Microsoft KB Archive/920659

= The Microsoft Windows Server Update Services (WSUS) SelfUpdate service does not send automatic updates =

Article ID: 920659

Article Last Modified on 10/20/2006

-

APPLIES TO


 * Microsoft Windows Update
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Tablet PC Edition

-



SYMPTOMS
When you try to use the Microsoft Windows Server Update Services (WSUS) SelfUpdate service to send automatic updates to client computers, the client computers do not receive the updates. Additionally, the client computers do not report to the WSUS server.

When this occurs, the WSUS Administration console logs the following error message:

Check your server configuration. One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running.

Non-running services: SelfUpdate

The event log may also include the following event: EVENT ID 506

Source: Windows Server Update

Description: The SelfUpdate Tree is not working. Clients may not be able to update to the latest WUA client software and communicate with the WSUS Server.



CAUSE
This problem may occur if one or more of the following conditions are true:
 * The permissions on the C:\Program Files\Update Service\SelfUpdate directory are missing or incorrectly configured, or the IUSR_ account has been removed from the Users group.
 * The SelfUpdate virtual directory is missing from the WSUS server.
 * The SelfUpdate virtual directory is not configured for the default site on port 80.
 * The SelfUpdate virtual directory does not have anonymous access permissions.
 * The default Web site is configured to use specified IP addresses and is missing an entry for 127.0.0.1.
 * The default Web site does not have anonymous access permissions.
 * The WSUS server also has Microsoft Windows Sharepoint Services installed. The WSUS resources have not been excluded from Sharepoint management.
 * The Selfupdate.msi installation was defective. Therefore, files are missing from the ~\Selfupdate subfolders.



RESOLUTION
To resolve this problem, you must have the following minimum permissions on the C:\Program Files\Update Service\SelfUpdate directory.

Note IUSR_ represents the host name of the server that is running IIS where WSUS is installed. If this account is a member of the Users group, you do not have to explicitly define these permissions.

To resolve a problem where the SelfUpdate virtual directory is missing or there is no SelfUpdate virtual directory listed under the Web site that is bound to port 80, run the Selfupdate.msi file that is located in the Program files\Update services\Setup folder.

To resolve issues where the SelfUpdate virtual directory does not have anonymous access permissions, open IIS Manager, expand the default Web site, right-click the SelfUpdate virtual directory, and then click Properties. On the Directory Security tab, click edit under Authentication and access control. Make sure that anonymous access is enabled.

Note This step should be performed for the default Web site as well. The SelfUpdate tree does not work if you have a Web site that is bound to a specific IP address in your IIS configuration. The workaround is either to set your IIS configuration to respond to &quot;All unassigned&quot; addresses or to add 127.0.0.1 to the list of IP addresses used for SelfUpdate. For information about how to configure WSUS to run on a computer that is also running Windows Sharepoint Services, see page 87 in the Microsoft Windows Server Update Services Operations Guide. This guide is located on the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=e26bcdb4-ef0b-4399-8a71-9b3b00c4f4cd&DisplayLang=en

Use Internet Information Services (IIS) Management console to verify that the server is set up with one of the following two configurations.

Configuration 1: WSUS is installed on the default Web site
Configure the default Web site by using the following settings:
 * SelfUpdate
 * Content
 * ClientWebService
 * SimpleAuthWebService
 * WSUSAdmin
 * ReportingWebService
 * DssAuthWebService
 * ServerSyncWebService

Configuration 2: WSUS is installed on a custom Web site
Configure the default Web site on port 80 by using the following settings:
 * SelfUpdate
 * ClientWebService

Configure WSUS Administration on port 8530 with the following settings:
 * SelfUpdate
 * Content
 * ClientWebService
 * SimpleAuthWebService
 * WSUSAdmin
 * ReportingWebService
 * DssAuthWebService
 * ServerSyncWebService

Regardless of the configuration that you select, you must also verify the following settings:
 * You must configure the SelfUpdate virtual directory under the default Web site or any other Web site to listen on Port 80.
 * The SelfUpdate virtual directory points to C:\Program Files\Update Service\SelfUpdate.
 * The WSUSAdmin virtual directory is the only virtual directory in IIS that should have security set to Integrated Windows Authentication. Set all other virtual directories security to Anonymous Access Enabled.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
When you use IIS, you can move the SelfUpdate directory to a different Web site. To do this, follow these steps:
 * 1) Click Start, click Run, type Control admintools, and then double-click Internet Information Services (IIS) Manager.
 * 2) Expand the Web Sites folder, and then click the WSUS Administration node.
 * 3) Right-click the SelfUpdate node, point to All Tasks, and then click Save Configuration to File.
 * 4) Type a name for the file and then save the file to another folder. You will use this file in Steps 9 through 12.
 * 5) Right-click the ClientWebService node, select All Tasks, and then click Save Configuration to File.
 * 6) Type a name for the file and save the file to the same folder that you used in step 4. You will use this file in steps 13 through 15.
 * 7) Select the default Web site or another Web site that is running on port 80.
 * 8) Right-click the Web site, point to New, and then click Virtual Directory (from file).
 * 9) Select the directory where you saved the SelfUpdate and the ClientWebService .xml files in steps 4 and 6.
 * 10) Select the SelfUpdate .xml file, and then click Open.
 * 11) Click Read File, click the SelfUpdate file that is now listed under Select a configuration to import, and then click OK.
 * 12) In the IIS Manager dialog box, type the name for a new virtual directory in the Alias box, and then click OK.
 * 13) Select the ClientWebService .xml file, and then click Open.
 * 14) Click Read File, click the SelfUpdate file that is now listed under Select a configuration to import, and then click OK.
 * 15) In the IIS Manager dialog box, type the name for a new virtual directory in the Alias box, and then click OK.
 * 16) If this is a new Web site, start the Web site from IIS Manager. If this is an existing Web site, restart the Web site from IIS Manager.

