By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Windows update not connecting with WSUS server from another account

0

Hi, So i have a scenario, i have two AWS accounts UAT and PROD, UAT account has internet enabled VPC and PROD account does not have any internet enabled VPC nor we can create any internet enabled VPC. Also we have AWS managed directory in PROD account

we have to update windows instance from PROD aws account with WSUS server.

So we have created WSUS server in UAT account with internet access and have joined this instance to Managed Directory which is available in PROD account. we are able to join this instance to domain so we have assumed that the connectivity is there between PROD and UAT account.

So when we are trying to check for update on PROD windows instance we are getting an error as

We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet.

After checking windows update logs we found some Failed Rows please find the windows update log below:


2024/03/08 05:25:22.0033960 2092 1612 Shared InitializeSus 2024/03/08 05:25:22.0039467 2092 1612 IdleTimer Non-AoAc machine. Aoac operations will be ignored. 2024/03/08 05:25:22.0040895 2092 1612 Agent WU client version 10.0.20348.1906 2024/03/08 05:25:22.0044153 2092 1612 Agent SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled. 2024/03/08 05:25:22.0045219 2092 1612 Agent Base directory: C:\Windows\SoftwareDistribution 2024/03/08 05:25:22.0054094 2092 1612 Agent Datastore directory: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb 2024/03/08 05:25:22.0072766 2092 1612 DataStore JetEnableMultiInstance succeeded - applicable param count: 5, applied param count: 5 2024/03/08 05:25:22.1091911 2092 1612 Shared UpdateNetworkState Ipv6, cNetworkInterfaces = 0. 2024/03/08 05:25:22.1094320 2092 1612 Shared UpdateNetworkState Ipv4, cNetworkInterfaces = 1. 2024/03/08 05:25:22.1124119 2092 1612 Shared Network state: Connected 2024/03/08 05:25:22.3236439 2092 1612 DownloadManager Deleted install directory C:\Windows\SoftwareDistribution\Download\Install 2024/03/08 05:25:22.3278728 2092 1612 DownloadManager DownloadJobManager init 2024/03/08 05:25:22.3325549 2092 1612 Shared UpdateNetworkState Ipv6, cNetworkInterfaces = 0. 2024/03/08 05:25:22.3325665 2092 1612 Shared UpdateNetworkState Ipv4, cNetworkInterfaces = 1. 2024/03/08 05:25:22.3326038 2092 1612 Shared Power status changed 2024/03/08 05:25:22.3431164 2092 1612 Agent Initializing global settings cache 2024/03/08 05:25:22.3431316 2092 1612 Agent WSUS server: http://wsusProd.ldap.sas.viya.gov.sg:8530/ 2024/03/08 05:25:22.3431338 2092 1612 Agent WSUS status server: http://wsusProd.ldap.sas.viya.gov.sg:8530/ 2024/03/08 05:25:22.3431354 2092 1612 Agent Alternate Download Server: (null) 2024/03/08 05:25:22.3431373 2092 1612 Agent Fill Empty Content Urls: No 2024/03/08 05:25:22.3431387 2092 1612 Agent Target group: (Unassigned Computers) 2024/03/08 05:25:22.3431402 2092 1612 Agent Windows Update access disabled: No 2024/03/08 05:25:22.3431423 2092 1612 Agent Do not connect to Windows Update Internet locations: No 2024/03/08 05:25:22.3453417 2092 1612 Agent Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2024-03-08 10:41:49, not idle-only, not network-only 2024/03/08 05:25:22.3530753 2092 1612 Agent Initializing Windows Update Agent 2024/03/08 05:25:22.3535158 2092 1612 DownloadManager Download manager restoring 0 downloads 2024/03/08 05:25:22.3535814 2092 1612 Agent CPersistentTimeoutScheduler | GetTimer, returned hr = 0x00000000 2024/03/08 05:25:22.3541451 2092 1612 IdleTimer IdleTimer::NetworkStateChanged. Network connected? Yes 2024/03/08 05:25:22.3580979 2092 6040 DownloadManager Received power state change notification: Old: <unknown>; New: AC. 2024/03/08 05:25:22.3581006 2092 6040 DownloadManager Power state changed from <unknown> to AC. 2024/03/08 05:27:48.5219956 6368 5776 ComApi UnregisterServiceWithAU for ServiceId = {7971f918-a847-4430-9279-4a52d1efe18d} 2024/03/08 05:27:48.5254778 2092 4464 Agent *FAILED* [80248014] GetServiceObject couldn't find service '7971F918-A847-4430-9279-4A52D1EFE18D'. 2024/03/08 05:27:48.5254832 2092 4464 Agent *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1980] 2024/03/08 05:27:48.5255438 2092 4464 Agent *FAILED* [80248014] Method failed [CAgentServiceManager::ChangeAURegistrationHelper:1099] 2024/03/08 05:27:48.5257196 2092 4464 Agent *FAILED* [80248014] file = onecore\enduser\windowsupdate\client\engine\agent\clientcallrecorder.cpp, line = 4094 2024/03/08 05:27:48.5259647 6368 5776 ComApi *FAILED* [80248014] ISusInternal:: ChangeAURegistration 2024/03/08 05:27:48.5259781 6368 5776 ComApi *FAILED* [80248014] file = onecore\enduser\windowsupdate\client\comapi\updateservicemanager.cpp, line = 215 2024/03/08 05:27:48.5847173 6368 5776 ComApi * START * Federated Search ClientId = MoUpdateOrchestrator (cV: w7x356gfUUOfODqC.0.1.0) 2024/03/08 05:27:48.5891432 2092 2960 IdleTimer WU operation (SR.MoUpdateOrchestrator ID 1) started; operation # 6; does use network; is not at background priority 2024/03/08 05:27:48.5987029 2092 2340 Agent Processing auto/pending service registrations and recovery (cV: w7x356gfUUOfODqC.0.1.0.0.0) 2024/03/08 05:27:48.7527696 2092 2340 SLS Get response for service 9482F4B4-E343-43B6-B170-9A65BC822C77 - forceExpire[False] asyncRefreshOnExpiry[False] 2024/03/08 05:27:48.7527772 2092 2340 SLS path used for cache lookup: /SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.20348.1970/0?CH=525&L=en-US&P=&PT=0x8&WUA=10.0.20348.1906&MK=Amazon+EC2&MD=t3a.medium 2024/03/08 05:27:48.7529453 2092 2340 SLS Retrieving SLS response from server... 2024/03/08 05:27:48.7557631 2092 2340 SLS Making request with URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.20348.1970/0?CH=525&L=en-US&P=&PT=0x8&WUA=10.0.20348.1906&MK=Amazon+EC2&MD=t3a.medium and send SLS events. 2024/03/08 05:28:09.8283521 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:28:09.8283756 2092 2340 Misc *FAILED* [80072EE2] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy) 2024/03/08 05:28:30.8853147 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:28:30.8853273 2092 2340 Misc *FAILED* [80072EE2] Library download error. Will retry. Retry Counter:0 2024/03/08 05:28:51.9076275 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:28:51.9076371 2092 2340 Misc *FAILED* [80072EE2] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy) 2024/03/08 05:29:12.9467155 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:29:12.9467285 2092 2340 Misc *FAILED* [80072EE2] Library download error. Will retry. Retry Counter:1 2024/03/08 05:29:33.9900700 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:29:33.9900779 2092 2340 Misc *FAILED* [80072EE2] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy) 2024/03/08 05:29:55.0221005 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:29:55.0221135 2092 2340 Misc *FAILED* [80072EE2] Library download error. Will retry. Retry Counter:2 2024/03/08 05:30:16.0804812 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:30:16.0806237 2092 2340 Misc *FAILED* [80072EE2] WinHttp: SendRequestToServerForFileInformation (retrying with default proxy) 2024/03/08 05:30:37.1307635 2092 2340 Misc *FAILED* [80072EE2] Send request 2024/03/08 05:30:37.1307763 2092 2340 SLS Complete the request URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.20348.1970/0?CH=525&L=en-US&P=&PT=0x8&WUA=10.0.20348.1906&MK=Amazon+EC2&MD=t3a.medium with [80072EE2] and http status code[0] and send SLS events. 2024/03/08 05:30:37.1308058 2092 2340 SLS *FAILED* [80072EE2] GetDownloadedOnWeakSSLCert 2024/03/08 05:30:37.1309163 2092 2340 SLS *FAILED* [80072EE2] Method failed [CSLSClient::GetResponse:625] 2024/03/08 05:30:37.1309439 2092 2340 Misc *FAILED* [80072EE2] Method failed [CSLSEndpointProvider::GetWUClientData:2275] 2024/03/08 05:30:37.1309551 2092 2340 Misc *FAILED* [80072EE2] EP: get client data 2024/03/08 05:30:37.1309602 2092 2340 Misc *FAILED* [80072EE2] Method failed [CSLSEndpointProvider::GetSecondaryServicesEnabledState:1689] 2024/03/08 05:30:37.1309646 2092 2340 Agent *FAILED* [80072EE2] Method failed [CAgentServiceManager::DetectAndToggleServiceState:2910] 2024/03/08 05:30:37.1309707 2092 2340 Agent *FAILED* [80072EE2] Failed to resolve federated serviceId 00000000-0000-0000-0000-000000000000 2024/03/08 05:30:37.1309839 2092 2340 Agent *FAILED* [80072EE2] Failed to execute service registration call {99D32619-7EEF-400C-AF71-51083A05589D} (cV: w7x356gfUUOfODqC.0.1.0.1) 2024/03/08 05:30:37.1310206 2092 2340 IdleTimer WU operation (SR.MoUpdateOrchestrator ID 1, operation # 6) stopped; does use network; is not at background priority

We are not aware why it is failing and what connectivity it is looking for, we have checked the client connectivity by nslookup from client machine, it is giving us the ouput. also in registry we have wsus server entry.

Please note we are using local group policy to ask to check for update from wsus server

Topics
Networking & Content DeliveryAWS Well-Architected FrameworkCompute
Tags
Networking & Content DeliverySecurityWindows
Language
English
Shriram
asked 2 months ago656 views
1 Answer
0

You assume connectvity is there between UAT and PROD

  1. How are the 2 VPCs connected? Are you using VPC Peering or TGW?
  2. Are your ACLs allowing traffic?
  3. Do your security groups allow traffic?
  4. From the server in PROD, can you resolve wsusProd.ldap.sas.viya.gov.sg hostname? Is the IP correct?

You should also ENABLE Do not connect to any Windows Update Internet locations as in your logs it tried to reach the internet still

Specifies that Windows no longer connects to public update services such as Windows Update or the Microsoft Store. This setting causes most functionality of the Microsoft Store app to stop working.
Users who search for updates by using the Settings app or Control Panel will only see updates from the intranet update service. They won't be presented with the Check online for updates from Windows Update option.

Programs that use the Windows Update Agent APIs are unable to search for updates against any service other than the intranet update service.
profile picture
EXPERT
Gary Mclean
answered 2 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 2 months ago
  • Shriram
    2 months ago

    Hi, So vpc are connect with tgw And prod instance is resolving the dns checked with nslookup and it gives ip of wsus server

  • Gary Mclean EXPERT
    2 months ago

    ok.. I added a bit about an extra setting in my answer. Can you connect to the SUS Server via a Web Browser in PROD? Need to check your Security Groups and ACLS

  • Shriram
    2 months ago

    so, when i search for wsus server on browser i am getting blank screen in reply but no error, also when i enable do not connect to any windows internet.. getting below error

    There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x8024500c)

    also allowed all traffic from wsus VPC in sg and NACL

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content