WSUS Trials and Tribulations

Recently I have been working on a WSUS deployment with 2012R2.  Let’s just say it isn’t the smoothest deployment of a feature/role that I have ever done.  With that fun little preface, let’s dig into the challenges that I have faced with this.

For starters, the initial installation of the WSUS role and it’s additional features went off without a hitch.  I synced the server up with Microsoft, did my initial approvals, and set my GPO’s as needed.  It wasn’t until I realized that I had no client machines in my Unassigned/All Computers OU that something was up.  And down the rabbit hole I went for a frustrating amount of time.  The first issue I came across and resolved was my GPO settings.  For record, you need the following two GPO’s applied:

•Configure Automatic Updates

•Specify intranet Microsoft update service location

My issue was with the latter.  I had the format of “Set the intranet update service for detecting updates: ” and “Set the intranet statistics server” as “http://server>”.  This should have included the port number (8530 for non SSL) “http://server:8530“.

Following getting this GPO change applied I finally started (albeit be quite slow) getting client machines connecting.  Great!  Except all the Windows 10 machines in my environment were showing as Windows Vista…how insulting!  So after some digging all over I found a Windows update to correct that little oversight (KB3095113), which you can download here.

We seem to be getting somewhere eh?  Nope!  I saw that my WSUS server had grabbed some updates since I installed the role, so I figured why not install it right?  Might be a useful patch (which in reality, it was).  But naturally it broke stuff.  Post installing the update (KB3159706) I could no longer connect to the WSUS server via the WSUS Console.  Yay!  After digging through Event Viewer logs and hating all things Microsoft, I found the error that led me to the solution: ID 507 “Update Services failed its initialization and stopped.”  I did some Googling and found out that there were manual configuration steps to complete the update (Maybe a little notification for something like that next time Microsoft?  Please?).  Below is the manual steps required to complete the installation for the update:

•Open an elevated CMD and run the following command:

It will take a little while, but eventually you will see “Post install has successfully completed.”

•Add the “HTTP Activation” feature found at “.NET Framework 4.5 Features > WCF Services > HTTP Activation.”

•Restart the WSUS service and you should be able to connect with the WSUS Console again.

After all that heartache, I finally have a functioning WSUS deployment.