WSUS Troubleshooting Survival Guide
We encourage you to enhance this guide by identifying missing areas (scenarios, features, lifecycle…), provide links to and write descriptions of existing content, and providing new content where there are gaps. Join the community!
Table of Contents
While troubleshooting a particular technology, there are some key steps that should be done before start reviewing data and performing troubleshooting itself. We can summarize the troubleshooting process in the following core phases:
- Understanding the problem.
- Collecting data.
- Analyzing data.
- Performing an action towards the resolution of the problem.
- Re-evaluate and see if the action plan succeeded.
- If it did, document the actions that were done in order to fix the problem.
- If it didn’t, re-evaluate the initial action plan and the initial findings, look for gaps and areas that can be explored further. Elaborate another data gathering plan and move back to step 2.
While troubleshooting a technology such as Windows Server Update Services (WSUS) you also need to identify where the issue is located (client or server) in order to correctly perform data gathering. Sometimes data gathering phase must be done in both locations (client and server) at the same time in order to better understand what’s happening. It is also important to mention that during phase 1 (understanding the problem) it is highly recommended that you have a clear understanding of the topology where WSUS is located. Drawing the topology will help you to identify potential points of failure and will assist you asking follow up questions. For example: is WSUS behind a firewall? Is the firewall allowing anonymous access from WSUS to the Internet? These are following up questions that can assist you while scoping the issue and understanding the problem. Make sure to document all those details, this way you can go back and review your notes while analyzing the data to double check the scenario and the details of it.
The goal of this document is to give you a troubleshooting framework for WSUS and at the same have a single location for you to add new troubleshooting scenarios and techniques for WSUS. As stated in the initial paragraph of this document, we strongly encourage you to enhance this article.
In order to have a better experience troubleshooting WSUS it is recommended that you have a brief understanding of the WSUS components. Client and Server components can be found in the articles below:
Another core foundation while troubleshooting WSUS is the understanding of the Windows Update Agent result codes and setup return codes. The articles below cover these areas:
Even before having WSUS ready to deploy updates a common scenario that can happen is not be able to install WSUS or you are able to install but unable to perform synchronization. This section describes some of the common WSUS installation/synchronization issues:
- Troubleshooting the WSUS installation process
- Troubleshooting WSUS Setup issues
- Troubleshooting WSUS Upgrade issues
- Troubleshooting the WSUS synchronization process
- Issues with Synchronization
- File cert verification failure error message on WSUS
While administering a WSUS Server there are many scenarios that can happen and will require further troubleshooting. Here are some important resources in this area:
- Issues with Administration Console
- Issues with Update Storage
- Issues with Update Approvals
- Issues with the Database
- Issues with Reports
There are also scenarios where the troubleshooting will be done on the server and client side, for example when WSUS Agents are not reporting to the Server. Here are some important resources on this area:
- Troubleshooting WSUS Agents that Are Not Reporting to the WSUS Server
- Clients Not Reporting
- General Guidance for Windows Server Update Services (WSUS) client – server performance
Another scenario where troubleshooting is done on both sides is when the issue is related with Background Intelligent Transfer Service (BITS). Here are some important resources related to BITS:
If it was identified during the scoping phase that the issue is related to the client, there are some troubleshooting techniques that can be done to make sure client is working properly. The main resources for this area are listed below:
- Issues with Client Self-Update
- You receive a “0x80070002” or “0x80070003” error code after you download an update from Windows Update, from Microsoft Update, or from Windows Server Update Services
- You receive error 0x80240020 when you use Windows Update Web site, Microsoft Update Web site, or WSUS to install updates
- You receive a “0x80070002” error code when you download an update from Windows Server Update Services in Windows XP
- You receive an error code 0x800710dd going to WSUS for updates
- You receive a notification to Install an update which shows not approved on WSUS
- You receive an error code 0x80190194 when updating Windows clients through WSUS
There are many tools that can be used while troubleshooting WSUS, here are some examples:
- Microsoft Network Monitor
- Cool WSUS troubleshooting tools and script examples
- Server Diagnostic Tool
- Client Diagnostic Tool
- Windows Update Agent API Updated Header Files
- WSUS API Samples and Tools
- WSUS MPSReports
- Best Practice Analyzer for WSUS
Here are some related articles from Microsoft and also other sources such as but not limited to partners, MVPs and IT PROs:
- Troubleshooting Windows Server Update Service (WSUS)
- WSUS Step By Step – Installation, Deployment and troubleshooting
- How to troubleshoot common Windows Update, Microsoft Update, and Windows Server Update Services installation issues
- Gathering troubleshooting logs for Windows Server Update Services (WSUS)
- Microsoft Security Update Guide, Second Edition
This article was originally written by:
Yuri Diogenes , Senior Technical Writer
Windows Server iX | IT Pro Security