Fresh Server 2012 unable to connect to WSUS

I've got an odd problem with any new server I build not being able to connect to the WSUS server after the first batch of updates. All servers are Windows Server 2012 Datacenter Edition. Here's how the problem presents itself:

1.  I create a new VM in vCenter, boot to the Server 2012 ISO and install with GUI.

2.  Install VMware Tools and configure network settings.

3.  Join to domain.

4. Launch Windows Update from Control Panel, install Windows Update update directly from Microsoft and then enable updates for all Microsoft products.

5.  Close and relaunch Windows Update (by this time GPO has configured WSUS client settings) and check for updates.  Install about 160 updates from WSUS and reboot.

At this point, I can no longer connect to the WSUS server for updates.  I can check/install directly from Microsoft just fine but if I try to check from WSUS I get error code 8024401C.  This only effects new servers.  Pre-existing servers using the exact same WSUS GPO settings work without any problems.

I've tried all the basics with regard to resetting Windows Updates settings on the server.  Here's what I'm getting in the log:

###########
2015-08-28	13:20:21:444	 832	b24	AU	## START ##  AU: Search for updates
2015-08-28	13:20:21:444	 832	b24	AU	#########
2015-08-28	13:20:21:444	 832	b24	AU	<<## SUBMITTED ## AU: Search for updates  [CallId = {CB653DB1-9EB4-42F6-82EA-8FAC7FD0195A} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-08-28	13:20:21:444	 832	e3c	Agent	*************
2015-08-28	13:20:21:444	 832	e3c	Agent	** START **  Agent: Finding updates [CallerId = AutomaticUpdatesWuApp]
2015-08-28	13:20:21:444	 832	e3c	Agent	*********
2015-08-28	13:20:21:444	 832	e3c	Agent	  * Online = Yes; Ignore download priority = No
2015-08-28	13:20:21:444	 832	e3c	Agent	  * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2015-08-28	13:20:21:444	 832	e3c	Agent	  * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2015-08-28	13:20:21:444	 832	e3c	Agent	  * Search Scope = {Machine & All Users}
2015-08-28	13:20:21:444	 832	e3c	Agent	  * Caller SID for Applicability: S-1-5-21-1559891966-2041265-1563503735-10285
2015-08-28	13:20:21:444	 832	e3c	EP	Got WSUS Client/Server URL: "http://wsus.domain.com:8530/ClientWebService/client.asmx"
2015-08-28	13:20:21:444	 832	e3c	Setup	Checking for agent SelfUpdate
2015-08-28	13:20:21:444	 832	e3c	Setup	Client version: Core: 7.8.9200.17185  Aux: 7.8.9200.17185
2015-08-28	13:20:21:444	 832	e3c	EP	Got WSUS SelfUpdate URL: "http://wsus.domain.com:8530/selfupdate"
2015-08-28	13:20:21:444	 832	e3c	Misc	Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab with dwProvFlags 0x00000080:
2015-08-28	13:20:21:460	 832	e3c	Misc	 Microsoft signed: NA
2015-08-28	13:20:21:460	 832	e3c	Misc	 Infrastructure signed: Yes
2015-08-28	13:20:21:460	 832	e3c	Misc	Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\TMP5651.tmp with dwProvFlags 0x00000080:
2015-08-28	13:20:21:460	 832	e3c	Misc	 Microsoft signed: NA
2015-08-28	13:20:21:460	 832	e3c	Misc	 Infrastructure signed: Yes
2015-08-28	13:20:21:460	 832	e3c	Setup	FATAL: GetClientUpdateUrl failed, err = 0x8024D009
2015-08-28	13:20:21:460	 832	e3c	Setup	Skipping SelfUpdate check based on the /SKIP directive in wuident
2015-08-28	13:20:21:460	 832	e3c	Setup	SelfUpdate check completed.  SelfUpdate is NOT required.
2015-08-28	13:20:21:975	 832	e3c	PT	+++++++++++  PT: Synchronizing server updates  +++++++++++
2015-08-28	13:20:21:990	 832	e3c	PT	  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://wsus.domain.com:8530/ClientWebService/client.asmx
2015-08-28	13:20:21:990	 832	e3c	PT	WARNING: Cached cookie has expired or new PID is available
2015-08-28	13:20:21:990	 832	e3c	EP	Got WSUS SimpleTargeting URL: "http://wsus.domain.com:8530"
2015-08-28	13:20:21:990	 832	e3c	PT	Initializing simple targeting cookie, clientId = c3dc7a2c-f8d4-4f7e-88e6-eee941d84bc1, target group = Servers - Manual, DNS name = dev-sharepoint.domain.com
2015-08-28	13:20:21:990	 832	e3c	PT	  Server URL = http://wsus.domain.com:8530/SimpleAuthWebService/SimpleAuth.asmx
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: Nws Failure: errorCode=0x803d0006
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: Original error code: 0x80072ee2
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: There was an error communicating with the endpoint at 'http://wsus.domain.com:8530/ClientWebService/client.asmx'.
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: There was an error receiving the HTTP reply.
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: The operation did not complete within the time allotted.
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: The operation timed out
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: Web service call failed with hr = 8024401c.
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: Current service auth scheme='None'.
2015-08-28	13:22:11:446	 832	e3c	WS	WARNING: Proxy List used: '(null)', Bypass List used: '(null)', Last Proxy used: '(null)', Last auth Schemes used: 'None'.
2015-08-28	13:22:11:446	 832	e3c	WS	FATAL: OnCallFailure(hrCall, m_error) failed with hr=0x8024401c
2015-08-28	13:22:11:446	 832	e3c	PT	WARNING: PTError: 0x8024401c
2015-08-28	13:22:11:446	 832	e3c	PT	WARNING: SyncUpdates_WithRecovery failed.: 0x8024401c
2015-08-28	13:22:11:446	 832	e3c	PT	WARNING: Sync of Updates: 0x8024401c
2015-08-28	13:22:11:446	 832	e3c	PT	WARNING: SyncServerUpdatesInternal failed: 0x8024401c
2015-08-28	13:22:11:446	 832	e3c	Agent	  * WARNING: Failed to synchronize, error = 0x8024401C
2015-08-28	13:22:11:446	 832	e3c	Agent	  * WARNING: Exit code = 0x8024401C
2015-08-28	13:22:11:446	 832	e3c	Agent	*********
2015-08-28	13:22:11:446	 832	e3c	Agent	**  END  **  Agent: Finding updates [CallerId = AutomaticUpdatesWuApp]
2015-08-28	13:22:11:446	 832	e3c	Agent	*************
2015-08-28	13:22:11:446	 832	e3c	Agent	WARNING: WU client failed Searching for update with error 0x8024401c
2015-08-28	13:22:11:446	 832	ba0	AU	>>##  RESUMED  ## AU: Search for updates [CallId = {CB653DB1-9EB4-42F6-82EA-8FAC7FD0195A} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-08-28	13:22:11:446	 832	ba0	AU	  # WARNING: Search callback failed, result = 0x8024401C
2015-08-28	13:22:11:446	 832	ba0	AU	#########
2015-08-28	13:22:11:446	 832	ba0	AU	##  END  ##  AU: Search for updates  [CallId = {CB653DB1-9EB4-42F6-82EA-8FAC7FD0195A} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2015-08-28	13:22:11:446	 832	ba0	AU	#############
2015-08-28	13:22:11:446	 832	ba0	AU	All AU searches complete.
2015-08-28	13:22:11:446	 832	ba0	AU	  # WARNING: Failed to find updates with error code 8024401c
2015-08-28	13:22:11:446	 832	ba0	AU	AU setting next detection timeout to 2015-08-29 01:22:11

Any ideas out there?


  • Edited by GavenBP Friday, August 28, 2015 8:41 PM
August 28th, 2015 8:28pm

The first batch of updates working may have been a fluke. Now even that does not work. The ReportingEvents.log in SoftwareDistribution shows this error:

{D5E925A0-EE28-4762-B4ED-223EABF3246D} 2015-08-28 13:54:22:424-0700 1 148 [AGENT_DETECTION_FAILED] 101 {00000000-0000-0000-0000-000000000000} 0 8024401c AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x8024401c.

The IIS log shows multiple posts to 'http://wsus.domain.com:8530/ClientWebService/client.asmx' which would appear to be where it gets stuck.

  • Edited by GavenBP Saturday, August 29, 2015 12:43 AM Better information
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2015 8:43pm

I ran DISM on both WSUS server and client - no change. Firewall is already disabled on both. Servers are in the same layer 2 subnet so there's no router in the middle. I did a network capture. I see a bunch of checksum errors - maybe that's a clue. How do I send you the capture file?
August 31st, 2015 3:29pm

Is your WSUS itself patched and up to date with

https://support.microsoft.com/en-au/kb/2938066 ?

(it sounds a little bit like your new servers are getting updates ok from MSFT but then can't communicate with your WSUS, which could be due to your WSUS needing an update)

Free Windows Admin Tool Kit Click here and download it now
August 31st, 2015 5:50pm

It would appear that my WSUS server is fully patched.  Checking from both itself and Microsoft show no available updates and if I try to install the update you linked it says it's already installed.

I'm thinking the reason existing server can still connect and new ones can't must have something to do with setting up the agent on the client side.  I suppose I could test by removing SoftwareDistribution folder from a working server but I really don't like the idea of trying to break a production server when the result isn't even expected to yield a solution.

FYI - I compared all the advanced NIC setting between working and non-working servers and found no differences.  As such, I don't think it's the VXNet3 driver.

Regardless, thank you.

August 31st, 2015 7:18pm

Log on to any of the affected machines and check the WindowsUpdate.log within the Windows directory, this should give you more insight.
  • Proposed as answer by Gramelot Tuesday, September 01, 2015 8:42 PM
  • Unproposed as answer by GavenBP Wednesday, September 02, 2015 12:31 AM
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2015 8:42pm

I don't consider this a solution but I have stumbled upon a work around. If I change the client configuration from http on 8530 to https on 8531 the checksum errors go away and clients can install the WUA and register with the WSUS server.  That makes me think this is actually an IIS problem.
September 2nd, 2015 6:15pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics