Friday, July 22, 2016

Unattended Installation Of KB3159706 Breaks WSUS Instance (SUP) For SCCM

Issue
A customer of mine has a SCCM 1511 environment which also has a Software Update Point (SUP) deployed. This SUP uses WSUS underwater and worked fine for a long time. However, for a few weeks the SUP was broken and the underlying WSUS Console threw this error:
image

And:

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

System.IndexOutOfRangeException -- Index was outside the bounds of the array.

Source
Microsoft.UpdateServices.BaseApi

Cause
It took me some time to pinpoint the cause, but it turned out to be KB3159706, which enables ESD decryption provision in WSUS.

However, the update itself is harmless UNLESS one undertakes manual steps after the installation of the update, as stated in the same KB article:
SNAGHTML2a2e76[11]

When you don’t WSUS will be broken…

Solution
In this case, the decision was made to uninstall this particular update. The server was rebooted and WSUS was fully functional again.

Within an hour the SUP for SCCM was fully functional again and runs now without a glitch.

Recap
Always be careful with the automated deployment of updates. Of course, Critical Updates and Security Updates are crucial, but require testing. When also pushing regular updates to your environment, they require testing as well. Never assume things won’t be hurt.

In this case the update itself was okay, but required manual actions afterwards in order to make it land properly. Because no one knew about this update being pushed, no one looked until it was too late.

So: Always test yourself before you wreck yourself.

1 comment:

Anonymous said...

Thank you, only playing in a dummy enviroment at the moment but I couldn't figure why it wouldn't sync from upstream. This resolved it.

Error I was getting was such bullshit:

System.IndexOutOfRangeException: Index was outside the bounds of the array.~~ at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)~~ at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()~~ at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()~~ at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)~~ at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type type, Object[] args)~~ at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetConfiguration()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.SetUpstreamServerSettings(Boolean SyncFromMicrosoftUpdate, Boolean ReplicaServer, String UpstreamWSUSServerName, Int32 UpstreamWSUSServerPortNumber, Boolean UseSSL, Boolean HostBinariesOnMU, Int32 ReportingLevel, Int32 MaximumAllowedComputers)