WSUS at primary child site stopped synchronizing with WSUS

Tags

HTTP status 401, SCCM, wcm.log, WSUS

The problem:
WSUS at primary child site stopped synchronizing with WSUS at central site with the error In the wcm.log:
System.Net.WebException: The request failed with HTTP status 401: Unauthorized.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 09:04:45 5600 (0x15E0)
Remote configuration failed on WSUS Server. SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 09:04:45 5600 (0x15E0)
Troubleshoot:
Look into the iis log for the WSUS website.
Find the timestamp for the error in the wcm.log
2014-04-04 07:04:45 10.50.235.100 POST /ApiRemoting30/WebService.asmx – 8530 – 10.50.235.100 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5472) 401 2 5 5
2014-04-04 07:04:45 10.50.235.100 POST /ApiRemoting30/WebService.asmx – 8530 – 10.50.235.100 Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.5472) 401 1 3221225581 1

Error 401 in the iis log indicates authentication issue, so look in the event viewer secutiry log and find the event with the same time stamp found in the iis log.
The event shows the error:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 04-04-2014 10:56:49
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: servername.fqdn
Description:
An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: –
Account Domain: –
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: servername$
Account Domain: YourDomain

Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc000006d
Sub Status: 0x0

Solution
http://support.microsoft.com/kb/896861/en-us
Method 2: Disable the loopback check (less-recommended method)
The second method is to disable the loopback check by setting the DisableLoopbackCheck registry key.

To set the DisableLoopbackCheck registry key, follow these steps:
1. Set the
DisableStrictNameChecking
registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
2. Click Start, click Run, type regedit, and then click OK.
3. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Right-click Lsa, point to New, and then click DWORD Value.
5. Type DisableLoopbackCheck, and then press ENTER.
6. Right-click DisableLoopbackCheck, and then click Modify.
7. In the Value data box, type 1, and then click OK.
8. Quit Registry Editor, and then restart your computer.

WCM.log will then show and after the next WSUS synchronization from central site everything will be ok again.

Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111 SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:09:13 2992 (0x0BB0)
Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001 SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:09:13 2992 (0x0BB0)
The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.7600.226) SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:09:13 2992 (0x0BB0)
Successfully connected to server: Server.fqdn, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:09:13 2992 (0x0BB0)
Verify Upstream Server settings on the Active WSUS Server SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:09:13 2992 (0x0BB0)
WSUS Server settings are correctly configured and Upstream Server is set to Server.fqdn SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:09:13 2992 (0x0BB0)
Configuration successful. Will wait for 1 minute for any subscription or proxy changes SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:09:13 2992 (0x0BB0)
Successfully connected to server: Server.fqdn, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:10:13 2992 (0x0BB0)
Successful published and approved package 72eb686f-b396-4d62-b16f-5284fd2543ee – 0 for Install to a0a08746-4dbe-4a37-9adf-9e7652c0b421, Deadline UTC time= 04-04-2014 09:07:23 SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:10:13 2992 (0x0BB0)
Successfully connected to server: Server.fqdn, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER 04-04-2014 11:10:13 2992 (0x0BB0)