For quite some time now I have been seeing scores of the following errors filling up my WSUS Server’s Event Viewer;
- 12052 – The DSS Authentication Web Service is not working.
- 12042 – The SimpleAuth Web Service is not working.
- 12022 – The Client Web Service is not working.
- 12032 – The Server Synchronization Web Service is not working.
- 12012 – The API Remoting Web Service is not working.
- 12002 – The Reporting Web Service is not working.
- 13042 – Self-update is not working.
However, WSUS was receiving updates from Microsoft and all of my clients were getting updates from my server, so I did not let it bother me too much! Today I was setting up monitoring for all services and roles on this server and so decided I wanted to clear these errors up for good.
All the research I was doing get pointing me back to whether I had set up SSL correctly or not; and all the checks I did indicated I had set SSL up correctly, but still the errors remained!
So I started to trawl through the SoftwareDistribution.log in C:\Program Files\Update Services\LogFiles to see if that would shed any more light on the matter.
I found a number of entries with similar lines to this:
2012-10-03 12:21:31.084 UTC Info WsusService.8 SusService.ValidateServerCertificate CheckValidationResult Succeeds: CertOK
2012-10-03 12:21:31.084 UTC Info WsusService.8 WebServiceCommunicationHelper.VerifyServerCertificate Requested host: <local server name>
2012-10-03 12:21:31.084 UTC Error WsusService.8 CertificateChainPolicy.VerifyPolicy The given certificate chain has not Microsoft Root CA signed root (800B0109)
Some more searching lead me to this forum: http://social.technet.microsoft.com/Forums/en-US/winserverwsus/thread/1052c418-dc69-4deb-9dc8-5c561bb72999 and in turn to this Microsoft blog: http://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx
Issue 2 : Website Verifications are not accurate states: “The problem is currently under investigation and the workaround is to temporarily disable the website verification with wsusutil. WSUS is working fine, it synchronizes and updates clients. The mechanism to verify the websites is the one alerting on Event viewer.” and it then goes on to tell you how to disable WSUS Health Monitoring from checking these sites!
So the plus side is that my Event Viewer is no longer filling up with false errors, but the downside is WSUS is no longer performing its own health monitoring!
Let’s hope Microsoft fix this soon, and are a little more forward in letting us know they have fixed it so I can turn the health monitoring back on!