WSUS: Error on 2012R2 WSUS Server ERROR: Connection Error console

The WSUS Server Console on a 2012R2 server suddenly does not work anymore. You checked %appdata%\Roaming\Microsoft\MMC\WSUS (Backup, Remove try if it works and restore if did not solve) and this did not help.

You checked all Services and did a reboot of the WSUS and checked space and Size of Internal DB.

Error: Event 507, Windows Server Update Server

Error: Event 7031, The WSUS Server Service terminated

 

Error as Text from GUI

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

 

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

 

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

 

System.IO.IOException -- The handshake failed due to an unexpected packet format.

 

Source System

 

Stack Trace:

at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)

at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)

at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)

at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)

at System.Net.ConnectStream.WriteHeaders(Boolean async)

** this exception was nested inside of the following exception **

 

 

System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send.

 

Source

Microsoft.UpdateServices.Administration

 

Stack Trace:

at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)

at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)

at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()

at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()

 

 

 

Solution:

 

"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

 

 

  • Console should work again

 

 

This article describes an update to a feature that enables Windows Server Update Services (WSUS) to natively decrypt Electronic Software Distribution (ESD) in Windows Server 2012 and Windows Server 2012 R2. Before you install this update, see the Prerequisites section.

Note You must install this update on any WSUS server that is intended to sync and distribute Windows 10 upgrades (and feature updates) that are released after May 1, 2016.

How to get this update

 

Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Windows Update

 

This update is available on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update.

Update detail information

 

Prerequisites

To apply this update in Windows Server 2012 R2, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) installed.

Registry information

To apply this update, you don't have to make any changes to the registry.

 

Restart requirement

You may have to restart the computer after you apply this update.

 

Update replacement information

This update can be installed on top or in place of KB3148812.

 

More information

Manual steps required to complete the installation of this update

  1. Open an elevated Command Prompt window, and then run the following command (case sensitive, assume "C" as the system volume):

"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing

  1. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.

  2. Restart the WSUS service.

If SSL is enabled on the WSUS server

  1. Assign ownership of the Web.Config file to the administrators group (run at an elevated command prompt):
  2. takeown /f web.config /a
  3.  

icacls "C:\Program Files\Update Services\WebServices\ClientWebService\Web.config" /grant administrators:f

  1. Locate the Web.Config file in the following path:

C:\Program Files\Update Services\WebServices\ClientWebService\Web.Config

  1. Make the following changes in the file.

    Note This code sample represents a single text block. The line spacing is used only to emphasize the text changes, which are shown in bold.
  2. <services>
  3. <service
  4. name="Microsoft.UpdateServices.Internal.Client"

behaviorConfiguration="ClientWebServiceBehaviour">

<!--

These 4 endpoint bindings are required for supporting both http and https

-->

<endpoint address=""

binding="basicHttpBinding"

bindingConfiguration="SSL"

contract="Microsoft.UpdateServices.Internal.IClientWebService" />

<endpoint address="secured"

binding="basicHttpBinding"

bindingConfiguration="SSL"

contract="Microsoft.UpdateServices.Internal.IClientWebService" />

<endpoint address=""

binding="basicHttpBinding"

bindingConfiguration="ClientWebServiceBinding"

contract="Microsoft.UpdateServices.Internal.IClientWebService" />

<endpoint address="secured"

binding="basicHttpBinding"

bindingConfiguration="ClientWebServiceBinding"

contract="Microsoft.UpdateServices.Internal.IClientWebService" />

</service>

</services>

  1. Add the multipleSiteBindingsEnabled="true" attribute to the bottom of the Web.Config file, as shown:
  2. </bindings>
  3. <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

</system.serviceModel

 

GPO: WSUS Patches June 2016 disabled security filtered GPO

Important change for all GPO-Admin | Change in way GPO's are applied and filtered.

 

The Windows Updates JUNE 2016 bring up a change in how POLICY GPO (Gruppenrichtlinien) should be filtered to Active Directory Security Groups. You can't anymore JUST remove "Authenticated users" and add a security group under Security Filtering. The Policy will not pull because Microsoft has changed the concept.

German:

GPO welche auf Usergruppen gefiltert sind gehen nach dem Update der Patche nicht mehr wenn Authenticatedusers oder Domaincomputers KEIN read unter Delegation hat.

June 2016 Patches:

KB 3163018

KB 314913

KB 3159398

 

https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP

http://www.gruppenrichtlinien.de/artikel/sicherheitsfilterung-neu-erfunden-ms16-072-patchday-14062016/

This is a normal policy which is not affected by the patches:

Please make a backup of your GPO before changing anything:

Here so see one where we removed the "Authenticated Users" or "Authentifizierte Benutzer" and this needs to get corrected. Leave it as IT IS under security filtering. The place to change it would be under Delegation.

First How NOT to do it (> This would make the POLICY PULL for all!)

Correct way to make it June 2016 Patchday compatible

Make a backup of the GPO before you even think about changing it!

 

Powershell from listed by Stepan Kokhanovskiy on Social MSDN

 

I changed this to a READ only and LIST only version so you can check first if you have SUCH GPO's

$DebugPreference = 'Continue'

 

Write-Debug "Get list of the all group policy objects in the domain."

 

$AllGpo = Get-GPO -All | Sort-Object -Property 'DisplayName'

 

Write-Debug "Select group policies for permissions changing."

 

$ProcessGpo = foreach ($Gpo in $AllGpo)

{

Write-Debug "Process the group policy `"$($Gpo.DisplayName)`"."

 

Write-Debug "Get permission for the `"Authenticated Users`" group."

$AuthUsersPermission = $Gpo | Get-GPPermissions -TargetName 'Authenticated Users' -TargetType Group -ErrorAction SilentlyContinue

 

Write-Debug "Get permission for the `"Domain Computers`" group."

$DomainComputersPermission = $Gpo | Get-GPPermissions -TargetName 'Domain Computers' -TargetType Group -ErrorAction SilentlyContinue

 

if (-not ($AuthUsersPermission -or $DomainComputersPermission))

{

Write-Debug "No permissions found."

$Gpo

}

else

{

Write-Debug "Permissions found. Skip group policy."

}

}

 

if ($ProcessGpo)

{

Write-Debug "List of the selected group polices."

$ProcessGpo | Select-Object -ExpandProperty DisplayName | Write-Debug

 

Write-Debug "Change permissions for the selected group polices."

 

foreach ($Gpo in $ProcessGpo)

{

try

{

Write-Debug "Process the group policy `"$($Gpo.DisplayName)`"."

 

$Gpo

}

catch

{

$_ | Write-Error

}

}

}

else

{

Write-Debug "No group policy found."

}

 

Above Version which will only LIST / Report / Nur lesen

 

Below Version which will Change / Correct / Aenderung

Change version from Posting in Social adapted to German Active Directory with Domänencomputer

$DebugPreference = 'Continue'

 

Write-Debug "Get list of the all group policy objects in the domain."

 

$AllGpo = Get-GPO -All | Sort-Object -Property 'DisplayName'

 

Write-Debug "Select group policies for permissions changing."

 

$ProcessGpo = foreach ($Gpo in $AllGpo)

{

Write-Debug "Process the group policy `"$($Gpo.DisplayName)`"."

 

Write-Debug "Get permission for the `"Authenticated Users`" group."

$AuthUsersPermission = $Gpo | Get-GPPermissions -TargetName 'Authenticated Users' -TargetType Group -ErrorAction SilentlyContinue

 

Write-Debug "Get permission for the `"Domain Computers`" group."

$DomainComputersPermission = $Gpo | Get-GPPermissions -TargetName 'Domain Computers' -TargetType Group -ErrorAction SilentlyContinue

 

if (-not ($AuthUsersPermission -or $DomainComputersPermission))

{

Write-Debug "No permissions found."

$Gpo

}

else

{

Write-Debug "Permissions found. Skip group policy."

}

}

 

if ($ProcessGpo)

{

Write-Debug "List of the selected group polices."

$ProcessGpo | Select-Object -ExpandProperty DisplayName | Write-Debug

 

Write-Debug "Change permissions for the selected group polices."

 

foreach ($Gpo in $ProcessGpo)

{

try

{

Write-Debug "Process the group policy `"$($Gpo.DisplayName)`"."

 

Write-Debug "Add the `"Read`" permission for the `"Domänencomputer`" group."

Set-GPPermissions -Guid $Gpo.Id -PermissionLevel GpoRead -TargetName 'Domänencomputer' -TargetType Group -ErrorAction Stop | Out-Null

Write-Debug "Permissions changed successful."

 

$Gpo

}

catch

{

$_ | Write-Error

}

}

}

else

{

Write-Debug "No group policy found."

}

 

WSUS: Rollup like SP2 for W7 / Change in Patch Strategy Microsoft

  • Einige Kunden waren am "klönen" wegen den 1 of 200/230 Updates bei W7. Weder C'T Updater oder Offline Updater waren bis jetzt Lösungen. Auch direkt in WIM integrieren war keine saubere Lösung und nach 2-3 Jahren war Sackgasse wegen Fehler die keiner erklären konnte.
  • NEU sagt Microsoft dass man das ROLLUP MAY 2016 ins WIM offiziell integrieren kann und keine Fehler kommen sollen (Man rechnet damit, dass diese in 2-3 Jahren passieren UND dann eh alle auf W10 sind ;-)

 

 

  • Es kommen neu NICHT security relevanten Updates via WSUS auch fuer W7/2008R2
  • Es gibt ein MAY ROLLUP fuer 2008R2 (Dies ist ca. 6MB) und es gibt eine Art SP2 fuer Windows 7
  • Das erste ab jetzt im WSUS ist in ROLLUP fuer W7 UND Server 2008R2 (http://support.microsoft.com/kb/3156417)  May 2016 update rollup for 7 SP1 and Windows Server 2008 R2 SP1
  • ACHTUNG! Einige davon können NICHT deinstalliert werden (Wie Service Packs)

 

http://www.infoworld.com/article/3071689/microsoft-windows/new-windows-7-and-81-patches-usher-in-the-future-of-rollup-updating.html

https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-updates-for-windows-7-and-8-1/

 

 

 

 

 

 

SQL: Build Numbers and Express Limitations GB, Core, RAM > 2008R2-upwards

SQL: Build Numbers and Express Limitations GB, Core, RAM

http://sqlserverbuilds.blogspot.ch/

http://social.technet.microsoft.com/wiki/contents/articles/10790.sql-server-and-updates-builds-numbers.aspx

 

 

RTM (Gold, no SP)

SP1

SP2

SP3

SP4

 SQL Server 2016
     codename ?

RC0

    

 SQL Server 2014
     codename Hekaton SQL14

12.0.2000.8 12.00.2000.8

12.0.4100.1
or 12.1.4100.1

  

  

  

 SQL Server 2012
     codename Denali

11.0.2100.60 11.00.2100.60

11.0.3000.0
or 11.1.3000.0

11.0.5058.0
or 11.2.5058.0

11.0.6020.0
or 11.3.6020.0

  

 SQL Server 2008 R2
     codename Kilimanjaro

10.50.1600.1

10.50.2500.0
or 10.51.2500.0

10.50.4000.0
or 10.52.4000.0

10.50.6000.34
or 10.53.6000.34

  

 SQL Server 2008
     codename Katmai

10.0.1600.22 10.00.1600.22

10.0.2531.0 10.00.2531.0
or 10.1.2531.0

10.0.4000.0 10.00.4000.0
or 10.2.4000.0

10.0.5500.0 10.00.5500.0
or 10.3.5500.0

10.0.6000.29 10.00.6000.29
or 10.4.6000.29

 SQL Server 2005
     codename Yukon

9.0.1399.06 9.00.1399.06

9.0.2047 9.00.2047

9.0.3042 9.00.3042

9.0.4035 9.00.4035

9.0.5000 9.00.5000

 SQL Server 2000
     codename Shiloh

8.0.194 8.00.194

8.0.384 8.00.384

8.0.532 8.00.532

8.0.760 8.00.760

8.0.2039 8.00.2039

 SQL Server 7.0
     codename Sphinx

     

 

Limitation SQL Express Versionen:

Extract from:

http://social.technet.microsoft.com/wiki/contents/articles/10790.sql-server-and-updates-builds-numbers.aspx

 

SQL Server 2008 R2

 

Product name

Build number

Date

KB 

SQL Server 2008 R2 RTM

10.50.1600.1

  

  


For more information: The SQL Server 2008 R2 builds that were released after SQL Server 2008 R2 was released

SQL Server 2008 R2 Service Pack 1

 

Product name

Build number

Date

 KB

SQL Server 2008 R2 Service Pack 1

10.50.2500.0

07/11/2011

KB2528583

Cumulative update package 1 for SQL Server 2008 R2 Service Pack 1

10.50.2500.0

08/18/2011

KB2544793

Cumulative update package 2 for SQL Server 2008 R2 Service Pack 1

10.50.2769.0 

09/15/2011

KB2567714

Cumulative update package 3 for SQL Server 2008 R2 Service Pack 1

10.50.2772.0

10/17/2011

KB2591748 

Cumulative update package 4 for SQL Server 2008 R2 Service Pack 1

10.50.2789.0

12/19/2011

KB2633146

Cumulative update package 5 for SQL Server 2008 R2 Service Pack 1

10.50.2796.0

02/20/2012

KB2659694

Cumulative update package 6 for SQL Server 2008 R2 Service Pack 1

10.50.2806.0

04/16/2012

KB2679367


For more information: 

The SQL Server 2008 R2 builds that were released after SQL Server 2008 R2 Service Pack 1 was released

SQL Server 2008 R2 Service Pack 2

 

Product name

Build number

Date

KB 

 SQL Server® 2008 R2 Service Pack 2 Community Technology Preview

 10.50.3720.0

  

 KB2630455

  

  

  


For more information:

 The SQL Server 2008 R2 builds that were released after SQL Server 2008 R2 Service Pack 2 was released

SQL Server 2012

 

Product name

Build number

Date

KB 

SQL Server 2012 RTM

11.0.2100.60

  

  

Cumulative update package 1 for SQL Server 2012

11.0.2316.0

04/20/2012

KB2679368

Cumulative update package 2 for SQL Server 2012

11.0.2325.0

06/18/2012

KB2703275

Cumulative update package 3 for SQL Server 2012 

11.0.2332.0

08/31/2012 

 KB2723749

Cumulative update package 4 for SQL Server 2012 

11.0.2383.0

10/15/2012 

 KB2758687


For more information: 

The SQL Server 2012 builds that were released after SQL Server 2012 was released

SQL Server 2012 Service Pack 1

 

Product name

Build number

Date

KB 

SQL Server 2012 Service Pack 1

11.0.3000.00

08/11/2012

KB2674319  

    

 

Windows 10 corporate support, Mcafee VSE and WSUS status 05.08.2015

 

Windows 10, WSUS Integration

If you support Server 2012R2 and 8.1 then you have the Updates on the WSUS you will see the new Categorys straight away.

Windows 10, Mcafee VSE 8.8 with Patch 6 which should be released 26. August 2015

https://kc.mcafee.com/corporate/index?page=content&id=KB51111

https://community.mcafee.com/community/business/blog/2015/08/02/windows-10-support-updates

 

Product Version

Product
Build

Release Notes

Known Issues

Release Date

EOL Date

Comments

VSE 8.8 Patch 6 (under development)

TBD

TBD

TBD

Target July 30, 2015 for private release
Target Aug 26, 2015 for full release

n/a

Adds support for the Windows 10 platform.

NOTE: Patch 6 is currently available in managed release. To obtain the patch and participate in the managed release program, contact your Support Account Manager.

 

31.08.2015 And here comes Patch 6 and you already wait for release 7 (DLP 9.4 DOES Not work, Protection rules not visible)

 

McAfee VirusScan Enterprise (VSE) 8.8

Summary

This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional information becomes available. To read the Release Notes, see: PD26069

Release to World (RTW): August 26, 2015
 
Known Issues

IMPORTANT NOTES: 
  • Data Loss Prevention (DLP) customers: This release upgrades a common component used by DLP, which may cause the system to hang. Customers using DLP 9.4.0 are advised to delay installing VSE 8.8 Patch 6 until further notice. Development is in progress for updating the DLP 9.4 version to work with VSE 8.8 Patch 6. This updated release will be required prior to installing VSE 8.8 Patch 6. This article will be updated as more detail becomes available.

    To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.

     
  • VirusScan Enterprise for Storage (VSES) customers: VSE 8.8 patches 5 and 6 are not supported for use with VSES. Do not deploy VSE 8.8 Patch 5 or 6 to nodes running VSES. Instead, Intel Security recommends you deploy VSE 8.8 Patch 4 to nodes running VSES.

CRITICAL: There are currently no critical known issues.
Reference Number Related Article Issue Description
1090227 KB85551 Issue: VirusScan threat events do not parse to the ePO database with VirusScan Enterprise Reports Extension 1.2.0.263.
Workaround: Check in the Patch 5 Reporting Extension (1.2.0.250) until an updated extension becomes available.
Status: Intel Security is investigating this issue. See the related article for workaround steps.


Non-critical:

Reference Number Related Article Issue Description
966892 KB84913 Issue: Access Protection rules are not visible in the ePolicy Orchestrator console after checking in the Patch 5 or Patch 6 management extension.
Resolution: See the related article. This is tentatively planned to be resolved in VSE 8.8 Patch 7, which is not currently available.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
1074199 n/a Issue: Environments using Lotus Notes mail, with the Lotus Notes mail scanner feature enabled, encounter Access Protection violations after installing Patch 6.
Resolution: Add the Lotus Notes process (NLNOTES.EXE) to the Processes to Exclude list for the Access Protection rule that is being violated (for example, Common Standard Protection:Prevent modification of McAfee files and settings).
n/a n/a Issue: Detection count is inconsistent with detections displayed in the On-Demand Scan (ODS) progress window.
Resolution: The product is functioning as designed.

If you require a change to this functionality in a future version of the product, you can submit a Product Enhancement Request (PER) by logging in at: https://mcafee.acceptondemand.com/.

To register as a new user, click McAfee Customers Register Here at the top of the page. For additional information, see KB60021.
1065335 KB84084 Issue: Modification to the Artemis FQDN field for the Network Heuristic Check feature requires a reboot on the client before the change takes effect.
Resolution: Restart the McShield service or reboot the system.
1077854 n/a Issue: Outlook closes unexpectedly (crashes) when sending mail after installing VSE 8.8 Patch 6 on systems with DLP 9.4.0 (RTW).
Resolution: Upgrade to DLP 9.4 Patch 1 (expected Q4 2015 release date) or later.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged in to subscribe.
n/a = not available