Configure WSUS server

Hi everyone,
I have two isolated networks(Two different domains) one in the internal network not connected to outside world and 
the other one external connected to outside world.
I want to  come up with 2 WSUS servers 
One WSUS server connected to the internet domain and other WSUS server connected to internal domain.
Is it possible to export update metadata from internet WSUS server and import it in internal WSUS server(But Both Domains are Different).Please guide me how to configure WSUS server.

Which of the two databases are preferred,  Microsoft internal db or SQL db
If you don't already have SQL established and also have SQL expertise, I'd keep it simple and use WID.
Here are some other considerations:
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Similar Messages

  • Server tries to download updates from MS instead of configured WSUS server

    Hey all,
    I got some strange behaviour of a server that I try to update with our WSUS server. Both the client and the WSUS server are Win2k12, not R2. A policy is applied on all servers in which the WSUS server is set. Actually, the update procedure and the policy
    works on all servers but this one.
    I am able to find and select updates for the target server on my WSUS server and the server is able to find the server. When I try "Install now" on the target server, nothing happens. According to the log the server is communicating with the WSUS
    server, but is not downloading the updates from it, instead it tries to download them from MS itself what is not possible. I inserted my proxy user and then it worked so I nailed it down.
    How can I reset all the configuration or where is the registry key that leads to the download source?
    Thanks in advance and kind regards,

    The registry keys for the update source are controlled by the group policy, so configuring the policy and making sure it is applying correctly will automatically configure the appropriate registry keys.  However, the keys specific to windows updates
    are located here:
    HTTP(S) URL of the WSUS server that is used by Automatic Updates and API callers (by default). This policy is paired with WUStatusServer, and both keys must be set to the same value to be
    The HTTP(S) URL of the server to which reporting information is sent for client computers that use the WSUS server that is configured by the WUServer key. This policy is paired with WUServer,
    and both keys must be set to the same value to be valid.
    The full list of related keys can be found here:

  • WSUS Server 3.2 wsuscontents folder size is taking away all the disk space(75GB)

    Hi ,
    We have Windows server 2008R2 X64. server and we have configured WSUS Server 3.2. The WSUSContents folder is taking away all the disk space and there is no space left . As a result WSUS stopped working.
    We used WSUS Server cleanup Wizard, but it is not able to reduce the size of this folder.
    Is there anyway we can purge the WSUS database? is there any script to run?
    Thanks a ton in advance for the help.

    The WSUSContents folder is taking away all the disk space and there is no space left . As a result WSUS stopped working.
    We used WSUS Server cleanup Wizard, but it is not able to reduce the size of this folder.
    Start here:
    Removing unneeded update approvals.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile:
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • WSUS server role on Windows Server 2012 R2 - Supported SQL Configurations

    According to
    this page the supported SQL configurations for WSUS on Windows Server 2012/2012 R2 stop at SQL Server 2012 SP1, but there is no mention of SQL Server 2012 SP2 being supported.
    However, both the SCCM 2012 R2
    supported configuration page and this announcement state that SQL Server 2012 SP2 is fully supported on SCCM 2012 R2 with no
    known limitations. Bearing in mind a big part of SCCM is to perform software updates which in turn requires WSUS to be installed...
    ... Is SQL Server 2012 SP2 supported on WSUS 4.0 (aka WSUS server role on Windows Server 2012 R2)?

    The only thing that mattered for the versions mentioned on TechNet probably is the date the articles are published. I'm no Microsoft employee so I cannot guarantee you support even if I trace back some Microsoft article that explains the lifecycle of MS
    products and support.
    Fact is that MDT uses a database, SQL is a database server. SQL server has all kinds of compatibility modes to support databases dating multiple versions back.
    Another fact is that a Service pack is an
    update to the software (be it a large one) Microsoft will not break compatibility with their own products (and may others that relay on SQL server) by an update.
    And a last fact is that in general, updates are required when you need support. After all, updates fix issues, and engineers generally don't like ghosthunting a bug that has already been patched.

  • SCCM 2007 R3 Software Updates Sync : 6703 WSUS server not configured

    We run SCCM 2007 R3 in native mode (Software Update Point and WSUS both reside on SCCM site server). We're having issues running Software Updates Synchronization which have previously worked fine. In SMS_WSUS_Control_Manager the errors appear as follows
    SMS WSUS Synchronization failed.
    Message: WSUS server not configured.
    Source: CWSyncMgr::DoSync.
    The operating system reported error 2147500037: Unspecified error
    I've followed the suggested fixes in
    http://technet.micro...y/bb735874.aspx but still we have an issue.
    If I open the WSUS console directly and run a manual synchronization from Microsoft this completes successfully. However, I presume this will not be using SSL which is what SCCM will want to use in native mode. I've checked the bindings in IIS on WSUS Administration
    site to confirm that the certificate hasn't expired.
    Any ideas what else I can try?

    wsyncmgr.log repeatedly contains the following
    Performing sync on retry schedule SMS_WSUS_SYNC_MANAGER 13/10/2013 14:02:11 612 (0x0264)
    14:02:11 612 (0x0264)
    Sync failed: WSUS server not configured. Source: CWSyncMgr::DoSync SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)
    STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=CCPSCCM02 SITE=WES PID=8084 TID=612 GMTDATE=Sun Oct 13 13:07:11.284 2013 ISTR0="CWSyncMgr::DoSync" ISTR1="WSUS server not configured" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6=""
    ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)
    Sync failed. Will retry in 60 minutes SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)
    Sync time: 0d00h05m00s SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)

  • [Forum FAQ] WSUS Configuration Manager failed to subscribe to update categories and classifications on WSUS Server

    You might see an error in Software Update Point Status Message when you run software updates synchronization. (Figure 1)
    WSUS Configuration Manager failed to subscribe to update categories and classifications to WSUS Server “Server Name”
    Figure 1
    When you check the WCM.log, WSUSCtrl.log and wsyncmgr.log. There is an error in WCM.log-“Category Product:6d76a2a5-81fe-4829-b268-6eb307e40ef3 (Windows 7 Language Packs) not found
    on WSUS”. (Figure 2)
    Figure 2
    Windows 7 language packs are available for computers that are running Windows 7 Ultimate or Windows 7 Enterprise. The Windows 7 language packs can be installed only from the Optional
    Updates section in Windows Update. However, these language packs are not available on the Microsoft Windows Server Update Services (WSUS) server or through the Microsoft Download Center.
    For more information, please review the link below:
    Windows 7 language packs are available for computers that are running Windows 7 Ultimate or Windows 7 Enterprise
    Go to Administration -> Overview -> Site Configuration -> Sites -> Right-click CAS -> Configure Site Components -> SUP Products tab, uncheck “Windows 7 Language
    Packs”, then sync again. (Figure 3)
    Figure 3
    After Sync successfully, the “Windows 7 Language Packs” option disappeared. (Figure 4)
    Figure 4
    About installing Windows 7 language packs, you could use SCCM 2012 Package feature (download manually) or Windows Update.
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    I managed to fix my issue by coping the Client, ClientUpgrade, and Scripts from the files from SCCM install discs folder SMSSETUP to c:\program files\Microsoft Configuration Manager folder.  I noticed that some of the files in the scripts
    folder was missing and I copied the other folders over because I felt that maybe my local copy of the Client installer where missing some key files as well.  Once I did that and disabled software update push, restarted the wsus computer, and re-enabled
    the software update push it was able to publish the client and start installing it that way.
    I thing the initial log messages where pointing me in the wrong direction for a few hours because I was thinking it was permissions as well and kept trying to figure that out but in the end I do not believe any of that was the reason I was receiving the
    same error as you where.

  • WSUS server and client configuration issues

    I just inherited WSUS from my predecessor (it was turned off because of a full disk) so I’m still learning how to use it. Turning it back on I changed where updates should come from, they were stored locally and now I’m pulling them down off of the Microsoft
    Update location. What I’m seeing is that I have a bunch of computers that WSUS “sees” but are showing “Failed or Needed” status. Unless I visit each machine and manually do the updates this status does not change. Additionally I have some client computers
    (Windows 7) that are not showing up as managed by WSUS. If I reading this right I’m running version Update Services 6.2.9200.16384 on Management Console 3.0 Version 6.2 (build 9200) on Windows Server 2012.
    How can I force WSUS to automatically update the “Failed and Needed” devices?
    How can I get those clients that are not being managed by WSUS to be managed?
    Some of the things that I have done so far on the server and clients are:
    Create a GPO (see attached for WSUS)
    wuauclt /reportnow
    wuauclt.exe /detectnow
    gpupdate /force after
    modifying the GPO
    I even ran the SolarWinds WSUS diagnostic (as a non-administrator) and got this as the output:
    # Solarwinds® Diagnostic Tool for the WSUS Agent # 1/23/2015
    Machine state
      User rights:  User does not have administrative rights (Administrator rights are not available)
      Update service status:  Running
      Background Intelligent Transfer service status:   
      OS Version:  Windows 8.1 Pro
      Windows update agent version:   7.9.9600.17489 (WU Agent is OK)
    Windows Update Agent configuration settings
      Automatic Update:    Enabled
      Options:  Automatically download and notify of installation
      Use WSUS Server: Not found (There is no such key)
      Windows Update Server:  Not found (There is no such key)
      Windows Update Status Server:  Not found (There is no such key)
      WSUS URLs are identical:  Values are empty
    WSUS Server Connectivity -- Connectivity check is impossible
    So, my questions are:
    What tool do I use to configure the client machine?
    How do I get WSUS to update my clients?

    I'm pretty sure that this is not the right forum to discuss this in but just so we can close this case.
    On my computer I ran the command gpupdate /force I
    then rebooted my computer to make sure that the group policy would be updated. The first screen shot is from my domain controller and the second is from my computer. As you can see the Domain Controller has the correct settings but the local machine doesn't.
    Other parts of the DC GPO settings have worked so I'm somewhat comfortable that it is being propagated properly.

  • Configuring SMTP Email Notification on WSUS server When using Outlook 365

    We have a SMTP relay set up on a different server. I have tried to set up email notifications from WSUS server. I get the following error when trying to test. We are using Outlook 365. I've tried using ports 25 and 587 respectively. Any ides? Thanks in advance!
    System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated
       at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
       at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.SendTestEmail(String emailLanguage, String smtpUserName, String senderEmailAddress, String smtpHostName, Int32 smtpPort, String recipients)
       at Microsoft.UpdateServices.Internal.BaseApi.EmailNotificationConfiguration.SendTestEmail()
       at Microsoft.UpdateServices.UI.SnapIn.Dialogs.EmailNotificationSettingsDialog.backgroundWorker_DoWork(Object sender, DoWorkEventArgs e)

    We have a SMTP relay set up on a different server. I have tried to set up email notifications from WSUS server. I get the following error when trying to test. We are using Outlook 365. I've tried using ports 25 and 587 respectively. Any ides? Thanks in advance!
    System.Net.Mail.SmtpException: The SMTP server requires a secure connection
    You cannot email from a WSUS server direct to an O365 SMTP server, because the O365 SMTP Server *requires* a TLS-authenticated/encrypted connection and WSUS does not support TLS sessions. You'll need to have WSUS sent to an unencrypted onsite SMTP relay that
    has the ability to initiate a TLS relay connection to O365.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile:
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Migrate WSUS server from 2003x86 to 2008x64, new hardware, use same name and IP address?

    Searching through the WSUS forums and reading the TechNET migration documentation, I have bits and pieces of information to make this a smooth transition...I think. I have a plan in mind but
    would like the communities input on what I am thinking before moving forward and having it blowup in my face :). <o:p></o:p>
    I have the following currently:<o:p></o:p>
    A single WSUS 3.0 SP2 server, running on Server Win2003x86, using the default WID (susdb.mdf) on the same server. I have SQL 2005 Express installed on this server as well for other services
    but this has no bearing on the WID correct?<o:p></o:p>
    What I would like to do:<o:p></o:p>
    I have a new server (a much better one) that I would like to move WSUS on to, that will be running Server Win2008x64 (I have to setup first). <o:p></o:p>
    Steps that I would like to follow:<o:p></o:p>
    1. I will go through and setup this new server with all M$ updates etc... under a new name (ex. wsusnew) and DHCP acquired IP address and then power it down. <o:p></o:p>
    2. Get on my current WSUS server and backup all current WSUS settings, groups, DB etc... to a network location for temporary storage. Then power it down.<o:p></o:p>
    3. Delete the current WSUS server computer object in AD, DNS entry I will leave because my intension is to give the same IP address to the new WSUS server.<o:p></o:p>
    4. Start the new server, static assign the IP address from the old WSUS server to this new server and then change the name of (wsusnew) to the old servers name, which should be ok sense I deleted
    the AD object in step 3.<o:p></o:p>
    5. After the obvious restart, the new server will have the same name and IP address as the old server. <o:p></o:p>
    6. Now that the new server is up (with same settings name/IP as old server), I will then go through and install the WSUS role on the server and restore my WSUS information.<o:p></o:p>
    1. Step 2 above, is it possible to do this, without making replica servers? I kept reading about this as I was researching doing this, I would rather just copy the DB and folders and simply
    put them in-place on the new server.<o:p></o:p>
    2. Step 6 above, restoring of the data, what is the proper way to do this in the scenarioI described? <o:p></o:p>
    Thank you to anyone who can provide me some information.

    Thank you for the reply, I will follow and let you know. Proabably be next week sometime before I'm able to try though. So look for a reponse then. Thank you again.
    You can use the much more simple, much more reliable, and much more proven method of:
    Install new server as a replica of the old.
    Configure new server as upstream server.
    Point clients to new server.
    Turn off old server after all clients have redirected to the new server.
    For everybody that has tried the backup/restore the database procedure described above, they have encounted complications of one form or another.
    WSUS has a built-in and fully supported comprehensive replication capbility. use it! :-)
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile:

  • Client machine not reporting to wsus server

    My server Windows Server 2008 R2 Standard x 64 virtual machine install in Hyper-v server and Install SCE management version 2010.
    in sudden server stopped sending updated to client machine. So I check many and did many changed as per MS community forums. But still I have same issue. 
    Then I planned to install again SCE management server in different VM. But even though I am getting error that old SCE management server is existing in my domain.  Therefore I am afraid to change or remove any setting in AD since I have short
    of knowledge about SCE servers. 
    However my SCE server was working smoothly until 11-2013 and then suddenly stuck. When I check the server machine I found that local drive C: is getting full and SCE management is fail to start. So from that to now when ever I had free time I changed
    many things. But unfortunately I couldn't get the sever back to normal.
    Few changes which I made are below.
    - Remove and reinstall WAUS several times
    - Check online update and direct updated server SCE machine without getting updated from SCE
    - Remove dotnet frame work and updated version 4
    - product configuration wizard reconfigure
    - Repair management agent in client machine.
    Kindly help for me to repair my SCE server or make another installation without having change of settings.
    It would be highly appreciated if you could resolve issue
    The error massage is below in windows update log.
    2015-02-11 11:37:46:747 904 c78 Misc =========== Logging initialized (build: 7.6.7600.320, tz: +0300) ===========
    2015-02-11 11:37:46:747 904 c78 Misc = Process: C:\Windows\system32\svchost.exe
    2015-02-11 11:37:46:747 904 c78 Misc = Module: c:\windows\system32\wuaueng.dll
    2015-02-11 11:37:46:747 904 c78 Service *************
    2015-02-11 11:37:46:747 904 c78 Service ** START ** Service: Service startup
    2015-02-11 11:37:46:747 904 c78 Service *********
    2015-02-11 11:37:46:750 904 c78 Agent * WU client version 7.6.7600.320
    2015-02-11 11:37:46:750 904 c78 Agent * Base directory: C:\Windows\SoftwareDistribution
    2015-02-11 11:37:46:750 904 c78 Agent * Access type: No proxy
    2015-02-11 11:37:46:751 904 c78 Agent * Network state: Connected
    2015-02-11 11:37:58:940 904 8a0 Report CWERReporter::Init succeeded
    2015-02-11 11:37:58:940 904 8a0 Agent *********** Agent: Initializing Windows Update Agent ***********
    2015-02-11 11:37:58:941 904 8a0 Agent * Prerequisite roots succeeded.
    2015-02-11 11:37:58:941 904 8a0 Agent *********** Agent: Initializing global settings cache ***********
    2015-02-11 11:37:58:941 904 8a0 Agent * WSUS server:
    2015-02-11 11:37:58:941 904 8a0 Agent * WSUS status server:
    2015-02-11 11:37:58:941 904 8a0 Agent * Target group: (Unassigned Computers)
    2015-02-11 11:37:58:941 904 8a0 Agent * Windows Update access disabled: No
    2015-02-11 11:37:59:068 904 8a0 DnldMgr Download manager restoring 0 downloads
    2015-02-11 11:37:59:081 904 8a0 AU ########### AU: Initializing Automatic Updates ###########
    2015-02-11 11:37:59:082 904 8a0 AU # WSUS server:
    2015-02-11 11:37:59:082 904 8a0 AU # Detection frequency: 22
    2015-02-11 11:37:59:082 904 8a0 AU # Approval type: Pre-install notify (Policy)
    2015-02-11 11:37:59:082 904 8a0 AU # Auto-install minor updates: No (User preference)
    2015-02-11 11:37:59:082 904 8a0 AU # Will interact with non-admins (Non-admins are elevated (User preference))
    2015-02-11 11:37:59:082 904 8a0 AU # Will display featured software notifications (User preference)
    2015-02-11 11:37:59:301 904 c78 Report *********** Report: Initializing static reporting data ***********
    2015-02-11 11:37:59:301 904 c78 Report * OS Version = 6.1.7601.1.0.196880
    2015-02-11 11:37:59:301 904 c78 Report * OS Product Type = 0x00000007
    2015-02-11 11:37:59:313 904 c78 Report * Computer Brand = Microsoft Corporation
    2015-02-11 11:37:59:313 904 c78 Report * Computer Model = Virtual Machine
    2015-02-11 11:37:59:316 904 c78 Report * Bios Revision = 090004
    2015-02-11 11:37:59:316 904 c78 Report * Bios Name = BIOS Date: 03/19/09 22:51:32 Ver: 09.00.04
    2015-02-11 11:37:59:316 904 c78 Report * Bios Release Date = 2009-03-19T00:00:00
    2015-02-11 11:37:59:316 904 c78 Report * Locale ID = 1033
    2015-02-11 11:37:59:352 904 8a0 AU Successfully wrote event for AU health state:0
    2015-02-11 11:37:59:352 904 8a0 AU Initializing featured updates
    2015-02-11 11:37:59:352 904 8a0 AU Found 0 cached featured updates
    2015-02-11 11:37:59:352 904 8a0 AU Successfully wrote event for AU health state:0
    2015-02-11 11:37:59:353 904 8a0 AU Successfully wrote event for AU health state:0
    2015-02-11 11:37:59:354 904 8a0 AU AU finished delayed initialization
    2015-02-11 11:37:59:354 904 c78 AU #############
    2015-02-11 11:37:59:354 904 c78 AU ## START ## AU: Search for updates
    2015-02-11 11:37:59:354 904 c78 AU #########
    2015-02-11 11:37:59:356 904 c78 AU <<## SUBMITTED ## AU: Search for updates [CallId = {A05977D0-8D58-4DC1-AAC5-C5FD68987D7F}]
    2015-02-11 11:38:01:818 904 8a0 AU Triggering AU detection through DetectNow API
    2015-02-11 11:38:01:818 904 8a0 AU Will do the detection after current detection completes
    2015-02-11 11:38:03:808 904 1de0 Misc WARNING: Send failed with hr = 80072efd.
    2015-02-11 11:38:03:808 904 1de0 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2015-02-11 11:38:03:808 904 1de0 Misc FATAL: SOAP/WinHttp - SendRequest: SendRequestUsingProxy failed. error 0x80072efd
    2015-02-11 11:38:03:808 904 1de0 PT + Last proxy send request failed with hr = 0x80072EFD, HTTP status code = 0
    2015-02-11 11:38:03:808 904 1de0 PT + Caller provided credentials = No
    2015-02-11 11:38:03:808 904 1de0 PT + Impersonate flags = 0
    2015-02-11 11:38:03:808 904 1de0 PT + Possible authorization schemes used =
    2015-02-11 11:38:03:808 904 1de0 PT WARNING: GetConfig failure, error = 0x80072EFD, soap client error = 5, soap error code = 0, HTTP status code = 200
    2015-02-11 11:38:03:808 904 1de0 PT WARNING: PTError: 0x80072efd
    2015-02-11 11:38:03:808 904 1de0 PT WARNING: GetConfig_WithRecovery failed: 0x80072efd
    2015-02-11 11:38:03:808 904 1de0 PT WARNING: RefreshConfig failed: 0x80072efd
    2015-02-11 11:38:03:808 904 1de0 PT WARNING: RefreshPTState failed: 0x80072efd
    2015-02-11 11:38:03:808 904 1de0 PT WARNING: PTError: 0x80072efd
    2015-02-11 11:38:03:808 904 1de0 Report WARNING: Reporter failed to upload events with hr = 80072efd.
    2015-02-11 11:38:08:092 904 1de0 Misc WARNING: Send failed with hr = 80072efd.
    2015-02-11 11:38:08:092 904 1de0 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2015-02-11 11:38:08:092 904 1de0 Misc FATAL: SOAP/WinHttp - SendRequest: SendRequestUsingProxy failed. error 0x80072efd
    2015-02-11 11:38:08:092 904 1de0 PT + Last proxy send request failed with hr = 0x80072EFD, HTTP status code = 0
    2015-02-11 11:38:08:092 904 1de0 PT + Caller provided credentials = No
    2015-02-11 11:38:08:092 904 1de0 PT + Impersonate flags = 0
    2015-02-11 11:38:08:092 904 1de0 PT + Possible authorization schemes used =
    2015-02-11 11:38:08:092 904 1de0 PT WARNING: GetConfig failure, error = 0x80072EFD, soap client error = 5, soap error code = 0, HTTP status code = 200
    2015-02-11 11:38:08:092 904 1de0 PT WARNING: PTError: 0x80072efd
    2015-02-11 11:38:08:092 904 1de0 PT WARNING: GetConfig_WithRecovery failed: 0x80072efd
    2015-02-11 11:38:08:092 904 1de0 PT WARNING: RefreshConfig failed: 0x80072efd
    2015-02-11 11:38:08:092 904 1de0 PT WARNING: RefreshPTState failed: 0x80072efd
    2015-02-11 11:38:08:092 904 1de0 PT WARNING: PTError: 0x80072efd
    2015-02-11 11:38:08:092 904 1de0 Report WARNING: Reporter failed to upload events with hr = 80072efd.
    2015-02-11 11:38:08:093 904 1de0 Report REPORT EVENT: {62417852-380A-47BC-B153-8A8E0E198470} 2015-02-11 11:37:59:352+0300 1 202 102 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Content Install Reboot completed.
    2015-02-11 11:38:08:098 904 1de0 Report CWERReporter finishing event handling. (00000000)
    2015-02-11 11:38:08:098 904 1de0 Agent *************
    2015-02-11 11:38:08:098 904 1de0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
    2015-02-11 11:38:08:098 904 1de0 Agent *********
    2015-02-11 11:38:08:098 904 1de0 Agent * Online = No; Ignore download priority = No
    2015-02-11 11:38:08:098 904 1de0 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2015-02-11 11:38:08:098 904 1de0 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2015-02-11 11:38:08:098 904 1de0 Agent * Search Scope = {Machine}
    2015-02-11 11:38:08:440 904 1de0 Agent * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
    2015-02-11 11:38:08:441 904 1de0 Agent *********
    2015-02-11 11:38:08:441 904 1de0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
    2015-02-11 11:38:08:441 904 1de0 Agent *************
    2015-02-11 11:38:08:441 904 edc AU >>## RESUMED ## AU: Search for updates [CallId = {A05977D0-8D58-4DC1-AAC5-C5FD68987D7F}]
    2015-02-11 11:38:08:441 904 edc AU # 0 updates detected
    2015-02-11 11:38:08:441 904 edc AU #########
    2015-02-11 11:38:08:441 904 edc AU ## END ## AU: Search for updates [CallId = {A05977D0-8D58-4DC1-AAC5-C5FD68987D7F}]
    2015-02-11 11:38:08:441 904 edc AU #############
    2015-02-11 11:38:08:441 904 edc AU Featured notifications is disabled.
    2015-02-11 11:38:08:442 904 edc AU Successfully wrote event for AU health state:0
    2015-02-11 11:38:08:442 904 edc AU Successfully wrote event for AU health state:0
    2015-02-11 11:38:08:442 904 c78 AU #############
    2015-02-11 11:38:08:442 904 c78 AU ## START ## AU: Search for updates
    2015-02-11 11:38:08:442 904 c78 AU #########
    2015-02-11 11:38:08:444 904 c78 AU <<## SUBMITTED ## AU: Search for updates [CallId = {B8E1001D-5C48-4A26-888D-99FECCD6F9F1}]
    2015-02-11 11:38:08:444 904 1de0 Agent *************
    2015-02-11 11:38:08:444 904 1de0 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
    2015-02-11 11:38:08:444 904 1de0 Agent *********
    2015-02-11 11:38:08:444 904 1de0 Agent * Online = Yes; Ignore download priority = No
    2015-02-11 11:38:08:444 904 1de0 Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2015-02-11 11:38:08:444 904 1de0 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
    2015-02-11 11:38:08:444 904 1de0 Agent * Search Scope = {Machine}
    2015-02-11 11:38:08:444 904 1de0 Setup Checking for agent SelfUpdate
    2015-02-11 11:38:08:445 904 1de0 Setup Client version: Core: 7.6.7600.320 Aux: 7.6.7600.320
    2015-02-11 11:38:12:726 904 1de0 Misc WARNING: Send failed with hr = 80072efd.
    2015-02-11 11:38:12:726 904 1de0 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2015-02-11 11:38:12:726 904 1de0 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <>. error 0x80072efd
    2015-02-11 11:38:12:726 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
    2015-02-11 11:38:12:726 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
    2015-02-11 11:38:12:726 904 1de0 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
    2015-02-11 11:38:16:993 904 1de0 Misc WARNING: Send failed with hr = 80072efd.
    2015-02-11 11:38:16:993 904 1de0 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2015-02-11 11:38:16:993 904 1de0 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <>. error 0x80072efd
    2015-02-11 11:38:16:993 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
    2015-02-11 11:38:16:993 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
    2015-02-11 11:38:16:993 904 1de0 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
    2015-02-11 11:38:21:278 904 1de0 Misc WARNING: Send failed with hr = 80072efd.
    2015-02-11 11:38:21:278 904 1de0 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2015-02-11 11:38:21:278 904 1de0 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <>. error 0x80072efd
    2015-02-11 11:38:21:278 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
    2015-02-11 11:38:21:278 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
    2015-02-11 11:38:21:278 904 1de0 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
    2015-02-11 11:38:25:564 904 1de0 Misc WARNING: Send failed with hr = 80072efd.
    2015-02-11 11:38:25:564 904 1de0 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
    2015-02-11 11:38:25:564 904 1de0 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <>. error 0x80072efd
    2015-02-11 11:38:25:564 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
    2015-02-11 11:38:25:564 904 1de0 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
    2015-02-11 11:38:25:564 904 1de0 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
    2015-02-11 11:38:25:564 904 1de0 Misc WARNING: DownloadFileInternal failed for error 0x80072efd
    2015-02-11 11:38:25:564 904 1de0 Setup FATAL: DownloadCab failed, err = 0x80072EFD
    2015-02-11 11:38:25:564 904 1de0 Setup WARNING: SelfUpdate check failed to download package information, error = 0x80072EFD
    2015-02-11 11:38:25:564 904 1de0 Setup FATAL: SelfUpdate check failed, err = 0x80072EFD
    2015-02-11 11:38:25:565 904 1de0 Agent * WARNING: Skipping scan, self-update check returned 0x80072EFD
    2015-02-11 11:38:25:565 904 1de0 Agent * WARNING: Exit code = 0x80072EFD
    2015-02-11 11:38:25:565 904 1de0 Agent *********
    2015-02-11 11:38:25:565 904 1de0 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
    2015-02-11 11:38:25:565 904 1de0 Agent *************
    2015-02-11 11:38:25:565 904 1de0 Agent WARNING: WU client failed Searching for update with error 0x80072efd
    2015-02-11 11:38:25:565 904 1de0 Report CWERReporter finishing event handling. (00000000)
    2015-02-11 11:38:25:565 904 edc AU >>## RESUMED ## AU: Search for updates [CallId = {B8E1001D-5C48-4A26-888D-99FECCD6F9F1}]
    2015-02-11 11:38:25:566 904 edc AU # WARNING: Search callback failed, result = 0x80072EFD
    2015-02-11 11:38:25:566 904 edc AU # WARNING: Failed to find updates with error code 80072EFD
    2015-02-11 11:38:25:566 904 edc AU #########
    2015-02-11 11:38:25:566 904 edc AU ## END ## AU: Search for updates [CallId = {B8E1001D-5C48-4A26-888D-99FECCD6F9F1}]
    2015-02-11 11:38:25:566 904 edc AU #############
    2015-02-11 11:38:25:566 904 edc AU Successfully wrote event for AU health state:0
    2015-02-11 11:38:25:566 904 edc AU AU setting next detection timeout to 2015-02-11 13:38:25
    2015-02-11 11:38:25:566 904 edc AU Successfully wrote event for AU health state:0
    2015-02-11 11:38:25:567 904 edc AU Successfully wrote event for AU health state:0
    2015-02-11 11:38:30:595 904 1de0 Report REPORT EVENT: {6470B8FE-1600-4F7B-807F-6031606ECC8B} 2015-02-11 11:38:25:564+0300 1 148 101 {D67661EB-2423-451D-BF5D-13199E37DF28} 1 80072efd SelfUpdate Failure Software Synchronization Windows Update Client failed to detect with error 0x80072efd.
    2015-02-11 11:38:30:613 904 1de0 Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
    2015-02-11 11:38:30:613 904 1de0 Report WER Report sent: 7.6.7600.320 0x80072efd D67661EB-2423-451D-BF5D-13199E37DF28 Scan 101 Managed
    2015-02-11 11:38:30:613 904 1de0 Report CWERReporter finishing event handling. (00000000)

    Can you try the below to reset the authorization and force a connection back from one of the win 7 machines:
    it should help pinpoint exact issues. 
    1. Record the system time.
    2. Reboot the system (or restart the Windows Update service).
    3. After reboot run the command wuauclt
    /resetauthorization /detectnow.
    4. Wait 30 minutes.
    5. Post the entries from the WindowsUpdate.log starting at the time recorded in Step #1.
    Do you have any Windows 7 machines that are reporting? Are other machines with different operating systems reporting correctly?

  • Failed to set Subscriptions on the WSUS Server

    We are running SCCM 2012 R2; synchronization of updates is not working.
    The SUP is running on a Windows 2008 R2 server and it is not the Site Server.
    Below I have some log data. I have already tried uninstalling and reinstalling WSUS.
    Starting WSUS category sync from upstream... SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:22 PM 4488 (0x1188)
    Refreshing categories from WSUS server SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:27 PM 4488 (0x1188)
    Attempting connection to WSUS server:, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:27 PM 4488 (0x1188)
    Successfully connected to server:, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:27 PM 4488 (0x1188)
    Successfully refreshed categories from WSUS server SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    Attempting connection to WSUS server:, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    Successfully connected to server:, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    Category Company:94d731de-22a6-4458-dc4d-b5267de026fc (Adobe Systems, Inc.) not found on WSUS SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    Subscription contains categories unknown to WSUS. SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    Failed to set Subscriptions on the WSUS Server. Error:(-2147467259)Unspecified error SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    Waiting for changes for 59 minutes SMS_WSUS_CONFIGURATION_MANAGER 1/6/2015 1:14:53 PM 4488 (0x1188)
    Found active SUP from SCF File.SMS_WSUS_SYNC_MANAGER 
    1/6/2015 1:10:45 PM    4576 (0x11E0)
    Sync failed: WSUS update source not found on site NCU. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSourceSMS_WSUS_SYNC_MANAGER           
    1/6/2015 1:10:45 PM          
    4576 (0x11E0)
    STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SITE=NCU PID=1204 TID=4576 GMTDATE=Tue Jan 06 19:10:45.260 2015 ISTR0="getSiteUpdateSource" ISTR1="WSUS update source
    not found on site NCU. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER         
    1/6/2015 1:10:45 PM          
    4576 (0x11E0)
    Sync failed. Will retry in 60 minutes        
    SMS_WSUS_SYNC_MANAGER 1/6/2015 1:10:45 PM           
    4576 (0x11E0)
    Setting sync alert to active state on site NCU    
    SMS_WSUS_SYNC_MANAGER 1/6/2015 1:10:45 PM     
    4576 (0x11E0)
    Sync time: 0d00h00m00s   SMS_WSUS_SYNC_MANAGER
    1/6/2015 1:10:45 PM          
    4576 (0x11E0)
    Failed to create instance of Microsoft.SystemsManagementServer.WSUS.WSUSServer. error = Unspecified errorSMS_WSUS_CONTROL_MANAGER        
    1/6/2015 12:39:11 PM        
    4888 (0x1318)

    Blank out/remove all of the categories you have configured in ConfigMgr on the Software Update Point. Then run a full synchronization from the console. This will synch up all available categories without trying to subscribe to any. Then, you can go back
    re-select the categories that want (after the full synch completes) and perform another full synch.
    Right now, you are trying to subscribe to a category that doesn't exist.
    Jason | | @jasonsandys

  • Failed to set Subscriptions on the WSUS Server. Error:(-2147467259)Unspecified error

    Recently restored SCCM 2012 SP1 from Sever 2008 R2, to Server 2012 R2. I had Updates Publisher installed on old 2008 Server with Firefox and Chrome imported into Configuration Manager. Since I have upgraded I am no longer able to sync updates with Microsoft.
    WCM.log says:
    Category Product:44048288-2aac-b2b5-3730-fc020622ea05 (Firefox) not found on WSUS
    Category Product:cc5cb1bb-6b87-94ae-f96a-f758195112a7 (Chrome) not found on WSUS
    Subscription contains categories unknown to WSUS.
    Failed to set Subscriptions on the WSUS Server. Error:(-2147467259)Unspecified error
    ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=
    I have gone to deselect these products from syncing in Administration> Site > Configure Site Components >Software Update Point Products Tab.  They are not there. Any help on getting SCCM to sync updates would be greatly appreciated.

    Unable to sync after moving the Primary site server to different OS.
    Issues with the product and classification setup in the SUP after the restore.
    Ran below query to check if we have reference to Firefox and Chrome categories in the database.
    select CategoryInstance_UniqueID, CategoryInstanceName
    from fn_ListUpdateCategoryInstances(9) cat
    where cat.AllowSubscription=1 and cat.IsSubscribed=1 and cat.IsParentSubscribed=0
    order by cat.CategoryInstance_UniqueID
    RESULT:  [Along with other products we found Chrome and Firefox]
    Product:44048288-2aac-b2b5-3730-fc020622ea05  Firefox
    Product:cc5cb1bb-6b87-94ae-f96a-f758195112a7 Chrome
    Ran Select Query
    select * from CI_CategoryInstances where categoryinstanceid in
    (select categoryinstanceid  from CI_LocalizedCategoryInstances where LocaleID = 9 and CategoryInstanceName = 'Firefox'or
    CategoryInstanceName = 'Chrome')
    CategoryInstanceID CategoryInstance_UniqueID CategoryTypeName DateLastModified SourceSite ParentCategoryInstanceID IsDeleted rowversion
    16777523 Product:cc5cb1bb-6b87-94ae-f96a-f758195112a7 Product 2013-11-27 21:05:23.000 AAR 16777522 0 0x0000000006B08673
    16777549 Product:44048288-2aac-b2b5-3730-fc020622ea05 Product 2013-11-27 21:05:23.000 AAR 16777536 0 0x0000000006B08676
    Ran Select Query
    select * from CI_LocalizedCategoryInstances where LocaleID = 9 and CategoryInstanceName = 'Firefox'or
    CategoryInstanceName = 'Chrome'
    CategoryInstanceID LocaleID CategoryInstanceName rowversion
    16777523 9 Chrome 0x0000000006B08674
    16777549 9 Firefox 0x0000000006B08677
    We did find Chrome and Firefox items in the database.
    We need to delete these items in the database.
    We used below queries to delete the reference from the database.
    delete from CI_CategoryInstances where categoryinstanceid in
    (select categoryinstanceid  from CI_LocalizedCategoryInstances where LocaleID = 9 and CategoryInstanceName = 'Firefox'or
    CategoryInstanceName = 'Chrome')
    delete from CI_LocalizedCategoryInstances where LocaleID = 9 and CategoryInstanceName = 'Firefox'or
    CategoryInstanceName = 'Chrome'
    After deleting performed Scheduled Sync. Was successful

  • WSUS Server settings and Migrating SCCM 2007 Clients to SCCM 2012 R2

    I am in the process of migrating a site from SCCM 2007 to SCCM 2012 R2.
    Whilst doing this I came across the following issue:
    The first issue is the workstations are woefully out of date, patch and update-wise, some have never had a patch applied as the branch IT staff are building them from the original disk. The policy is set in the SCCM 2007 client to point the machines at
    the 2007 WSUS server, which is not set to deliver any updates to 2007 clients and hasn't been for a while. So as soon as the client is installed they lose the ability to get updates from Microsoft and don't get them from the 2007 WSUS server either.
    Issue number 2 is the machines are a mixture of hand-built machines to SCCM 2007 delivered images, the SCCM image is patch using offline patching so they are somewhat up-to-date, but the hand-built machines are not and as there is no standardization on
    the Microsoft Update client settings, the IT person on-site sets it to whatever he/she feels like, as it makes no difference once the client is installed and the policy applied.
    So, when I come to update the client from 2007 to 2012, the following occurs
    The Client uninstalls, and the GPO policy settings for Windows Update are removed.
    Depending on the setup of the client initially, some machines are then going to Microsoft for their updates (literally 100s) and although the new client is installed the policy update does not fire to update the Windows Update Policy settings, sometimes
    for hours after the install finishes. My thoughts are that it just can't run the policy as it is bogged down by patches updating and, in some cases, rebooting and then updating some more.
    As a workaround I have had to go in an physically disable Microsoft Update on these machines, which stops the downloading and eventually allows the policy to apply, after which the machine then begins to receive patches from WSUS in a controlled method during
    maintenance windows.
    I have tried a number of approaches, even setting the Global Group Policy for Windows Update, but the install still removes the keys and basically sets Windows updates back to whatever it was set before the policy was applied and stays that way until the
    new client is installed and the Machine policy reapplied. This can be speeded up by initiating it on the client obviously, but that would mean going to each client or using right-click tools on each machine, which is not an option.
    What I would like to know is if there is something I am missing from my methods or is it just that I have never been on a site with such out of date workstations built in such different ways.
    Any help would be appreciated.

    First note that clients do *not* get updates from WSUS in ConfigMgr. The Windows Update Agent (WUA) must point to the WSUS integrated into ConfigMgr (by virtue of having the SUP installed on it) but this is only to make the update catalog/metadata available
    to it. Approving updates in WSUS is unsupported for ConfigMgr.
    What you've described above is all working as designed although these clients are falling into a gap between the 2007 and 2012 configuration and thus they are reaching out to Windows Update during this gap and installing updates. To prevent this, you
    need to disable automatic updates via a domain group policy. This will prevent all automated WUA activity including installing updates from any source automatically. This will not interfere with ConfigMgr Software Updates in any way though.
    Jason | | @jasonsandys

  • Remove the updates Installed to the client from WSUS SERVER

    WSUS Server running on the Windows Server 2008 R2. Is there a way to get rid of updates that have been pushed out and installed on all client computers? because currently I am running out of disk space and I really don't want to increase the disk space
    further more.
    I tried the Server Cleanup Wizard but it didn't help much as it only cleans out unnecessary and declined updates.

    On current situation, please refer to the following article and check if can help you.
    to do when your WSUSContent folder grows too large
    Based on your description, I understand that you know which updates had been installed. In other words, you
    know which updates will never be used. In WSUS server, please navigate to those updates and right click them, then select
    Decline. (Please note: if have downstream replica servers,
    please don’t Decline these updates directly). Then please run the Server Cleanup Wizard again and monitor the result. If anything I misunderstand, please don’t hesitate to let me know.
    In addition, this issue seems to be more related to WSUS configuration. As Dave suggested, posting this question
    WSUS Forum will be better. I believe we will get a better assistance there.
    If any update, please feel free to let us know.
    Hope this helps.
    Best regards,
    Justin Gu

  • New WSUS server not showing computers correctly.

    Hi All,
    I've recently migrated WSUS servers and everything has come intact apart from the grouping. The groups have come over but all the computers are showing under 'Unassigned Computers'.
    I've manually removed and added a number of computers but it doesn't show any computers.

    I've only just taken over setting up of WSUS from my colleagues and he's setup computer groups in WSUS and adds the computers to the groups via Active Directory Users and Computers.
    The WSUS GPO only sets
    Allow non-administrators to recieve update notifications
    Allow signed updates from an intranet Microsoft update service location
    Configure Automatic updates (Configure automatic updating, Scheduled install day, scheduled install time)
    Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
    Specify intranet Microsoft update services location (Set the intranet service for detecting updates, set the intranet statistics server)
    Turn on recommended updates via Automatic Updates
    Turn on Software Notifications.
    Not sure how much help that is!
    Well, that is your issue then, if you are using client side targeting with the WSUS Server you will need to place the WSUS Group in the Group Policy. Here is a good technet article to get you started.
    Hope this helps.

Maybe you are looking for