Monday, January 12, 2015

WSUS for SCCM won't sync

Sometimes the most basic fix can get you over a hurdle so you can spend time fixing it instead of fighting a contanst fire:

Symptoms:

Manual Sync of WSUS from the "Update Repository" node works but the automated sync fails like such

Wsyncmgr.log:
Sync failed: The operation has timed out. Source: Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates
Sync failed. Will retry in 60 minutes

Quick Resolution:
You could manually sync the server on the schedule but that doesn't solve the problem

But why doesn't it work for the automated approach?  You may see in the console that it starts to download but never finisheds.  This could be a problem withe the SQL ram or the Server ram available.  Does it sync for the first few times after your restart your machine.  It could be the load on your site server has changed recently.

I pulled part of the script from Microsft Technet and others from my internal script base.  I then used the server Scheduled Task to kick this off for me until I could find a solid solution.


Another way would be to somehow force a script to run the manual sync for you:

Change the following names:
SITE_SERVER_NAME -> servername
SITE_CODE -> ABC


-----------------------WSYSNC.VBS-------------------------
Set swbemLocator = CreateObject("WbemScripting.SWbemLocator")
swbemLocator.Security_.AuthenticationLevel = 6 'Packet Privacy
Set swbemServices= swbemLocator.ConnectServer("SITE_SERVER_NAME", "root\sms\site_SITE_CODE")

Set context = CreateObject("WbemScripting.SWbemNamedValueSet")
'context.Add "LocaleID", "MS\1033"
'context.Add "MachineName", "SITE_SERVER_NAME "
Context.Add "SessionHandle", swbemServices.ExecMethod("SMS_SiteControlFile", "GetSessionHandle").SessionHandle
                                        

SynchronizeSoftwareUpdatePoint swbemServices,context,"SITE_CODE"

Sub SynchronizeSoftwareUpdatePoint(swbemServices,swbemContext,siteCode)
    ' Load site control file and get the SMS_WSUS_SYNC_MANAGER component section.
    swbemServices.ExecMethod "SMS_SiteControlFile.Filetype=1,Sitecode=""" & siteCode & """", "Refresh", , , swbemContext
       
    ' Calculate the current timestamp (number of seconds from 1/1/1970 to current time UTC).
    calculatedUTCOffsetinSeconds = (8 * 60 * 60)
    currentTimestamp = datediff("s", "1/1/1970 12:00:00 AM", now()) + calculatedUTCOffsetinSeconds
    currentTimestamp=currentTimestamp-7198
   
    Query = "SELECT * FROM SMS_SCI_Component " & _
            "WHERE ComponentName = 'SMS_WSUS_SYNC_MANAGER' " & _
            "AND SiteCode = '" & siteCode & "'"
   
    Set SCIComponentSet = swbemServices.ExecQuery(Query, ,wbemFlagForwardOnly Or wbemFlagReturnImmediately, swbemContext)
                      
    ' Only one instance is returned from the query.
    For Each SCIComponent In SCIComponentSet
        ' Loop through the array of embedded SMS_EmbeddedProperty instances.
        For Each vProperty In SCIComponent.Props        
                           
            ' Setting: Sync Now
            If vProperty.PropertyName = "Sync Now" Then
               
                ' Modify the value.
                vProperty.Value = currentTimestamp
      
            End If
              
        Next  
             ' Update the component in your copy of the site control file. Get the path
             ' to the updated object, which could be used later to retrieve the instance.
             Set SCICompPath = SCIComponent.Put_(wbemChangeFlagUpdateOnly, swbemContext)
    Next
                         
    ' Commit the change to the actual site control file.
    Set InParams = swbemServices.Get("SMS_SiteControlFile").Methods_("CommitSCF").InParameters.SpawnInstance_
    InParams.SiteCode = siteCode
    swbemServices.ExecMethod "SMS_SiteControlFile", "CommitSCF", InParams, , swbemContext
     
    ' Release copy of the site control file.
    swbemServices.Get("SMS_SiteControlFile").ReleaseSessionHandle swbemContext.Item("SessionHandle").Value
End Sub
----------------------
Why did I subtract time?
currentTimestamp=currentTimestamp-7198

The time is instant but I found sometimes there was a lag before it could read, so by subtracting time it makes it a future event.

Tuesday, December 30, 2014

Package missing from DP causing Task Sequence Failure

As you can see below a machine fails to run the Task Sequence.  Normally you should see the error like "ABC00001" was not found.  Here we have only the ID's of the Application.
 
Using the query below we are able to find the offending application.
/*** Script for SelectTopNRows command from SSMS  ******/
SELECT TOP 1000 [CI_ID]
      ,[PkgID]
      ,[CI_UniqueID]
      ,[SecuredTypeID]
      ,[ModelName]
  FROM [CM_CM0].[dbo].[vSMS_CIContentPackage]
  where CI_UniqueID like '%2caa%' 






CI_UniqueID



PkgIDCI_ID
138181



ABC0018DScopeId_EA3D3752-B4D4-453F-B3F3-03C70EAD781A/Application_2caa0766-569b-48c0-91b8-79bb3a22c0d7/1

Find the Application and ensure it is distributed to the DP/Secondary.

Saturday, December 27, 2014

CDTSJob::HandleErrors: DTS Job '{GUID}' BITS Job '{GUID}' under user 'S-1-5-18' OldErrorCount 01 NewErrorCount 02 ErrorCode 0x801901F4

When testing out your distribution of files make sure you have a stable client and depending on your settings make sure your PKI certs are correct.  Are you using the Cert option when installing the client for HTTPS mode?  If so then the client will require a proper certificate.  Many times I see clients that have multiple certificates with Client Authentication enabled on the cert.  For this reason you might want to install the client with a specifiic Subject ID.  Also make sure the client certificate you are using is well formed.

When reviewing your logs you will see the the job is not able to pull down and the Server is showing errors.  Yet when you look at the IIS logs it shows that everything is working correctly.  This points to a local client issue. 

DataTransferService.log
CDTSJob::HandleErrors: DTS Job ID='{1CA46B86-16B6-4246-83CC-FEF3C8B2AAFD}' URL='http://DP.foo.com:81/SMS_MP' ProtType=1

CDTSJob::HandleErrors: DTS Job '{1CA46B86-16B6-4246-83CC-FEF3C8B2AAFD}' BITS Job '{19DA1164-3EDC-4B02-B8FA-5F82DE4BC240}' under user 'S-1-5-18' OldErrorCount 73 NewErrorCount 74 ErrorCode 0x801901F4

DTS job {0286E76F-90EA-4882-A0A2-0EAB93C82E14} BITS job {35BA3E86-6BFA-488A-83A6-AB756BE53500} failed to download source file http://DP.foo.com:81/SMS_MP/.sms_dcm?Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/MANIFEST&Hash=F14C08616AB4A7D5EFBB12C5B633CD5EEBD7C9ADDD79E9EF3487826962A8B3A5&Compression=zlib to destination D:\Program Files\SMS_CCM\CIDownloader\Staging\{944B51A2-C4ED-4194-8EE8-F66A005CCCA7}_1.zip with error 0x801901F4

DTSJob {92E53D9A-7924-42B8-AED6-755CEE4673E8} in state 'Error'.

CDTSJob::JobError: DTS Job ID='{0286E76F-90EA-4882-A0A2-0EAB93C82E14}' BITS Job ID='{35BA3E86-6BFA-488A-83A6-AB756BE53500}' ErrorCode=0x801901F4

Resuming DTS job '{0286E76F-90EA-4882-A0A2-0EAB93C82E14}' as BITS job '{35BA3E86-6BFA-488A-83A6-AB756BE53500}' went to error state earlier.

ProcessDTSManifest failed. (0x80070057)

IIS logs:
2013-12-16 21:48:41 163.188.195.3 HEAD /SMS_MP/.sms_dcm Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/PROPERTIES&Hash=7B1B04C6D389406C4B15D924304CCDA581B9E0643E38224D24CE14BE327C511D&Compression=zlib 3480 - 10.10.15.3 Microsoft+BITS/7.7 - 200 0 0 15

Testing with BitsAdmin
C:\Windows\system32>bitsadmin /info {19DA1164-3EDC-4B02-B8FA-5F82DE4BC240} /verb
osE
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions
 of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cm
dlets.
GUID: {19DA1164-3EDC-4B02-B8FA-5F82DE4BC240} DISPLAY: 'CCMDTS Job'
TYPE: DOWNLOAD STATE: TRANSIENT_ERROR OWNER: NT AUTHORITY\SYSTEM
PRIORITY: NORMAL FILES: 0 / 2 BYTES: 0 / UNKNOWN
CREATION TIME: 12/16/2013 2:34:50 PM MODIFICATION TIME: 12/16/2013 3:41:45 PM
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: REGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 60 NO PROGRESS TIMEOUT: 28800 ERROR COUNT: 68
PROXY USAGE: NO_PROXY PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE:    http://DP.foo.com:81/SMS_MP/.sms_dcm?Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/PROPERTIES&Hash=7B1B04C6D389406C4B15D924304CCDA581B9E0643E38224D24CE14BE327C511D&Compression=zlib -> D:\Program Files\SMS_CCM\CIDownloader\Staging\{DB2577BC-B521-45F3-B11B-FAF6547424B0}_2.zip
ERROR CODE:    0x801901f4 - HTTP status 500: An unexpected condition prevented the server from fulfilling the request.
ERROR CONTEXT: 0x00000005 - The error occurred while the remote file was being processed.
DESCRIPTION:
JOB FILES:
        0 / UNKNOWN WORKING http://DP.foo.com:81/SMS_MP/.sms_dcm?
Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/PROPERTIES&Hash=7B1B04C6D3894
06C4B15D924304CCDA581B9E0643E38224D24CE14BE327C511D&Compression=zlib -> D:\Progr
am Files\SMS_CCM\CIDownloader\Staging\{DB2577BC-B521-45F3-B11B-FAF6547424B0}_2.z
ip
        0 / UNKNOWN WORKING http://DP.foo.com:81/SMS_MP/.sms_dcm?
Id&DocumentId=e5ebd347-1856-40ad-91c0-099cdf211de9/MANIFEST&Hash=F14C08616AB4A7D
5EFBB12C5B633CD5EEBD7C9ADDD79E9EF3487826962A8B3A5&Compression=zlib -> D:\Program
 Files\SMS_CCM\CIDownloader\Staging\{DB2577BC-B521-45F3-B11B-FAF6547424B0}_1.zip
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: SYSTEM
owner elevated ?           true
This job is read-only to the current CMD window because the job's mandatory
integrity level of SYSTEM is higher than the window's level of HIGH.
Peercaching flags
         Enable download from peers      :true
         Enable serving to peers         :true
CUSTOM HEADERS: NULL

Resolution:

I tried many different solutions.  But I ended up deleting the duplicate computer certificate that had Computer Authentication and renewing the current one with a new key...
Then the client started to work correctly.