As any other environment, my lab needs some maintenance from time to time. I use a Windows 2012 R2 VM with the Windows Server Update Service (WSUS) role to keep my Windows VMs up to date. Like many others, I was surprised by KB3148812 (Update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2), which broke my WSUS. But the fix was easy: Uninstall KB3148812 and reboot the server. The WSUS product team published an artice about this known issue in their blog: Known Issues with KB3148812. In the meantime, Microsoft has published a new update, which supersedes KB3148812: KB3159706.

WSUS dead again?

Today I wanted to check the update status of my VMs. Unfortunately, the WSUS console was unable to connect to the WSUS server.

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

I checked the status of the service and found the WSUS service stopped. But even after I had started the service, the WSUS console was unable to connect to the server. I found an error in the event logs (ID 507, source Windows Server Update Services), but the message “Update Services failed its initialization and stopped” wasn’t helpful. More helpful was a log entry:

2016-05-22 02:01:03.191 UTC	Warning	w3wp.19	SoapUtilities.CreateException	ThrowException: actor = http://wsus.lab.local:8530/SimpleAuthWebService/SimpleAuth.asmx, ID=79bf356b-4f58-4cac-a4aa-b52ec6e0bf38, ErrorCode=InternalServerError, Message=, Client=?
2016-05-22 02:01:10.066 UTC	Info	w3wp.16	SimpleAuth..ctor	Initializing SimpleAuth WebService ProcessID = 968, Process Start Time = 21.05.2016 21:43:13, Product Version = 6.3.9600.18324
2016-05-22 02:01:10.066 UTC	Error	w3wp.16	SimpleAuthImplementation..ctor	Exception in SimpleAuth constructor: System.Data.SqlClient.SqlException (0x80131904): Cannot open database "SUSDB" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.

After some searching and examination of the recently installed updates, I came across KB3159706.

Manual steps required to complete the installation of KB3159706

Open an elevated CMD and run this command:

"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

The output should look similar to this:

C:\Users\Administrator.LAB>"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
Log file is located at C:\Users\Administrator.LAB\AppData\Local\Temp\2\tmp63BD.tmp
Post install is starting
Post install has successfully completed

C:\Users\Administrator.LAB>

Then you have to install the “HTTP Activation” feature under “.NET Framework 4.5” features.

Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0

After a restart of the WSUS service, the WSUS should work again.

Summary

The installation of KB3148812 on a WSUS server will break the WSUS installation. Because of this, Microsoft has published KB3159706. If you install this update (in my case it was installed automatically over WSUS…), you have to execute some manual steps to ensure that WSUS works as expected. The WSUS product team is aware of this and they pointed this out in their blog article “The long-term fix for KB3148812 issues” (you will find a hint directly at top of the blog article).

• Author
• Recent Posts

Follow me

Patrick Terlisten

vcloudnine.de is the personal blog of Patrick Terlisten. Patrick has a strong focus on virtualization & cloud solutions, but also storage, networking, and IT infrastructure in general. He is a fan of Lean Management and agile methods, and practices continuous improvement whereever it is possible.

Feel free to follow him on Twitter and/ or leave a comment.

Follow me

Latest posts by Patrick Terlisten (see all)

• Why you should change your KRBTGT password prior disabling RC4 - July 28, 2022
• Use app-only authentication with the Microsoft Graph PowerShell SDK - July 22, 2022
• Getting started with the Microsoft Graph PowerShell SDK - July 21, 2022