Troubleshooting software update synchronization in Configuration Manager

Ισχύει για: System Center Configuration Manager

Introduction


This article helps you diagnose and resolve the following common issues with software update synchronization in System Center Configuration Manager current branch, 2012 R2 and 2012:

We’ll begin by asking if the prerequisites for software update synchronization are met. If the prerequisites are met and you’re still facing the issue, we’ll take you through a series of steps to resolve your issue.

Verify the Prerequisites


The first step in troubleshooting synchronization issues is to verify that the following prerequisites are met:

  • Verify that Prerequisites for software updates in System Center Configuration Manager are met.
  • When the Software Update Point is installed on a remote site system server, the WSUS Administration console must be installed on the site server.
  • Verify that WSUS running on a Software Update Point is not configured to be a Replica.

    To check this, open the WSUS console on the Software Update Point and click Options in the console tree pane, then select Update Source and Proxy Server in the display pane.
  • Verify that the Update Services service is running on the WSUS server.
  • Verify that the Default Website or WSUS Administration website is running on the WSUS server.

Synchronization fails due to authentication and proxy issues


WSUS Configuration Manager (WCM) configures the WSUS server once every hour in order to ensure that the settings configured in WSUS match the setting specified in the Configuration Manager console.

If WCM fails to configure the WSUS Server properly, synchronization attempts can fail with an error similar to the following:

3867_image4
 

You will also find the following error in the WsyncMgr.log file on the Site Server (located in \Logs):

Synchronization may fail due to authentication or proxy issues. When this occurs, you will see an error similar to the following in the WCM.log file:

Note that the error may not always be HTTP status 502, and may in fact be one of the following:

  • HTTP Status 401 Unauthorized
  • HTTP Status 403 Forbidden
  • HTTP Status 407 Proxy Authentication Required
  • HTTP Status 502 Proxy Error
  • No connection could be made because the target machine actively refused it
  • Authentication failed because the remote party has closed the transport stream

Resolution

To fix authentication and/or proxy issues, do the following:

  • Verify that the Update Services service is running on the WSUS Server.
  • Verify that the Default Website or WSUS Administration website is running on the WSUS Server.
  • Verify that the fully qualified domain name (FQDN) for the software update point site system server is correct and accessible from the Site Server.
  • If the Software Update Point is remote from the Site Server, verify that you can connect to the WSUS Server from the Site Server. To do this, connect to the remote WSUS Server using the WSUS Administration Console.
  • Check the port settings configured for the Software Update Point and verify that they are the same as the port settings configured for the Web site used by WSUS running on the Software Update Point.
  • Verify that the proxy and account settings are properly configured for the Software Update Point:
  • Verify that the Software Update Point connection account is configured (if required) and that it has rights to connect to the WSUS Server.
  • Verify that the permissions on the ApiRemoting30 Virtual Directory are set correctly in IIS.
  • If the Software Update Point is configured for SSL, verify that WSUS is properly configured for SSL. For more information, see Secure WSUS with the Secure Sockets Layer Protocol.

Synchronization fails due to Web service issues


Synchronization may be failing due to issues with the Web service. When this occurs, you will see an error similar to the following in the WCM.log file:

Resolution

To fix Web Service issues, do the following:

  • Verify that the Update Services service is running on the WSUS Server.
  • Verify that the Default Website or WSUS Administration website is running on the WSUS Server.
  • Check the port settings configured for the Software Update Point and verify that they are the same as the port settings configured for the Web site used by WSUS running on the Software Update Point.
  • Check the status of the WsusPool Application Pool and the Private Memory Limit (KB) for the Application Pool. For more information, see WSUS sync fails with HTTP 503 errors.

Synchronization fails due to SSL issues


If you are using SSL, verify the following:

Synchronization fails due to issues with the EULA


Synchronization issues can often be traced back to issues relating to the End User Licensing Agreement (EULA). To verify whether this is your issue, do the following:

  1. Review the SoftwareDistribution.log file on the WSUS Server to find out if the EULA’s are not getting downloaded, and if so, why. Look for “.txt” in the log to find relevant entries.
  2. Verify that the firewall is configured to allow communication with Microsoft Update. For more information, see Connection from the WSUS server to the Internet.
  3. Verify the Proxy server settings.
  4. Run the following command from a Command Prompt to have WSUS re-download the missing content, including EULAs:

    %ProgramFiles%\Update Services\Tools\wsusutil.exe reset

Synchronization fails due to errors communicating with Microsoft Update


When this issue occurs, you usually receive errors similar to the following:

Resolution

To fix this issue, do the following:

More Information


For more information about software update synchronization process, see Software updates synchronization.

You can also post a question in our Configuration Manager support forum for security, updates and compliance here.

Visit our blog for all the latest news, information and tech tips on Microsoft System Center Configuration Manager.