Windows Server 2008 R2 上的 WSUS 3.0 SP2。
我构建了一个新盒子来替换仍在使用 Server 2003 的旧 WSUS 盒子。
所有使用 WSUS 服务器的客户端都无法找到更新并且无法报告状态。
其中一个客户端上的 C:\Windows\WindowsUpdate.log:
2013-05-09 10:04:48:629 764 494 AU Triggering AU detection through DetectNow API
2013-05-09 10:04:48:629 764 494 AU Triggering Online detection (non-interactive)
2013-05-09 10:04:48:630 764 7b0 AU #############
2013-05-09 10:04:48:630 764 7b0 AU ## START ## AU: Search for updates
2013-05-09 10:04:48:630 764 7b0 AU #########
2013-05-09 10:04:48:630 764 7b0 AU <<## SUBMITTED ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:48:630 764 64c Agent *************
2013-05-09 10:04:48:630 764 64c Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-05-09 10:04:48:630 764 64c Agent *********
2013-05-09 10:04:48:630 764 64c Agent * Online = Yes; Ignore download priority = No
2013-05-09 10:04:48:630 764 64c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-05-09 10:04:48:630 764 64c Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-05-09 10:04:48:630 764 64c Agent * Search Scope = {Machine}
2013-05-09 10:04:48:630 764 64c Setup Checking for agent SelfUpdate
2013-05-09 10:04:48:630 764 64c Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
2013-05-09 10:04:48:630 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-05-09 10:04:48:637 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:897 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-05-09 10:04:50:901 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:902 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-05-09 10:04:50:907 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:909 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-05-09 10:04:50:913 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:927 764 64c Setup Determining whether a new setup handler needs to be downloaded
2013-05-09 10:04:50:927 764 64c Setup SelfUpdate handler is not found. It will be downloaded
2013-05-09 10:04:50:928 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:931 764 64c Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:931 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:955 764 64c Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:955 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:990 764 64c Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:990 764 64c Setup SelfUpdate check completed. SelfUpdate is NOT required.
2013-05-09 10:04:51:205 764 64c PT +++++++++++ PT: Synchronizing server updates +++++++++++
2013-05-09 10:04:51:205 764 64c PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-server.company.local/ClientWebService/client.asmx
2013-05-09 10:04:51:266 764 64c PT WARNING: Cached cookie has expired or new PID is available
2013-05-09 10:04:51:266 764 64c PT Initializing simple targeting cookie, clientId = 9f4df40d-f61e-41d5-9fd2-3cdce1823f45, target group = Servers, DNS name = wsus-server.company.local
2013-05-09 10:04:51:266 764 64c PT Server URL = http://wsus-server.company.local/SimpleAuthWebService/SimpleAuth.asmx
2013-05-09 10:04:51:286 764 64c PT WARNING: GetCookie failure, error = 0x8024400D, soap client error = 7, soap error code = 300, HTTP status code = 200
2013-05-09 10:04:51:286 764 64c PT WARNING: SOAP Fault: 0x00012c
2013-05-09 10:04:51:286 764 64c PT WARNING: faultstring:System.Web.Services.Protocols.SoapException: Fault occurred
at Microsoft.UpdateServices.Internal.SoapUtilities.ThrowException(ErrorCode errorCode, String message, String[] clientIds)
at Microsoft.UpdateServices.Internal.ClientImplementation.GetCookie(AuthorizationCookie[] authCookies, Cookie oldCookie, DateTime lastChange, DateTime currentClientTime, String protocolVersion)
2013-05-09 10:04:51:286 764 64c PT WARNING: ErrorCode:ConfigChanged(2)
2013-05-09 10:04:51:286 764 64c PT WARNING: Message:(null)
2013-05-09 10:04:51:286 764 64c PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2013-05-09 10:04:51:286 764 64c PT WARNING: ID:f50afcf7-2117-495c-9123-9aa4bf683520
2013-05-09 10:04:51:296 764 64c PT WARNING: Cached cookie has expired or new PID is available
2013-05-09 10:04:51:296 764 64c PT Initializing simple targeting cookie, clientId = 9f4df40d-f61e-41d5-9fd2-3cdce1823f45, target group = Servers, DNS name = wsus-server.company.local
2013-05-09 10:04:51:296 764 64c PT Server URL = http://wsus-server.company.local/SimpleAuthWebService/SimpleAuth.asmx
2013-05-09 10:04:55:116 764 64c PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2013-05-09 10:04:55:116 764 64c PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-server.company.local/ClientWebService/client.asmx
2013-05-09 10:04:55:170 764 64c PT WARNING: GetExtendedUpdateInfo failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200
2013-05-09 10:04:55:170 764 64c PT WARNING: SOAP Fault: 0x000190
2013-05-09 10:04:55:170 764 64c PT WARNING: faultstring:System.Web.Services.Protocols.SoapException: Fault occurred
at Microsoft.UpdateServices.Internal.SoapUtilities.ThrowException(ErrorCode errorCode, Exception e, Int32 eventLogEntryId, String[] clientIds, Boolean logToEventLog)
at Microsoft.UpdateServices.Internal.ClientImplementation.GetExtendedUpdateInfo(Cookie cookie, Int32[] revisionIds, XmlUpdateFragmentType[] fragmentTypes, String[] locales)
2013-05-09 10:04:55:170 764 64c PT WARNING: ErrorCode:InternalServerError(5)
2013-05-09 10:04:55:170 764 64c PT WARNING: Message:(null)
2013-05-09 10:04:55:170 764 64c PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetExtendedUpdateInfo"
2013-05-09 10:04:55:170 764 64c PT WARNING: ID:37740867-4b9f-4394-b58b-12aad48d7b97
2013-05-09 10:04:55:170 764 64c PT WARNING: PTError: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: GetExtendedUpdateInfo_WithRecovery: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: Sync of Extended Info: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: SyncServerUpdatesInternal failed : 0x8024400e
2013-05-09 10:04:55:171 764 64c Agent * WARNING: Exit code = 0x8024400E
2013-05-09 10:04:55:171 764 64c Agent *********
2013-05-09 10:04:55:171 764 64c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-05-09 10:04:55:171 764 64c Agent *************
2013-05-09 10:04:55:171 764 64c Agent WARNING: WU client failed Searching for update with error 0x8024400e
2013-05-09 10:04:55:180 764 bf4 AU >>## RESUMED ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:55:180 764 bf4 AU # WARNING: Search callback failed, result = 0x8024400E
2013-05-09 10:04:55:180 764 bf4 AU # WARNING: Failed to find updates with error code 8024400E
2013-05-09 10:04:55:180 764 bf4 AU #########
2013-05-09 10:04:55:180 764 bf4 AU ## END ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:55:180 764 bf4 AU #############
2013-05-09 10:04:55:180 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:04:55:180 764 bf4 AU AU setting next detection timeout to 2013-05-09 13:04:55
2013-05-09 10:04:55:181 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:04:55:181 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:05:00:171 764 64c Report REPORT EVENT: {1C2D6590-41BD-464D-AE18-289CB7D6E254} 2013-05-09 10:04:55:171+0200 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400e AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x8024400e.
2013-05-09 10:05:00:191 764 64c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-05-09 10:05:00:191 764 64c Report WER Report sent: 7.6.7600.256 0x8024400e 00000000-0000-0000-0000-000000000000 Scan 101 Managed
2013-05-09 10:05:00:191 764 64c Report CWERReporter finishing event handling. (00000000)
我发现了一些旧博客和论坛条目,它们将此问题与 Office 2003 SP1 中的故障联系起来,解决方法是拒绝/批准/拒绝该更新,但这并没有为我解决问题。
Microsoft WSUS 客户端和服务器诊断工具不能在 x64 系统上运行。
以前有人成功过这个吗?
更新:我在 C:\Program Files\UpdateServices\LogFiles\SoftwareDistribution.log 中找到了这个:
2013-05-13 14:02:46.437 UTC Warning w3wp.6 SoapUtilities.CreateException ThrowException: actor = http://wsus-server.company.local/ClientWebService/client.asmx, ID=4db89865-40da-4520-a126-d196e3db07b6, ErrorCode=ConfigChanged, Message=, Client=d9ce7281-379b-49b8-8944-7f593c32397b
2013-05-13 14:02:50.867 UTC Error w3wp.6 ClientImplementation.GetExtendedUpdateInfo System.ArgumentException: The database does not contain a URL for the file 3F7E7915F44A6133B990A22A87604854C34BDF4E.
如果我搜索“3F7E7915F44A6133B990A22A87604854C34BDF4E”,Google 会彻底失败,因此我不确定那到底是什么,但似乎它的数据库条目不完整。与上游 WSUS 同步日志未显示任何错误。
更新 2:所以看起来我的上游似乎有些奇怪。我发现,如果我安装一个新的 WSUS 实例并从 Microsoft 同步它,一切都会顺利进行。如果我在配置期间或之后将其作为现有 WSUS 服务器的下游副本,它就会中断。更奇怪的是,我的上游本身和另一个现有副本似乎运行良好。看起来我只需要在所有 3 个站点中构建新的 WSUS 实例并重新开始,忽略现有的上游。
更新 3:我构建了一个新的 WSUS 上游服务器,从头开始,以免带来原始上游数据库中发生的任何异常。将我的 2 个副本指向我的新上游。几天内一切都很好。5 天前,副本再次停止从客户端获取状态更新。WTF?!?!
更新 4:我已经向微软提交了相关支持请求,希望能取得一些成果。
更新 5:在 Microsoft 产品支持人员花费了无数个小时检查并重新检查我已经检查过的所有相同内容之后,我怀疑自己偶然发现了原因。我们的初级系统管理员最近发现本地更新发布者并开始使用它向工作站推送 Adobe 和 Java 更新。Local Update Publisher 的安装时间与下游客户端上次报告状态的时间完全吻合。我正在查看产品文档以确定需要做什么来解决这个问题。
答案1
不久前,我在 Windows Server 2008 R2 上迁移到 WSUS 3.0 SP2 时也遇到了类似的问题。经过几个小时的折腾,我终于用 KB2720211 解决了这个问题。我不知道为什么它有效,因为它似乎并没有直接解决我当时从客户端收到的错误代码 (800b0001),但在进一步诊断之前确保 WSUS 版本已完全修补似乎是合乎逻辑的。
您可以使用以下说明http://support.microsoft.com/kb/2720211
由于我的设置仅涉及一台 WSUS 服务器,因此下载补丁后我只需使用网站上的以下说明即可。
1.设置 WSUS。为此,请在命令提示符下键入以下命令之一(适用于您的系统):
WSUS-KB2720211-x64.exe /q C:\MySetup.log
WSUS-KB2720211-x86.exe /q C:\MySetup.log
更新将立即安装,无需任何提示。
2.查看安装日志以验证升级是否成功。为此,请在命令提示符下键入C:\MySetup.log。
3.确保 IIS 和 WSUS 服务已停止。为此,请在命令提示符下键入以下命令:
iisreset/stop
net stop wsusservice
答案2
0x8024400D/SOAP 0x12c 错误几乎总是(如今)客户端具有重复的 SusClientID 的表现。请参阅 MicrosoftKB903262以获取补救说明。
0x8024400E/SOAP 0x190 错误通常是 WSUS 数据库中存在不良更新的表现。请确保您已拒绝所有过期更新(通常为“不良”更新),并拒绝所有被取代/不需要的更新。
答案3
因此,经过近 3 个月的时间以及在 Microsoft PSS 上花费了数十个小时之后,我终于偶然找到了答案。
事实证明,根本原因是本地更新发布者。
当你实现 Local Update Publisher 时,你应该作为受信任的发布者和受信任的根证书颁发机构将 WSUS SSL 证书分发给所有 WSUS 客户端事实证明,我的同事只将其分发到了工作站,而不是服务器。
我不清楚内部的具体细节,但一旦我将 SSL 证书分发给所有 WSUS 客户端,他们就会开始正常接收更新和报告状态。