SBS2011 WSUS broken

Similar Messages

• WSUS exported report hyperlinks broken

  Finding that if you export a report from the WSUS admin console, the hyperlinks do not work.  the path of the hyperlink is :
  The error message is "unable to open" and then the path to the hyperlink.
  if I copy and paste the hyperlink from the excel doc into an IE window, it does not link to the page. 
  Inside the admin console, the hyperlinks work just fine.  What can I do to make those hyperlinks work in an exported report

  Finding that if you export a report from the WSUS admin console, the hyperlinks do not work. 
  The links to UPDATES, or approval state, or update status, are INTERNAL links dependent upon the WSUS database and they WILL only work within the Report Viewer.
  The EXTERNAL links (e.g. to support.microsoft.com) should work without issue.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• WSUS vs SCCM SUP - What is the point of changing? Pros and Cons of both

  Hi,
  I have been using WSUS forever and have just made a very painful change over to SCCM 2012 SUP. In a room full of experienced WSUS users and facing a handover of SCCM SUP, I really need to have this question answered - What, if any, are the advantages of
  SCCM2012 SUP over WSUS. It's certainly not ease of use, ease of implementation or understandability.
  Even if i accept that yes, they are two different things now and i shouldn't think of SCCM as being like WSUS, I still have to compare and contrast, honestly, what they do and how they do it
  WSUS is ridiculously easy in comparison to SUP. With WSUS, I install it, create some GPOs and assign to OUs. I create security groups and add the servers in scope to to thoise groups and those security groups to the policy. I have different groups set up
  to keep separation of DCs and APP servers and SQL and SCCM and Antivirus servers and workstations
  If needs be i have a text list of all my servers/workstations and can individually target using PSEXEC to run wuauclt on any number of clients. It works great and is easily understandable
  Now, enter SCCM 2010 and SUP.
  The first thing i HAD to know was the last thing i learned. And not from Microsoft.That is that there is really only one method now, imposed by limitations on Software Update Groups and Deployment packages. You can only create a package of 1000 or less updates
  This means chopping up your historic updates and having them deployed as a separate strategy from your newer updates cycles
  Secondly, every month from now on you will need to create and sort your updates into a meaningful Update Group and Deployment package - even if you set up an Automatic Deployment rule, you still need to manually create your Update Groups
  You can only have one deployment package per update group and will need one software update group per "type" of install (available or Required) AND you will need one software update group and deployment package PER COLLECTION!
  To make this work as simply as possible, it will mean having two collections Available and Required (for example)
  Each collection will have a SUG associated with it (each with a limit of 1000 updates remember). Each group of circa 1000 updates takes about 2+ hours to compile and you will have a minimum of 5 groups per collection to get up to October 2014
  After this your ADRs should now do it all for you but lack the ability to create update groups so you have to do this manually every month beforehand. Whew!!
  Thirdly, in the background, WSUS still downloads metadata. In SCCM you should be pointing every update group manually to this folder. Same with Deployment packages and ADRs. Why is this not built-in - intuitive? These are then copied and downloaded as full
  packages into their respectively (manually) created source folders
  Now, when updates expire or are superseded, you have to manually replace them from each SUG
  And also quite a big thing i havent heard anyone else comment on, is the fact that these updates are now NOT shown in the Windows Update feature - they now appear in the Software Center - so now the Servers i sent "Available" updates have to be
  logged onto and manually installed - instead of being able to individually target them like i did with PSEXEC and wuauclt
  And logging?? There are at least 100 different logs to look at using the Trace Log Tool. It's a full time job just figuring out what logs to look at to resolve any problems
  This is, in my opinion, a really poor effort and the documentaion is wildly inconsistent across many forums.
  Some kind of standard document is needed. And i say this after having followed Microsoft's own documentation and using technet forums
  I, for one, just need one BIG question answered for now - how do i remove the SCCM SUP client and revert back to wuauclt on all my clients - if i remove SUP from SCCM will it remove the client from the clients?

  HI Jason,
  I have spent a long time trying to get this to work. My requirements are to have WSUS deploy updates automatically with as little intervention as possible and to be able to explain and show the process to others who will administer the system long after
  I've gone
  The reason I still have to think of things in the WSUS way is that I have a broken update infrastructure that doesn't do what my requirements are. So I now currently need to log into all my "Available " Servers to update them manually instead of
  being able to remotely execute the updates. I'll look at the SDK but this is the first time I've heard of it
  From the top - yes I agree that's a typo it's Update Goups that can only have 1000 updates. Do you agree that this causes a problem for this scenario? Updates since before 2013 amount to several thousand and so I have to break these up into groups of 1000
  - one each for Available and Required groups. That means 8 groups straight away
  Having to cater for these historic updates means painfully waiting 2 hours or so for each package to be created. I've done this already and its not pretty but its essential (unless I'm doing it wrong but I am following TechNet forums)
  My ADRs will absolutely not create the Update Groups and the docs I have read also say that this is a manual monthly process - Create a Group every month and then use an ADR to use that group - is that not correct?
  Update groups - you are mixing my words up and saying the same thing in a different way - "Update groups can absolutely have multiple deployments targeted to different collections" change the "can" for a "must" and you see my
  problem. You cannot create a single Update Group, package it up and the deploy it to both Available and Required groups. You need two update groups for this. One for available and one for Required.
  Metadata - OK then what is it that WSUS downloads to E:\WSUS\WsusContent\...  ? And why is this to be set as the download location for any Update Group, Deployment Package or ADR?? I have to create  or select a deployment package which is another
  manually created folder under "sources" for which the download location is set to my WSUS folder. This doesn't work unless I set my download location to Microsoft. But WSUS should already have synced in the background to WsusContent so why would
  I want to download from Microsoft. And I only want to actually download the "approved" packages. So as far as I'm aware the WSUS\WsusContent folder only contains metadata which is not downloaded until required. Am I wrong? What/who/how downloads
  the binaries and when?
  Lastly, What doesn't make sense? The goal used to be automation. If and when I needed to, I used to be able to manually intervene for single or multiple devices using PSEXEC to run wuauclt. With SCCM I can see for example, 2x non compliant devices just now.
  In the old days I would just psexec onto them and run wuauclt. In SCCM I err... Hmmm.. what? What do I do? Will look at the SDK
  Just one other thing - is there no way at all to continue to use the Windows UPdate control panel and have it show the same available updates as Software Centre? Why can SCCM not just work like Windows Update does? If I run Windows Update on any server it
  says up do date but if go to Microsoft to check it always comes back with updates
  I just want my internal SCCM SUP to work the same way Microsoft updates works for an internet connected computer. Completely Automatic. No intervention. My group of Availabel servers I would like to be able to remotely and individually install from either
  a central console or a script. Again, I will look at the SDK for this
  Thanks for your reply and advice. I'll give it one more week. ;-)

• WSUS 3.0 SP2 on Server 2008 R2 not working (no console or other access)

  Hi,
  In a brand new network with all 2008 R2 servers I setup WSUS. Initially I could not install the role from the Roles tool in Windows and had to install it from a downloaded file from Microsoft (which I later read is due to 2008 R2).
  This ran fine for about 2 weeks, I had all the clients and workstations in groups, approving updates and installing them.. all tickety boo and then one day the console wont connect and I have not been able to get back into WSUS to do anything. I tried removing
  and re-installing WSUS (both keeping the local database and then deleting it the second time) but nothing helps. My event log reports the following every 6 hours:
  Event ID 13042 - Self-update is not working
  Event ID 12002 - The reporting web service is not working
  Event ID 12012 - The API Remoting Web Service is not working
  Event ID 12032 - The Server Synchronization Web Service is not working
  Event ID 12022 - The Client Web Service is not working
  Event ID 12042 - The SimpleAuth Web Service is not working
  Event ID 12052 - The DSS Authentication Web Service is not working
  Some extra points based on what I have read:
  The server DOES have .net 4.0 installed
  WSUS has been removed and re-installed
  All servers are 2008 R2
  The server also runs Remote Desktop Services.. but aside from this is just a file and print server
  Because this server (and the whole network) are brand new, standard practice is to run WSUS against the Microsoft update site and install all critical and optional updates and patches and etc..
  While it was working, I can't recall installing anything that may have broken it, however typically Windows patches do not cause problems on our machines, so I do not pay too close attention to what gets installed.. Perhaps one of these updates broke WSUS?
  Can anyone offer some suggestions for how to troubleshoot this and try get things moving again?
  Thanks!

  Hi,
  > then one day the console wont connect and I have not been able to get back into WSUS to do anything.
  Any error message when you launch WSUS console?
  You mentioned you have Kaspersky Endpoint Security software installed on WSUS server, have you configured antivirus software to exclude WSUS content directory?
  If you cannot access the WSUS console and a timeout error message appears, the CPU of the WSUS server may be at, or very close to, maximum utilization, which causes the database software to time out. If the database software times out, the WSUS console cannot
  be displayed.
  One way of inadvertently overtaxing your WSUS server is to have antivirus software monitor the WSUS content directory. During synchronization, the antivirus software can overload the CPU.
  Please ignore WSUS content in your antivirus software and check the result.
  For more information please refer to following MS articles:
  Issues with the WSUS 3.0 SP2 Administration Console
  http://technet.microsoft.com/en-us/library/dd939877(v=WS.10).aspx
  The DSS Authentication Web Service is not working.
  http://social.technet.microsoft.com/Forums/en-US/configmgrsum/thread/c901eb7b-7c20-4fb8-87dd-93f128ec8703
  WSUS web services not working
  http://social.technet.microsoft.com/Forums/en/winserverwsus/thread/5b443a1c-01eb-4b73-ad06-03700032bec2
  Lawrence
  TechNet Community Support

• WSUS Cleanup Wizard

  Running SBS2011 as a VM using VMWare.  I want to clean up WSUS (or get rid of it altogether) but when I run the Server Cleanup Wizard and select Unused updates and update revisions, it stops after a couple minutes with Error: Database Error. 
  I am able to reset the server node but never get through the cleanup. 
  Any suggestions are welcome.
  Barry

  Hi Barry,
  Would you please let us know current situation of this issue? Just check if above suggestions can help you.
  If any update, please feel free to let us know.
  Just addition, please also refer to Lawrence’s suggestion in following similar thread and check if can help
  you.
  WSUS
  Server Cleanup Wizard says: Database Error...
  Hope this helps.
  Best regards,
  Justin Gu

• Enterprise Hotfix Rollup for Win7 and Server 2008 R2 via WSUS

  I stumbled across the fact that Microsoft released a hotfix rollup for Win7 and Server 2008 R2 that contains 90 hotfixes
  http://support.microsoft.com/kb/2775511/en-us
  The articled I linked above talks about after installing 2775511 (the big hotfix rollup containing 90 hotfixes) it is also necessary to install three more hotfixes:
  After this update is installed, you must install update 2732673 to fix a regression issue in the Rdbss.sys file
  After this update is installed, you must install update 2728738 to fix a regression issue in the Profsvc.dll file
  After this update is installed, you must install update 2878378 re-released on November 11, 2013 to fix a regression issue in the Advapi32.dll file
  I have imported all four of these hotfixes into my WSUS server. Do I need to install 277551 first and then install the other three or can all four be approved and go out at once? I guess I am hung up on the language of "After this update is installed
  .... ". I want to put all 4 of these on our Win7 machines as well as my 40+ WinServer 2008 R2 machines

  I read somewhere that over half of the updates included in Win7 SP1 and WinServer 2008 R2 SP1 were originally released as hotfixes. This means Microsoft made the decision that a large number of hotfixes would benefit every user of these two OSs
  I think your conclusion is flawed. The only thing that you can draw from the presented statistic, is that Microsoft determined that a significant percentage of updates originally released as hotfixes warranted the additional investment in regression testing
  to subsequently release those hotfixes as updates.
  The fact that they bundled these 90 hotfixes together leads me to the same conclusion.
  In fact, exactly the opposite conclusion applies: What you have in this package is all the rest of the stuff that didn't make that cut. What you have in this package are still NOT-regression tested hotfixes, they've just been bundled up for easy deployment
  (and note that three of them got further broken in the process of bundling), causing yet three more hotfixes to have to be released.
  In fact I read the MS Team Blog about this big hotfix release and they say the same thing, all users of these OSs would benefit from the installation of this hotfix rollup, not just a subset of users.
  I suspect there are a notable number of patch administrators and systems administrators who would disagree with that self-serving promotion. If, in fact, it's true that "all users" would benefit, then the product team should have invested the effort in properly
  regression testing those hotfixes, and releasing them as REAL updates. They did not; ergo the *actual* value is less than claimed.
  Of course the bugaboo here is the fact that three other individual hotfixes need to be installed after the big hotfix rollup is installed.
  Exactly! (And those are just the attempted fixes that broke something. Who knows how many other "fixes" may still result in newly discovered "broken stuff" that was never broken in the first place.)
  The second part of this question should revolve around an itemized review of the hotfixes contained in this rollup with one simple question asked for each:
  Have we actually *experienced* the issue addressed by this hotfix.
  Where hotfixes are concerned one very simple but important rule applies:
  If it ain't broken, don't try to fix it!
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• WSUS - Clients stopped reporting on downstream replicas

  Just looking for some advice on what could be wrong here.
  Some of our downstream WSUS replicas have stopped 'receiving' updates from machines on the network.  Below is an example of one group affected.  In this case WSUS is on a 2003 server but there is 1 instance where there is a 2008 R2 replica with
  the exact same problem.
  <image can't be posted until account is verified>
  Image was of the WSUS console with machines in the group stuck on 'Last Status Report' on '15/04/2015'.  Once account is verified, will post.
  There doesn't seem to be a common denominator between the replicas that do work and those that don't.
  WSUS v3.2.7600.256
  According to Add or Remove Programs, the following hotfixes are installed:
  KB2720211
  KB2734608
  There are no client connectivity issues, one of the machines is actually the WSUS server itself (so local).  The others are all on the same local LAN
  Machines are pointed to the correct WSUS server via GPO and worked up until the 15th. 
  The only thing that stands out in the WindowsUpdate.log on each machine is this:
  2015-04-20    10:49:22:094     900    15f0    Report    REPORT EVENT: {3B186FC1-29B3-4D3E-800E-19BF108CE254}    2015-04-20 10:40:45:606+0200    1  
   202    102    {00000000-0000-0000-0000-000000000000}    0    0    AutomaticUpdates    Success    Content Install    Reboot completed.
  2015-04-20    10:49:22:094     900    15f0    Report    WARNING: Reporter failed to upload events with hr = 80240004.
  I'm not convinced the error is totally relevant to the issue.
  I have searched through many online posts but haven't found an answer that works.
  Can anyone point me in the right direction or aware of what could be the problem?
  Thanks
  -- Edit for Further Info --
  These are not new replicas and definitely have been working up until recently.  All 'broken' replicas seemed to stop on the same day.

  Hi,
  Have you changed anything before this issue occurs?
  Are these clients able to be updated from WSUS server successfully?
  Did you install any update on these WSUS servers or clients before this issue occurs?
  If you have configured SSL on the WSUS server, please check if the certificate was expired.
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Hi,
  Thanks for getting back to me.
  1) No changes other than deleting expired updates through the WSUS control panel.
  2) Not anymore, no
  3) Server updates were applied, but I don't believe there were any for WSUS specifically.  The same updates would have been applied to other servers which are not affected
  4) No SSL in this case.

• New WSUS install does not respond to clients over ports 8530 or 8531

  I've recently installed WSUS on a Server 2012 machine, and am struggling to get it to respond to requests from other hosts. I cannot get it to respond to any host in any manner, except for requests from itself.
  My setup is as follows:
  WSUS installed on a Server 2012 domain controller, DC01.
  Other roles installed include AD CS, AD DS, DNS, IIS, and Print Services.
  WSUS is using all default settings.
  The firewall has inbound and outbound exceptions for ports 8530 and 8531
  A bit of information about what's happening:
  IIS will respond over port 80. I can open a Web browser from my workstation and connect to http://dc01/. If I attempt to connect to http://dc01:8530 (which I know should not work, but
  should respond with a 403 error), it times out. Identical behavior is observed over port 8531 with https.
  IIS will respond with a 403 if I make this same connection in a browser on DC01, it will work if I connect using either the loopback IP or hostname, but will time out if I attempt to make the connection using the server's local IP (IPv4).
  If I try to connect from my workstation using the WSUS configuration snap-in, I get an error: The remote server could not be contacted. Please verify that IIS on the server is correctly configured and is running.
  If I try to connect from DC01 using the WSUS configuration snap-in, it works correctly.
  The above is true for both http (8530) and https (8531).
  IIS logs show inbound connections from my workstation and show that IIS is responding with a 200. However, Wireshark running on DC01 shows three attempts by my workstation to open a connection -- three SYN packets, one initial attempt then two identical
  retries -- over a period of about ten seconds, with no responses from DC01. If IIS is responding, the responses are getting lost sometime before they hit the NIC.
  Bindings in IIS are correct, 8530 for http and 8531 for https.
  Given that everything works fine when making a local connection, I think I can safely assume that WSUS itself is running properly, and the issue is related to IIS. Nonetheless, in the hopes of this simply being a failed install, I have uninstalled and reinstalled
  both IIS and WSUS multiple times. (One thing to note, though I doubt it's related: WSUS consistently fails to set the path for the local update cache, failing the post-deployment configuration. I have to manually edit the UpdateServices-Services.xml file to
  include the path for the local cache. Everything goes fine after I do that.)
  I'm pretty stumped on this, and would happily accept any help. Thanks!

  I've recently installed WSUS on a Server 2012 machine, and am struggling to get it to respond to requests from other hosts. I cannot get it to respond to any host in any manner, except for requests from itself.
  My setup is as follows:
  WSUS installed on a Server 2012 domain controller, DC01.
  Other roles installed include AD CS, AD DS, DNS, IIS, and Print Services.
  Fundamentally you have two issues here:
  The first is the question of co-existence between WSUS and AD CS.
  The second is whether this machine was a DC before, or after, you installed WSUS.
  With Windows Server 2003 systems, running 'dcpromo' after installing IIS (and WSUS) would break IIS (and thus WSUS). With Windows Server 2012, installing WSUS with the AD DS role present results in a broken WSUS installation (if not an outright installation
  failure). This is because on a WS2012 Domain Controller, there are GPO restrictions on "Log On As A Service" which impact the ability of certain LOCAL accounts to do so ... one of which being the Network Service which is required for WSUS and another local
  use account, which is used for WID.
  Regarding ports and IIS -- WSUS is designed to work on port 8530 by default on a Windows Server 2012 box. It can also be made to work on port 80, but you have to use the correct utilities and procedures to make that change. As for your observation
  that "port 6000" seems to be a cutoff.... I'll (re)direct your attention to the installation of Active Directory Certificate Services, which I suspect is a contributing factor, and in general firewall configuration rules -- which are probably the most likely
  culprit on the port range of 6000+ (not including 8530 which I promise you is open by a rule explicitly created by/for WSUS).
  So, here's my suggestion:
  Install the WSUS role first.
  Install the AD DS role if you must (but Domain Controllers should not also be web or application server).
  Install the AD CS role elsewhere.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Interesting 'problem' after moving the WSUS database

  Firstly I have checked the suggested topics but none of them exactly describe the problem I have encountered.  
  (this link just gives a 'post not found page:  http://blogs.technet.com/b/sbs/archive/2009/09/23/how-to-move-sdfssdfdf-content-and-database-files-to-a-different-partition.aspx)
  Okay, I have a SBS2011 server running on an HP Proliant server.  The server has been dunning flawlessly for the last 2+ years. At deployment the WSUS content was initially located on the D drive. Free space on the C drive has dropped to 16GB and
  as a precaution I decided to move the WSUS DB to the D drive too.  I stopped the necessary  ISS Admin, Update and WWW services and proceeded, using  the SQL server management studio, to detach the DB, I moved (copy & paste) the DB to the
  new disk and attached it the the SQL SMS.  Nothing seemed to go wrong there, however, when opening the SBS console I am missing half of my information.  The face that the necessary icons are there leads me to believe that the service is functioning
  but just missing the computer info. If I click on a computer icon I can see the correct computer name. 
  Is there any way to fix this without deleting and reinstalling the entire WSUS service? 
  Thank you in advance for your time! 
  Please see the screenshot below 

  Hi,
  à
  (this link just gives a 'post not found page:http://blogs.technet.com/b/sbs/archive/2009/09/23/how-to-move-sdfssdfdf-content-and-database-files-to-a-different-partition.aspx)
  Please refer to following article and check if you have moved WSUS Content and Databases correctly.
  How
  to Move WSUS Content and Database Files to a Different Volume
  Meanwhile, please run
  SBS BPA and fix relevant issues that BPA tool can find. Then monitor the result.
  If this issue still exists, you may consider that repair Windows Server Update Services. Please refer to following
  TechNet article.
  Repair Windows Server Update Services
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• WSUS GPO not applying on server restart

  At first I thought this was limited to a single SBS 2008 server but I have now seen this behavior on another SBS2008 and SBS2011 server.  Basically what happens is I patch the server, I restart the server but... somehow the GPO for WSUS does not apply
  and leaves the server Windows update settings set on Download automatically and install at 3am when it should be the Standard "Download and Notify for install"
  I can open a command prompt and perform a gpupdate /force and the the correct policy immediately applies.
  Has anyone seen this behavior?  Is it possible a windows patch that has caused this issue.  It must be something common amongst all three different instances of SBS.  I do not see any errors in event logs regarding group policy.
  Please Help

  Hi skahlam,
  Does this issue always occur when you reboot the server?
  If yes, to verify if this issue is related to the updates, please try to remove the updates installed recently.
  If issue persists after removing the updates, please try to run the gpresult /h C:\report.html
  to check the detailed information about the GPO.
  Note: This procedure needs the privilege of the Administrator.
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How does WSUS work when an SCCM 2012 R2 server is newly installed? Should WSUS be installed and configured on same server?

  Let me clarify.
  We had a functional WSUS server delivering our updates to ours workstations. The location of the WSUS server was pushed out by Group policies.
  Later, an SCCM 2012 R2 installation was installed. The original WSUS server was removed. Now WSUS type services appear to be broken.
  I tried to start WSUS on the SCCM 2012 R2 server and it does not start. (I assume its not configured).
  I want to get WSUS running again but am not sure how to do this safely in conjunction with our SCCM 2012 R2 installation. Do I just reinstall WSUS on the SCCM server and configure? Or is there other preferred methods?
  I was not involved in SCCM's installation, so I do not know what was done.
  Geoff.

  Update functionality is provided via the Software Update Point
  https://technet.microsoft.com/en-us/library/gg712312.aspx
  ... which requires WSUS to be installed - it basically takes control of WSUS.
  Any existing group policies defining WSUS servers should be removed so that the SCCM client (which I assume is installed on computers already) can configure accordingly. Otherwise you will have group policy and SCCM client over writing one another to configure
  the update server

• WSUS 3.0 SP2 will not run after installing update 2720211

  http://support.microsoft.com/kb/2720211
  The update was installed and server rebooted.  Now the WSUS console on Server 2008 SP2 will not run.  "Error: Connection Error.  An error occurred trying to connect to WSUS server."
  The update service and IIS are both running.
  When checking for updates from clients, they  show a message saying their update software needs to be upgraded, but they fail updating.
  I was going to uninstall the update, but there is no option to uninstall the update from the WSUS server.
  What are options to fix this?

  This page helped alot. Let me recap for others on the interwebs.
  Cause:
  - Applied KB2720211 to a WSUS 3.0 SP2 server thats running on Windows 2008 64 bit server with local SQL db.
  What happened:
  - I could no longer sync my WSUS server with the interwebs.
  - clients could still connect to WSUS and I could still open the WSUS console.
  - Uninstalled WSUS, left DB and downloads and reinstalled WSUS in attempt to fix broken syncing.
  - Clients could now no longer sync with WSUS server. (They got Windows Update error code 800B0001).
  Solution:
  - Googled, found this page.
  - Followed just these last few steps that Chucker2 posted.
  Extract necessary files from 2720211 installer
  Download the KB2720211 installer for your architecture from Microsoft (http://support.microsoft.com/kb/2720211)
  Extract WUSSetup.msp from the installer by running the installer with the /extract parameter (example: "WSUS-KB2720211-x64.exe /extract")
  With 7-zip, open WUSSetup.msp and extract "PCW_CAB_SUS".
  With 7-zip, open "PCW_CAB_SUS" and extract "DbCert", "DbCertDll", and "DbCertSql".
  Rename those files to "WSUSSignDb.cer", "WSUSSignDb.dll", and "WSUSSignDb.sql", respectively.
  On your WSUS server, navigate to "C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig" and copy the extracted "WSUSSignDb.cer" and "WSUSSignDb.dll" to it. Make a backup copy of the two existing versions, just in case.
  On your WSUS server, navigate to "C:\Program Files\Update Services\Database" and copy the extracted "WSUSSignDb.sql" to it. Make a backup copy of any existing versions of the file.
  Reinstalled 2720211
  PROBLEM FIXED AND CLIENTS COULD ALL SYNCH AGAIN.
  Thanks Chucker 2.
  ps. Susan Bradley stop polluting every WSUS post on the interwebs with your constant links to WSUS KB2720211 : Common issues
  encountered and how to fix them
  this is the best solution. after reboot the problem is solved .
  kailash

• SCCM 2012 SP1 - Multiple SUP - common WSUS DB

  Hello,
  Is it supported / recommend to share a common WSUS DB for multiple WSUS / SUP roles ?
  If yes, how to perform a clean deployment of additional SUP dealing with additional KB requirements.Following article explains the problem but the solution looks very complex: http://scug.be/sccm/2012/10/03/configmgr-2012-sp1-installing-multiple-software-update-points-per-single-primary-site-and-use-a-single-shared-wsus-database-on-your-sql-cluster/
  I tried to test this procedure in my test environment but it broken WSUS and now refuse to sync with Microsoft (can't establish SSL connection).
  I have not been able to find any official Microsoft setup guide for this ?
  As an alternative, is it possible to sync additional SUP as downstream servers with the first one. I ask for this because I use SCUP, and I don't want to maintain multiple WSUS environment.
  Regards.

  Hi.
  We have the same problem with our WSUS 3.0 SP2 installation, when I install WSUS on an SCCM 2012 server in the "Secondary Site".
  That server is in a different domain (one way Trust); but I have Logged On to that server with an specific account from the Top Domain that has Owner rights on the excisting DB). The Installation connect's succcesfully to the DB, and on the
  Next Window I get the error "The existing DB is not compatible with this version of Windows Server Update Services 3.0 SP2"
  The first two Wsus Installations  in the "Top" domain worked just fine.
  Anyone an idea?

• SBS Update Services not running because it automatically turns off... SBS 2011, WSUS 3.0 SP 2

  I apparently don't have the "normal" problems here because I have tried all the usual fixes for this and nothing has worked. I really hope someone else has an idea for me. I have dozens of hours into this now and it probably would have been faster to P2V
  this box then start from complete scratch with a fresh install, new domain, create new users, then copy over mail for users.
  I can view & deploy updates from the SBS console, but I still get the error when attempting to view (change the software update settings).
  Fixes I have tried (in order of attempt IIRC):
  Checked all GP settings and "real" WSUS console settings/options probably half a dozen times.
  "Repair windows server update services" technet article.
  Server cleanup wizard and reindex database
  Complete WSUS uninstall and reinstall (don't remember the source but followed directions to make sure WSUS was COMPLETELY gone before reboot, reinstall, reboot again).
  KB2720211 (fully broke WSUS)
  KB2734608 (got me back to pre-KB2720211 functionality)
  I figured KB945985 was a long-shot and after viewing the output log I had high hopes but no dice.
  Output log from KB945985:
  Changed database context to 'SUSDB'.
  Using SUSDB
  No work to do. Record already exists.
  Automatic Approval For Detection is already enabled
  Target group of approval for detection is not "AllComputers"
  Inserting "AllComputers" group
  "AllComputers" Group added
  Critical update is not in approval for detection classification
  Critical update is inserted to approval for detection classification
  Security update is not in approval for detection classification
  Security update is inserted to approval for detection classification
  Service pack is not in approval for detection classification
  Service pack is inserted to approval for detection classification
  I also uninstalled WSUS from an old database server on our domain thinking that may have been a problem (used to be DC, but that was two DC's ago).
  I have not fully rebooted the server since the KB945985 script or the uninstallation of WSUS from the old old demoted DC, but I have restarted the SBS Console, SBS Manager service, and the Update Services service on the SBS 2011 server.
  -Linksep

  The error is the title of the thread.
  We have Server1, Server2, Server3.
  Server1 is 2003 Standard. It used to be the DC many years ago but it was demoted now it sits idle as a VM on Server2. (Server1 holds an old database/program that gets accessed a couple times a year). I removed WSUS from this server. Something that never
  got done when it was demoted from DC...
  Server2 is 2008 Standard. It is a BDC and holds a database that gets used frequently, but only by maybe 3 users. Does not have WSUS installed.
  Server3 is SBS 2011 Standard. This was a migration from server2, and I believe a bad one at that. Migration was before I started working here. Sharepoint isn't used, but everything else is. This is the server with the broken WSUS.
  Yes, 945985 is for 2003, but I found 945985 as a solution to someone's problem with SBS 2008 so even though I thought it was a longshot I still did it because desperate times call for desperate measures.
  I printed out the directions and checked off each step with a pen as I performed it. I don't think I missed any steps. (Not to say it's IMPOSSIBLE, but it is highly unlikely.)
  -Linksep

• WSUS on a new server

  I have a WSUS server running Server 2003 SP2 on a 64 bit bit with SQL 2005. It needs to be replaced. I am not sure if starting over is the best idea or migrating. The WSUS has not been updating properly for a about a year. I was thinking about starting
  over and sending the GPO to the new server. What is the best plan?

  I have a WSUS server running Server 2003 SP2 on a 64 bit bit with SQL 2005. It needs to be replaced. I am not sure if starting over is the best idea or migrating. The WSUS has not been updating properly for a about a year. I was thinking about starting
  over and sending the GPO to the new server. What is the best plan?
  If it doesn't currently work correctly, there seem to be little point in try to migrate it. Almost certainly you'll end up with a broken migration. But of course, this depends on why it's broken.
  First you state that "the WSUS has not been updating properly"... so we need to break this down. Are you saying that the WSUS server has not been patched in the past year?... or are you saying that client systems have not been getting patches from the WSUS
  server? This distinction, no doubt, may be important downstream, but I'll start with this question:
  Have you installed KB2720211 or KB2734608 on this WSUS server yet?
  Second question, as regards "starting over"... would it be your intent to rebuild a WSUS v3 server on this Windows Server 2003 SP2 system or deploy a new instance of WSUS on a newer operating system -- keeping in mind, of course, that support for Windows
  Server 2003 expires in about a year. This has a lot to do with whether migration is even an option for you.
  Finally.... the last part of your statement "....and sending the GPO to the new server". What
  exactly do you mean by that statement?
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.