Troubleshooting Multiple Errors on WSUS: 13042, 13051 and 12032.
[Today’s post comes to us courtesy Milind Bhavsar.]
Have you ever seen the following symptoms with WSUS?
Self update is not working.
Client machines don’t show up on the WSUS console.
If you have, chances are, you would also get one of the following events on the application logs:
13042,13051,12002,12032,12022,12042,12052
13042: Self-update is not working
13051: No client computers have ever contacted the server
12032: The Server Synchronization Web Service is not working
These events get logged every time the Update Service is started or every time you run wsusutil checkhealth. By default, the Update Service runs this in the background every six hours. So, even if you don’t touch the system, you would see the errors being logged every six hours.
Cause:
The Issue occurs because of a password mismatch for the IUSR account in the active directory and the IIS Metabase, or permission issues with the WSUS virtual directory.
Troubleshooting
=============
1. Check the membership of the guests group. Remove the IUSR account from the members if it shows up under the guests group.
2. Reset the IUSR account password:
a. Open the AD Users and Computers console and select the container that holds the IUSR_<Server_Name>. This account is located under the “Users” container by default.
b. Right click the IUSR account, select the option to change the password, and provide a new password for the account.
c. Open a command prompt window run and change directories so that the prompt is on C:\inetpub\adminscripts.
d. Then run:
cscript adsutil.vbs set w3svc/anonymoususerpass <new password>
Note: <new password> is the password provided in step 1.
e. Open the IIS management console and go into the properties for the website you are working with. Choose the directory security tab, click edit for Authentication and
Access Control. Make sure enable anonymous access is checked. If it is, the IUSR account will be selected. Reselect this account and specify the new password when setting the account. Specifically do this on the Default Website and the WSUS website .
NOTE: If you have upgraded from WSS 2.0 to WSS 3.0 you should have a website named Sharepoint-80 in the IIS console. Please follow step 5 for the Sharepoint-80 website, because the WSUS selfupdate directory is hosted under the website listening on port 80.
f. Try restarting the update service or run wsusutil checkhealth.
g. Under the default website, the SELFUPDATE and CONTENT virtual directories should be configured to use “Integrated Windows Authentication”. Make sure that they don’t have anonymous access enabled.
h. Make sure SSL is not enabled on the SELFUPDATE virtual directory.
i. Restart IIS.
Hopefully these steps should resolve the issue, if this doesn’t resolve the issue. Get in touch with Microsoft PSS Support.
![[Asks SBS]](http://oxwtxw.bay.livefilestore.com/y1pkDdQVhdks_EO2HKHKb_QAk41BknxYZF0lN9yYxTKroOCdnfMb6yRAbAavXXE46hOIJGaypxJrLnpeyBsPDVSZg/AskSBSTeam.png "The EMEA SBS Team")
