I had just configured a brand new Windows Server 2012 WSUS Server however a problem was experienced where the server was not downloading updates. It was a freshly deployed WSUS Server which was configured to synchronise against the Microsoft Update Servers. The WSUS Server was performing synchronisations according to the preconfigured schedule, and the synchronisation log was showing that new updates were successfully synchronised.
Despite this, the WsusContent folder remained empty.
These symptoms are shown in the following screenshot.
The following errors were also experienced in the servers application logs:
Log Name: Application
Source: Windows Server Update Services
Date: 4/09/2013 6:28:44 AM
Event ID: 10032
Task Category: 7
Level: Error
Keywords: Classic
User: N/A
Computer: ADM-WSUS-01.domain.local
Description:
The server is failing to download some updates.
Log Name: Application
Source: Windows Server Update Services
Date: 4/09/2013 1:22:15 AM
Event ID: 364
Task Category: 2
Level: Error
Keywords: Classic
User: N/A
Computer: ADM-WSUS-01.domain.local
Description:
Content file download failed. Reason: Value does not fall within the expected range. Source File: /d/msdownload/update/software/defu/2013/08/am_base_patch1_160dc153e5db49297bd527404b2c03e540291cbd.exe Destination File: E:\WSUS\WsusContent\BD\160DC153E5DB49297BD527404B2C03E540291CBD.exe.
After leasing with members of the WSUS team it was discovered a bug existed in Windows Server 2012 when using proxy servers which requires authentication, as per my WSUS deployment.
Microsoft has developed a hotfix for this issue which can be downloaded from the following location. Companies must request the hotfix and Microsoft will email the download link.
http://support.microsoft.com/kb/2838998
Only download this hotfix if you are experiencing the documented issue above.
After you install the hotfix a reboot of the WSUS server is required.
Once the hot fix is installed and the system has been rebooted, you must reset the WSUS content repository. This is because WSUS "thinks" in the SQL database that all updates have been downloaded when in fact they failed. To do this perform the following steps:
1) Close any open WSUS consoles.
2) Go to Administrative Tools – Services and STOP the Update Services service.
3) In Windows Explorer browse to the WSUSContent folder (typically D:\WSUS\WSUSContent or C:\WSUS\WSUSContent)
4) Delete ALL the files and folders in the WSUSContent folder.
5) Go to Administrative Tools – Services and START the Update Services service.
6) Open a command prompt and navigate to the folder: C:\Program Files\Update Services\Tools.
7) Run the command WSUSUtil.exe RESET
As soon as you run the WSUSUtil.exe reset command, this command takes a while to complete. Unfortunately there is no progress bar or message which lets you know the reset has completed. A handy trick is to monitor the Windows Internal Database SQL Instance for WSUS, this is busy with high CPU activity as it checks every update in the SQL database against the files in the WsusContent folder. As soon as the SQL activity dies down you know the command has completed.
After this perform another sync. You will then notice the WSUS Server begin to download the updates by verifying the WSUSContent directory growing.
Please not the WSUSContent takes a long time to download and will most likely pause consistently through the download process. As soon as you verify the content size is growing, log off the server and leave it for 24 hours.
Feel free to email me clint@kbomb.com.au if you have any questions about this post.