Terminal Servers (WSUS clients) are not reporting to WSUS 3.0 serv

Discussion in 'Update Services' started by Sue, Jan 22, 2009.

  1. Sue

    Sue Guest

    Hello,
    I would like to contact WSUS supporting team to verify if WSUS 3.0 doesn’t
    support WSUS CLIENTS that are functioning as terminal servers. The release
    note of WSUS 3.0 SP1 specifies that WSUS 3.0 SP1 is not supporting servers
    running TS. However, not sure if WSUS 3.0 SP1 is not supporting clients
    running TS either.

    Our setup is as following:
    The WSUS server is a W2k3 SP1 server running WSUS 3.0 SP1.
    The problematic WSUS clients are several W2k3 SP1 servers configured as
    Terminal Service Servers.

    Windows updates are deployed to domain servers via GPOs. All WSUS clients
    are able to report to the WSUS server properly except these terminal servers.
    The Windowsupdates.logs on the terminal servers displayed Error 0x80092026
    which means "Crypt_E_Security_Settings: The cryptographic operation failed
    due to a local security option setting".

    Also I tried to run manually Windows updates from IE however Active X
    couldn’t be installed on IE6. Further investigation shown Cryptographic issue
    on these TS servers.
    -
    Running WSUS Client Diagnostic Tool on all the Terminal Servers returned All
    Pass results on all TS servers.

    The following is the result of WSUS Client Diagnostic Tool on one of the
    terminal servers:

    “WSUS Client Diagnostics Tool

    Checking Machine State
    Checking for admin rights to run tool . . . . . . . . . PASS
    Automatic Updates Service is running. . . . . . . . . . PASS
    Background Intelligent Transfer Service is running. . . PASS
    Wuaueng.dll version 7.0.6000.374. . . . . . . . . . . . PASS
    This version is WSUS 2.0

    Checking AU Settings
    AU Option is 3 : Notify Prior to Install. . . . . . . . PASS
    Option is from Policy settings

    Checking Proxy Configuration
    Checking for winhttp local machine Proxy settings . . . PASS
    Winhttp local machine access type
    <Direct Connection>
    Winhttp local machine Proxy. . . . . . . . . . NONE
    Winhttp local machine ProxyBypass. . . . . . . NONE
    Checking User IE Proxy settings . . . . . . . . . . . . PASS
    User IE Proxy. . . . . . . . . . . . . . . . . NONE
    User IE ProxyByPass. . . . . . . . . . . . . . NONE
    User IE AutoConfig URL Proxy . . . . . . . . . NONE
    User IE AutoDetect
    AutoDetect not in use

    Checking Connection to WSUS/SUS Server
    WUServer =
    http://tv2ti-wsus-01.iptv.selfhost.corp.microsoft.com

    WUStatusServer =
    http://tv2ti-wsus-01.iptv.selfhost.corp.microso
    ft.com
    UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
    Connection to server. . . . . . . . . . . . . . . . . . PASS
    SelfUpdate folder is present. . . . . . . . . . . . . . PASS

    Press Enter to Completeâ€

    A progress i made was diabling AV services and re-registering Windows Update
    system files (.dlls) on the terminal servers, which made the TS servers
    reporting to WSUS serve again!
    However, 0x80092026 error exists and caused Windows updates fail to be
    deployed to the clients still. In order to fix the update issue, resolving
    the root cause of cryptographic error seems a must.

    Just want to verify with MS WSUS technician that cryptographic issue on the
    TS servers are not the reason that WSUS 3.0 SP1 doesn't support server
    running TS. Then we can jump into the resolution to cryptographic.

    Thank a lot!
    Sue
     
    Sue, Jan 22, 2009
    #1
    1. Advertisements

  2. WSUS 3.0 *DOES* support Terminal Servers as client systems.
    That means you cannot install WSUS on a Terminal Server system.
    Never seen this one before. Gonna take a shot in the dark: Any chance your
    Terminal Services administrators have implemented a mandatory IPSec Policy
    for the Terminal Services servers?

    Or maybe you just have a whole slew of issues on those Terminal Servers that
    need to be resolved?
    Well *THAT* surely isn't a valid URL for a WSUS Server!

    Looks like somebody has misconfigured your DNS!

    Or is simply mistaken about the correct URL for a *local* WSUS Server.

    Either way, I guarantee you anything with a microsoft.com tacked on the end
    of it is trying to resolve to an INTERNET address, and the above URL
    definitively fails DNS resolution.


    --
    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)

    MS WSUS Website: http://www.microsoft.com/wsus
    My Websites: http://www.onsitechsolutions.com;
    http://wsusinfo.onsitechsolutions.com
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
     
    Lawrence Garvin \(MVP\), Jan 22, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.