On one of the recent patch Tuesday, our Software Update Point (SUP) had issues and failed to sync with below error messages;
Remote configuration failed on WSUS
wsyncmgr.log shows;
Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync wsyncmgr.log
WCM.log shows;
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ --- End of inner exception stack trace ---~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)~~ --- End of inner exception stack trace ---~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)
The same SUP has been working fine until today. No configuration changes been made.
When I checked the software update point the CPU usage was so high that I cannot even launch the WSUS console.
It could be a coincident that the high CPU usage is because of the clients scanning for new updates.
Due to the high CPU usage, most of the clients were failed to complete the scan and as well as the upstream server failed to complete the update sync.
So I have noticed three main issues;
1. Upstream sync failed
2. Client failing to scan for the updates
3. Unable to launch the WSUS console
So to get the upstream sync successful, it is required to bring the CPU utilisation down by blocking the client devices to scan the updates.
Note: WSUS sync will stop working because of so many reasons. However, if it was working in the past and stopped working suddenly without any configuration changes to the infrastructure then most likely it would be an issue with the load on the server and server resources availability. First to eliminate the server load, block the clients to reach out to the SUP. Then test launching the WSUS console then try upstream server sync.Without blocking the client access to the SUP, even if we re-install WSUS and SUP we will have the same issue again.
To block client machines to scan for the updates, On Software Update Point;
go to C:\program Files\update services\webservices then re-name ClientWebService folder to something else.
This will make the Software Update Point unavailable to the clients. Once the sync is completed, then re-name the folder back to ClientWebService then restart the IIS services.
Now the upstream sync successfully completed and the clients also completed the scan successfully.
On the side note, make sure all the expired and superseded updates are removed from the WSUS database periodically. This is an important process in keeping the WSUS performance up. The more expired and superseded updates in the database, the slower the performance will be.
Remote configuration failed on WSUS
wsyncmgr.log shows;
Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync wsyncmgr.log
WCM.log shows;
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ --- End of inner exception stack trace ---~~ at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)~~ --- End of inner exception stack trace ---~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)
The same SUP has been working fine until today. No configuration changes been made.
When I checked the software update point the CPU usage was so high that I cannot even launch the WSUS console.
It could be a coincident that the high CPU usage is because of the clients scanning for new updates.
Due to the high CPU usage, most of the clients were failed to complete the scan and as well as the upstream server failed to complete the update sync.
So I have noticed three main issues;
1. Upstream sync failed
2. Client failing to scan for the updates
3. Unable to launch the WSUS console
So to get the upstream sync successful, it is required to bring the CPU utilisation down by blocking the client devices to scan the updates.
Note: WSUS sync will stop working because of so many reasons. However, if it was working in the past and stopped working suddenly without any configuration changes to the infrastructure then most likely it would be an issue with the load on the server and server resources availability. First to eliminate the server load, block the clients to reach out to the SUP. Then test launching the WSUS console then try upstream server sync.Without blocking the client access to the SUP, even if we re-install WSUS and SUP we will have the same issue again.
To block client machines to scan for the updates, On Software Update Point;
go to C:\program Files\update services\webservices then re-name ClientWebService folder to something else.
This will make the Software Update Point unavailable to the clients. Once the sync is completed, then re-name the folder back to ClientWebService then restart the IIS services.
Now the upstream sync successfully completed and the clients also completed the scan successfully.
On the side note, make sure all the expired and superseded updates are removed from the WSUS database periodically. This is an important process in keeping the WSUS performance up. The more expired and superseded updates in the database, the slower the performance will be.
No comments:
Post a Comment