Blog: WSUS

I came across an issue where WSUS and Microsoft Update kept getting an error installing .NET Framework 3.0 SP1 update on Windows XP PC.  I went to add/remove programs to uninstall .NET Framework 3.0 but there was no button to uninstall it. 

I thought that something was goofed up, so I came across a .NET cleanup tool that automated a manual uninstall of all .NET versions.  After this was done, I tried Microsoft update again and it still failed during installation of .NET 3.0 SP1. 

I ran the cleanup tool again and tried manually installing each version using the direct downloads from Microsoft and installation still failed. [more]

After some more researching, I found mention that .NET 3.5 SP1 would try to install .NET 3.0 if it was not installed.  The installation of .NET 3.5 SP1 worked and I saw that .NET 3.0 SP2 was actually packaged in with it. 

I ran Microsoft Update again and verified that there were no longer any updates needed by the PC.


During attempt to temporarily free drive space for Disk Defragmenter to run, I had stopped the IIS web service and moved the Update Services folder, which is WSUS, to another disk drive.  After running the defragmenter, I moved the folder back and started the service up again.  Later that week, I noticed that clients had not been reporting in to WSUS. 

After server reboot, the event log reported that a service failed to start.  The only automatic service that was not running was “Update Services”.   Starting the service manually allowed me to access the WSUS management console, but another event log message was written each time I restarted the service that stated: 

“Event ID: 506 - The SelfUpdate Tree is not working.  Clients may not be able to update to the latest WUA client software and communicate with the WSUS Server.” [more]

On every server, including the WSUS server, MBSA kept failing to check security updates from the WSUS server.  WSUS client check-in is served through IIS as a site called “Selfupdate”.  It is important to allow anonymous access to the directory using an IUSR account managed by IIS.  I went back to the “Update Services” folder on the disk drive and manually added the Internet Guest Account (the IUSR account that was listed as the anonymous IIS account) and gave it “Read & Execute” permissions.  Moving that folder to another drive had likely removed the IUSR permissions for the folder.

I restarted the “Update Services” service and no longer got the Event ID: 506 message.  I ran registry commands to get Windows Updates to check for updates again on one of the servers and it reported to WSUS.  A little later, other machines began to report in as well.


When working with WSUS, I kept getting an error every time I tried to do anything with WSUS (uninstall, reinstall, start the service, start the program, etc.). The error reported that the mscoree.dll file was missing or not installed correctly and reinstalling the program may fix this error. This dll file is related with the .NET framework. Reinstalling .NET 2.0 framework fixed the problem without having to reinstall WSUS.


We were having some problems getting Windows Server Update Services (WSUS) to download new updates at one of our customer's sites.  The ISA server was denying the connections, but was saying that "an existing connection was forcibly closed by the remote host".  I made several changes on the ISA server to try to fix this.  I tried using an HTTP rule without the web proxy, disabled caching, etc.  Nothing seemed to fix the problem.  When I checked the Application event log on the server, there was a WSUS error saying, "Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header."  I did some research on this and found a fix that involved making a change to the WSUS database. [more]

I stopped the WSUS service and ran the following command:
osql.exe -S PNB-TS\MICROSOFT##SSEE -E -b -n -Q "USE SUSDB update tbConfigurationC set BitsDownloadPriorityForeground=1"

I then restarted the service and it worked great.


On February 12, Microsoft plans to make an updated Internet Explorer 7 installation package available via Windows Server Update Services (WSUS). The installation will be released as an Update Rollup package. Customers that require IE6 and have WSUS configured to auto-approve critical updates will need to disable the auto-approval feature before February 12 to ensure the rollup package is not released to clients.

Once the Update Rollup package for IE7 has synchronized with the WSUS server, the auto-approval feature can be turned back on and installation of the IE7 update can be managed manually. [more]

Please note that if you have previously deployed the Blocker Toolkit to restrict automatic installation if IE7, Microsoft has not yet announced if this will continue to prevent the installation of the new IE7 update.

For more information about the Blocker Toolkit, refer to the following link:

If you need help planning for and testing Internet Explorer 7, please contact us.

For more information regarding automatic delivery of Internet Explorer 7, please visit: