59:45 PM
User: N/A
Computer: OH-SERVER-3
Description:
The Reporting Web Service is not working.
================================
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Web Services
Event ID: 12032
Date: 6/1/2007
Time: 3:59:45 PM
User: N/A
Computer: OH-SERVER-3
Description:
The Server Synchronization Web Service is not working.
================================
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Web Services
Event ID: 12022
Date: 6/1/2007
Time: 3:59:45 PM
User: N/A
Computer: OH-SERVER-3
Description:
The Client Web Service is not working.
================================
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Web Services
Event ID: 12042
Date: 6/1/2007
Time: 3:59:45 PM
User: N/A
Computer: OH-SERVER-3
Description:
The SimpleAuth Web Service is not working.
================================
Event Type: Error
Event Source: Windows Server Update Services
Event Category: Web Services
Event ID: 12052
Date: 6/1/2007
Time: 3:59:45 PM
User: N/A
Computer: OH-SERVER-3
Description:
The DSS Authentication Web Service is not working.
================================
--
Bob
RE: WSUS server fails to find computers.
Hi Bob,
Thank you for posting in the Microsoft newsgroup!
From your post, my understanding on this issue is: one of your WSUS server
hasn't any computer in the console. If I have misunderstood your problem,
please feel free to let me know.
The WSUS server doesn't try to find any clients. Actually, the computers in
the console represent the computers have contacted the WSUS server.
Therefore, the WSUS server you configured in group policy will be contacted
and the another one won't get any computers in it's console. The computer
option is used to configure the group assignment, the following article has
the related information:
Create the Computer Groups
http://technet2.microsoft.com/window...6-c677-415b-b9
ae-91e9cef720e71033.mspx?mfr=true
Regarding your post, after you re-installed WSUS, you got lots of error
events. Please confirm the following file & IIS permissions :
1. Within IIS verify that anonymous access is enabled for the /selfupdate
virtual directory and /clientwebservice application directory.
2. Reset the password of the IIS anonymous account IUSER_<computer> and
renew the password setting in IIS:
a. Open up IIS
b. Expand Web Sites > Right click SelfUpdate > Properties > Directory
Security tab
c. Click Edit on "Authentication and access control"
d. Enter the same password that was used to reset the IUSER account in AD
Users & Computers
e. Do the same with the below IIS componets :
ReportingWebService / ServerSynchronizationWebService / ClientWebService /
SimpleAuthWebService / DSSAuthenticationWebService
f. If you are using the Default Web site, you should also check the
password setting in it.
After the above has been completed, please restart the server.
The WSUS folder permission could also cause your issue. You can compare the
NTFS permissions on the %ProgramFiles%\Update Services folder and it's
subfolders on the problematic WSUS server with the working server to find
out if there's any difference.
Best Regards,
Sean Cai, MCSE2000
Microsoft Online Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
RE: WSUS server fails to find computers.
Hi Sean,
Thanks, it is fixed now. Your suggestions about resetting the passwords was
the fix.
For any others that may run into this, I'll elaborate.
This may be a result of my demoting my DC (which also had WSUS).
I then rebuilt the machine, re-promoted it to a DC, and reinstalled IIS and
then WSUS.
I suspect my IUSER account (with an outdated password) replicated to my
newly rebuilt machine and when I reinstalled IIS, a new password was created
and now my anonymous logon password was out of sync. Maybe??
A test I used was to first determine my IUSER account password using the
script at the end of this post.
I then started command prompt using RUN AS the IUSER credentials and found
my credentials were invalid.
Finally, I reset the password as Sean described earlier - except I reset it
at the IIS "Web Sites" level (or maybe one level lower; can't remember)
rather than the individual folders that Sean mentions. I'm hoping this
propagates down to the other folders? (I guess it must have as it works - so
far).
Anyway, it didn't resolve itself immediately after the initial reboot, but
within the day, it did.
Script to determine IIS passwords:
---------------------------------------------------------------------------------------
' Modified version from: (Thanks Jimbo Jones -
microsoft.public.scripting.vbscript)
' http://www.windowsitpro.com/Web/Arti...222/21222.html
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("output.txt", 8, True)
Set IIsObject = GetObject ("IIS://localhost/w3svc")
objFile.WriteLine "According to the metabase, the anonymous credentials are:"
objFile.WriteLine "AnonymousUserName = " & IIsObject.Get("AnonymousUserName")
objFile.WriteLine "AnonymousUserPass = " & IIsObject.Get("AnonymousUserPass")
objFile.WriteLine "WAMUserName = " & IIsObject.Get("WAMUserName")
objFile.WriteLine "WAMUserPass = " & IIsObject.Get("WAMUserPass")
objFile.Close
Set objFile = Nothing
Set objFSO = Nothing
Set IIsObject = Nothing
---------------------------------------------------------------------------------------
--
Bob
RE: WSUS server fails to find computers.
Hi Bob,
Thank you for your reply and the great sharing! I think everyone who
encount the similar problem will benefit from your reply.
Please let me know if you have any other question. Since I'm not very good
at IIS, if you have questions about the IIS security, I suggest you to post
the questions in the IIS newsgroup.
Thanks & Regards,
Sean Cai, MCSE2000
Microsoft Online Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.