Configuration Manager 2007 : Story of two ~~ and the SUP

This is something that took some time for me to figure out.Apparently this happened on my external SUP.But this is something you can come accross in a secured/firwalled enviornment. My SUP seems to be always in RED State, further log analysis revealed issue with the WSUS unable to initialize properly

 

============ 

WSUSCtrl.log

============ 

Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:03 PM 3724 (0x0E8C)

Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:03 PM 3724 (0x0E8C)

Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=2.0.0.0, Major Version = 0x20000, Minor Version = 0x0

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:03 PM 3724 (0x0E8C)

The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.6001.65)

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:03 PM 3724 (0x0E8C)

++ Nothing much of importance above this if you know your wsus is configured correctly.

System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it ~~ at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)~~ at System.Net.Sockets.Socket.InternalConnect(EndPoint remoteEP)~~ at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Int32 timeout, Exception& exception)~~ --- End of inner exception stack trace ---~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:04 PM 3724 (0x0E8C)

++ So the first point is ~~ should be preceded by an IP/Name(ex. target machine actively refused it ~~ at)

STATMSG: ID=7000 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONTROL_MANAGER" SYS=<NAMEOFYOUSUP> SITE=CEN PID=3496 TID=3724 GMTDATE=Sat Jan 31 10:09:04.446 2009 ISTR0="<NAMEOFYOUSUP>" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:04 PM 3724 (0x0E8C)

++ Simply indicates we cannot get to the machines registry in question

    WARNING: Could not read registry key HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\MPFDM\Inboxes\ on the server, The operating system reported error 0: The operation completed successfully.

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:04 PM 3724 (0x0E8C)

Failed to set WSUS Local Configuration. Will retry configuration in 1 minutes

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:04 PM 3724 (0x0E8C)

So what is this fuss really about. This seemed to be the way the environment was setup

for this example let's assume the following things.

1. The Server is question has two names

                    a) ExternalSUP.public.com - IP : XX.XX.XX.10

                    b) Internal.private.com - IP : 192.168.10.1

2. The ExternalSUP will only service the Internet Clients

3. The ExternalSUP.public.com IP is resolved via the firewall and not directly assigned to SUP (NAT) likely in most of the case

4. The ExternalSUP was installed via Internet Name ExternalSUP.public.com

nOW WHAT !!

The issue seemed to be that

1. Once the wsus was initialzed it tries to peform a local check by connecting to itself

2. Since the Site System was installed using Internet Name ExternalSUP.public.com : IP :XX.XX.XX.10

3. The IP is correctly resolved to IP :XX.XX.XX.10

4. Now this is assigned to the Firewall and is NATTed on the Interface

so the request flow is

Once the Service Starts

a) PrivateIP-of-SUP > Tries to resolve the name ExternalSUP.public.com

b) Resolution is successful (because we configured it and it has to be)

c) Now the request goes out of the network and tries to enter via public IP

d) This is disabled in firewall due to company policy (we rather access thing internally instead getting routed from internet)

Resolution

Added the host entry on the SUP

a) Internal.private.com - IP : 192.168.10.1

b) ExternalSUP.public.com - IP : 192.168.10.1

Now the name of SUP resolves ExternalSUP.public.com to IP bound on Local interface and connects successfully.

Here's another very common issue on common lines

==========================================

++ So the first point is ~~ should be preceded by an IP/Name(this is probably localhost)

System.Net.WebException: The request failed with HTTP status 401: Unauthorized. ~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~
at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String
ServerName, Boolean UseSSL, Int32 PortNumber)

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:04 PM 3724 (0x0E8C)

STATMSG: ID=7000 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONTROL_MANAGER"
SYS=CORPEXCM1 SITE=AUS PID=1436 TID=824 GMTDATE=Wed Dec 12 23:00:53.841 2007
ISTR0="CORPEXCM1" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7=""
ISTR8="" ISTR9="" NUMATTRS=0

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:04 PM 3724 (0x0E8C)

WARNING: Could not read registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\MPFDM\Inboxes\ on the server, The
operating system reported error 0: The operation completed
successfully.

SMS_WSUS_CONTROL_MANAGER 12/12/2007 4:00:53 PM 824 (0x0338)
Failed to set WSUS Local Configuration. Will retry configuration in 1
minutes

SMS_WSUS_CONTROL_MANAGER 1/31/2009 3:39:04 PM 3724 (0x0E8C)

Follow the steps to resolve the second half

https://support.microsoft.com/kb/926642/en-us

Jeevan Bisht | Support Escalation Engineer