Professional Documents
Culture Documents
uk
Windows Server Update Services (WSUS) Not Working After May 2016 Windows Update
Problem
A previously working WSUS system stops working
Client PCs connecting to the WSUS system are unable to find any updates
An SCCM system connecting to WSUS doesn't find any updates
The WSUS console may fail to open reliably
WSUS may not complete Update Point Synchronisations
WSUS may report login issues for the SUSDB database in the Windows Application log - "Login failed for user 'NT AUTHORITY\NETWORK
SERVICE'. Reason: Failed to open the explicitly specified database 'SUSDB'. [Client: <named pipe>] - Event ID 18456.
Example:
Products
WSUS on Windows Server 2012 / Windows Server 2012 R2 with the May 2016 security update installed, KB3159706, or the previous
update KB3148812.
Cause
Microsoft Update 3159706 needs additional steps performed after installation. When KB3159706 has been installed on a WSUS server, it can
cause WSUS to fail as the above.
Solution
Carry out the steps indicated in the Microsoft KB article, and then an additional step for configuring the memory limit on the WSUS Application pool.
Microsoft KB Steps Overview:
Run the Postinstall Servicing command from the Update Services Tools directory, i.e. "C:\Program Files\Update
Services\Tools\wsusutil.exe" postinstall /servicing
In the Add Roles and Features Wizard, add HTTP Activation under Features > .NET Framework 4.5 Features > WCF Services
Take ownership of the web.config file in C:\Program Files\Update Services\WebServices\ClientWebService (so that you can give yourself
permissions to edit the file next)
Grant yourself/Domain Admins Full Control permissions of the web.config file
Search for the following lines in the file:
<services>
<service
name="Microsoft.UpdateServices.Internal.Client"
behaviorConfiguration="ClientWebServiceBehaviour">
Add the following new lines:
<!--
These 4 endpoint bindings are required for supporting both http and https
-->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="SSL"
contract="Microsoft.UpdateServices.Internal.IClientWebService" />
<endpoint address="secured"
binding="basicHttpBinding"
bindingConfiguration="SSL"
contract="Microsoft.UpdateServices.Internal.IClientWebService" />
The section of the file should now look like this:
Note: You may still encounter a problem after the above steps with the Wsus Content folder. If you get a Windows Update error 80244017, ensure that
<servername>\Users are given Read Permissions on the Content folder, usually c:\wsus\wsuscontent or d:\wsus\wsuscontent
Finally, also ensure that NETWORK SERVICE has Full Control permissions on the same folder.
2. If you are using SCCM and WSUS together, check the Software Update point Synchronisations in SCCM.
Open the "Software Update Point Synchronization Status" under Monitoring, and check that it succeeds.
3. Run Windows Update on a client PC that is configured to get its updates from the WSUS server, and check that the process completes
successfully.
4. If you are still having problems, try opening http://fully.qualified.wsusserver.hostname:8530/selfupdate/wuident.cab from a client PC and make sure
you can download the CAB file. If you can't check to see if you need a proxy exception to bypass the proxy for the WSUS server.
Applies to: