UPDATE: WSUS 3.0 SP2 will not reinstall. There is an expired certificate in the installer package for SUSDB that will cause the setup to fail. Unless Microsoft decides to recompile the installer package this will not be fixed.
I figured I would create a post on WSUS (Windows Server Update Services) and SBS (Small Business Server). More specifically I want to talk about the most common issue I see with my customers. The WSUS database grows to a very large size causing a number of symptoms.
- The WSUS console disconnects.
- The SBS console shows Update status as not available.
- The updates tab in the SBS console shows “An error occured while retrieving updates information” for all four update categories.
- Clients are not able to connect to WSUS and/or are not updating.
According to the research I have done Microsoft does not limit resources or the size of the WSUS database. However in practice I have seen that when the SUSDB exceeds 10GB issues start to crop up. I have found the easiest and fastest fix is to remove and reinstall WSUS. Below are the steps for SBS 2011*:
- Remove WSUS.
- Go to Control Panel then Programs and Features.
- Highlight Windows Server Update Service 3.0 SP2 and choose Uninstall.
- Check all three boxes to remove the database, logs and downloaded updates.
- Complete the uninstall wizard.
- If the uninstall fails, see this article.
- Reinstall WSUS.
- Open an administrative command prompt
- Change directories to C:\Program Files\Windows Small Business Server\Bin\CMPNENTS\WSUS_SP2
- Run the following command**: WSUS30-KB972455-x64.exe /q DEFAULT_WEBSITE=0 CREATE_DATABASE=1 CONTENT_LOCAL=1 CONTENT_DIR=C:\WSUS WYUKON_DATA_DIR=C:\WSUS
- The install will take anywhere from 2-10 minutes depending on hardware. To verify the install is complete look for an event ID 1042 in the application event log. If the install crashes, just rerun the above command again.
- Perform the SBS customizations.
- Click Start, click Administrative Tools, and then click Microsoft Windows Server Update Services
- In Update Services, expand the name of the server, and then click Options.
- Click Products and Classifications, and then on the Products tab, verify that all check boxes are selected.
- In the Products and Classifications dialog box, click the Classifications tab, and then check the following boxes:
- Critical Updates
- Definition Updates
- Security Updates
- Service Packs
- Update Rollups
- In Options, click Update Files and Languages, click the Update Languages tab, choose the option Download updates only in these languages, and then verify that English is selected.
- In Options, click Synchronization Schedule, click Synchronize automatically, and then, in First synchronization, change the time to 10:00:00 P.M. Click OK.
- In Update Services, expand Computers, click All Computers, and then in Actions, click Add Computer Group. Add the following computer groups:
- Update Service Excluded Computers
- Update Services Client Computers
- Update Services Server Computers
- Update WSUS so that it will work with Windows 8 and higher clients.
- Download the Microsoft update KB2734608.
- Install the update.
- Reboot the server. The server must be rebooted before the first synchronization with Microsoft update servers. If it is not, then WSUS and clients may require additional steps to repair.
* For the SBS 2008 the steps are the same, but WSUS 3.0 SP2 will need to be downloaded from the Microsoft site. You can find it here. Make sure and download the x64 version.
** Now is a great time to move the WSUS database and content repository to another drive. It will be more difficult to move the WSUS DB later. To move the location, change the C:\WSUS to another drive. For example D:\WSUS. Make sure and change both instances.
Glennopedia 
Great Article & Good Advice
LikeLike
Awesome, many thanks Glenn!
LikeLike
Great article and steps have worked flawlessly on two SBS 2011 installs. Thanks!
LikeLike
Glenn, thanks for a neatly written process. A quick question – what does it mean in the last step (from a practical point) ” The server must be rebooted before the first synchronization with Microsoft update servers. If it is not, then WSUS and clients may require additional steps to repair.”
LikeLike
If the reboot does not happen I have seen clients have issues synchronizing with the WSUS server. The connection to the server can become corrupt. If that happens it has to be fixed from the client by clearing the software distribution folder.
LikeLike
Glenn, another question if it is OK with you: what implications of not installing WSUS at all: I mean can we just leave SBS 2011 without WSUS and live happily thereafter?
LikeLike
Thanks, Glenn, what I meant by my post was “do we better to set sync to MANUAL, reboot and then set it to AUTO @ 22:00?”. Otherwise, if someone does procedure after 21:00, they can be trapped into database corruption due to no reboot before sync kicks off.
This is our scenario today as we are testing steps in the lab just between 21:00 and 22:00.
LikeLike
I have not tested this scenario personally. I have seen at least one of my customers not reboot though. The problems that I saw were limited to the client side. Basically the clients attempted to check in with with the server and failed. Unfortunately even after a reboot the clients failed still and we were seeing errors in the Windows update client. So it is more important to do a reboot before the clients start checking in (default is 3AM) than it is with the sync itself.
As for your first question, yes you can remove WSUS from SBS 2011 and be just fine. I have another article on here about disabling WSUS in SBS 2011. Just ensure you remove the GPO links, otherwise your clients will still be looking to the SBS server for updates.
LikeLike
Thanks, Glenn, Our main hate for WSUS is its disk consumption coupled with Microsoft ignorance of their slack design issue. Therefore we need to get back those 80GB it now consumes. Disabling WSUS won’t work (to recover disk space), so we want to UNINSTALL it.
I have checked your article “DISABLING WSUS” which to my belief only partly applicable to our plan (in part of unlinking 4x GPOs). Cross-checking other resources, I found an article which states that only a single GPO needs to be corrected (disabled): “Administrative Templates – Windows Components – Windows Updates – Specify intranet Microsoft update service location”. Do you know the reason why all 4x GPO needs to be unlinked? If we do so, clients won’t get any settings for Windows Updates, meaning we will lose control of how Win updates applied, so I wanted to check this with you.
And another question: do you know how long it could take to uninstall WSUS with database=80gb?
Thanks in advance/
LikeLike
You are correct on the GPO. Technically you only need to remove the one setting for the WSUS server. So if you want to maintain control over scheduling updates you could do that with the existing GPO.
As for the uninstall it doesn’t really matter how big the DB and repository are. The uninstall should take about 2-8 minutes depending on your hardware.
LikeLike
Thank you Glenn.
We tried to uninstall however it did not go successfully and didn’t provide any errors either. Tried to locate some logs however could find anything useful. In APPS logs there are 2x events:1001 “Event Name: WSUSSetup/Response: Not available”.
Now WSUS is not listed in PROGRAMS AND FEATURES however WSUS starts up ok and updates are listed OK in SBS CONSOLE>UPDATES tab.
Had to go through FAILED UINSTALL part of your solution, interesting to mention that key value SqlInstanceIsRemote was = 0 (zero)
Anyway, changed key wYukonInstalled=0 and removed via ROLES, it went OK!
During this process the free disk space lost 2gb, so we are on 15gb now and we need to kill WSUS folder to claim disk space back.
Could you guide me through the process of manually removing this WSUS folder considering WSUS database at the time of removal was available and running OK, and to my understanding is connected and running now.
LikeLike
Here is how I would recommend cleaning up the WSUS folder:
1. Connect to SQL Management Studio Express as administrator
2. Connect to the WID (Windows Internal Database) with the following string in management studio: \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
3. Detach the SUSDB database. (right-click the database and choose detach)
4. Delete the WSUS folder from the hard drive.
Additionally, you can now safely disable the WID service or remove the WID from Windows Features. This would be done to save server resources.
LikeLike
Hi Glenn
I have used your guide before with great success. However, today it is not working for me. the installation fails at the configuring the database stage. The Wsussetup.log shows the following at the end.
2018-08-09 15:32:34 Error MWUSSetup InstallWsus: MWUS Installation Failed (Error 0x80070643: Fatal error during installation.)
2018-08-09 15:32:34 Error MWUSSetup CInstallDriver::PerformSetup: WSUS installation failed (Error 0x80070643: Fatal error during installation.)
2018-08-09 15:32:34 Error MWUSSetup CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
Any ideas as to how to reinstall WSUS?
Many Thanks
Rob
LikeLike
I would suggest going back further in the log to find the specific error. Unfortunately the 0x80070643 error is just telling us something went wrong during the install. If we think the WID (Windows Internal Database) is a problem, then I would completely uninstall the WID feature from Server Manager and reboot before trying the WSUS install again. The WSUS install with automatically add the WID back.
LikeLike
Thanks for your reply. I did remove the WID but that didn’t help the reinstall. Also, the remote access website now appears to be broken after removal of WID
LikeLike
I would like to add a correction. It was not the removal of WID that caused the remote access website. it was the removal and reinstall of .net framework 4.7 which caused the issue with the website. My apologies.
LikeLike
Hi Glen, I have tried a few re-installation attempts, and am getting the same as Rob above. The entire log for each re-install attempt is:
2018-10-29 20:43:34 Success MWUSSetup Validating pre-requisites…
2018-10-29 20:43:36 Error MWUSSetup Failed to determine if an higher version of WSUS is installed. Assuming it is not… (Error 0x80070002: The system cannot find the file specified.)
2018-10-29 20:43:36 Error MWUSSetup WSUS is outdated. But this will not block setup (Error 0x00000000: The operation completed successfully.)
2018-10-29 20:43:36 Success MWUSSetup Initializing installation details
2018-10-29 20:43:36 Success MWUSSetup Skipping Asp.Net install since not running on win2k3…
2018-10-29 20:43:36 Success MWUSSetup Installing wYukon using ocsetup
2018-10-29 20:43:36 Success MWUSSetup Windows Internal database is already installed on this machine
2018-10-29 20:43:36 Success MWUSSetup Installing WSUS…
2018-10-29 20:43:43 Success CustomActions.Dll Unable to get INSTALL_LANGUAGE property, calculating it…
2018-10-29 20:43:43 Success CustomActions.Dll The system language ENA is not supported. Using English resources…
2018-10-29 20:43:44 Success CustomActions.Dll Successfully set propery of WSUS admin groups’ full names
2018-10-29 20:43:44 Success CustomActions.Dll .Net framework path: C:\Windows\Microsoft.NET\Framework64\v4.7.3062
2018-10-29 20:43:46 Success CustomActions.Dll Creating user group: WSUS Reporters with Description: WSUS Administrators who can only run reports on the Windows Server Update Services server.
2018-10-29 20:43:46 Success CustomActions.Dll Creating WSUS Reporters user group
2018-10-29 20:43:46 Success CustomActions.Dll WSUS Reporters user group already exists
2018-10-29 20:43:46 Success CustomActions.Dll Successfully created WSUS Reporters user group
2018-10-29 20:43:46 Success CustomActions.Dll Creating user group: WSUS Administrators with Description: WSUS Administrators can administer the Windows Server Update Services server.
2018-10-29 20:43:46 Success CustomActions.Dll Creating WSUS Administrators user group
2018-10-29 20:43:46 Success CustomActions.Dll WSUS Administrators user group already exists
2018-10-29 20:43:46 Success CustomActions.Dll Successfully created WSUS Administrators user group
2018-10-29 20:43:46 Success CustomActions.Dll Successfully created WSUS user groups
2018-10-29 20:43:47 Success CustomActions.Dll Succesfully set binary SID property
2018-10-29 20:43:47 Success CustomActions.Dll Succesfully set binary SID property
2018-10-29 20:43:47 Success CustomActions.Dll Successfully set binary SID properties
2018-10-29 20:45:14 Success CustomActions.Dll CopyADMFile:The system locale ENA is not supported. Using English…
2018-10-29 20:46:37 Error MWUSSetup InstallWsus: MWUS Installation Failed (Error 0x80070643: Fatal error during installation.)
2018-10-29 20:46:37 Error MWUSSetup CInstallDriver::PerformSetup: WSUS installation failed (Error 0x80070643: Fatal error during installation.)
2018-10-29 20:46:37 Error MWUSSetup CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
2018-10-29 20:46:37 Success MWUSSetup An error occurred while performing setup. Please refer to the error logs for details
2018-10-29 20:46:37 Error MWUSSetup DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)
LikeLike
Unfortunately it doesn’t appear that we have enough information in the above log. The last error is very generic. It usually indicates some other error occurred.
It appears you have successfully removed WSUS, so I don’t think that is the issue.
My only guess at this point is the problem might be related to .NET. Since WSUS 3 is EOL (End of Life) there are no more updates and no testing. It is possible there is a conflict between the very new .NET 4.7 and the older version of WSUS. I am have not personally tested this in a lab environment, so this is just conjecture. The problem could also be related to something else entirely.
LikeLike