Server 2019: WSUS Not Working

Robert Talks 11

Hi, I have had constant issues with WSUS on our Windows Server 2019 Standard 1809.
The server has a Intel Exeon E-2224 CPU @ 3.40GHz with 32GB of RAM. The partition for WSUS is 10.3TB with 10.2TB free, the WSUS folder has a current size of 66.8GB.

I have found many resources online that suggest tweaking the advanced settings in the Application Pool for WSUS in IIS, but nothing has helped.

Please see below examples of the problem...

As you can see, there are now a considerable amount of pending updates due to this problem. In this example, I have selected 3164 security updates are waiting to be approved. I have selected the blue approved button.

Once I click the approve button, I see the following screen with a loading mouse wheel for almost 5 minutes:

After around five minutes, I get the usual connection error screen:

If I click on Copy Error to Clipboard, this is the error:

Blockquote>

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The operation has timed out  
  
Source  
System.Web.Services  
  
Stack Trace:  
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)  
   at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)  
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)  
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, Int32 publicationState)  
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, ExtendedPublicationState publicationState)  
   at Microsoft.UpdateServices.Internal.BaseApi.Update.SearchUpdates(UpdateScope searchScope, ExtendedPublicationState publicationState, UpdateServer updateServer)  
   at Microsoft.UpdateServices.UI.AdminApiAccess.UpdateManager.GetUpdates(ExtendedUpdateScope filter)  
   at Microsoft.UpdateServices.UI.AdminApiAccess.BulkUpdatePropertiesCache.GetAndCacheUpdates(ExtendedUpdateScope updateScope, ComputerTargetScope computerTargetScope)  
   at Microsoft.UpdateServices.UI.SnapIn.Pages.UpdatesListPage.GetListRows()

If I visit IIS and look at the advanced settings for WsusPool within Application Pools, this is what settings are configured:

I have tried restarting IIS services, tweaking the advanced settings as per many other forum posts, but I get the same result every time. It does not make a difference if I try and carefully browse to WSUS>Updates>Critical or Security Updates, I get the same error again.

Can someone please tell me why this product is not working. We invest a considerable amount in Microsoft Software and this should not be failing.

3 answers

Rita Hu -MSFT 9,626 Reputation points

2022-03-11T02:11:40.85+00:00

@Robert Talks
Thanks for your posting on Q&A.

It seems that you have synced too many updates. According to the Official Document, In an environment that has around 17,000 updates cached, more than 24 GB of memory may be needed as the cache is built until it stabilizes (at around 14 GB). But there are only 32GB RAM in your environment.

Also please try to configure the Application Pool in the IIS as the below screenshots.

Also please try to cleanup the superseded updates. Here is PowerShell script for your reference:
https://learn.microsoft.com/en-GB/troubleshoot/mem/configmgr/decline-superseded-updates

Best regards,
Rita

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
Robert Talks 11 Reputation points

2022-03-15T11:09:04.177+00:00

Thank you @Rita Hu -MSFT for your reply.
I have followed through your post and made the necessary changes.
I also tried to use the PowerShell script you provided a link to but it is not running as per the below.

It would seem that the server is not running SSH from the results. Whilst it connects when doing a test run against WSUS Server without SSL, it fails to get updates with a time out error.

I notice that the WSUS Update Services Management Console also shows the same Error: Connection Error message it was showing in my original post at the start of this thread so the tweaks you suggested in IIS do not seem to have made a change. If I click 'reset server node' it tends to bring WSUS back up, but as soon as I run the PowerShell script, I get the Error: Connection Error message again and the PowerShell script returns the failed to get updates time out error message.

I have tried to re-start the IIS services, but this does not help.
I am running this PowerShell script on the WSUS server its self.

Is there anything else I can do to successfully get this to run and clear the updates?

Many thanks for your help.
Please sign in to rate this answer.
Rita Hu -MSFT 9,626 Reputation points

2022-03-22T08:29:46.217+00:00

@Robert Talks
May I know the status of the case right now? You have enabled the SSL. Am I right? Could you connect to the database by SSMS?

Please try to follow the below link to maintain the WSUS first and then confirm whether the issue will be resolved.
https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/wsus-maintenance-guide#help-my-wsus-has-been-running-for-years-without-ever-having-maintenance-done-and-the-cleanup-wizard-keeps-timing-out

Best regards,
Rita

Robert Talks 11 Reputation points

2022-03-22T11:00:17.647+00:00

Rita,
Thank you for your post. Unfortunately, I have experienced further issues.
When I open SSMS on the server in question, I am unable to locate the WSUS database.
This is what I am seeing....

As you can see, the only DB engine identified is that of Backup Exec. There does not seem to be a WSUS database, yet WSUS is installed on this system.

Can you advise what I could do next?
Many Thanks
Rob

Rita Hu -MSFT 9,626 Reputation points

2022-03-23T06:10:05.877+00:00

Hello Rob,

Thanks for your response.

What is the type of your WSUS database? WID or SQL server? To connect to the WID database in SSMS, we could open SSMS as an administrator and print the Server name as

\\.\pipe\MICROSOFT##WID\tsql\query

Reference screenshot:

Best regards,
Rita

Robert Talks 11 Reputation points

2022-03-28T11:47:08.333+00:00

Thank you Rita for taking the time to post.
I have taken a look at the following registry and it would seem to me it is using WID:

So, I followed through with your helpful advice and tried to connect using the following username and all other options configured as per your screenshot:

\\.\pipe\MICROSOFT##WID\tsql\query

This is the result I got:

I was able to click on 'Details' to get further info. This is what it said:

Do you have any idea on what steps I could take next?

Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-03-29T09:02:10.823+00:00

Hello Robert,

Have you open the SSMS as an administrator? If not, please try to open the SSMS as an administrator and connect to the WID databsae.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-03-29T13:04:50.873+00:00

Thank you Rita, that has done the job, I am in...

What do you recommend I do next?

Regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-03-30T06:18:07.17+00:00

Hello Robert,

We could connect to the database by SSMS. It seems that there are nothing wrong with the database. Please try to Reset Windows MMC snap-in. Navigate to the following location in the WSUS server and delete the wsus file as the below screenshot:
C:\Users\USERNAME\AppData\Roaming\Microsoft\MMC

Then we could open the WSUS console and confirm whether it is helpful.

Because there are so many updates on the WSUS console, it is recommended to decline all the superseded updates and clean them up. Or the WSUS console will crush after we connect to the database to retrieve specified data. It is also a good idea to run the SQL server database to replace the WID database.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-03-31T10:58:08.66+00:00

Rita,
Thanks for your post.
I reset the MMC snap-in as per your suggestion. I then re-opened WSUS and went to WSUS Server Cleanup Wizard.
I left all defaults ticked which were:

Unused updates & update revisions

Computers not contacting the server

Unneeded updated files

Expired updates

Superseded updates

The wizard began to run however, shortly after, I got the following Database Error:

I have attached the full error details to this post. 188713-dberror.txt

I closed WSUS and re-opened. I did the same steps but this time, in the Cleanup Wizard, I selected just superseded updates.
I very quickly got the following screen:

If I exit the wizard or select Reset Server Note and go to Updates, I see the following:

Do you have any ideas how best I can proceed next? You mention maybe using SQL instead, how would we do this?

Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-04-01T05:34:06.06+00:00

You mention maybe using SQL instead, how would we do this?

Please follow the below Official Guilde to migrate the WSUS Database from WID to SQL.
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/wid-to-sql-migration

Best regards,
Rita

Robert Talks 11 Reputation points

2022-04-01T12:39:42.567+00:00

Thank you Rita,
I will work through this next week and let you know the status of the issue.

Many thanks for your continued help with this.
Have a good weekend,

Robert

Robert Talks 11 Reputation points

2022-04-05T14:12:57.637+00:00

Thanks for your help Rita.
I followed through the guide, I was able to find the two SUSDB files, however, I was unable to copy...

When I browse for the SQL instance folder, it is not there....

If I browse to Microsoft SQL folder, this is what I see inside:

If I go back out and browse into Microsoft SQL Server Management Studio 18 folder, this is what I see:

If I switch from Program Files x86 to Program Files, I see again, Microsoft SQL Server folder, however, again, this is what is inside:

None of this is matching with the guide as the guide is saying:
For example, if your SQL Instance Folder is C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL, and the WID Data folder is C:\Windows\WID\Data, copy the SUSDB files from C:\Windows\WID\Data to C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data

If I re-open SQL Server Management Studio, this is my view:

Do you have any ideas what I can do next to move forward?

Regards
Robert
Sign in to comment
Rita Hu -MSFT 9,626 Reputation points

2022-04-06T07:36:55.833+00:00
Hello Robert,

Please follow the below steps and confirm whether it is helpful.

Try to connect to the WID database
Open the SSMS as an administrator and print the Server Name: \\.\pipe\MICROSOFT##WID\tsql\query. Then we could connect to the database.

Try to attach the WID database again
Reference screenshot:

Back up the database
Reference screenshot:

Run the wsusutil.exe postinstall command on the WSUS server
Open the CMD as an administrator and navigate to the wsusutil.exe tool(Location: C:\Program Files\Update Services\Tools) Then we should run the command to finish the postinstall, like： wsusutil.exe postinstall SQL_INSTANCE_NAME=SQLSRV CONTENT_DIR=C:\WSUS

Reference screenshot:

5. Open the SSMS on the SQL Server and run the following command on the New Query to restore the database to the backup:

RESTORE DATABASE SUSDB FROM DISK = 'C:\backup\susdb.bak' WITH REPLACE

Hope the above will be helpful.

Best regards,
Rita

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.
Robert Talks 11 Reputation points

2022-04-06T10:23:54.483+00:00

Rita,
Thanks for this, I followed all the way through with no problems until I got to the last part with the New Query to restore the db to the backup.
I entered in the following:

RESTORE DATABASE SUSDB FROM DISK = 'D:\WIDBackupAPRIL22\widbackupapril22.bak' WITH REPLACE

This is the location to the backup of the database I took in step 3.
When I run the above New Query, I got the following error:

Msg 3102, Level 16, State 1, Line 1 RESTORE cannot process database 'SUSDB' because it is in use by this session. It is recommended that the master database be used when performing this operation. Msg 3013, Level 16, State 1, Line 1 RESTORE DATABASE is terminating abnormally. Completion time: 2022-04-06T11:18:50.4618379+01:00

To get around this, I closed the New Query window and selected another DB which was not the one I had wanted to restore.
But now, I get this error:

Msg 3101, Level 16, State 1, Line 1 Exclusive access could not be obtained because the database is in use. Msg 3013, Level 16, State 1, Line 1 RESTORE DATABASE is terminating abnormally. Completion time: 2022-04-06T11:22:45.7643758+01:00

Do you have any ideas on how I can get around this?
Regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-04-07T01:22:11.83+00:00

Hello Robert,

Please try to offline the database and run the commands to restore the DB to the backup.
Reference screenshot:

Don't forget to bring the DB online after following the above steps.

Hope the above will be helpful. Don't forget to feedback the result if there are any updates of the case.

Have a great day.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-04-07T08:17:33.947+00:00

Rita,
Thank you for your helpful response, I did this and it is currently "Executing query" and has been doing this for a while so it looks like this is working,

Oh, as I type, it has just completed. The backup is done. What are the next steps?

Regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-04-07T09:16:24.013+00:00

Please help to confirm whether you have ran the below commands and restored the DB to the backup.
RESTORE DATABASE SUSDB
FROM DISK = 'C:\backup\susdb.bak'
WITH REPLACE

Then we have to bring the DB online.

Then please try to open the WSUS console and connect to the DB. Last please check whether the issue has been resolved.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-04-07T09:17:51.46+00:00

Hello Rita, yes that is what I have done, however, when I restored the DB, still, the same problem as before.

Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-04-07T09:39:42.717+00:00

Hi Robert,

You have run the wsusutil.exe postinstall SQL_INSTANCE_NAME=SQLSRV CONTENT_DIR=C:\WSUS command on the WSUS Server before. Am I right?

Please connect to the SQL_INSTANCE and offline the database. Note that don't connect to the Server name: \\.\pipe\MICROSOFT##WID\tsql\query

Then please try to restore the database to backup.

Last we could try to bring the DB online.

I suspect that there are must something wrong. But I'm not sure what is it. Please try to follow the above steps one more time.

Where is the SQL Server installed? On the WSUS Server or the other Windows Server?

I'm so sorry about this.

Thanks for your understanding and cooperation.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-04-07T09:48:39.26+00:00

Thank you Rita,
Yes I have already run: wsusutil.exe postinstall SQL_INSTANCE_NAME=SQLSRV CONTENT_DIR=C:\WSUS

From step one of your instructions,
If I try this and take out the server name, the connect button then disappears so I am unable to connect.
If I visit the drop down for server name, the two options listed are:
\.\pipe\MICROSOFT##WID\tsql\query
and
FTY-SR-003\BKUPEXEC - this is for our Backup Exec software.

How should I proceed?

Robert

Robert Talks 11 Reputation points

2022-04-13T14:14:49.89+00:00

Hello Rita,
Did you get a chance to see my above reply?

Rita Hu -MSFT 9,626 Reputation points

2022-04-14T00:29:50.97+00:00

Hello Robert,

Sorry for the late reply. It should be work normally. I don't know what's wrong now. The better way is try to remove the WSUS role and reinstall a new one. Please refer to the below steps to remove the WSUS role:
To remove WSUS completely, you need to:

Remove the following server roles and features through Server Manager:
Roles: Windows Server Update Server
features: Windows Server Update Services Tools(at Remote Server Administration Tools -> Role Administration Tools)

After the server is restarted, manually delete the folder or file of the following path:
C:\WSUS (this depends on where you choose to install WSUS)
C:\Program Files\Update Services

Delete database files
If you use SQL Server Management Studio to delete a database, you can try as follow.
In Object Explorer, connect to an instance of the SQL Server Database Engine, and then expand that instance. Expand Databases, right-click the database to delete, and then click Delete. Confirm the correct database is selected, and then click OK.
If you use a WID database, it is recommended to delete the following path folders:
C:\Windows\WID

In the IIS Information Services (IIS) Manager, manually remove the WSUS Administration site. Then restart the server.

Last, we could refer to the below link to reinstall the WSUS. Note that we could repoint the devices to the new WSUS Server.
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy...

Best regards,
Rita

Robert Talks 11 Reputation points

2022-05-04T10:29:15.313+00:00

Rita,
Many thanks for this info.
Before I start, I noticed that the link you put in for reinstalling WSUS does not seem to be loading. Are you able to provide an up to date link and then I will start the process of removing WSUS, clearing all database files and folders and then reinstalling.

Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-05-05T01:27:41.043+00:00

Hello Robert,

I'm sorry. I actually didn't find the link I provided invalid. Please refer to the below link to deploy a new WSUS environment:
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services

Note that please follow the above steps one by one to remove the WSUS completely before reinstall a new one.

Have a great day.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-05-05T07:29:01.037+00:00

Thank you Rita.
That all makes perfect sense. I have gone though your steps and got to step 3.

When I open Microsoft SQL Server Management Studio 2018 as an administrator, this is what I see under Databases:

Is SUSDB the one that needs to be deleted? I note it says "SUSDB (Recovery Pending)".

Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-05-06T01:24:25.533+00:00

Yes, we sould delete it not only in the SSMS but also the SUSDB Data files(like SUSDB.mdf and SUSDB_log.ldf).

Best regards,
Rita

Robert Talks 11 Reputation points

2022-05-18T11:02:34.893+00:00

Rita, thank you for your help on this. I have totally removed WSUS and all corresponding folders including WID which refused to delete but with the help of ProcessExplorer, I identified the open DLLs and managed to kill the processes linked to these which enabled me to delete the C:\Windows\WID folder.

I am now following the guide to install WSUS and I note that on the Role Services Page, it shows a SQL Server Connectivity Role Service.
If I click this, it shows me the below error.

If I reverse back two septs to the Select Features Screen, I can see the WID is pre-ticked but with a grey tick so I am unable to untick this.
Ordinarily, I would not have ticked SQL Server Connectivity Role Service but I remember you saying at some point, it is better to use SQL than WID. Can you advise what would be the best method here? If I leave SQL Server Connectivity Role Service un-ticked, I am sure the installer will complete with no issues, but wanted to just check what you thought was best so we can get a good install that will not go wrong in the future?

Thank you for your help with this,
Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-05-19T01:48:47.027+00:00

Hello Robert,

If you want to use the SQL Server database, the WID isn't required. But it will be ticked by default. So it is recommended to save it as usual.

If I click this, it shows me the below error.

As this error warning indicates, these two features cannot be installed at the same time. Untick the WID Connectivity and then tick the SQL Server Connectivity one. Then we will be guide to create the SUSDB instance into the specified database. If you tick the SQL Server Connectivity, then you will be guide to insatll the SUSDB instance into the SQL Server database.

Hope the above will be clearfy.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-05-20T13:10:09.943+00:00

Rita,
Thanks very much. I have proceeded through but have hit yet more problems.

Installer asks for Machine name\Instance name
I insert fty-sr-003\SQLEXPRESS this is the local server I am on plus the instance name.
I get the following error:

If I open SQL Server Management Studio with administrator and log in, I now get the following error:

If I view services on this local server, I can only see the following SQL service instances. The 'BKUPEXEC' ones are for the Veritas Backup Exec. It seems like the SQL Instance 'SQLEXPRESS' is now gone. Could this be from when I deleted the WID folder as part of the WSUS removal?

I am not sure how I can proceed here?

Regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-05-24T01:26:05.05+00:00

Hello Robert,

Please try to enter the Machine name and do not include the instance name. Then we could try to connect to the Server Server to create a new SUSDB instance.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-05-24T15:12:38.84+00:00

Rita,
Thanks for your post. I was not sure if you meant on Server Manager Add New Role or SQL Management Studio, so I tried this on both but I got the following errors:

Regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-05-25T02:40:19.527+00:00

Hello Robert,

Please help to confirm whether the SQL Service is running normally:

Have you changed the default instance name when you built the SQL Server? As far as I know, the default instance is MSSQLSERVER. It is a remote SQL Server which isn't installed in the remote WSUS Server. Am I right?

We could open the SQL Server Configuration Manager to confirm the instance name:

Best regards,
Rita

Robert Talks 11 Reputation points

2022-05-25T10:00:02.757+00:00

Rita,
Thanks for your post.
This is what SQL Service is looking like....

I note that Backup Exec SQL Server Agent is in a stopped state but I also note there is no sign of an MSSQLSERVER name in the list.
I have never changed the default instance name when the SQL server was built and this is the local SQL server we are trying to install WSUS to.

Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-05-26T02:06:21.78+00:00

Hello Robert,

It seems that the SQL Sever isn't running normally. Please try to cooperate with DBA in your company and check why the SQL Server Agent stopped and what is the BKUPEXEC. As far as I know, the default instance name is MSSQLSERVER.

I'm not a expert in DB. I'm sorry about this.

Thanks for your understanding and cooperation.

Best regards,

Rita

Robert Talks 11 Reputation points

2022-05-31T17:33:28.11+00:00

Rita,
Thanks for the post. We have had the instance re-created. It is added now and WSUS is all installed. I have run through the setup and I am waiting for the first synchronization.
As the root cause of this issue was too many updates on the WSUS server, how best can we clear un-needed updates and superseded updates? Is it a case of manually running the WSUS Server Clean-up Wizard each month?

Kind regards
Robert

Rita Hu -MSFT 9,626 Reputation points

2022-06-02T05:59:05.683+00:00

Hello Robert,

Please keep in mind that only tick the required Products and Classifications in your environment. And we could follow below link to Decline superseded updates and run maintenance more often:
https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices#decline-superseded-updates-and-run-maintenance

Note that it is not recommended to deploy driver updates through WSUS.

Best regards,
Rita

Robert Talks 11 Reputation points

2022-06-09T08:25:03.56+00:00

Rita,
Thank you very much for your continued help with this.
I did take a look at the link you provided me with, though it seems to talk about Configuration Manager. This is not something we have on our system.
Is there a way we can maintain the DB and decline superseded updates if we don't use Configuration Manager?

Kind regards
Robert
Sign in to comment