Windows Server 2008 R2 上的 WSUS 3.0 SP2。
我构建了一个新框来替换仍在 Server 2003 上的旧 WSUS 框。
所有使用 WSUS 服务器的客户端都找不到更新,也不报告状态。
C:\Windows\WindowsUpdate.log 在其中一个客户端上:
2013-05-09 10:04:48:629 764 494 AU Triggering AU detection through DetectNow API
2013-05-09 10:04:48:629 764 494 AU Triggering Online detection (non-interactive)
2013-05-09 10:04:48:630 764 7b0 AU #############
2013-05-09 10:04:48:630 764 7b0 AU ## START ## AU: Search for updates
2013-05-09 10:04:48:630 764 7b0 AU #########
2013-05-09 10:04:48:630 764 7b0 AU <<## SUBMITTED ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:48:630 764 64c Agent *************
2013-05-09 10:04:48:630 764 64c Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-05-09 10:04:48:630 764 64c Agent *********
2013-05-09 10:04:48:630 764 64c Agent * Online = Yes; Ignore download priority = No
2013-05-09 10:04:48:630 764 64c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-05-09 10:04:48:630 764 64c Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-05-09 10:04:48:630 764 64c Agent * Search Scope = {Machine}
2013-05-09 10:04:48:630 764 64c Setup Checking for agent SelfUpdate
2013-05-09 10:04:48:630 764 64c Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
2013-05-09 10:04:48:630 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-05-09 10:04:48:637 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:897 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2013-05-09 10:04:50:901 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:902 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-05-09 10:04:50:907 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:909 764 64c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab:
2013-05-09 10:04:50:913 764 64c Misc Microsoft signed: Yes
2013-05-09 10:04:50:927 764 64c Setup Determining whether a new setup handler needs to be downloaded
2013-05-09 10:04:50:927 764 64c Setup SelfUpdate handler is not found. It will be downloaded
2013-05-09 10:04:50:928 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:931 764 64c Setup Setup package "WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:931 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:955 764 64c Setup Setup package "WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:955 764 64c Setup Evaluating applicability of setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256"
2013-05-09 10:04:50:990 764 64c Setup Setup package "WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256" is already installed.
2013-05-09 10:04:50:990 764 64c Setup SelfUpdate check completed. SelfUpdate is NOT required.
2013-05-09 10:04:51:205 764 64c PT +++++++++++ PT: Synchronizing server updates +++++++++++
2013-05-09 10:04:51:205 764 64c PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-server.company.local/ClientWebService/client.asmx
2013-05-09 10:04:51:266 764 64c PT WARNING: Cached cookie has expired or new PID is available
2013-05-09 10:04:51:266 764 64c PT Initializing simple targeting cookie, clientId = 9f4df40d-f61e-41d5-9fd2-3cdce1823f45, target group = Servers, DNS name = wsus-server.company.local
2013-05-09 10:04:51:266 764 64c PT Server URL = http://wsus-server.company.local/SimpleAuthWebService/SimpleAuth.asmx
2013-05-09 10:04:51:286 764 64c PT WARNING: GetCookie failure, error = 0x8024400D, soap client error = 7, soap error code = 300, HTTP status code = 200
2013-05-09 10:04:51:286 764 64c PT WARNING: SOAP Fault: 0x00012c
2013-05-09 10:04:51:286 764 64c PT WARNING: faultstring:System.Web.Services.Protocols.SoapException: Fault occurred
at Microsoft.UpdateServices.Internal.SoapUtilities.ThrowException(ErrorCode errorCode, String message, String[] clientIds)
at Microsoft.UpdateServices.Internal.ClientImplementation.GetCookie(AuthorizationCookie[] authCookies, Cookie oldCookie, DateTime lastChange, DateTime currentClientTime, String protocolVersion)
2013-05-09 10:04:51:286 764 64c PT WARNING: ErrorCode:ConfigChanged(2)
2013-05-09 10:04:51:286 764 64c PT WARNING: Message:(null)
2013-05-09 10:04:51:286 764 64c PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetCookie"
2013-05-09 10:04:51:286 764 64c PT WARNING: ID:f50afcf7-2117-495c-9123-9aa4bf683520
2013-05-09 10:04:51:296 764 64c PT WARNING: Cached cookie has expired or new PID is available
2013-05-09 10:04:51:296 764 64c PT Initializing simple targeting cookie, clientId = 9f4df40d-f61e-41d5-9fd2-3cdce1823f45, target group = Servers, DNS name = wsus-server.company.local
2013-05-09 10:04:51:296 764 64c PT Server URL = http://wsus-server.company.local/SimpleAuthWebService/SimpleAuth.asmx
2013-05-09 10:04:55:116 764 64c PT +++++++++++ PT: Synchronizing extended update info +++++++++++
2013-05-09 10:04:55:116 764 64c PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus-server.company.local/ClientWebService/client.asmx
2013-05-09 10:04:55:170 764 64c PT WARNING: GetExtendedUpdateInfo failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200
2013-05-09 10:04:55:170 764 64c PT WARNING: SOAP Fault: 0x000190
2013-05-09 10:04:55:170 764 64c PT WARNING: faultstring:System.Web.Services.Protocols.SoapException: Fault occurred
at Microsoft.UpdateServices.Internal.SoapUtilities.ThrowException(ErrorCode errorCode, Exception e, Int32 eventLogEntryId, String[] clientIds, Boolean logToEventLog)
at Microsoft.UpdateServices.Internal.ClientImplementation.GetExtendedUpdateInfo(Cookie cookie, Int32[] revisionIds, XmlUpdateFragmentType[] fragmentTypes, String[] locales)
2013-05-09 10:04:55:170 764 64c PT WARNING: ErrorCode:InternalServerError(5)
2013-05-09 10:04:55:170 764 64c PT WARNING: Message:(null)
2013-05-09 10:04:55:170 764 64c PT WARNING: Method:"http://www.microsoft.com/SoftwareDistribution/Server/ClientWebService/GetExtendedUpdateInfo"
2013-05-09 10:04:55:170 764 64c PT WARNING: ID:37740867-4b9f-4394-b58b-12aad48d7b97
2013-05-09 10:04:55:170 764 64c PT WARNING: PTError: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: GetExtendedUpdateInfo_WithRecovery: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: Sync of Extended Info: 0x8024400e
2013-05-09 10:04:55:170 764 64c PT WARNING: SyncServerUpdatesInternal failed : 0x8024400e
2013-05-09 10:04:55:171 764 64c Agent * WARNING: Exit code = 0x8024400E
2013-05-09 10:04:55:171 764 64c Agent *********
2013-05-09 10:04:55:171 764 64c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2013-05-09 10:04:55:171 764 64c Agent *************
2013-05-09 10:04:55:171 764 64c Agent WARNING: WU client failed Searching for update with error 0x8024400e
2013-05-09 10:04:55:180 764 bf4 AU >>## RESUMED ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:55:180 764 bf4 AU # WARNING: Search callback failed, result = 0x8024400E
2013-05-09 10:04:55:180 764 bf4 AU # WARNING: Failed to find updates with error code 8024400E
2013-05-09 10:04:55:180 764 bf4 AU #########
2013-05-09 10:04:55:180 764 bf4 AU ## END ## AU: Search for updates [CallId = {E7AC5D1F-612A-4879-9B77-83C692868D11}]
2013-05-09 10:04:55:180 764 bf4 AU #############
2013-05-09 10:04:55:180 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:04:55:180 764 bf4 AU AU setting next detection timeout to 2013-05-09 13:04:55
2013-05-09 10:04:55:181 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:04:55:181 764 bf4 AU Successfully wrote event for AU health state:0
2013-05-09 10:05:00:171 764 64c Report REPORT EVENT: {1C2D6590-41BD-464D-AE18-289CB7D6E254} 2013-05-09 10:04:55:171+0200 1 148 101 {00000000-0000-0000-0000-000000000000} 0 8024400e AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x8024400e.
2013-05-09 10:05:00:191 764 64c Report CWERReporter::HandleEvents - WER report upload completed with status 0x8
2013-05-09 10:05:00:191 764 64c Report WER Report sent: 7.6.7600.256 0x8024400e 00000000-0000-0000-0000-000000000000 Scan 101 Managed
2013-05-09 10:05:00:191 764 64c Report CWERReporter finishing event handling. (00000000)
我发现几个旧的博客和论坛条目将此链接到 Office 2003 SP1 中的故障,修复是拒绝/批准/拒绝该更新,但这并没有为我修复它。
Microsoft WSUS 客户端和服务器诊断工具不在 x64 系统上运行。
以前有人有过运气吗?
更新:我在 C:\Program Files\UpdateServices\LogFiles\SoftwareDistribution.log 中找到这个:
2013-05-13 14:02:46.437 UTC Warning w3wp.6 SoapUtilities.CreateException ThrowException: actor = http://wsus-server.company.local/ClientWebService/client.asmx, ID=4db89865-40da-4520-a126-d196e3db07b6, ErrorCode=ConfigChanged, Message=, Client=d9ce7281-379b-49b8-8944-7f593c32397b
2013-05-13 14:02:50.867 UTC Error w3wp.6 ClientImplementation.GetExtendedUpdateInfo System.ArgumentException: The database does not contain a URL for the file 3F7E7915F44A6133B990A22A87604854C34BDF4E.
如果我搜索“3F7E7915F44A6133B990A22A87604854C34BDF4E”,谷歌完全让我失望,所以我不确定那是什么,但它的数据库条目似乎不完整。与上游 WSUS 同步日志显示没有错误。
更新 2:所以我的上游似乎有些奇怪。我发现如果我安装一个新的 WSUS 实例并从 Microsoft 同步它,一切都运行良好。如果我将其作为现有 WSUS 服务器的下游副本,无论是在配置期间还是之后,它都会中断。更奇怪的是,我的上游本身和另一个现有副本似乎运行良好。看起来好像我只是要在所有 3 个站点中构建新的 WSUS 实例并重新开始,忽略现有的上游。
更新 3:我构建了一个新的 WSUS 上游服务器,开始清理,以免带来原始上游数据库中发生的任何怪异现象。将我的 2 个副本指向我的新上游。这几天一切都很好。5 天前,副本再次停止从客户端获取状态更新。卧槽?!?!
更新 4:我已经就此向 Microsoft 提交了支持请求,希望它能带来一些好处。
更新 5:在 Microsoft 产品支持花了无数小时检查和重新检查我已经检查过的所有相同内容之后,我怀疑我偶然发现了原因。我们的初级系统管理员最近发现了Local Update Publisher并开始使用它来将 Adobe 和 Java 更新推送到工作站。Local Update Publisher 安装的时间与下游客户端上次报告状态的时间完全吻合。我正在浏览产品文档以确定我需要做什么来解决这个问题。
不久前,在 Windows Server 2008 R2 上迁移到 WSUS 3.0 SP2 时,我遇到了类似的问题。经过几个令人沮丧的小时后,我终于用 KB2720211 解决了它。我不确定它为什么起作用,因为它似乎没有直接解决我当时从客户端收到的错误代码 (800b0001),但是在进一步进行诊断之前确保 WSUS 版本已完全修补似乎是合乎逻辑的.
您可以使用http://support.microsoft.com/kb/2720211中的说明
由于我的设置只涉及一个 WSUS 服务器,我只需要在下载补丁后使用网站上的以下说明。
1.设置WSUS。为此,请在命令提示符下键入以下适用于您的系统的命令之一:
WSUS-KB2720211-x64.exe /q C:\MySetup.log
WSUS-KB2720211-x86.exe /q C:\MySetup.log
更新将立即安装,没有任何提示。
2.查看安装日志以验证升级是否成功。为此,请在命令提示符处键入
C:\MySetup.log
。3.确保 IIS 和 WSUS 服务已停止。为此,请在命令提示符下键入以下命令:
iisreset/stop
net stop wsusservice
0x8024400D/SOAP 0x12c 错误几乎总是(最近)客户端具有重复的 SusClientIDs 的表现。有关补救说明,请参阅 Microsoft KB903262。
0x8024400E/SOAP 0x190 错误通常是 WSUS 数据库中错误更新的表现。确保您已拒绝所有过期的更新(通常是“坏的”更新),并拒绝所有被取代/不需要的更新。
所以将近 3 个月后,在 Microsoft PSS 为此花费了数十个小时之后,我终于偶然发现了答案。
事实证明,根本原因是Local Update Publisher的实施不完整。
当您实施 Local Update Publisher 时,您应该将 WSUS SSL 证书作为 Trusted Publisher 和 Trusted Root Certificate Authority 分发给所有 WSUS 客户端。事实证明,实现它的我的同事只将它分发到工作站,而不是服务器。
我不清楚引擎盖下的确切细节,但一旦我将 SSL 证书分发给所有 WSUS 客户端,他们就会开始正常接收更新和报告状态。