Tag Archives: Software Updates

ConfigMgr CB 1610 Software updates dashboard

One of the nice new enhancements that came with the recently released 1610 update for ConfigMgr current branch is the Software Updates Dashboard. This dashboard is available in the Monitoring > Overview > Security section in the ConfigMgr console

If you haven’t installed update 1610 yet, here is what the dashboard looks like:

sudashboard01

WUAHandler.log – Scan failed with error = 0x80244019

In an SCCM Current Branch 1602 environment with a Server 2008 R2 Software Update Point (have not upgraded to Server 2012 R2 yet), in a different site I had about 120 clients at a specific site that were not successfully scanning for updates.

I usually run the built in report “Last scan states by collection” to make sure the clients are scanning for software updates without issues.

When checking WUAHandler.log on the client I saw the errors

OnSearchComplete – Failed to end search job. Error = 0x80244019.
Scan failed with error = 0x80244019.

0x80244019

If you look up the error 0x80244019 it means “Same as HTTP status 404 – the server cannot find the requested URI (Uniform Resource Identifier).”

One thing to check is that you can actually get to the WSUS server in an Internet browser by going to http://wsusserver.domain.com:8530/SimpleAuthWebService/SimpleAuth.asmx and making sure it is reachable. If it is reachable it should take you to a page saying:

0x802440192

In my issue it was the proxy between the SUP and my client. My client was trying to go through a proxy instead of bypassing it, then it was getting the 404 error from the WSUS.  There is also a good post on the Technet forums where people have had a bypass list which was lowercase, but in SCCM their SUP was in uppercase which caused the exact error. The post can be found here

In my site we are using a WinINET proxy script which sets the proxy for the Internet , and we also set the WinHTTP proxy. Our WinINET proxy had a bypass list for the WSUS server but our WinHTTP proxy did not for this specific site.

From Microsoft: https://support.microsoft.com/en-au/kb/900935

The Automatic Updates service does not have access to the user-specific proxy server settings that may be configured in Internet Explorer. WinHTTP has been employed, instead of WinInet in Internet Explorer, as the Automatic Updates service affects system wide level configuration and should require administrator level control

To view the current WinHTTP proxy and bypass list, load up cmd prompt and run:

netsh winhttp show proxy

To add the bypass list to your WinHTTP proxy, you can either set it manually through command prompt, or through group policy.

netsh winhttp set proxy proxy-server=”proxyserver.com:port” bypass-list=”*.domain.com;<local>”

The example above added a bypass list for a server <servername>.domain.com

Note: After setting the proxy through cmd using netsh winhttp or group policy, you must restart your computer before you do the next Software Update scan

After restarting the computer for the proxy settings to take affect and doing another Software Update evaluation scan on the client, the WUAHandler “Successfully completed scan.” on the clients.

 

 

 

Software updates not synchronizing – Sync failed: WSUS update source not found on site

I installed a trial of Configuration Manager 2016 Technical Preview 4 and set up and configured the Software Update point. I wasn’t able to synchronize any updates.

I checked wsyncmgr.log and saw Sync failed: WSUS update source not found on site
wsussource1

The workaround was to configure the Software Update Point and disable/remove all Classifications and Products and then to schedule another sync.

wsussource2
wsussource3
wsussource4

After this, I scheduled another sync, and the sync completed.

wsussource5

I then went back and re-configued the Software Update Point for the Classifications and Products I wanted, then scheduled another sync and it worked fine.

wsussource6

Software Update Compliance Issues – SCCM 2012

I had quite a few servers that were reporting incorrect compliance for Software Updates to our SCCM 2012 server. After doing Software Updates Scan Cycle on the client, the WUAHandler.log would always say successful. When doing a Software Updates Deployment Evaluation Cycle the log UpdatesDeployment.log said:

EnumerateUpdates for action (UpdateActionInstall) – Total actionable updates = 0

So if there were no updates available to be installed, why were my Software Update compliance reports showing the client as non-compliant and the Deployments in the Monitoring node in the console saying the client In Progress for a Software Update group deployment?

This blog post saved me http://blogs.technet.com/b/scotts-it-blog/archive/2015/02/23/refreshing-state-messages-in-system-center-configuration-manager-2012.aspx

This PowerShell script in the blog above forced my client to re-send its compliance to the SCCM 2012 server:

$SCCMUpdatesStore = New-Object -ComObject Microsoft.CCM.UpdatesStore
$SCCMUpdatesStore.RefreshServerComplianceState()

Then when checking UpdatesStore.log on the client:
Successfully raised Resync state message.
Resend status completed successfully.

I then checked the SCCM 2012 console in 15 minutes and the Deployments section in the Monitoring node showed the client as Successful instead of In Progress, and the SCCM 2012 update compliance reports showed the client as Compliant.

OnSearchComplete – Failed to end search job. Error = 0x80244019. Scan failed with error = 0x80244019.

Another day another scan issue on a Windows Server 2008 R2 with SCCM 2012 client installed.

When checking report of which clients had scan issues, I investigated a particular client which had the following error in WUAHandler.log “OnSearchComplete – Failed to end search job. Error = 0x80244019. Scan failed with error = 0x80244019.”

To get more information, I looked into C:\Windows\WindowsUpdate.log and found:

WARNING: GetAuthorizationCookie failure, error = 0x80244019, soap client error = 10, soap error code = 0, HTTP status code = 404
WARNING: Failed to initialize Simple Targeting Cookie: 0x80244019
WARNING: PopulateAuthCookies failed: 0x80244019
WARNING: RefreshCookie failed: 0x80244019
WARNING: RefreshPTState failed: 0x80244019
WARNING: PTError: 0x80244019
WARNING: Reporter failed to upload events with hr = 80244019.

Is this instance, it was a proxy issue. To view the proxy set from CMD:

netsh winhttp show proxy

My particular server did not need to use a proxy so I reset it by:

netsh winhttp reset proxy

However in some cases, some users have had to add a bypass-list using the <local> parameter for their WSUS server so the proxy is bypassed for the WSUS server. A reboot is needed after this. For more information read “set proxy” https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx#BKMK_5

Failed to run BeginSearch() on WUAgent. Error = 0x80070422

In an SCCM 2012 environment I was running through some reporting on which clients reported back scan errors so I could fully patch all servers. Upon checking the servers which failed to report software update compliance, I checked the C:\Windows\CCM\WUAHandler.log and saw the error “Failed to run BeginSearch() on WUAgent. Error = 0x80070422”

0x80070422

In my case, this was an easy fix. If you check services.msc you will see that the Windows Update service (or Automatic Updates service depending which version of Windows Server you are running) was stopped or disabled.

After starting this service and running a Software Updates Scan Cycle again, the WUAHandler.log reported that the cycle worked fine.

0x80070422_2

Wsyncmgr.log – Sync failed: The request failed with HTTP status 503: – SCCM 2012

I was told by a client that they were having issues synchronizing software updates using SCCM 2012.

The first thing I checked was the Wsyncmgr.log to find out what was going on. The Wsyncmgr.log showed “Sync failed: The request failed with HTTP status 503: Service Unavailable. Source: Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer”

On the SCCM 2012 server running the SUP role, I opened up IIS Manager, looked at the Application Pools and noticed that the WsusPool was set to “Stopped“. I started it again and thought it was fixed, but the client advised me that it had crashed again shortly later.

iisapp2

I checked Task Manager on the server and noticed that IIS Worker Process was using 1864.1MB of memory.

iisapp5

I then right clicked on the WsusPool back in IIS Manager, then Advanced Settings, and noticed that the memory limit was set to a lower ammount.

iisapp4

I increased this limit to 4GB to be safe, restarted the WsusPool and then the SUP was able to syncrhonize fine. The Wsyncmgr.log looked good and the problem never came back for the client.