This article details how to troubleshoot WSUS Connection issues with SCCM. Especially useful when you get errors around WSUS not connecting to the SCCM server.
SCCM relies on WSUS to check for and apply patches, you need a WSUS Server and integrated with SCCM for deploying patches.
Having said that, if you are using SCCM to deploy software updates, you shouldn’t use the WSUS console to synchronize updates or manage updates. Only SCCM console should be used to synchronize and deploy updates.
Many organizations today use Configuration Manager (SCCM) to deploy software updates to computers. You get a better control over the updates deployments with SCCM and WSUS integrated.
Troubleshoot WSUS Connection Issues with SCCM
In this section, we will look at different examples on how to troubleshoot WSUS connection issues with SCCM. With WSUS and SCCM integrated, you may encounter several issues with WSUS and you can use SCCM to troubleshoot such issues.
Troubleshooting these WSUS issues could be difficult and in such situations you must review the WSUS log files and SCCM log files to identify and resolve issues.
You can encounter numerous issues when you don’t do routine maintenance on your WSUS server.
Remote configuration failed on WSUS Server
When using SCCM to deploy updates, you may notice the Software Update Point stops working, and you end up with error Remote configuration failed on WSUS Server.
The Remote configuration failed on WSUS Server is logged in WCM.log.
System.Net.WebException: The request failed with HTTP status 503: Service Unavailable Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber
Setting new configuration state to 3 (WSUS_CONFIG_FAILED) SMS_WSUS_CONFIGURATION_MANAGER (0x4BF8)
Remote configuration failed on WSUS Server.
WSUS Sync failed: The operation has timed out
Another issue with WSUS and SCCM that you can encounter is WSUS Sync failed: The operation has timed out. The below errors are logged in wsyncmgr.log.
Sync failed: The operation has timed out. Source: Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebRespone
Sync failed. Will retry in 60 minutes
WSUS Server Connection Error
One of the common errors encountered while using WSUS console is the server connection error. The error details are as follows:
Error: Connection Error
An error occurred trying to connect the WSUS server. This error can happen for a number of reasons. Check connectivity with the server. Please contact your network administrator if the problem persists.
Typically, when these errors occur, it means the maintenance hasn’t been performed recently or never has been done on the WSUS server, and the WSUS database is bloated.
Utilize WSUS Maintenance Options in SCCM
To troubleshoot WSUS connection issues with SCCM, you can make use of WSUS maintenance options. On the Software Update Point properties, the WSUS Maintenance tab now contains 3 new WSUS maintenance options.
- Decline expired updates in WSUS according to Supersedence rules.
- Add non-clustered indexes to the WSUS database to improve WSUS cleanup performance.
- Remove obsolete updates from the WSUS database.
Use WSUS Server Cleanup Tool
The WSUS Server cleanup tool is a good tool to clean up expired and stale updates from WSUS. You cannot run this tool from SCCM console and have to manually run it using WSUS console.
This server cleanup wizard can perform the following activities on WSUS Server:
- Removes unused updates and update revisions (older updates and unapproved update revisions).
- Deletes client computers that have not contacted the server for thirty days or more.
- Deletes update files that aren’t required anymore.
- Decline expired updates and superseded updates.
From my experience, when the WSUS database is bloated and maintenance has never really been done, the tool will usually freeze and crash, but here are steps you can try using this tool.
If you’re new to clean up tool, read how to use WSUS Server cleanup tool to clean updates.
Situations I have experienced where none of the above had worked and what I had to do to fix it.
As mentioned above, I have seen where all maintenance tasks will fail. Therefore, manual intervention is needed by running PowerShell scripts and ensuring that the database follows the recommended SQL Maintenance.
Decline superseded updates in WSUS
Most of you may want to decline superseded updates in WSUS and yes, there is a PowerShell script that you can use. I have seen this timeout and usually, this will happen if you are seeing WSUS node failures as mentioned above.
If you are using standalone Windows Server Update Services (WSUS) servers or an older version of Configuration Manager, you can manually decline superseded updates by using the WSUS console.
You can download the PowerShell script to decline superseded updates in WSUS.
While you troubleshoot WSUS connection issues with SCCM, if the above PowerShell script didn’t work for you, you can go with another PowerShell script.
WSUS Updates Cleanup Script
The difference with this one is that the script will attempt to re-establish the connection if it is broken. This script will run the WSUS cleanup task using stored procedures in the WSUS database, thus avoiding timeout errors from running the WSUS Cleanup Wizard.
I have to say that I had much more success with this script, and you can Download WSUS Cleanup Scripts from GitHub.
The PowerShell script is intended to run as a scheduled task on WSUS server but can also be used remotely. $SqlServer and $SqlDB variables must be defined before running the script on a server without WSUS.
The below screenshot shows how you can run the WSUS cleanup script to clean the WSUS updates.
Runs WSUS cleanup task using stored procedures in WSUS database thus avoiding timeout errors that may occur when running WSUS Cleanup Wizard.
After you get your WSUS environment back to a better state, you can set up a Scheduled Task to run WSUS PowerShell cleanup scripts whenever it is needed.
I hope this article helps you to troubleshoot WSUS connection issues with SCCM and scripts. If you have any questions, please let me know in comments section.
