Troubleshooting WSUS server

Are you straggling to troubleshoot WSUS server. Those who followed the steps, I mentioned in my previous posting Install and Configure WSUS—Step by Step but couldn’t get it going and still got issue with deployment. you might have few issues with WSUS. Here are solutions for you.

Client not showing in WSUS Server:

There are several reasons client don’t pop up in WSUS server. a) GPO and WSUS miss-configured. b) Proper prerequisite has not been meet both for server and client as I mentioned in my post.

Log on to WSUS sever as Domain Admin. Open WSUS Console>Option>Computers>Select use group policy or registry settings on computers>Apply>ok.

WSUS Console>Server Name>computers>All Computers>Add Proper Computer Groups, I mean client target group you have mentioned in GPO.

Are all the computers and Server pointing proper client target group as you mentioned in GPO? Did you configure parent GPO and computers pointing child GPO???  Check group policy object using GPO management console to find out any miss-configuration!!! Make sure the computer you are looking WSUS console is placed in right GPO. Run gpresult.exe from command prompt to find out computer and user config. Wait until GPO refresh time and you will see client in WSUS console.

Another way to see client quickly in WSUS console is to log on to Windows XP SP2 (Must have SP2) client. Run WUAUCLT /DETECTNOW and GPUPDATE /FORCE  from command prompt. Reboot client. Log back again.

Start menu>run>Type regedit.exe>ok. Now go to HKEY_Local_Machine\Software\Policies\Microsoft\Windows\Windows Update

You are suppose to see

client target group	REG_SZ	Group Name in GPO say Desktop, WindowsXP, Windows7, Server, etc
ClientGroupEnabled	REG_DWORD	0×00000001(1)
WUServer	REG_SZ	Http://ServerName:8530
WUStatusSever	REG_SZ	Http://ServerName:8530

This mean this client is reporting to WSUS server.

Another critical point to note here, don’t use default configuration port that is 80. Use port 8530 because in ISA server or corporate firewall might be pointing this port to corporate web site unless web publisher added in ISA.

WSUS database full of BugCheck Dump causing WSUS to stop functioning:

***This file is generated by Microsoft SQL Server version 9.00.4035.00 upon detection of fatal unexpected error. Please return this file,  the query or program that produced the bugcheck, the database and the error log, and any other pertinent information with a Service Request***

***Stack Dump being sent to c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\SQLDump0154.txt***

I am one of the victim of this SQL error. This will occupy entire disk space in system partition causing WSUS to stop working. This error got nothing to do with WSUS. This is purely SQL problem. It happens when WSUS is running long and you don’t run clean up wizard to clean database and WSUS. I have to be honest here. I am not an SQL Expert. I found some clues by searching books and google, this SQL error occur when SQL index is corrupt. I logged to SQL server using management studio express and follow this Microsoft link and run DBCC CHECKDB.  But this will not solve this issue. Basically, SQL database is screwed. You have to backup database, reinstall WSUS and restore will solve this issue. But my best suggestion would be fresh installation of everything….. start from scratch.

You may also try this link if you require re-indexing database.

Connection Error

“An error occurred trying to connect the WSUS server. This error can happen for a number of reasons. Check connectivity with the server. Please contact your network administrator if the problem persists.
Click Reset Server Node to connect the server again.”

Reason: WSUS-related Web services (IIS) may stop working when you upgrade a Windows Server 2003-based computer to Windows Server 2008

Solutions:

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

Try removing the persisted preferences for the console by deleting the wsus file under C:\Documents and Settings\%username%\Application data\Microsoft\MMC\

To work around this problem, uninstall the ASP.NET role service in IIS, and then use Service Manager to reinstall the service. To do this, follow these steps:

1. Click Start, click Administrative Tools, and then click Server Manager.
2. Expand Roles, and then click Web Server (IIS).
3. In the Role Services section, click Remove Role Services.
4. Disable the ASP.NET check box, and then click Next.
5. Click Remove.
6. Wait for the removal process to finish, and then click Close.
7. In the same Role Services section, click Add Role Services.
8. Enable the ASP.NET check box, and then click Next.
9. Click Install.
10. Wait for the installation process to finish, and then click Close
11. Restart all WSUS related services such as IIS, SQL, Update services (Location Administrative Tools>Services)

WSUS debug tools Download WSUS debug tools from Microsoft WSUS sites. Extract Clientdiag.exe in client machine and WSUS server diagnostic tools in WSUS server. In both case extract in %windir%\system32 location. Open command prompt>change directory to %windir%\system32. Run clientdiag.exe (client machine) and wsusdebugtool.exe (WSUS server) from command prompt. You can run both in wsus server to test whether wsus server is contacting itself for update or not. If you see checking machine state PASS that means client is contacting wsus.

Share this on

Step by Step: Volume Activation for Windows 7 and Windows Server 2008

What is Microsoft product activation? Activation is a method of verification that Microsoft Windows Product you have bought is genuine and comply with copyright laws i.e. it checks that you are not using a counterfeit product. Simply Microsoft wants to know did you pay right amount of $$ for the product you are using. Volume Activation is used for enterprise level users who want to deploy Microsoft products such as Windows 7 and Windows Server 2008 in large scale in an organisation or a company. There are two type of Volume Activation—Key Management Service (KMS) and Multiple Activation Key (MAK)—that allow Volume Licensing customers to activate Volume License editions of the Windows 7 and Windows Server 2008 R2. When planning to use Volume Activation, an organization must choose KMS, MAK, or any combination of the two. The activation methods chosen depend on the needs of the organization and the network infrastructure. You don’t need to be a local Administrator in Windows 7 and Windows Server 2008 R2 for activation. However, for volume activation you must be a domain admin because you need to access domain groups, computers and GPO. Windows eliminates the User Account Control (UAC) prompt during activation, enabling any user who has a standard user account to activate Windows on that computer. However, this change does not allow standard users to remove Windows from the activated state.

Typical Activation Warning:

Configure Firewall in Windows7 and Windows server 2008 for Volume Activation to pass through:

You have to configure the following firewall in Windows 7 and Windows Server 2008  master pc before you deploy large scale using windows deployment services. By default these firewall is blocked restraining  windows 7 and windows server 2008 to communicate with activation site.

Log on Windows 7 or Windows Sever 2008. Control Panel>Windows Firewall and Advanced Settings>Allow Program or feature pass through Windows Firewall>Select Windows Management Instrumentation (WMI)>check domain, public and private>Click Ok.

Go back to Windows Firewall and click on Advanced Settings>Click Filter by Group>Click WMI>Select WMI Async-In>Double Click on WMI Async-In>General Tab>Check Enable and Allow>Advanced Tab>Check Public,Private,Domain>Select allow edge traversal>Apply>ok.

 

Configure Windows Firewall using GPO:

Log on to domain controller as an domain admin. Open GPO management console from Admin Tools. Select Specific Windows 7 and Windows Sever 2008 organisational unit where you want to modify Windows Firewall. Right click on that organizational unit>click edit. Go to Computer Configuration>Administrative Templates> Network>Network Connections>Windows Firewall>Domain Profile & Standard Profile>Select and Modify Windows Firewall: Allow remote administration exception>Select Enable and Type “*” in the box.

 

Windows7 Volume Activation:

You must have MAK  license to do the following. Install windows AIK in Admin PC. Go to All Program>Microsoft Windows AIK>VAMT 1.2 >VAMT

 

Provide MAK Product Key and Validate. Click Add to add MAK.

Select Appropriate Columns to view computer info.

Click Action>Add Computer>Type Computer Group>Select domain>Check gather info>Click ok.

Now select all windows 7 computer>right click>MAK activate.

Good Luck and happy Australia Day

Microsoft References:

Licensing Centre

Troubleshooting VA

How to Choose the Right Volume License Key for Windows

Windows Firewall

Step by Step: How to deploy AutoCAD 2010 or Inventor 2010 through GPO

 

Install License Server

Prepare a Windows Server 2003 or Windows server 2008 machine

Add License server to domain

Insert AutoCAD 2010 or Inventor 2010 Disk1 into DVD or convert DVD into ISO and mount it with server’s DVD if you are virtualizing license server.

In the AutoCAD Installation wizard, click Install Tools and Utilities. On the Select Autodesk Network License Manager and click Next.

click I Accept>click Next.

On the Select the Installation Location page, accept the default installation Path

On the Configuration Complete page, click Configuration Complete to return to the confirmation page.

Install page, click Install.

When the Installation Complete page displays, click Finish.

Configure License Server

Obtain a license file from vendor before config.

In the Lmtools program, on the Service/License File tab, make sure the Configure Using Services option is active. Click the Config Services tab. In the Service Name list, select the service name you want to use to manage licenses.

By default, the service name is FLEXnet Service 1. If FLEXnet® is managing other software on your computer in addition to Autodesk, you can change the service name to avoid confusion, for example, you can rename FLEXnet Service 1 to Autodesk Server1.

In the Path to Lmgrd.exe File field, enter the path to the Network License Manager daemon (lmgrd.exe), or click Browse to locate the file. By default, this daemon is installed in the C:\Program Files\Autodesk Network License Manager folder.

In the Path to the License File box, enter the path to your license file, or click Browse to locate the file.

In the Path to the Debug Log File box, enter a path to create a debug log, or click Browse to locate an existing log file. It is recommended that you save to the \Program Files\Autodesk Network License Manager folder. The log file must have a .log file extension. For new log files, you must enter the .log extension manually.

To run lmgrd.exe as a service, select Use Services.

To automatically start lmgrd.exe when the system starts, select Start Server at Power Up.

Click Save Service to save the new configuration under the service name you selected in earlier step. Click Yes when prompted if you would like to save the settings to the service.

Click the Start/Stop/Reread tab and do one of the following: If a service has not yet been defined for Autodesk, click Start Server to start the license server.

If a service for Autodesk is already defined and running, click ReRead License File to refresh the Network License Manager with any changes made to the license file or Options file.

The license server starts running and is ready to respond to client requests.

Close license manager.

Create Network Deployable Package

Note: You must create deployable Admin package in UNC path.

 

 

Verify the installation package

Log on to a client machine as an Admin. open command prompt.

From command prompt change directory to the location where you created admin package

Type msiexec.exe /i acad.msi /t acad-AutoCAD2010.mst /q

Wait until installation finish

Test AutoCAD 2010 or Inventor 2010 by running the program

Deploy Through GPO

Log on to DC or another machine with GPO management console installed using domain admin right

Select organisational unit in GPO>Right click>Create and link new GPO

Right click newly created GPO>Edit

In the Group Policy Object Editor
dialog box, under Software Settings, right-click Software Installation,
and click New ➤ Package.

In the Open dialog box, make sure the Windows Installer Packages file
(acad-<deplolyment name>-for-GPO.msi) is selected, and click Open.
If you created the administrative image in a location different from the
application distribution share point, find the administrative image
location, and click acad-<deployment name>-for-GPO.msi. Substituting
<deployment name> for the name of the deployment used as the basis for  this GPO package.

Click on Advance

On the Modifications tab, click Add.

In the Open dialog box, click the transform package file (acad-<deployment name.mst) created by the Deployment wizard, and then click Open.  If you created the administrative image in a location different from the  application distribution share point, find the administrative image location and select the transform package file (acad-<deployment name.mst).

UNC Path are:

\\server\Deployment\AdminImage\x86\acad\acad.msi.

\\server\Deployment\AdminImage\x86\acad\acad-AutoCAD2010.mst

This must be repeated for the language pack which is located at

\\server\Deployment\AdminImage\x86\acad\un-us\AcadLP.msi.

\\server\Deployment\Tools\GPO.mst

Share this on

Enhanced Windows Server 2008 Backup Utility

Windows Server 2008  backup utility is completely different from the backup program included with Windows Server 2003. Unlike previous versions, the new utility is designed primarily to back up entire volumes to an external hard disk drive or to an UNC path. The backup utility also uses a different format for its backup files; it uses the Microsoft Virtual Hard Disk (VHD) format, which makes the files accessible to Hyper-V, Virtual PC, and the Complete PC backup utility. Windows Server 2008 backup utility allows you to backup entire drive or selected files or folder. You can perform complete backup or incremental backup. In addition to individual file and folder selection, the backup utility also enables you to create exclusions. An exclusion is a filter that prevents a job from backing up specified files or file types in the selected targets. There are three types of backup destination available in windows backup utility. these are dedicated hard disk drive, volume and UNC path.

System State and Bare Metal Backup

The System State includes the Windows Registry, the Active Directory database if the computer is a domain controller and a number of files that are locked open by the operating system. New windows backup utility enables you to individually select the System State element and a Bare Metal Recovery element. When you select bare metal backup, it will backup system partition and system state also. It will backup in .vhd format. 

To recover an entire computer, you connect your external hard drive containing the backup to the new computer and boot from the Windows Server 2008 R2 installation disk. Select Repair Your Computer in the Windows Setup Wizard>System Recovery Options>Restore Your Computer Using A System Image that you created earlier. Alternatively, you can import that .vhd file into Hyper-v if you desire to decommission physical machine.

Hyper-v Host Backup

To use Windows Server Backup to protect an entire Hyper-V server and its VMs, you must register the VSS Writer with the backup software by creating the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WindowsServerBackup\
Application Support\{66841CD4-6DED-4F4B-8F17-FD23F8DDC3DE}

Right click>Create String value.

Name	Type	Value
Application Identifier	REG_SZ	Hyper-V

With this registry settings, it will backup everything other then virtual network, physical storage attach to VM, iSCSI storage when initiator running inside VM.

How to Screenshots:

 

To schedule a backup, open Windows Server Backup>click on backup schedule>follow the screen as shown below.

 

Here, you can specify destination of backup. I am showing UNC path and disk drive.

Provide domain credential for the safety of backed up data.

You can setup backup performance before taking a backup or scheduling a backup task.

 

To create backup once, click on backup once and follow the screenshots.

Here, you can choose Full (bare metal, disk drive) or custom (files or folders) backup. bare metal will create a .vhd file for Hyper-v.

 

Windows Deployment Services:How to resolve “uploading image to WDS Server The System Cannot find the file specified”

I was stuck for hours and scratching my head to find out a solution of this problem. I googled heaps but outcome is zero. Here, I will show you how to resolve this issue.

Issue: When you uploading image in windows deployment services, it start uploading however in few seconds it stops with error “ The System Cannot find the file specified”

Why it happens? This is an weird problem I have ever seen. What it says in error practically not that case. You will not find any event log for this error in event viewer. It happens for WDS mixed-mode  server. It shows that error for several reasons.

Disk Space in system partition and drive:\Remoteinstall aren’t enough

Disk space for TEMP /TMP folder in %userprofile%\username\Local Settings\TEMP aren’t enough

Mixed-Mode WDS not configured properly

Resolution:

As I said this is a weird error though I have enough space in both partition still I got that error.  However, I did followings to resolve my problem.

Must have more then enough space in C:\ drive and Remoteinstall partition. Remember Microsoft Windows needs extra disk space for Pagefile, shared memory for RAM,  temp folder and on top of that disk space for WDS WIM file in TEMP folder of system partition. Also you need enough disk space for Drive:\remoteinstall\temp folder.

Empty temp folder as shown below

Check Temp folder configuration. System Property>Environment variables. You must point TEMP folder to %Windir%\Documents and Settings\%USERPROFILE%\Local Settings\TEMP.

You must see these four .bcd files in remoteinstall\temp folder after you add boot.wim and winpe.wim image otherwise WDS will not work properly. DO NOT DELETE THESE FILES.

Type WDSUTIL /set-server /DefaultX86X64ImageType:both on command prompt to set WDS boot and read x64 and x86 format image.

Add separate image group for the image you are loading.

  

Install Windows 7 AIK in WDS Server and copy drvstore.dll , cmiv2.dll and xmllite.dll files from %windir%\Program files\Windows AIK\Tools\Servicing to %windir%\system32

Patch up WDS server from http://update.microsoft.com site or WSUS

Now reboot server and you are laughing.