Re: WSUS synch problem (updated)
Axel
"2009-07-09 15:22:49.450 UTC Warning w3wp.8 SoapUtilities.CreateException
ThrowException: actor = http://sigma:8530/ClientWebService/client.asmx,
ID=f8538bcc-1e9d-4691-bd84-948164d3e158, ErrorCode=InvalidCookie, Message=,
Client=? "
I deleted the cookies from the browser, added "Critcal Updates" to the
types (a.k.a. Classifications) and synched. This time I got many "A
dependency of the update was not found on the server and was not provided by
the upstream server." errors. I'll add the rset of the classifications and
see if that helps.
--
Axel Larson
..
"Axel" <axe...@mvpsdot.org> wrote in message
news:umYcV3LA...@TK2MSFTNGP03.phx.gbl...
>I keep getting the error shown in the attachment when trying to synch WSUS
>3 SP1 on SBS2003 with Microsoft.
>
> The error first appeared last Friday. I tried several remedies I found,
> most of them saying it was a database-related problem. I completely
> removed WSUS and the SQL Express database I was using. I reinstalled both
> and updated them via Microsoft Update.
>
> I can get WSUS to synch with a limited subset of products and update
> types. As soon as I add more of either, I get the error.
>
> I deleted the Windows\Software Distribution directory to no avail.
>
> Any clarification of the underying problem and a solution will certainly
> be appreciated.
>
> --
> Axel Larson
> ..
>
>
>
Axel
That got me back to the original error
"Synchronization Error Details
lOException: The decryption operation failed, see inner exception. --->
System.ComponentModel,Win32Exception: The message or signature supplied for
verification has been altered
at System.Net.Connect5tream.Read(Byte[] buffer, 1nt32 ofFset, 1nt32 size)
at Microsoft. Updateservices. ServerSync . ServerSyncCompressionProxy .
CetWebResponse(WebRequest webRequest)
at 5ystem.Web,5ervices.Protocols.SoapHttpClientProtocol.Invol(String
methodName, Qbject[J parameters)
at Microsoft.Updateservices.ServersyncWebservices.Serversync.ServersyncProxy
,GetUpdateData(Cookie cookie, Updateldentity[] updatelds)
at Microsoft
.Updateservices.Serversync,CatalogsyncAgentCore.WebservicecetupdateData(Updateldentity[J
updatelds, List' 1 allMetadata, List' 1 ailFileUrIs, Boolean isForconfig)
at
Microsoft.Updateservices.ServersyncCataloqsyncAqentCore.CetUpdateDatalnChunksAndlmport(List'
I neededUpdates, List' 1 allMetadata, List' 1 allFileUrls, Boolean
isConfigData)
at Microsoft.Update5ervices.Serversync.CatalogsyncAgentcore
,SyncconfigUpdatesFromU55()
at Microsoft. Updateservices . ServerSync . CatalogsyncAgentCore .
ExecutesyncProtocol(Boolean allowRedirect) ".
HELP! This is driving me crazy!
P.S. I converted the error picture to text via Paint, Microsoft Office
Document Imaging, and Word 2003. KEWL!
Lawrence Garvin [MVP]
news:umYcV3LA...@TK2MSFTNGP03.phx.gbl...
>I keep getting the error shown in the attachment when trying to synch WSUS
>3 SP1 on SBS2003 with Microsoft.
We need to start with some specifics about your environment.
Exactly what version of SBS2003 is installed?
(SBS2003 SP1 | SBS2003 R2 | SBS2003 SP2)
Did this machine at any time ever have the R2 Technologies version of
WSUS2SP1 installed?
Exactly how was WSUS3SP1 installed on this machine?
[a] Installed to SBS2003 SP1
[b] Installed to SBS2003 SP2
[c] Upgraded from SBS2003 R2 WSUS2SP1
> The error first appeared last Friday.
Presuming the error appeared sometime after WSUS was already installed and
running in the environment, the number one question, as always, is this:
What was changed last Friday???
> I tried several remedies I found,
Applying remedies before properly identifying the *cause*, rarely results in
a satisfactory solution, and almost always complicates the problem even more
than the original issue.
> I can get WSUS to synch with a limited subset of products and update
> types. As soon as I add more of either, I get the error.
This seems to be the most significant symptom identified. It would be useful
to know *which* products/classifications cause the error, and which
products/classifications synchronize successfully. This will require a fair
amount of trial-and-error, manually select/unselect and synchronize,
activity -- but the results may be useful.
In addition, of course, to the background about the specific version of SBS
and how WSUS came to be installed.
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Lawrence Garvin [MVP]
> By trial and error, I have
> managed to synchronize with all our current products specified and a most
> of
> the required classifications. Success of synchronization seems to depend
> more on what updates are encountered than what product or classification
> they belong to.
> I've attached the software distribution log showing (I believe) both a
> good
> synch and a failed synch.
>> 2009-07-10 00:00:45.374 UTC Error w3wp.7 WebService.ReportEventBatch
>> Exception occured in ReportEventBatch: Fault occurred at
>> Microsoft.UpdateServices.Internal.Reporting.WebService.
>> ReportEventBatch(Cookie cookie, DateTime clientTime, ReportingEvent[]
>> eventBatch)
This log shows a totally different error than your original post.
The current log shows errors attempting to report status back to the MU
servers.
The original post showed a decryption error, ostensibly due to a bad
certificate or corrupted download.
>> Synchronization Error Details lOException: The decryption operation
>> failed,
>> see inner exception. ---> System.ComponentModel,Win32Exception:
>> The message or signature supplied for verification has been altered
> Is this some kind of version mis-match between components?
I'm not aware of any such issues. Assuming you successfully cleaned all of
the R2 Technologies installation of WSUS out of your system, and this is a
clean install of WSUS3SP1 on SBS2003SP2, there should be no issues.
I am curious about your choice to use SQL Express, rather than the default
Windows Internal Database, but there's no known reason for that to be a
factor in this scenario either.
Axel
Lawrence,
It is very possible I did not get all the R2 bits removed. Can you point me
to instructions for manual removal?
I am getting more than one type of error. The decryption error still pops
up on occasion.
I use SQL Express because 1) I read that it was faster and my experience
seemed to bear that out (gut, not measured), 2) it is easier to manage (not
that I do that much with it), and 3) I'm running MySQL and SQL Express with
LOB applications already and did not want yet another database engine.
Thank you for your help.
--
Axel Larson (MVP for Win95, Win98, and WinNT4 1995-2001)
..
"Lawrence Garvin [MVP]" <lawr...@news.postalias> wrote in message
news:%23ZSfbMW...@TK2MSFTNGP03.phx.gbl...
Axel
http://blogs.technet.com/sus/archive/2008/11/05/how-to-manually-remove-all-of-wsus.aspx
to remove it before this reinstall.
--
Axel Larson
..
"Axel" <axe...@mvpsdot.org> wrote in message
news:uvCWZzXA...@TK2MSFTNGP02.phx.gbl...
Lawrence Garvin [MVP]
> Lawrence,
> It is very possible I did not get all the R2 bits removed. Can you point
> me to instructions for manual removal?
Unfortunately, Microsoft never wrote any official documentation for
upgrading R2 to WSUSv3; however, a white paper I wrote "way back when" does
address that specific scenario. You may find it of some use. It's still
available from the Microsoft Download Center at
http://download.microsoft.com/download/e/5/7/e578cebc-0533-4baa-bbef-f9e3f36e1976/wsus3_small_business_server_2003_networks.doc
> I am getting more than one type of error. The decryption error still pops
> up on occasion.
Hmmmm. I've never seen these issues before, so I really have no basis on
which to draw from. It's possible that mismatched objects between the R2
installation and the WSUS3SP1 installation might be contributing -- but
that's purely speculation -- truth is.. I got no other ideas at the moment.
> I use SQL Express because
> 1) I read that it was faster and my experience seemed to bear that out
> (gut, not measured),
Interesting. In fact, the Windows Internal Database engine does not contain
the database size or memory utilization limits that are imposed upon a SQL
Express installation. As relates to WSUS, the Windows Internal Database is
the better engine to use.
> 2) it is easier to manage (not that I do that much with it),
Granted, getting SSMSExpress connected to SQLExpress is a bit easier, but
it's quite possible to also connect to the Windows Internal Database with
SSMSExpress -- you need to use Named Pipes rather than TCP/IP.
To that point, though -- there's really no database maintenance required at
that level, and I've run my WSUS v3 systems for years without ever
connecting a management tool to the database.
> and 3) I'm running MySQL and SQL Express with LOB applications already and
> did not want yet another database engine.
This, actually, is a good reason. :)
Just be aware of the memory utilization limitations of SQL Express -- and
hope that running multiple databases on that engine does not encounter those
limitations. Also, the database size limitations (4GB) are of significant
interest when considering the WSUS database -- and then, as databases grow
in size, they need more cache space -- which is capped in SQLExpress -- and
the whole thing becomes a vicious circle.
It's possible you may find, at some point, that the expense of the third
database engine is less significant than the performance cost of maintaining
WSUS and other databases in the SQLExpress engine.
Lawrence Garvin [MVP]
>I should note that I followed the instructions at
>http://blogs.technet.com/sus/archive/2008/11/05/how-to-manually-remove-all-of-wsus.aspx
>to remove it before this reinstall.
Only downside is that blog post is specific to WSUS3SP1, and if we're
experiencing issues due to an incomplete (or defective) uninstall of the R2
WSUS2SP1 -- that blog post may not be of much help.
Axel
working. For the record, it is WSUS 3 on SBS2003 R2 SP2. It was running on a
SQL Express database. It began failing synchronization with decryption
errors. I tried many things to fix the problem and decided a reinstall
looked like the best bet. Several reinstall attempts met with limited
success and a multitude of errors that kept changing from one synch attempt
to the next.
Following what I consider to be good advice, I decided to start over by
installingWSUS using the default internal database.
I cleaned up the system to be sure both the internal database and wsus were
completely removed then reinstalled wsus 3.0 SP1.
The install ran fine and every thing ran smooth through the initial synch
and tailoring. Then I started the full synch and immediately got the
following error:
"IOException: The decryption operation failed, see inner exception. --->
System.ComponentModel.Win32Exception: The message or signature supplied for
verification has been altered
at System.Net.ConnectStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at
Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest
webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at
Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetRevisionIdList(Cookie
cookie, ServerSyncFilter filter)
at
Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetRevisionIdList(ServerSyncFilter
filter, Boolean isConfigData)
at
Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean
allowRedirect)".
I tried to attach the setup logs but they exceed some unknown (small) size
limitation. I can't see anything wrong and would like to
know why a plain vanilla install of a product just won't work.
Any positive suggestions, tips, or pointers will certainly be appreciated.
--
Axel Larson
..
"Lawrence Garvin [MVP]" <lawr...@news.postalias> wrote in message
news:eUlXSSbA...@TK2MSFTNGP03.phx.gbl...
Lawrence Garvin [MVP]
>I have spent many hours tring to fix a WSUS installation that suddenly quit
> working.
I cannot stress enough that things that "suddenly quit working" are *almost
always* traced to something that was changed by another human being. The
best hope for resolving these type of issues is to determine when and what
was changed.
> For the record, it is WSUS 3 on SBS2003 R2 SP2. It was running on a
> SQL Express database. It began failing synchronization with decryption
> errors. I tried many things to fix the problem and decided a reinstall
> looked like the best bet. Several reinstall attempts met with limited
> success and a multitude of errors that kept changing from one synch
> attempt
> to the next.
All of which provides very strong evidence that something external to the
WSUS environment is responsible for this issue.
> The install ran fine and every thing ran smooth through the initial synch
> and tailoring. Then I started the full synch and immediately got the
> following error:
> "IOException: The decryption operation failed, see inner exception. --->
> System.ComponentModel.Win32Exception: The message or signature supplied
> for
> verification has been altered
> I tried to attach the setup logs but they exceed some unknown (small) size
> limitation. I can't see anything wrong and would like to
> know why a plain vanilla install of a product just won't work.
In all likelihood there is nothing wrong with your installation, or your
WSUS Server.
The error message "...[t]he message or signature supplied ... HAS BEEN
ALTERED.." suggests to me that *something* is messing up your data
transfers.
Axel
seven days before the errors started. Now I'm concerned some malware has
entered the domain. I'm running a manual scan even though we run weekly full
scans and have real-tim file scanning in place. I'd like to scan with a
different a/v program but haven't found one that would scan a server without
licensing the product.
--
Axel Larson
..
"Lawrence Garvin [MVP]" <lawr...@news.postalias> wrote in message
news:OD3I0brA...@TK2MSFTNGP05.phx.gbl...
Lawrence Garvin [MVP]
>I just re-checked our records. No updates were made to the system in the
>seven days before the errors started.
You're thinking too narrow -- and we've already agreed it's not likely the
*system* -- since you've reinstalled it from scratch and the same errors
appear.
Check everything on the network - everything that traffic to/from the WSUS
Server and the Internet would pass through.
> Now I'm concerned some malware has entered the domain.
Certainly a possibility. A virus trying to attach itself to an update
package would cause these type of errors.
Axel
mess.
--
Axel Larson
..
"Lawrence Garvin [MVP]" <lawr...@news.postalias> wrote in message
news:eDbe3gsA...@TK2MSFTNGP05.phx.gbl...
Gurty
I'm getting the exact same
"The decryption operation failed, see inner exception. --->
System.ComponentModel.Win32Exception: The message or signature supplied
for verification has been altered"
error message, but only when the server is set the synchronize it's
updates from Microsoft. If I configure the server to sync with other
WSUS server it is fine, but when I point it back to Microsoft I get this
error.
Any ideas?
--
Gurty
------------------------------------------------------------------------
Gurty's Profile: http://forums.techarena.in/members/115540.htm
View this thread: http://forums.techarena.in/server-update-service/1210950.htm
Lawrence Garvin [MVP]
news:Gurty....@DoNotSpam.com...
>
> I'm getting the exact same
>
> "The decryption operation failed, see inner exception. --->
> System.ComponentModel.Win32Exception: The message or signature supplied
> for verification has been altered"
>
> error message, but only when the server is set the synchronize it's
> updates from Microsoft. If I configure the server to sync with other
> WSUS server it is fine, but when I point it back to Microsoft I get this
> error.
>
> Any ideas?
Yep. Based what you've *posted*, I'd say that something between the WSUS
Server and Microsoft.com is mucking with your data transfers. This assumes,
of course (and erroneously so), that the synchronization from your "other
WSUS server" actually tried to transfer a file. If no file was transferred,
this issue might not have been presented.
Perhaps you should start a *NEW* thread and give us ALL of the details of
your environment. Axel found his issue -- it was a rootkit. Have you checked
your machine for rootkits.
--
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
Axel
It was NOT a rootkit. I misread the results of the tool I used. An
intensive round of testing with other tools found no rootkit or any other
virus.
The fact that I am sometines able to get a partial sync (up to 11%) leads me
to think the failure may be data-dependent. How can I prove/disprove this
theory?
--
Axel Larson
..
"Lawrence Garvin [MVP]" <lawr...@news.postalias> wrote in message
news:uZQaBkuB...@TK2MSFTNGP03.phx.gbl...