Category Archives: Software Updates

Scan failed with error = 0x8007000e

Recently when working on a Windows 7 machine I realized it was not installing Windows Updates deployed from the SUP in SCCM 2012 R2.

When checking WUAHandler.log or UpdatesDeployment.log I kept seeing the error 0x8007000e

0x8007000e

The error 0x8007000e translates to Not enough storage is available to complete this operation.

The fix was to update the Windows Update Agent from https://support.microsoft.com/en-us/kb/3112343

Windows Update Client for Windows 7 and Windows Server 2008 R2: December 2015

Issues that are fixed in this update

  • Assume that you use Software Update agent to apply software updates or determine the software update compliance in System Center Configuration Manager 2007 R2. Windows Update agent scans client computers periodically. In this situation, the scan fails and generates a “Not Required” state for all updates. Additionally, you receive an “8007000E” error message.

After installing this and restating the Windows 7 client machine, I initiated a Software Update Scan cycle from the ConfigMgr agent:

softwareupdatescan

The WUAHandler.log on showed that the agent successfully completed the scan and I was able to install all deployed Windows Updates.

Wsyncmgr.log Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.

On Server 2012 R2  I was unable to synchronize software updates in my ConfigMgr Current Branch environment. Server Manager kept reporting that the WSUS service was stopped. Each time I would restart the service, it would stop again.

When checking the ConfigMgr logs:

Wsyncmgr.log Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync
WCM.log Remote configuration failed on WSUS Server.

I previously had no issues with my SUP. Last change was that it was patched as it was a new environment. Upon more research I had applied patch KB3159706 

To fix this there were some post update tasks to do which I did not do:

Load up cmd prompt:

cd “C:\Program Files\Update Services\Tools\”
“wsusutil.exe postinstall /servicing”

Then open up Server Manager, add roles and features wizard, in the features section under .Net Framework 4.5, then under WCF Services, select to install HTTP Activation

After this I had to restart my ConfigMgr site server which had the WSUS installed and it was fixed (same issue after restarting the WSUS service, I needed to do a full reboot)

Software updates not synchronizing – Sync failed: WSUS update source not found on site

I installed a trial of Configuration Manager 2016 Technical Preview 4 and set up and configured the Software Update point. I wasn’t able to synchronize any updates.

I checked wsyncmgr.log and saw Sync failed: WSUS update source not found on site
wsussource1

The workaround was to configure the Software Update Point and disable/remove all Classifications and Products and then to schedule another sync.

wsussource2
wsussource3
wsussource4

After this, I scheduled another sync, and the sync completed.

wsussource5

I then went back and re-configued the Software Update Point for the Classifications and Products I wanted, then scheduled another sync and it worked fine.

wsussource6

Software Update Compliance Issues – SCCM 2012

I had quite a few servers that were reporting incorrect compliance for Software Updates to our SCCM 2012 server. After doing Software Updates Scan Cycle on the client, the WUAHandler.log would always say successful. When doing a Software Updates Deployment Evaluation Cycle the log UpdatesDeployment.log said:

EnumerateUpdates for action (UpdateActionInstall) – Total actionable updates = 0

So if there were no updates available to be installed, why were my Software Update compliance reports showing the client as non-compliant and the Deployments in the Monitoring node in the console saying the client In Progress for a Software Update group deployment?

This blog post saved me http://blogs.technet.com/b/scotts-it-blog/archive/2015/02/23/refreshing-state-messages-in-system-center-configuration-manager-2012.aspx

This PowerShell script in the blog above forced my client to re-send its compliance to the SCCM 2012 server:

$SCCMUpdatesStore = New-Object -ComObject Microsoft.CCM.UpdatesStore
$SCCMUpdatesStore.RefreshServerComplianceState()

Then when checking UpdatesStore.log on the client:
Successfully raised Resync state message.
Resend status completed successfully.

I then checked the SCCM 2012 console in 15 minutes and the Deployments section in the Monitoring node showed the client as Successful instead of In Progress, and the SCCM 2012 update compliance reports showed the client as Compliant.

OnSearchComplete – Failed to end search job. Error = 0x80244019. Scan failed with error = 0x80244019.

Another day another scan issue on a Windows Server 2008 R2 with SCCM 2012 client installed.

When checking report of which clients had scan issues, I investigated a particular client which had the following error in WUAHandler.log “OnSearchComplete – Failed to end search job. Error = 0x80244019. Scan failed with error = 0x80244019.”

To get more information, I looked into C:\Windows\WindowsUpdate.log and found:

WARNING: GetAuthorizationCookie failure, error = 0x80244019, soap client error = 10, soap error code = 0, HTTP status code = 404
WARNING: Failed to initialize Simple Targeting Cookie: 0x80244019
WARNING: PopulateAuthCookies failed: 0x80244019
WARNING: RefreshCookie failed: 0x80244019
WARNING: RefreshPTState failed: 0x80244019
WARNING: PTError: 0x80244019
WARNING: Reporter failed to upload events with hr = 80244019.

Is this instance, it was a proxy issue. To view the proxy set from CMD:

netsh winhttp show proxy

My particular server did not need to use a proxy so I reset it by:

netsh winhttp reset proxy

However in some cases, some users have had to add a bypass-list using the <local> parameter for their WSUS server so the proxy is bypassed for the WSUS server. A reboot is needed after this. For more information read “set proxy” https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx#BKMK_5

Failed to run BeginSearch() on WUAgent. Error = 0x80070422

In an SCCM 2012 environment I was running through some reporting on which clients reported back scan errors so I could fully patch all servers. Upon checking the servers which failed to report software update compliance, I checked the C:\Windows\CCM\WUAHandler.log and saw the error “Failed to run BeginSearch() on WUAgent. Error = 0x80070422”

0x80070422

In my case, this was an easy fix. If you check services.msc you will see that the Windows Update service (or Automatic Updates service depending which version of Windows Server you are running) was stopped or disabled.

After starting this service and running a Software Updates Scan Cycle again, the WUAHandler.log reported that the cycle worked fine.

0x80070422_2

Wsyncmgr.log – Sync failed: The request failed with HTTP status 503: – SCCM 2012

I was told by a client that they were having issues synchronizing software updates using SCCM 2012.

The first thing I checked was the Wsyncmgr.log to find out what was going on. The Wsyncmgr.log showed “Sync failed: The request failed with HTTP status 503: Service Unavailable. Source: Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer”

On the SCCM 2012 server running the SUP role, I opened up IIS Manager, looked at the Application Pools and noticed that the WsusPool was set to “Stopped“. I started it again and thought it was fixed, but the client advised me that it had crashed again shortly later.

iisapp2

I checked Task Manager on the server and noticed that IIS Worker Process was using 1864.1MB of memory.

iisapp5

I then right clicked on the WsusPool back in IIS Manager, then Advanced Settings, and noticed that the memory limit was set to a lower ammount.

iisapp4

I increased this limit to 4GB to be safe, restarted the WsusPool and then the SUP was able to syncrhonize fine. The Wsyncmgr.log looked good and the problem never came back for the client.

Part 2 – Deploying Software Updates with Maintenance Windows – SCCM 2012

Part 2 of this post I will be creating a Software Update Group for all released Windows 8.1 Updates and deploy them to a Windows 8 client which is a member of a Collection with a Maintenance Window set.

Part 1 can be seen here if you missed it.

Once I create an all updates deployment group for a product, I would normally create the groups on a monthly basis for products. For example Patch Tuesday when Microsoft releases patches. I would create a software update group and deployment package for all Windows 8.1 updates called WIN_8_1_ALL today on June 21st, then create another Win_8_1_15072015 on 15th of July 2015 for the next lot of updates Microsoft releases.

Lets get started. In the Software Library, then Software Updates, then All Software Updates, I have specified the criteria (on far right side) to search for the Product = Windows 8.1 Updates. I will be adding all Windows 8.1 updates to a software update group.

sup16

Once I have created my Windows 8.1 Software Update Group, I will be download them to a Deployment Package. I right clicked on the newly created Software Update Group and clicked Download.

sup17

I have given the deployment package the same name as my software update group to make things easier, and specified the path to where I will download these software updates to.

sup18

I have used the default settings for the rest of the settings. The updates will now download. This will take a while. My all Windows 8.1 updates deployment package was around 5GB.

sup19

Once my Windows 8.1 deployment package has finished downloading, I have created a collection to prepare to deploy my Windows 8.1 updates.

I will be using Maintenance Windows in this example to make sure my Windows 8.1 client installs updates during the times I specified in my Maintenance Window.

After the device collection is created, I right clicked on the collection and went to the Maintenance Windows tab to create a new Maintenance Window.

sup20

I have created my schedule and applied my maintenance window schedule type to Software Updates.

sup21

I did a Machine Policy Retrieval & Evaluation Cycle on my Windows 8.1 and looked at the ServiceWindowManager.log in C:\Windows\CCM\Logs to verify that my client picked up the new Maintenance Windows.

sup27

I have now gone back into the SCCM 2012 console, back to the Software Update Group I created earlier and will now be deploying my Windows 8.1 updates group to the collection I created with the Maintenance Window.

sup22

sup23

I have made my deployment type to Required.

sup24

I have set the available time to 5:35PM and my deadline to 5:36PM. Once my client picks up the policy, the updates won’t install until my Maintenance Window of 6PM has been activated.

sup25

I have left these settings as is. I want my client to restart during the maintenance window.

sup26

I have selected the default settings for the rest and finished the deployment wizard.

On my Windows 8.1 client I have run Software Updates Scan Cycle and Software Updates Deployment Evaluation Cycle

sup28

I looked at the UpdatesDeployment.log on my client in C:\Windows\CCM\Logs and it said that it was waiting for the next maintenance window to start so it could install the updates. Once it hit 6PM which is the time of my maintenance window, the updates started installing.

Once all the updates have been installed on the client and the client has been restarted to apply the updates, I checked the Monitoring node, then deployments, then the Windows 8.1 deployment I created and I can see that my test Windows 8.1 client is now compliant.

sup29

Part 1 – Installing Software Update Point Role – SCCM 2012

This will be a 2 part series. The first part will involve installing the Software Update Point in SCCM 2012 on Windows Server 2012 R2. The Second Part will focus creating a Windows 8.1 Software Update Group and deploying that group to a Windows 8.1 machine using a Maintenance Window.

Lets get started.

Head into Add Roles and Features wizard and select the Windows Server Update Services role and click next

sup1

Select WSUS Services, I have unticked WID Database and have chosen to use my SQL database which is hosting my SCCM 2012 Database.

sup2

Enter a path. I have created a folder on my drive called WSUS and shared it.

sup3

I have entered in the name of the SQL server in my lab (I am using default instance)

sup4

Click install.

sup5

Click Launch Post-Installation tasks

sup6

Once post installation tasks have finished, click on tools then select Windows Server Update Services

sup7

Click Cancel here

sup8

WSUS is now installed. Lets go back into the SCCM 2012 console and add the SUP role.

sup9

Select the Software Update Point

sup10

I have chosen use ports 8530 and 8531 because I am using Windows Server 2012 R2

sup11

I have skipped proxy and account settings. I am syncrhonizing from Microsoft Update.

sup12

Select the schedule you would like to synchronize WSUS.

sup13

I have left the Supercedence rules, Classifications, and Languages as default. I have also selected Windows 8.1 for the Products. You can set these later if you like in the Administration node. Here is a screenshot if you would like to configure any SUP settings later.

SUP13.1

sup14

To check if installation was successful, you can view the SUPSetup.log

You should be able to see metadata in the All Software Updates section. You can also synchronize the updates from here as well.

sup15.1

You can view the synchronizing status by looking at the wsyncmgr.log to see the progress or any errors.

sup15

SCCM Software Updates: 0x800B0004 – The subject is not trusted for the specified action

I noticed some third party updates were not being installed by clients when being deployed as a Software Update from SCCM 2012. SCUP System Center Updates Publisher (SCUP) is being used to push out third party updates to clients.

When checking the compliance for the deployment in the Monitoring node then Deployments, the “Error” tab for the deployment showed “The subject is not trusted for the specified action” with a error code of 0x800B0004.

FlashFailed

0x800B0004 error is related to a certificate issue. In my case, the WSUS SCUP certificate had expired on the client computers which meant they would not install Software Updates published from SCUP. Checking MMC on my machine and adding certificate manager, I took a look at the Trusted Publishers and the certificate was there and expired. Once the certificate was updated and Software Update Deployment evaluation policy was run, my SCCM client started to download the third party updates and install them. This also happened on other client workstations once the new certificate was applied.

For more informationr regarding SCUP (System Center Updates Publisher) certificates, take a look at https://technet.microsoft.com/en-us/library/hh134732.aspx