Other day,I was looking at the client health dashboard which I published long ago https://gallery.technet.microsoft.com/SCCM-Configmgr-2012-SSRS-2863c240 . From the dashboard report ,noticed that couple of clients were having software update scan issues .
If client fail to perform success software update scan ,it is out of patching window and client will never send or receive any software updates that you deploy from SCCM. You always need to make sure your clients are performing the successful software update scan as per the schedule you configure in SCCM client agent settings. Software update troubleshooting guide http://eskonr.com/2015/04/sccm-2012-troubleshoot-client-software-update-issues/
So ,the report had couple of clients with software update scan failures with lasterrorcode –2147012894 which leads to me take a look at one client (XXXXXXX) and see what's happening on that.
If you want to see, how your clients are performing software update scan (without dashboard) ,run the below SQL query in management studio.
This query will help you to get list of client that have issues with software update scan (software update scan not success).
--SQL code list clients with software update scan failures
select distinct sys.name0 [Computer Name],os.caption0 [OS],convert(nvarchar(26),ws.lasthwscan,100) as [LastHWScan],convert(nvarchar(26),sys.Last_Logon_Timestamp0,100) [Last Loggedon time Stamp],
sys.user_name0 [Last User Name] ,uss.lasterrorcode,uss.lastscanpackagelocation from v_r_system sys
inner join v_gs_operating_system os on os.resourceid=sys.resourceid
inner join v_GS_WORKSTATION_STATUS ws on ws.resourceid=sys.resourceid
inner join v_updatescanstatus uss on uss.ResourceId=sys.ResourceID
order by uss.lasterrorcode
Login to the problem client (it can be workstation or server ) ,open WUAHandler.log located in C:\widows\ccm\logs ,notice the below error.
OnSearchComplete - Failed to end search job. Error = 0x80072ee2.
Scan failed with error = 0x80072ee2.
0x80072ee2—>The operation timed out
The above log (Error) do not give much information ,so this leads me to look at windowsupdate.log located in C:\windows folder
This log has several entries related to proxy request ,send and download file failed etc.
2016-09-01 12:45:14:216 820 ce0 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <10.133.48.48:8080> Bypass List used : <(null)> Auth Schemes used : <>
2016-09-01 12:45:14:216 820 ce0 Misc FATAL: SOAP/WinHttp - SendRequest: SendRequestUsingProxy failed. error 0x80072ee2
2016-09-01 12:45:14:216 820 ce0 PT + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
Problematic Client is healthy and able to send inventory and receive other deployments like applications etc but software update scan is failing all the time.
if you look at the above log snippet, it is failing to download the cab files from WSUS server . It looks like ,client has some issues downloading the content ,so how do I check what is causing the problem for content download ?
From Windowsupdate.log snippet, client is trying to access the URL http://SCCMServerName.domain:8530/ClientWebService/WusServerVersion.xml which is failed due to proxy settings.
From other working client, found the below URL succeeded but not on the problem client ,so I ran the below URL on non-working client and it surely have issues with proxy.
I ran the same URL on working client and got below results:
How do I fix the proxy issues on the problem client and get the rid of software update scan issues ?
There is a registry key on the client machine which you will have to change to get it working. What is the registry ?
Login to working client that is reporting to the same SCCM site( WSUS) ,open the registry and export for the below registry key:
Save it on desktop ,copy it to the problematic client and run it (double click on it ).
Once the registry key is imported ,Open services.msc from RUN command ,restart windows update service.
follow windowsupdate.log and WUAHandler.log
After few min ,I noticed that, scan still failed with error code ,but this time it is different : OnSearchComplete - Failed to end search job. Error = 0x80244010.
0x80244010.—> The number of round trips to the server exceeded the maximum limit.
After a while ,it will try (you don’t have to do any) again to sync and sync will get Successfully completed .
If the sync is not running ,initiate software update scan cycle and monitor WUAHandler.log
Now go back to your site server ,run the SQL query ,you will see problematic client will no longer appear.
For software update scan issues with error code:0x80072ee2
login to the working client ,export the registry key ,import into the problem client ,restart windows update service ,wait for a while ,monitor the logs.
I have a case wherein the security scan is failing on the clients, as in the clients are not getting scanned and when I checked the below logs :
WindowsUpdate.log, then I got this error " 2022/02/23 14:40:57.6965095 5104 26640 WebServices WS error: There was an error communicating with the endpoint at 'http://abc.LOCAL:8530/ClientWebService/client.asmx'.
WUA Handler :
OnSearchComplete - Failed to end search job. Error = 0x80240440.
Scan failed with error = 0x80240440.
I've tried the troubleshooting steps shared in this, but it didn't help. Can you suggest some alternate solution to the errror code ?
Based on the information that you have provided, it looks like the issue is more on the server-side rather than the client fix.
can you check if the WSUSpool in IIS is running on the site and also, did you check if the performance of the WSUS due to a large number of updates? You may have to try the cleanup task in the WSUS console, options if that helps.
Pingback: Software Update Troubleshooting – Finding the Problem Children | MrBoDean
Problematic machine and working machine have the same registry settings in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections. What else causes the problem
are you able to browse to WSUS URL as said in the blog post ? did you try importing the reg key from working machine to non-working machines ?
Try to initiate software updates scan and see what happens.
If the website you encountered error with is successfully launching on a client with issue, what can be the further steps to resolve error 80072ee2?
Did you restart SMS agent host service ,ran software update scan cycle ,wait for few min and then monitor the logs ? If you are able to browse to URL from client what i said in the log,am sure it works fine . try to initiate software update scan,monitor windowsupdate.log and wuahalnder.log for further results.
Sorry to dig this thread again live. Recently we configured a new WSUS Server by Shutting down our old Windows Server 2008 R2 WSUS server as we migrated our Primary Site to Windows Server 2016 and there were SDK compatibility issues. After new WSUS Configuration Scanning from all clients is very slow. It has now been 4days since the Complete Sync and WSUS DB upgrade completed yet~2.5K clients are still ending up with the same 0x80072EE2 error in WUAHandler.log.
SoftwareDistribution .log in the WSUS folder has the below error endlessly.
2017-12-09 17:13:59.500 UTC Warning w3wp.62 SoapUtilities.CreateException ThrowException: actor = http://wsus.contoso.com:8530/ClientWebService/client.asmx, ID=010ea6f1-8e2f-4ca4-a744-343d24041d43, ErrorCode=CookieExpired, Message=, Client=1a9f4eee-4985-462d-b455-8eb5bb0e281d
I guess the scanning completion for all clients is slow but how to overcome this error and ensure all clients receive the patches without issues.
Have same problem , tried the steps mentioned by you . the url works fine on both the computers ( problematic and non problematic). but still getting the failed software scan error.
can you also do telnet to wsus server if that works or not ? if this did not solve the issue then must review logs further.