I have a set of workstations set to use WSUS rather than windows update. Most update fine, however, in few cases, whilst client machines appear to contact the WSUS server fine, and download/apply updates, the WSUS summary does not list these IPs as ever having contacted the server.
As an example, one affected client machine shows, in windowsUpdate.log:
2017-06-03 15:57:27:352 1084 a8 Report Uploading 2 events using cached cookie, reporting URL = http:///ReportingWebService/ReportingWebService.asmx
2017-06-03 15:57:27:367 1084 a8 Report Reporter successfully uploaded 2 events.
However, the wsus_server in question shows no record of this client IP having contacted it...
Any ideas?
Ah - it looked like this was the solution:
https://blogs.technet.microsoft.com/sus/2009/05/05/resolving-the-duplicate-susclientid-issue-or-why-dont-all-my-clients-show-up-in-the-wsus-console/
It fitted the symptoms perfectly...but on trial, the solution proposed didn't do the job...
Next idea?
Related
We have two Windows 2012 servers reside on the same subnet on domain "FACTORY".
And we have intermittent authentication issue(3rd party app) with users from domain "OFFICE".
During troubleshooting using nltest command, something which I don't understand.
Here is the output from the first Windows 2021 server:
nltest /dclist:OFFICE
Get list of DCs in domain 'OFFICE' from '\\DC01'.
You don't have access to DsBind to OFFICE (\\DC01) (Trying NetServerEnum).
I_NetGetDCList failed: Status = 6118 0x17e6 ERROR_NO_BROWSER_SERVERS_FOUND
Here is the output from the second Windows 2012 server:
nltest /dclist:OFFICE
Get list of DCs in domain 'OFFICE' from '\\DC02'.
You don't have access to DsBind to OFFICE (\\DC02) (Trying NetServerEnum).
List of DCs in Domain OFFICE
\\DC03 (PDC)
The command completed successfully
Why the 2nd Windows 2012 could get list of DCs in Domain OFFICE? Both servers are located on the same network subnet, both have the same network settings, no WINS. I can see that the nltest was using different DC (DC01 vs DC02) to get the result, which I also don't understand.
I was reading a lot of articles about the error ERROR_NO_BROWSER_SERVERS_FOUND, which pointed to "Computer Browser Service". However, this service is disabled on both servers.
The intermittent authentication issue has never been reported from the 2nd Windows 2012, so I would suspect this nltest result might contribute to that.
What's the domain topology?
What kind of trust is it?
Are there any error events from NETLOGON in the DC event logs on either side?
Does nltest /trusted_domains show the correct info on the FACTORY DCs
Does nltest /sc_query:OtherDomain show any errors on the Trusting side?
Same with netdom trust TrustingDomainName /domain:TrustedDomainName /verify on each of the DCs on each side of the trust? (Or you can check it in AD Domains and Trusts). Unlike nltest, this requires credentials.
Are all the required ports, including all the required RPC ports, open between all the DCs in each domain? And in Windows Firewall? The most important aspect is that the Trusting domain DCs must be able to get to the PDCE in the Trusted domain. At the very least, you need these ports: LDAP (389 UDP and TCP), SMB (445 TCP), Kerberos (88 UDP), RPC portmapper (135 TCP), DNS (53 UDP and TCP)
Have you tried DNS queries from all the DCs to see if you can resolve the SRVs on each side? e.g. nslookup -q=SRV _ldap._tcp.mydomain.com (and the same for _kerberos.tcp and _kerberos.udp)
Do any of the DCs in either domain have the same hostname? Or duplicate SIDs? If the DCs were built from a custom image, were they Sysprepped?
Is the time in sync on all DCs on both sides of the trust? (Within 5 minutes, maximum)
Any errors in NETLOGON.LOG? You can enable NETLOGON debug logging for richer information, but only leave it on for a short time.
I have the following scenario:
WS1 = Windows **(Has Internet)**
WS2 = Windows (No Internet)
SERVERX = Linux (No Internet)
We want to monitor SERVERX ( get CPU usage, disk space..etc and get alerts via email!) I was thinking about using Zabbix OR PRTG (Monitoring tools)
But turned out Zabbix cannot be installed on Windows. and we need to get Disk space usage to be reported view email when exceeding a limit.
Please have a look at the picture to understand the challenge.
I was thinking about the following setup:
WS1 have PRTG installed
WS2 have PRTG installed
Both WS1,WS2 share the same PRTG database (Synced)
Is this even possible? or do you have other solutions?
Use Master Probe on WS1 and remote probe on WS2 - this way your master probe will store collected results into database and send emails since it is connected to Internet.
Remote probe is the one who is doing checks and who is constantly connected to master probe and pushes results to it.
This is standard PRTG functionality - see following page for details https://www.paessler.com/manuals/prtg/install_a_prtg_remote_probe
I have a Tableau (reporting) server on Windows 10 that internally uses PostgresDB. Besides I have a PostgresDB, where my data is located, so reports are aggregated using this data.
What should our end-user experience? - He or she opens in a web browser a report by url and see the data.
For some reason from time to time our end-users face with the problem:
could not receive data from server: Software caused connection abort
(0x00002745/10053) Unable to connect to the server "server_name".
Check that the server is running and that you have access privileges
to the requested database.
This problem arises with different reports and in different time. Moreover, when I do not fix it for a long time, this report may start to work again.
There is no firewall or antivirus on Windows where Tableau server is, but there is a VPN.
What has helped?
Pgbouncer has solved it problem partially. By partially I mean that during 2 weeks of exploitation this error has only once occurred instead of 3 times per day by using pure Postgres.
Restart of Tableau server solves this problem as well.
Accidental loose of Internet connection on Tableau server also may help with this problem.
What have I also checked?
1) When everything is fine, in Pgbouncer logs I can see that queries are loading when I interact with a report, otherwise (when there is this error) no logs are recorded. So Tableau Postgres can't connect to Postgres with data for some reasons.
2) When I connect manually to PostgresDB from the Tableau Postgres, then everything is fine and all queries were executed, while end-clients face with the problem interacting via web browser.
3) When I type in CMD in Tableau Server (windows): netstat -nao | find PostgresDB:5432, in normal case I see many TCP connections with different PIDs except one PID which is executed from 2 different ports on Tableau Server, however all of them are tabprotosrv.exe; in case when it fails I see only one PID which is executed from 2 different ports on Tableau Server.
So I have 2 main questions
1. How to solve it normally?
2. Or what should I check else?
I am having issues getting the Event logs to forward to my collector server. I have followed various articles on how to set this up and, enabled winrm on the source and wecutil on the collector. I ensured the collector was in the Event Log Readers Group, and the windows firewall rules were enabled, however the firewall is not enabled. I have set up the subscription properly with collector initiated and machine account for the user account, however No events show up in the "Forwarded Events" log, and the runtime status fails with the following error:
Error - Last retry time: 10/12/2016 8:55:12 AM. Code (0x80338095): The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. Next retry time: 10/12/2016 9:00:12 AM.
I haven't found much on the web to troubleshoot this. Are there any steps I can take to determine the issue, or am I missing something simple? One technet article talked about a hotfix for 2008 servers, mine are all 2012. Could it be GPO related?
Used the following article to troubleshoot various parts of the process.
http://tutorial.programming4.us/windows_7/forwarding-events-(part-2)---how-to-troubleshoot-event-forwarding---how-to-configure-event-forwarding-in-workgroup-environments.aspx
Ended up deleting the subscription and re-creating it and the events started to forward.
I just changed the Event Delivery Optimization back to Normal, then ran the command wecutil gr <Subscription name> and it looked like it worked.
I have 3 main sites, each have a WAN connection which is good but not great, and internet connections.
I have just built a WSUS 3.0 SP2 on windows 2008 R2 boxes in each region.
I want to configure one as the primary and the other 2 as downstream boxes, saving WAN/internet bandwidth.
There doesn't seem to be a way to configure these to 'report' into the main box, and download the approved patches without using the WAN link.
Is there some obvious setting I am missing, enabling these as replica does everything I need apart from the download source.
I'm not quite understanding how you're expecting a remote WSUS server to communicate with the primary except via the WAN link?
As far as configuring a WSUS server as a downstream server, that's covered in the WSUS Deployment Guide, and is presented in the setup wizard. (Option 1: Get updates from Microsoft; Option 2: Get updates from another WSUS server). See Configure and Manage Replica Servers for more information.