question

Malachor-3419 avatar image
0 Votes"
Malachor-3419 asked AJTek-Adam-J-Marshall commented

Reoccuring WSUS Issue - Approvals Reset - All Updates Re-Downloaded

Hello,

This is my first post and I'm hoping someone can help please.

I'm a WSUS Admin that utilises the AJtek WAM Script that is set to run daily (automatic) and monthly (manual). Our WSUS is set up utilising Active Directory and GPO's. This has been working great for some years; until recently, where we have had several instances of every update being re-downloaded again from Microsoft, and consequently all approvals are reset to "unapproved". I don't know if there is a commonality in the monthly script being run, or the fact that management has recently forced WSUS to operate over HTTPS protocol via GPO (change made roughly 3-4 months ago).

This has happened 4 times in about 6 months, and each time I have to manually go through some 8500 updates by hand, re-approving all required feature packs, cumulative updates, critical updates, security updates etc and declining updates no longer needed i.e. old Win 10 version prior to 20H2, language packs (only have English specified in classifications but it downloads every language possible anyway) etc. This requires an enormous amount of administrative overhead - repeatedly, and it's starting to get really frustrating having to repeat this process every single time this issue occurs. If we decline an update, and the WAM script removes it, we don't want to see it again. Similarly, if we approve an update, be it to a test-container or otherwise; we don't want to have to repeat that approval - ever.

So my questions are:

1) Why does this keep happening
2) How can I prevent it happening moving forward

Here's a screenshot of the most recent occurrence:

![122728-image.png][1]

Note the sync error, and then the one above it where every update is imported again.

Any advice very much appreciated

Kind Regards

A suffering WSUS Admin.


windows-server-update-services
image.png (48.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image
0 Votes"
RitaHu-MSFT answered RitaHu-MSFT edited

@Malachor-3419
Thanks for your posting on Q&A.

I totally understand your concern. and we're very sorry for any inconvenience that may caused. To avoid misunderstanding, please help to confirm whether you have added the other products and classifications first. In addition, we should review Update Languages as the below screenshot. Please help to confirm you haven't added the other needless languages.
122937-2.png

Note: please review the software distribution log and change log to collect the related error messages:
122961-3.png

I'm afraid that we haven't the resource to run the AJtek WAM Script to research further. So it will be better if you could get the after-sales support from AJtek.

Thanks for your understanding and cooperation.

Regards,
Rita


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


2.png (21.3 KiB)
3.png (12.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Malachor-3419 avatar image
0 Votes"
Malachor-3419 answered AJTek-Adam-J-Marshall commented

Hi,

I can confirm we only have the English language option enabled for our classifications:

122969-image.png



As for the log files, I cannot upload them as they are both greater than 3.1MB, so I performed a search for keywords "fail" and "error" in both files. There were no entries in the "change.log", but the "SoftwareDistribution.log" contained several, which are:

Entry 1

2021-08-08 01:23:59.897 UTC Info w3wp.68 SusEventDispatcher.TriggerEvent TriggerEvent called for NotificationEventName: DeploymentChange, EventInfo: DeploymentChange
2021-08-08 01:24:00.584 UTC Change WsusService.41 DBConnection.OnReceivingInfoMessage Successfully deployed deployment(Decline) of Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.345.120.0) UpdateID:FA451C14-35B0-4976-8C9E-C2701A3AA47A Revision Number:201
2021-08-08 01:24:00.600 UTC Info WsusService.41 CatalogSyncAgentCore.ImportMultipleUpdates Imported 79/79 updates in 2 iterations; 0 will be retried
2021-08-08 01:24:00.600 UTC Info WsusService.41 CatalogSyncAgentCore.GetUpdateDataInChunksAndImport 0 updates to go
2021-08-08 01:24:00.600 UTC Info WsusService.41 CatalogSyncAgentCore.ExecuteSyncProtocol Total actually inserted updates: 1178
2021-08-08 01:24:00.616 UTC Change WsusService.41 AdminDataAccess.ExecuteSPResumeAllDownloads Downloading retried
2021-08-08 01:24:00.631 UTC Info WsusService.41 CatalogSyncAgentCore.UpdateSyncResultAndGenerateReportingEvent CatalogSyncThreadProcess: report subscription succeeded
2021-08-08 01:24:00.631 UTC Info WsusService.41 EventLogEventReporter.ReportEvent EventId=384,Type=Information,Category=Synchronization,Message=Synchronization completed successfully.
2021-08-08 01:24:00.631 UTC Info WsusService.24 ThreadEntry ThreadHelper.ThreadStart
2021-08-08 01:24:00.631 UTC Info WsusService.24 CatalogSyncAgent.WaitUntilSyncFinishedOrCancelled Agent signalled done.
2021-08-08 01:24:00.631 UTC Info WsusService.24 CatalogSyncAgent.SetSubscriptionStateWithRetry Firing event SyncFinish...
2021-08-08 01:24:00.631 UTC Info WsusService.24 CatalogSyncAgent.WakeUpWorkerThreadProc Found no more jobs. CatalogSyncAgent quits but will run rollup before terminating ...
2021-08-08 01:24:00.647 UTC Info WsusService.24 CatalogSyncAgent.UpdateServerHealthStatusBasedOn*Error* ServerHealth: Updating Server Health for Component: CatalogSyncAgent, Marking as Not Running
2021-08-08 01:24:02.491 UTC Info w3wp.17 SusEventDispatcher.TriggerEvent TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
2021-08-08 01:24:02.491 UTC Info w3wp.128 ThreadEntry ThreadHelper.ThreadStart
2021-08-08 01:24:02.491 UTC Info w3wp.128 SusEventDispatcher.DispatchManagerWorkerThreadProc DispatchManager Worker Thread Processing NotificationEvent: ConfigurationChange
2021-08-08 01:24:02.491 UTC Info w3wp.128 RevisionIdCacheChangeNotificationDispatcher.InternalEventHandler Get event ConfigurationChange from dispatchmanager
2021-08-08 01:24:02.491 UTC Info w3wp.17 SusEventDispatcher.TriggerEvent TriggerEvent called for NotificationEventName: DeploymentChange, EventInfo: DeploymentChange
2021-08-08 01:24:02.491 UTC Info w3wp.129 ThreadEntry ThreadHelper.ThreadStart
2021-08-08 01:24:02.491 UTC Info w3wp.129 SusEventDispatcher.DispatchManagerWorkerThreadProc DispatchManager Worker Thread Processing NotificationEvent: DeploymentChange
2021-08-08 01:24:02.491 UTC Info w3wp.129 DeploymentChangeNotification.InternalEventHandler deployment change event received
2021-08-08 01:24:02.491 UTC Info w3wp.129 RevisionIdCacheChangeNotificationDispatcher.InternalEventHandler Get event DeploymentChange from dispatchmanager
2021-08-08 01:24:03.663 UTC Info w3wp.28 SusEventDispatcher.TriggerEvent TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
2021-08-08 01:24:03.663 UTC Info w3wp.46 SusEventDispatcher.TriggerEvent TriggerEvent called for NotificationEventName: ConfigurationChange, EventInfo: ConfigurationChange
2021-08-08 01:24:03.663 UTC Info w3wp.131 ThreadEntry ThreadHelper.ThreadStart
2021-08-08 01:24:03.663 UTC Info w3wp.130 ThreadEntry ThreadHelper.ThreadStart

Entry 2 (there are hundreds of these)

2021-08-08 02:51:39.925 UTC Warning w3wp.107 UpdateStatusEventHandler.HandleEvent Error parsing misc data for ComputerID=09c54f7b-e038-40c8-8ffc-4210c24c9693, EventInstanceID=4a31ac72-6908-44b4-84d5-5459961bed8b, Cause:Error occurred while parsing MiscData for event. MiscData element g=F20A5216-05DD-4DDE-A907-1EA1A46EC0AD|0537C979-51E1-4953-9DD9-0607D5CAA370|9C2E51FF-53E8-43FB-A067-B73C364CC038.
Parameter name: e
2021-08-08 03:01:13.312 UTC Info WsusService.9 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK

Entry 3

2021-08-10 08:40:53.902 UTC Warning w3wp.107 DataAccessCache.GetLocalizedUpdateXml Internal error: GetLocalizedUpdateXml with revision 1496054 specified in the revisionIds but missing from the CoreXmls

Entry 4 (quite a few of these)

xception ThrowException: actor = https://[redacted]:8531/ClientWebService/client.asmx, ID=690c172e-a81e-4771-9616-540a02213461, ErrorCode=CookieExpired, Message=, Client=b03f9771-cd19-45eb-8604-50faff7c7261
2021-08-11 10:31:10.861 UTC Info WsusService.9 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
2021-08-11 10:31:10.861 UTC Info WsusService.9 ServerCertificateValidator.IsHostAllowedException Requested host: [redacted]
2021-08-11 10:31:10.861 UTC Info WsusService.9 ServerCertificateValidator.IsHostAllowedException Ignoring SSL validation for a well-know host.
2021-08-11 10:31:10.908 UTC Info WsusService.9 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
2021-08-11 10:31:10.908 UTC Info WsusService.9 ServerCertificateValidator.IsHostAllowedException Requested host: [redacted]
2021-08-11 10:31:10.908 UTC Info WsusService.9 ServerCertificateValidator.IsHostAllowedException Ignoring SSL validation for a well-know host.

Hope this helps

Mal.







image.png (41.9 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Malachor-3419
I'm sorry that I haven't found the related error clue from the log files you provided. It is recommended to reindex the database as this link first.

Regards,
Rita

0 Votes 0 ·

WAM does this every day.

1 Vote 1 ·
AJTek-Adam-J-Marshall avatar image
1 Vote"
AJTek-Adam-J-Marshall answered

I can confirm we're using Microsoft's API to remove declined updates.


 # Remove these updates
         $AJTekRemoveDeclinedUpdatesDeclinedList | ForEach-Object {
             $DeleteID = $_.Id.UpdateId.ToString()
             Try {
                 $AJTekRemoveDeclinedUpdatesUpdateTitle = $($_.Title)
                 Write-Output "Deleting $AJTekRemoveDeclinedUpdatesUpdateTitle"
                 $AJTekWSUSServerAdminProxy.DeleteUpdate($DeleteId)
             }


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.