Recently when revisiting an internal SCCM deployment I found that the WSUS integration had stopped working. It tuns out the issue was caused by some changes that had been made to the WebDAV configuration in IIS7 on the server. The changes had been made at the recommendation of Microsoft to fix another issue revolving arround client push installation and seemed to be incompatible with the WSUS required configuration. What follows are my steps to identify the issue and then to temporarily rectify the issue. I say temporarily as I want to investigate further to see if I can resolve the compatibility issue completely.
My environment: SCCM R2 on Server 2008. WSUS 3.0SP1 on the same server using Windows Internal Database.
After examining the SCCM site status messages (which were not too helpful) I tried to open the WSUS console and got the following alert: “Error: Connection Error” there was also the option to “Reset Server Node” which did not do anything helpful.
The WSUS administration console was unable to connect to the WSUS Server via the remote API.
Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.
System.IO.IOException — The handshake failed due to an unexpected packet format.
The error then continues with a stack trace of some irrelevant (for this issue) information.
The next thing to try was to access the WSUS site directly, if WSUS is functioning correctly this should result in an HTTP 403 access denied error. Instead when accessing the site (from the local host) it generated a more useful IIS error:
HTTP Error 500.19 – Internal Server Error
“Cannot add duplicate collection entry of type ‘add’ with unique key attribute ‘name’ set to ‘WebDAV’”
<add name=”WebDAV” path=”*” verb=”PROPFIND,PROPPATCH,MKCOL,PUT,COPY,DELETE,MOVE,LOCK,UNLOCK” modules=”WebDAVModule” resourceType=”Unspecified” requireAccess=”None” />
The message there about the WebDAVModule rang a bell and sure enough I’d recently read the following MS KB 967506 regarding issues installing the SCCM client to computers. As part of the fix provided in the article it added a line into the applicationHost.config file for WebDAV integration. After reversing out the change & restarting IIS WSUS then started to behave and was accessible from SCCM once again.
Steps to work around the problem:
- Open the ApplicationHost.config
- Found in: %windir%\System32\inetsrv\config\
- Look for the section about your WSUS site
- called “WSUS Administration” for me
- Search for the line “<add name=”WebDAV” path=”*” verb=”PROPFIND,PROPPATCH,MKCOL,PUT,COPY,DELETE,MOVE,LOCK,UNLOCK” modules=”WebDAVModule” resourceType=”Unspecified” requireAccess=”None” />” and remove it for any WSUS sites
- Restart IIS & test
If I can find a more complete solution that solves both issues I will either update this post or write a new one.