WSUS: SelfUpdate Tree is not working

SYMPTOMS


You see the following error on WSUSAdmin Page;


Check your server configuration
=====================
One or more Update Service components could not be contacted. Check your server status and ensure that the Windows Server Update Service is running.

Non-running services: SelfUpdate


And, the following event is logged;


Event Type: Error
Event Source: Windows Server Update Services
Event Category: Update Services Service
Event ID: 506
User: N/A
Description:
The SelfUpdate Tree is not working. Clients may not be able to update to the latest WUA client software and communicate with the Windows Server Update Services (WSUS) Server.


THE FACT


·        The SelfUpdate tree MUST be installed into port 80 regardless of whether you are running WSUS on port  80 / 8530.


·        The SelfUpdate tree does not work if you have the website bound to a specific IP address in your IIS configuration.


PROCEDURE


Procedure to enable SelfUpdate tree;


1.      Open IIS Manager from Administrative Tools


2.      In the website running on port 80, create a virtual directory called ‘Selfupdate’.


3.      Point the physical path to ‘C:\Program Files\Update Services\Selfupdate’.


4.      Make sure you allow anonymous users to connect to it under the ‘Directory Security’ tab – Enable Anonymous Access.


5.      Change the security of the ‘Selfupdate’ virtual directory (right click, properties) and tick the ‘Directory Browsing’ check box.


RESOLUTION


The workaround is either to set your IIS Configuration to respond to “All unassigned” addresses or add 127.0.0.1 to the list of IP addresses used for Selfupdate.

27 thoughts on “WSUS: SelfUpdate Tree is not working

  1. great work. ever since i had installed exchange 2k3 sp2, this has been an issue. the ‘update services’ service would stop after only a minute or so. the cause is that exchange sp2 reset the permissions on the website on port 80 (OWA) so I had to reset the perms to get OWA working again. once I reset the perms on the selfupdate virtual folder, the service stays running now! woohoo!!
    thanks everyone

  2. Nice post, one of many that actually addresses the issue properly.

    I think it’s insane though that you have to have WSUS listening on port 80. I installed WSUS in its own site as I’ve locked down my default website. Now I have to have something listening on both my internal and external IP’s on port 80.

    I have had to only allow a certain range of IP’s to access the virtual directory.

  3. To check if it is working try:

    Restart UpdateService in services on wsus server (should also clear any previous error in webinterface)

    Then force synchronisation through webinterface on wsus server.

    If there is a problem it will show after the synchronisation.

  4. I have issue with the wsus server behind a firewallwhere only the port 8530 is permitted.

    I seen in the logs that it still try to access the WSUS Server sometime on port 80 , I suppose it’s for the self update .

    Do you know a workaround to have the selfupdate only on port 8530 ?

    Thanks in advance

  5. If you’re running SharePoint on port 80 on the same server then you’ll need to exclude the /SelfUpdate path from its control:

    stsadm -o addpath -url http://127.0.0.1/SelfUpdate -type exclusion

    (stsadm can be found in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN)

  6. How do you “add 127.0.0.1 to the list of IP addresses used for Selfupdate” ? Did everything else and still no luck.

  7. Worked for me but I had to adjust some permissions, assigned full control rights over root folder “C:\Program Files\Update Services\Selfupdate” to domain admin account, and used that account in the allow anonymous specified account.

Leave a Reply to name Cancel reply

Your email address will not be published. Required fields are marked *