As any other environment, my lab needs some maintenance from time to time. I use a Windows 2012 R2 VM with the Windows Server Update Service (WSUS) role to keep my Windows VMs up to date. Like many others, I was surprised by KB3148812 (Update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2), which broke my WSUS. But the fix was easy: Uninstall KB3148812 and reboot the server. The WSUS product team published an artice about this known issue in their blog: Known Issues with KB3148812. In the meantime, Microsoft has published a new update, which supersedes KB3148812: KB3159706.
WSUS dead again?
Today I wanted to check the update status of my VMs. Unfortunately, the WSUS console was unable to connect to the WSUS server.
I checked the status of the service and found the WSUS service stopped. But even after I had started the service, the WSUS console was unable to connect to the server. I found an error in the event logs (ID 507, source Windows Server Update Services), but the message “Update Services failed its initialization and stopped” wasn’t helpful. More helpful was a log entry:
2016-05-22 02:01:03.191 UTC Warning w3wp.19 SoapUtilities.CreateException ThrowException: actor = http://wsus.lab.local:8530/SimpleAuthWebService/SimpleAuth.asmx, ID=79bf356b-4f58-4cac-a4aa-b52ec6e0bf38, ErrorCode=InternalServerError, Message=, Client=? 2016-05-22 02:01:10.066 UTC Info w3wp.16 SimpleAuth..ctor Initializing SimpleAuth WebService ProcessID = 968, Process Start Time = 21.05.2016 21:43:13, Product Version = 6.3.9600.18324 2016-05-22 02:01:10.066 UTC Error w3wp.16 SimpleAuthImplementation..ctor Exception in SimpleAuth constructor: System.Data.SqlClient.SqlException (0x80131904): Cannot open database "SUSDB" requested by the login. The login failed. Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
After some searching and examination of the recently installed updates, I came across KB3159706.
Manual steps required to complete the installation of KB3159706
Open an elevated CMD and run this command:
"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
The output should look similar to this:
C:\Users\Administrator.LAB>"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing Log file is located at C:\Users\Administrator.LAB\AppData\Local\Temp\2\tmp63BD.tmp Post install is starting Post install has successfully completed C:\Users\Administrator.LAB>
Then you have to install the “HTTP Activation” feature under “.NET Framework 4.5” features.
After a restart of the WSUS service, the WSUS should work again.
The installation of KB3148812 on a WSUS server will break the WSUS installation. Because of this, Microsoft has published KB3159706. If you install this update (in my case it was installed automatically over WSUS…), you have to execute some manual steps to ensure that WSUS works as expected. The WSUS product team is aware of this and they pointed this out in their blog article “The long-term fix for KB3148812 issues” (you will find a hint directly at top of the blog article).
- Why you should change your KRBTGT password prior disabling RC4 - July 28, 2022
- Use app-only authentication with the Microsoft Graph PowerShell SDK - July 22, 2022
- Getting started with the Microsoft Graph PowerShell SDK - July 21, 2022