Other day,I was looking at the client health dashboard which I published long ago https://gallery.technet.microsoft.com/SCCM-Configmgr-2012-SSRS-2863c240 . From the dashboard report ,noticed that couple of clients were having software update scan issues .
If client fail to perform success software update scan ,it is out of patching window and client will never send or receive any software updates that you deploy from SCCM. You always need to make sure your clients are performing the successful software update scan as per the schedule you configure in SCCM client agent settings. Software update troubleshooting guide http://eskonr.com/2015/04/sccm-2012-troubleshoot-client-software-update-issues/
So ,the report had couple of clients with software update scan failures with lasterrorcode –2147012894 which leads to me take a look at one client (XXXXXXX) and see what's happening on that.
If you want to see, how your clients are performing software update scan (without dashboard) ,run the below SQL query in management studio.
This query will help you to get list of client that have issues with software update scan (software update scan not success).
--SQL code list clients with software update scan failures
select distinct sys.name0 [Computer Name],os.caption0 [OS],convert(nvarchar(26),ws.lasthwscan,100) as [LastHWScan],convert(nvarchar(26),sys.Last_Logon_Timestamp0,100) [Last Loggedon time Stamp],
sys.user_name0 [Last User Name] ,uss.lasterrorcode,uss.lastscanpackagelocation from v_r_system sys
inner join v_gs_operating_system os on os.resourceid=sys.resourceid
inner join v_GS_WORKSTATION_STATUS ws on ws.resourceid=sys.resourceid
inner join v_updatescanstatus uss on uss.ResourceId=sys.ResourceID
order by uss.lasterrorcode
Login to the problem client (it can be workstation or server ) ,open WUAHandler.log located in C:\widows\ccm\logs ,notice the below error.
OnSearchComplete - Failed to end search job. Error = 0x80072ee2.
Scan failed with error = 0x80072ee2.
0x80072ee2—>The operation timed out
The above log (Error) do not give much information ,so this leads me to look at windowsupdate.log located in C:\windows folder
This log has several entries related to proxy request ,send and download file failed etc.
2016-09-01 12:45:14:216 820 ce0 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <10.133.48.48:8080> Bypass List used : <(null)> Auth Schemes used : <>
2016-09-01 12:45:14:216 820 ce0 Misc FATAL: SOAP/WinHttp - SendRequest: SendRequestUsingProxy failed. error 0x80072ee2
2016-09-01 12:45:14:216 820 ce0 PT + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
Problematic Client is healthy and able to send inventory and receive other deployments like applications etc but software update scan is failing all the time.
if you look at the above log snippet, it is failing to download the cab files from WSUS server . It looks like ,client has some issues downloading the content ,so how do I check what is causing the problem for content download ?
From Windowsupdate.log snippet, client is trying to access the URL http://SCCMServerName.domain:8530/ClientWebService/WusServerVersion.xml which is failed due to proxy settings.
From other working client, found the below URL succeeded but not on the problem client ,so I ran the below URL on non-working client and it surely have issues with proxy.
I ran the same URL on working client and got below results:
How do I fix the proxy issues on the problem client and get the rid of software update scan issues ?
There is a registry key on the client machine which you will have to change to get it working. What is the registry ?
Login to working client that is reporting to the same SCCM site( WSUS) ,open the registry and export for the below registry key:
Save it on desktop ,copy it to the problematic client and run it (double click on it ).
Once the registry key is imported ,Open services.msc from RUN command ,restart windows update service.
follow windowsupdate.log and WUAHandler.log
After few min ,I noticed that, scan still failed with error code ,but this time it is different : OnSearchComplete - Failed to end search job. Error = 0x80244010.
0x80244010.—> The number of round trips to the server exceeded the maximum limit.
After a while ,it will try (you don’t have to do any) again to sync and sync will get Successfully completed .
If the sync is not running ,initiate software update scan cycle and monitor WUAHandler.log
Now go back to your site server ,run the SQL query ,you will see problematic client will no longer appear.
For software update scan issues with error code:0x80072ee2
login to the working client ,export the registry key ,import into the problem client ,restart windows update service ,wait for a while ,monitor the logs.