Some clients fail to use alternative SSL port?

WSUS 3 SP2

Clients XP SP2
Running SSL on an alternative port
wuauserv.dll - 5.4.37090.2180

Hi All

One client laptop is fine, the other insists on trying to connect to port
443 and not the alternative port set in its registry... Therefore it never
registers in the console.

Driving me nuts

Checked registry - OK
Watched TCPView connection and can see attempts on port 443 - but reg keys
state alternative port!
Rebooted
Waited hours - just incase
Reset Hardware ID run /detectnow

Run out of ideas

Please help.


Many thanks
Lea

Forgot to mention...


https://myserver:1234/iuident.cab
https://myserver:1234/selfupdate/iuident.cab
https://myserver:1234/clientwebservi...verversion.xml
https://myserver:1234/simpleauthwebs...impleauth.asmx

All OK.

telnet myserver 1234 - connection is established

NO FW on client machine.

Regards
Lea

"LeaUK" wrote:

> WSUS 3 SP2
>
> Clients XP SP2
> Running SSL on an alternative port
> wuauserv.dll - 5.4.37090.2180
>
> Hi All
>
> One client laptop is fine, the other insists on trying to connect to port
> 443 and not the alternative port set in its registry... Therefore it never
> registers in the console.
>
> Driving me nuts
>
> Checked registry - OK
> Watched TCPView connection and can see attempts on port 443 - but reg keys
> state alternative port!
> Rebooted
> Waited hours - just incase
> Reset Hardware ID run /detectnow
>
> Run out of ideas
>
> Please help.
>
>
> Many thanks
> Lea
>

"LeaUK" <> wrote in message
news:568F0A83-536F-4F9C-B99B-...

> wuauserv.dll - 5.4.37090.2180

This is a critical defect. The Windows Update Agent here is ancient. This
version of the AU client does not support SSL connectivity.

Likely you'll need to download the WUAgent from the Download center
[WindowsUpdateAgent30-x86.exe] and install it to this machine from the
command line.


--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)

My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

"LeaUK" <> wrote in message
news:FA589120-67F1-4C8B-B386-...
> Forgot to mention...
>
>
> https://myserver:1234/iuident.cab
> https://myserver:1234/selfupdate/iuident.cab
> https://myserver:1234/clientwebservi...verversion.xml
> https://myserver:1234/simpleauthwebs...impleauth.asmx

>> wuauserv.dll - 5.4.37090.2180

In addition to not supporting SSL, this ancient version of the AU client
also only supports connectivity to web servers on port 80.


--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)

My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

"Lawrence Garvin [MVP]" wrote:

> "LeaUK" <> wrote in message
> news:568F0A83-536F-4F9C-B99B-...
>
> > wuauserv.dll - 5.4.37090.2180
>
> This is a critical defect. The Windows Update Agent here is ancient. This
> version of the AU client does not support SSL connectivity.
>
> Likely you'll need to download the WUAgent from the Download center
> [WindowsUpdateAgent30-x86.exe] and install it to this machine from the
> command line.
>

Thanks Lawrence, can you believe it, I typo'd, the actual version is:

5.4.3790.2180

It connects fine on one laptop yet another (huge batch) will fail

Both laptops are Win XP SP2 (so not too ancient) with the same dll version,
one connects on custom port the other tries connecting on :443 and fails.

Very confused and panicking now as I really don't want to work out how to
manually push the later version out to clients.

If I open port 80 will clients be able to update this dll/service without
having to manually distribute?

Please help…


Many thanks
Lea

>
> --
> Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2010)
>
> My Blog: http://onsitechsolutions.spaces.live.com
> Microsoft WSUS Website: http://www.microsoft.com/wsus
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>

I updated the failing client using windowsupdateagent30-x86 v 6.2.29.0 and
surprisingly wuauserv.dll remained at 5.4.3790.2180 but on test the laptop
connected to the WSUS server on the custom port instantly and perfectly!


So the obvious next question...is there anyway to update clients via WSUS?
I suspect I will have to point clients at a standard port first (80) then
change them to the custom port at a latter time but that's not nice....

Any help always appreciated..

Lea





"LeaUK" wrote:

>
>
> "Lawrence Garvin [MVP]" wrote:
>
> > "LeaUK" <> wrote in message
> > news:568F0A83-536F-4F9C-B99B-...
> >
> > > wuauserv.dll - 5.4.37090.2180
> >
> > This is a critical defect. The Windows Update Agent here is ancient. This
> > version of the AU client does not support SSL connectivity.
> >
> > Likely you'll need to download the WUAgent from the Download center
> > [WindowsUpdateAgent30-x86.exe] and install it to this machine from the
> > command line.
> >
>
> Thanks Lawrence, can you believe it, I typo'd, the actual version is:
>
> 5.4.3790.2180
>
> It connects fine on one laptop yet another (huge batch) will fail
>
> Both laptops are Win XP SP2 (so not too ancient) with the same dll version,
> one connects on custom port the other tries connecting on :443 and fails.
>
> Very confused and panicking now as I really don't want to work out how to
> manually push the later version out to clients.
>
> If I open port 80 will clients be able to update this dll/service without
> having to manually distribute?
>
> Please help…
>
>
> Many thanks
> Lea
>
> >
> > --
> > Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
> > Principal/CTO, Onsite Technology Solutions, Houston, Texas
> > Microsoft MVP - Software Distribution (2005-2010)
> >
> > My Blog: http://onsitechsolutions.spaces.live.com
> > Microsoft WSUS Website: http://www.microsoft.com/wsus
> > My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
> >
>
>
>

"LeaUK" <> wrote in message
newsAC57E8F-B7E9-4262-8172-...

> So the obvious next question...is there anyway to update clients via WSUS?

Well, yes, by upgrading the WSUS Server. :-)

WSUS v3 SP2 distributes the v7.4 WUAgent
WSUS v3 SP1 distributes the v7.1 WUAgent
WSUS v3 RTW distributes the v7.0 WUAgent

For brand new installs of Windows XP, if they're deployed to XP Service Pack
2, they should automatically selfupdate the 'SP2' agent to the agent
provided by your WSUS server, presuming that the /selfupdate feature is
available on port 80 of the WSUS Server.


--
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2010)

My Blog: http://onsitechsolutions.spaces.live.com
Microsoft WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin

"Lawrence Garvin [MVP]" wrote:

> "LeaUK" <> wrote in message
> newsAC57E8F-B7E9-4262-8172-...
>
> > So the obvious next question...is there anyway to update clients via WSUS?
>
> Well, yes, by upgrading the WSUS Server. :-)
>
> WSUS v3 SP2 distributes the v7.4 WUAgent
> WSUS v3 SP1 distributes the v7.1 WUAgent
> WSUS v3 RTW distributes the v7.0 WUAgent
>
> For brand new installs of Windows XP, if they're deployed to XP Service Pack
> 2, they should automatically selfupdate the 'SP2' agent to the agent
> provided by your WSUS server, presuming that the /selfupdate feature is
> available on port 80 of the WSUS Server.
>

Clients are all WinXP SP2, but were failing to autoupdate. I tracked down
the cause. I noticed in the event log that the API remoting service was
failing and this was caused by wsusutil configuressl being set with the
external DNS name (at install I thought this was the correct option), however
changing this to the internal server name resolved the event log messages.
Running wsusutil checkhealth reveals all is OK and clients can now receive
latest WU files - checked via their windowsupdate.log files.

With regards to the dll versions, I have realised why the dll doesn't change
version, I'm looking at the service dll not the 'heart' of WSUS. Wuaueng.dll
is the file to review WU version.

This is a useful script:

Dim oAgentInfo, ProductVersion
Set oAgentInfo = CreateObject("Microsoft.Update.AgentInfo")
Wscript.Echo "C:\Windows\System32\wuapi.dll version: " &
oAgentInfo.GetInfo("ProductVersionString")
Wscript.Echo "WUA version : " & oAgentInfo.GetInfo("ApiMajorVersion") & "."
& oAgentInfo.GetInfo("ApiMinorVersion")

Thanks Lawrence..

>
> --
> Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
> Principal/CTO, Onsite Technology Solutions, Houston, Texas
> Microsoft MVP - Software Distribution (2005-2010)
>
> My Blog: http://onsitechsolutions.spaces.live.com
> Microsoft WSUS Website: http://www.microsoft.com/wsus
> My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
>

"LeaUK" wrote:

>
>
> "Lawrence Garvin [MVP]" wrote:
>
> > "LeaUK" <> wrote in message
> > newsAC57E8F-B7E9-4262-8172-...
> >
> > > So the obvious next question...is there anyway to update clients via WSUS?
> >
> > Well, yes, by upgrading the WSUS Server. :-)
> >
> > WSUS v3 SP2 distributes the v7.4 WUAgent
> > WSUS v3 SP1 distributes the v7.1 WUAgent
> > WSUS v3 RTW distributes the v7.0 WUAgent
> >
> > For brand new installs of Windows XP, if they're deployed to XP Service Pack
> > 2, they should automatically selfupdate the 'SP2' agent to the agent
> > provided by your WSUS server, presuming that the /selfupdate feature is
> > available on port 80 of the WSUS Server.
> >
>
> Clients are all WinXP SP2, but were failing to autoupdate. I tracked down
> the cause. I noticed in the event log that the API remoting service was
> failing and this was caused by wsusutil configuressl being set with the
> external DNS name (at install I thought this was the correct option), however
> changing this to the internal server name resolved the event log messages.
> Running wsusutil checkhealth reveals all is OK and clients can now receive
> latest WU files - checked via their windowsupdate.log files.
>

No they cant Some update correctly, most do not. A bit frustrating.
All register with the console, majority fail to selfupdate. All fail to
report.

Run the WU 7.4 update, all report immediately.

Due to timescales I have had to resort to pushing the WU 7.4 update out by
GPO, but I do need to resolve this for my 1000's of external clients.

No http(s) proxy
Connection to selfupdate cab files via IE all OK
Will review update.log for clues

More fun



> With regards to the dll versions, I have realised why the dll doesn't change
> version, I'm looking at the service dll not the 'heart' of WSUS. Wuaueng.dll
> is the file to review WU version.
>
> This is a useful script:
>
> Dim oAgentInfo, ProductVersion
> Set oAgentInfo = CreateObject("Microsoft.Update.AgentInfo")
> Wscript.Echo "C:\Windows\System32\wuapi.dll version: " &
> oAgentInfo.GetInfo("ProductVersionString")
> Wscript.Echo "WUA version : " & oAgentInfo.GetInfo("ApiMajorVersion") & "."
> & oAgentInfo.GetInfo("ApiMinorVersion")
>
> Thanks Lawrence..
>
> >
> > --
> > Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
> > Principal/CTO, Onsite Technology Solutions, Houston, Texas
> > Microsoft MVP - Software Distribution (2005-2010)
> >
> > My Blog: http://onsitechsolutions.spaces.live.com
> > Microsoft WSUS Website: http://www.microsoft.com/wsus
> > My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin
> >
>