Endpoint Protection Small Business Edition

Hi,

I have an issue regarding my WSUS updates. The windows WSUS client has stoped downlaoding upates from the server (error log below). I've done some research on this issue and it seems to be a pretty common problem. I've also tried to relove the issue with no luck. Here is what has been done:

1) Disabled the Firewall (windows and hardware)
2) Disabled Symantec Endpoint Protection (by right clicking on the icon in the icon try and choosing disable)
3) Played with the Automatic Update Service and the BITS service (restarted, set to Automatic)
4) Did forced updates
5) Looked at http://support.microsoft.com/kb/836941/en-us


Windows Update Log:


2009-05-26 14:45:18:171 964 84c AU #############
2009-05-26 14:45:18:171 964 84c AU ## START ## AU: Search for updates
2009-05-26 14:45:18:171 964 84c AU #########
2009-05-26 14:45:18:171 964 84c AU <<## SUBMITTED ## AU: Search for updates [CallId = {EB98658E-5B26-4311-8C5D-6E6009C171EC}]
2009-05-26 14:45:18:171 964 7a4 Agent *************
2009-05-26 14:45:18:171 964 7a4 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-05-26 14:45:18:171 964 7a4 Agent *********
2009-05-26 14:45:18:171 964 7a4 Agent * Online = Yes; Ignore download priority = No
2009-05-26 14:45:18:171 964 7a4 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1"
2009-05-26 14:45:18:171 964 7a4 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
2009-05-26 14:45:18:171 964 7a4 Agent * Search Scope = {Machine}
2009-05-26 14:45:18:171 964 7a4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2009-05-26 14:45:18:171 964 7a4 Misc Microsoft signed: Yes
2009-05-26 14:45:20:437 964 7a4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab:
2009-05-26 14:45:20:437 964 7a4 Misc Microsoft signed: Yes
2009-05-26 14:45:20:437 964 7a4 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2009-05-26 14:45:20:453 964 7a4 Misc Microsoft signed: Yes
2009-05-26 14:45:20:453 964 7a4 Setup *********** Setup: Checking whether self-update is required ***********
2009-05-26 14:45:20:453 964 7a4 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.2.6001.788, required version = 7.1.6001.65
2009-05-26 14:45:20:453 964 7a4 Setup * IsUpdateRequired = No
2009-05-26 14:45:22:484 964 7a4 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2009-05-26 14:45:22:484 964 7a4 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://41.203.xx.xxx/ClientWebService/client.asmx
2009-05-26 14:45:22:546 964 7a4 PT WARNING: Cached cookie has expired or new PID is available
2009-05-26 14:45:22:546 964 7a4 PT Initializing simple targeting cookie, clientId = 3eed87c2-b6ba-4c9e-b43b-df68a2796e5a, target group = Company, DNS name = wwwremoved
2009-05-26 14:45:22:546 964 7a4 PT Server URL = http://41.203.XX.XXX/SimpleAuthWebService/SimpleAuth.asmx
2009-05-26 14:46:23:062 964 7a4 Misc WARNING: Send failed with hr = 80072ee2.
2009-05-26 14:46:23:062 964 7a4 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2009-05-26 14:46:23:062 964 7a4 PT + Last proxy send request failed with hr = 0x80072EE2, HTTP status code = 0
2009-05-26 14:46:23:062 964 7a4 PT + Caller provided credentials = No
2009-05-26 14:46:23:062 964 7a4 PT + Impersonate flags = 0
2009-05-26 14:46:23:062 964 7a4 PT + Possible authorization schemes used =
2009-05-26 14:46:23:062 964 7a4 PT WARNING: GetAuthorizationCookie failure, error = 0x80072EE2, soap client error = 5, soap error code = 0, HTTP status code = 200
2009-05-26 14:46:23:062 964 7a4 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80072ee2
2009-05-26 14:46:23:062 964 7a4 PT WARNING: PopulateAuthCookies failed: 0x80072ee2
2009-05-26 14:46:23:062 964 7a4 PT WARNING: RefreshCookie failed: 0x80072ee2
2009-05-26 14:46:23:062 964 7a4 PT WARNING: RefreshPTState failed: 0x80072ee2
2009-05-26 14:46:23:062 964 7a4 PT WARNING: Sync of Updates: 0x80072ee2
2009-05-26 14:46:23:062 964 7a4 PT WARNING: SyncServerUpdatesInternal failed: 0x80072ee2
2009-05-26 14:46:23:062 964 7a4 Agent * WARNING: Failed to synchronize, error = 0x80072EE2
2009-05-26 14:46:23:109 964 7a4 Agent * WARNING: Exit code = 0x80072EE2
2009-05-26 14:46:23:109 964 7a4 Agent *********
2009-05-26 14:46:23:109 964 7a4 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2009-05-26 14:46:23:109 964 7a4 Agent *************
2009-05-26 14:46:23:109 964 7a4 Agent WARNING: WU client failed Searching for update with error 0x80072ee2
2009-05-26 14:46:23:109 964 2a4 AU >>## RESUMED ## AU: Search for updates [CallId = {EB98658E-5B26-4311-8C5D-6E6009C171EC}]
2009-05-26 14:46:23:109 964 2a4 AU # WARNING: Search callback failed, result = 0x80072EE2
2009-05-26 14:46:23:109 964 2a4 AU # WARNING: Failed to find updates with error code 80072EE2
2009-05-26 14:46:23:109 964 2a4 AU #########
2009-05-26 14:46:23:109 964 2a4 AU ## END ## AU: Search for updates [CallId = {EB98658E-5B26-4311-8C5D-6E6009C171EC}]
2009-05-26 14:46:23:109 964 2a4 AU #############
2009-05-26 14:46:23:109 964 2a4 AU AU setting next detection timeout to 2009-05-26 17:46:23
2009-05-26 14:46:28:109 964 7a4 Report REPORT EVENT: {964B3CF1-F6ED-4D0B-8E91-1F7C106C8ED3} 2009-05-26 14:46:23:109+0200 1 148 101 {00000000-0000-0000-0000-000000000000} 0 80072ee2 AutomaticUpdates Failure Software Synchronization Windows Update Client failed to detect with error 0x80072ee2.


The server was previously updating the two new changes that were recently made where:

1) Change the anti-virus to Symantec End Point
2) Updates firewall rules (hardware)


Any comments or suggestions would be welcomed ?

What OS version and Wsus version are you running?

Did you try to browse Microsoft Windwows Update webpage from this server ?

Regards,
Paolo

OS = Windows 2003 Web Edition SP 2, WSUS Is run by my ISP...I'm not too sure about their setup. However they tell me it's working

Manually calling the Windows Update site and doing an update works fine...

Regards,
Cassim

Not sure if this applies, but take a look at this Symantec KB.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110813315548

Cheers,
Thomas

This may not be what you are experiencing, but if the WSUS and SEP websites are both installed to the "Default Web Site" in IIS, they can conflict with each other, causing the behavior you see.  Both of the install routines for the WSUS server and SEP management server give you the option of installing the management website in its own web site or the IIS "Default Web Site"...the best configuration if the WSUS server piece and the SEP management server piece are installed on the same server, is to install them in their own IIS web sites.

Thanx for the response. However, I do not have the WSUS server installed on the box. My ISP provides WSUS server services. Secondly Endpoint has been installed as unmanaged. Im begining to think it's not an end point issue as netstat shows connectivity established between the update server and my box.

try the Client Diagnostics Tool:

http://technet.microsoft.com/en-us/wsus/bb466192.aspx

http://technet.microsoft.com/en-us/wsus/default.aspx

WSUS Client Diagnostics Tool

Checking Machine State
Checking for admin rights to run tool . . . . . . . . . PASS
Automatic Updates Service is running. . . . . . . . . . PASS
Background Intelligent Transfer Service is not running. PASS
Wuaueng.dll version 7.2.6001.788. . . . . . . . . . . . PASS
This version is WSUS 2.0

Checking AU Settings
AU Option is 2 : Notify Prior to Download . . . . . . . PASS
Option is from Policy settings

Checking Proxy Configuration
Checking for winhttp local machine Proxy settings . . . PASS
Winhttp local machine access type
<Direct Connection>
Winhttp local machine Proxy. . . . . . . . . . NONE
Winhttp local machine ProxyBypass. . . . . . . NONE
Checking User IE Proxy settings . . . . . . . . . . . . PASS
User IE Proxy. . . . . . . . . . . . . . . . . NONE
User IE ProxyByPass. . . . . . . . . . . . . . NONE
User IE AutoConfig URL Proxy . . . . . . . . . NONE
User IE AutoDetect
AutoDetect not in use

Checking Connection to WSUS/SUS Server
WUServer = http://41.203.XX.YYY
WUStatusServer = http://41.203.XX.YYY
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
Connection to server. . . . . . . . . . . . . . . . . . PASS
SelfUpdate folder is present. . . . . . . . . . . . . . PASS

Press Enter to Complete

 SEP SBE does use IIS any more.
As this client is unmanaged so there is no question of SEPM.

Have you checked the Traffic logs for SEP...does it show traffic being blocked by WSUS servers IP address?