Troubleshoot issues with Windows Server Update Services (WSUS) client agents - Configuration Manager (2023)

Table of Contents
In this article Verify that the client is configured correctly Check for issues relating to BITS BITS fails to start BITS jobs are failing Repair a corrupted BITS configuration Issues with the WSUS agent service Make sure the WSUS server is reachable from the client Rebuild the Automatic Update Agent Store Check for clients with the same SUSclient ID Videos
  • Article
  • 9 minutes to read

This article helps you diagnose and resolve issues with the Windows Server Update Services (WSUS) client agents.

Original product version: Windows Server Update Services
Original KB number: 10132

When you experience issues with the WSUS client agents, they can manifest themselves in many ways. Some common problems are listed here:

  • It could be an issue with the client settings for Group Policy.
  • It could be an issue with BITS.
  • It could be an issue with the WSUS agent service.
  • It could be related to a network issue that prevents the client from reaching the server.
  • It could be an issue with the Automatic Update Agent Store.
  • It could be an issue in which clients have duplicate WSUS client IDs caused by disk cloning.

Verify that the client is configured correctly

When you troubleshoot issues with a WSUS client agent, first make sure the client is properly configured. Make sure the proper Active Directory Group Policy is being received by the client, and the details of the WSUS server are present. You can do so by running the following command:

GPRESULT /V > GPRESULT.TXT

Open the text file in Notepad and find the name of your WSUS policy. For example, if your WSUS policy is named WSUS, you can find it in the GPRESULT.TXT file within the Computer Settings section under the Applied Group Policy Objects heading. Below is an example:

Applied Group Policy Objects ----------------------------- Default Domain Policy WSUS Local Group Policy

If the WSUS settings aren't present, possible causes include:

  • The system doesn't have the Group Policy from the domain.
  • The Group Policy isn't targeted to the client system.

To fix this issue, ensure that the Group Policy is successfully updated on each client, and that the WSUS setting is properly configured.

To update the Group Policy on the client, run GPUpdate /force from a Command Prompt.

For more information about configuring Group Policy for WSUS clients, see Configure Automatic Updates by Using Group Policy.

(Video) Troubleshooting a Failed Windows Update Installation - WSUS 2016

Check for issues relating to BITS

Background Intelligent Transfer Service (BITS) is the service used by WSUS to download updates from Microsoft Update to the main WSUS server, and from WSUS servers to their clients. Some download issues may be caused by problems with BITS on the server or client computers. When you troubleshoot download problems, you should ensure that BITS is running properly on all affected computers.

The BITS service must run under the LocalSystem account by default. To configure the service to run under the correct account, follow these steps:

  1. Open a Command Prompt and run the following command:

    See Also
    Howto Reinstall WSUS from Scratch

    sc config bits obj= LocalSystem

    A space must occur between obj= and LocalSystem. If successful, you should receive the following output:

    [SC] ChangeServiceConfig SUCCESS

  2. Stop and restart BITS.

To view the BITS service status, open a Command Prompt and run the following command:

sc query bits

If BITS is running, you should see the following output:

SERVICE_NAME: bits TYPE: 20 WIN32_SHARE_PROCESS STATE: 4 RUNNING

If BITS isn't running, you'll see the following output:

SERVICE_NAME: bits TYPE: 20 WIN32_SHARE_PROCESS STATE: 1 STOPPED

Usually it's possible to resolve BITS issues by stopping the service and restarting it. To stop and restart the BITS service, run the following commands from a Command Prompt:

sc stop bitssc start bits

Note

(Video) Configuring the WSUS Client

You must be logged on as a local administrator to stop and restart BITS.

BITS fails to start

If the BITS service fails to start, look in the event log for any BITS-related error. You can use the following table to diagnose the cause of these errors.

Error nameError codeDescription
ERROR_SERVICE_DOES_NOT_EXIST0x80070424See the section on repairing the BITS configuration below.
ERROR_SERVICE_NOT_IN_EXE0x8007043BBITS isn't listed as one of the services in the netsvcs svchost group
ERROR_SERVICE_DISABLED0x80070422BITS has been disabled. Enable the BITS service.
ERROR_SERVICE_DEPENDENCY_DELETED ERROR_SERVICE_DEPENDENCY_FAIL0x80070433, 0x8007042cA service appearing in the BITS service dependency list cannot be started. Make sure the dependency list for the BITS service is correct:
Windows Vista: RpcSs, EventSystem (also http.sys and LanManWorkstation when peer caching is enabled)
Windows Server 2003: Rpcss, EventSystem
Windows XP: Rpcss
Windows 2000: Rpcss, SENS, Wmi
ERROR_PATH_NOT_FOUND0x80070003Pre-Windows Vista: %ALLUSERSPROFILE%\Microsoft\Network doesn't exist
ERROR_FILE_NOT_FOUND0x80070002The Parameters key is missing. Ensure that the following keys and values exist:
HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ServiceDll= %SystemRoot%\System32\qmgr.dll
REGDB_E_CLASSNOTREG, EVENT_E_INTERNALERROR0x80040154, 0x80040206BITS for Windows 2000 is dependent on SENS and EventSystem services. If the COM+ catalog is corrupted, BITS may fail with this error code.

BITS jobs are failing

If the client is properly configured to receive updates, BITS is configured correctly, and BITS appears to start and run properly, you may be experiencing an issue where BITS jobs themselves are failing. To verify it, look in the event log for any BITS-related errors. You can use the following table to diagnose the cause of these errors.

Error nameError codeDescription
E_INVALIDARG0x80070057An incorrect proxy server name was specified in the user's Internet Explorer proxy settings. This error is also seen when credentials are supplied for authentication schemes that aren't NTLM/Negotiate, but the user name or password is null. Change the user's Internet Explorer proxy settings to be a valid proxy server. Or change the credentials not to be NULL user name/password for schemes other than NTLM/Negotiate.
ERROR_WINHTTP_NAME_NOT_RESOLVED0x80072ee7The server/proxy could not be resolved by BITS. Internet Explorer on the same machine in the context of the job owner would see the same problem. Try downloading the same file via the web browser using the context of the job owner.
ERROR_HTTP_INVALID_SERVER_RESPONSE0x80072f78It's a transient error and the job will continue downloading.
BG_E_INSUFFICIENT_RANGE_SUPPORT0x80200013BITS uses range headers in HTTP requests to request parts of a file. If the server or proxy server doesn't understand range requests and returns the full file instead of the requested range, BITS puts the job into the ERROR state with this error. Capture the network traffic during the error and examine if HTTP GET requests with Range header are getting valid responses. Check proxy servers to ensure that they are configured correctly to support Range requests.
BG_E_MISSING_FILE_SIZE0x80200011When BITS sends a HEAD request and the server/proxy doesn't return Content-Length header in the response, BITS puts the job in ERROR state with this error. Check the proxy server and WSUS server to ensure that they are configured correctly. Some versions of the Apache 2.0 proxy server are known to exhibit this behavior.
BG_E_HTTP_ERROR_4030x80190193When the server returns HTTP 403 response in any of the requests, BITS puts the job in ERROR state with this error code. HTTP 403 corresponds to Forbidden: Access is denied. Check access permissions for the account running the job.
ERROR_NOT_LOGGED_ON0x800704ddThe SENS service isn't receiving user logon notifications. BITS (version 2.0 and later) depends on logon notifications from Service Control Manager, which in turn depends on the SENS service. Ensure that the SENS service is started and running correctly.

Repair a corrupted BITS configuration

To repair corrupted BITS service configuration, you can enter the BITS service configuration manually.

Note

This action should only be taken in circumstances where all other troubleshooting attempts have failed. You must be an administrator to modify the BITS configuration.

To repair a corrupted BITS configuration, follow these steps:

  1. Open a Command Prompt.

  2. Enter the following commands, press ENTER after you type each command:

    sc config bits binpath= "%systemroot%\system32\svchost.exe –k netsvcs"sc config bits depend= RpcSs/EventSystemsc config bits start= delayed-autosc config bits type= interact type=ownsc config bits error= normalsc config bits obj= LocalSystemsc privs bits privileges= SeCreateGlobalPrivilege/SeImpersonatePrivilege/SeTcbPrivilege/SeAssignPrimaryTokenPrivilege/SeIncreateQuotaPrivilegesc sidtype bits unrestrictedsc failure bits reset= 86400 actions=restart/60000/restart/120000

  3. Stop and restart BITS.

    (Video) complete SCCM Wsus troubleshooting Tips & Tricks

Issues with the WSUS agent service

Make sure that the Windows Update service can start successfully.

To view the current status of the Windows Update service, open a Command Prompt and run the following command:

sc query wuauserv

If WUAUSERV is running, you should see the following output:

SERVICE_NAME: wuauserv TYPE: 20 WIN32_SHARE_PROCESS STATE: 4 RUNNING

If WUAUSERV isn't running, you see the following output:

SERVICE_NAME: wuauserv TYPE: 20 WIN32_SHARE_PROCESS STATE: 1 STOPPED

Verify that you can start the WUAUSERV service successfully. You must be logged on as a local administrator to stop and restart WUAUSERV.

To start the WUAUSERV service, run the following commands from a Command Prompt:

sc start wuauserv

If the client agent fails to start and run properly, check the Windows Update Agent version. If the agent isn't up to date, update the Windows Update Agent to the latest version.

You can also reset Windows Update components.

After you run the fix or update the agent, run wuauclt /detectnow. Check windowsupdate.log to make sure there's no issues.

Make sure the WSUS server is reachable from the client

Make sure that you can access the URL http://<WSUSSERVER:port>/iuident.cab and download the file without errors.

If the WSUS server is unreachable from the client, the most likely causes include:

(Video) Windows server 2019 - How to Resolve Wsus Server Connection Error | Fix: WSUS Connection Error Reset

  • There's a name resolution issue on the client.
  • There's a network-related issue, such as a proxy configuration issue.

Use standard troubleshooting procedures to verify name resolution is working on the network. If name resolution is working, the next step is to check for proxy issues. Check windowsupdate.log (C:\windows) to see if there are any proxy related errors. You can run the proxycfg command to check the WinHTTP proxy settings.

If there are proxy errors, go to Internet Explorer > Tools > Connections > LAN Settings, configure the correct proxy, and then make sure you can access the WSUS URL specified.

Once done, you can copy these user proxy settings to the WinHTTP proxy settings by using the proxycfg -u command. After the proxy settings are specified, run wuauclt /detectnow from a Command Prompt and check windowsupdate.log for errors.

Rebuild the Automatic Update Agent Store

When there are issues downloading updates and there are errors relating to the software distribution store, complete the following steps on the client:

  • Stop the Automatic Updates service by running sc stop wuauserv from a Command Prompt.
  • Rename the software distribution folder (for example, C:\Windows\SoftwareDistribution).
  • Restart the Automatic Update service by running sc start wuauserv from a Command Prompt.
  • From a Command Prompt, run wuauclt /resetauthorization /detectnow.
  • From a Command Prompt, run wuauclt /reportnow.

Check for clients with the same SUSclient ID

You may experience an issue where only one WSUS client appears in the console. Or you may notice that out of a group of clients, only one appears in the console at a time but the exact one that does appear may change over time. This issue can happen when systems are imaged and the clients end up having the same SUSclientID.

For those clients that aren't working properly because of the same SUSclientID, complete the following steps:

  • Stop the Automatic Updates service by running sc stop wuauserv from a Command Prompt.

  • Delete the SUSclientID registry key from the following location:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate

  • Restart the Automatic Update service by running sc start wuauserv from a Command Prompt.

  • From a Command Prompt, run wuauclt /resetauthorization /detectnow.

    (Video) 8. How to Configure Client Side Targeting in WSUS Server 2019

  • From a Command Prompt, run wuauclt /reportnow.

Videos

1. Windows server 2019 - How to Resolve Wsus Server Connection Error | Fix: WSUS Connection Error
(IT Helpdesk)
2. WSUS Patching Process Step By Step | Windows Server 2019
(KapTechPro)
3. Working with WSUS
(David Dalton)
4. Server 2019 Training 16 – Fatal Error Post Installation Troubleshooting WSUS, Windows Server 2019
(CCNA MCITP)
5. Setting up Windows Server Update Services (WSUS) on 2012 R2
(Patrick Hornung)
6. WSUS Maintenance and SQL Optimization for ConfigMgr with Q&A
(Patch My PC)
Top Articles
Latest Posts
Article information

Author: Patricia Veum II

Last Updated: 10/20/2022

Views: 6135

Rating: 4.3 / 5 (44 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Patricia Veum II

Birthday: 1994-12-16

Address: 2064 Little Summit, Goldieton, MS 97651-0862

Phone: +6873952696715

Job: Principal Officer

Hobby: Rafting, Cabaret, Candle making, Jigsaw puzzles, Inline skating, Magic, Graffiti

Introduction: My name is Patricia Veum II, I am a vast, combative, smiling, famous, inexpensive, zealous, sparkling person who loves writing and wants to share my knowledge and understanding with you.