WSUS BITS Issue

If you have Event ID: 364 in Application Event Log related to Windows Server Update Services (WSUS) can’t download some updates, like this one:

WSUS Event 364

Then you are lucky by reading this article, because there is a workaround for this nightmare:

This error happens because of some proxies or routers (that maybe not in your internal environment, it might be in the ISP or any place in the way to Microsoft Update Servers) doesn’t support the ancient 10 years old HTTP 1.1 Protocol used by BITS service. The workaround is to configure BITS with a command by connecting to WSUS Database with SQLCMD.exe tool as following steps (If you have SQL 2012 installed in the WSUS Server (As the command to connect to a named pipe changed in SQL 2012) :

  • Install both of the above tools.
  • In a command prompt, navigate to C:\Program Files\Microsoft SQL Server\90\Tools\Binn\ and run the following command:
    exe -S \\.\pipe\MICROSOFT##WID\tsql\query -E -b -Q “USE SUSDB update tbConfigurationC set BitsDownloadPriorityForeground=1”
  • If everything works ok, you will see the following result:

    C:\Program Files\Microsoft SQL Server\90\Tools\Binn>SQLCMD.exe -S \\.\pipe\mssql
    $microsoft##ssee\sql\query -E -b -Q “USE SUSDB update tbConfigurationC set BitsD
    ownloadPriorityForeground=1″
    Changed database context to ‘SUSDB’.

    (1 rows affected)

  • Restart WSUS Service and initiate a Synchronization Process from Configuration Manager or from WSUS if you don’t have SCCM

This solution is described by Microsoft in this TechNet Article (but with another tool called osql.exe that didn’t work with new WSUS Version):

https://technet.microsoft.com/en-us/library/cc708426(v=ws.10).aspx

Configuration Manager Remote Desktop Tools

Hi all, today I’ll share with you ConfigMgr 2012 behind the scene setting that may affect your whole infrastructure and productivity. It’s Remote Control settings in SCCM Client Settings:

We all know that by default, the Administrators and Remote Desktop Users groups have the right to log on remotely through Remote Desktop Protocol. (for Domain Controllers it is Administrators only) ….but Configuration Manager 2012 has another opinion when you give it the controller stick 🙂

To permit users to remotely control machines, by using Remote Desktop or Remote Control tool, we do the following steps:

  1. From SCCM Console go to Administration Tab and click Client Settings from the left side list:
Administration Tab
SCCM Console Administration Tab

2. Open the Default Client Settings or the custom client settings (If you created one for Remote Settings) and click Remote Tools from the left side list:

Clicking Remote Tools
Default Client Settings

3. On Permitted viewers of Remote Control and Remote Assistance click on Set Viewers … :

Set Permitted Viewers
Set Permitted Viewers

4. It will open a list that you can add to it Domain Users or Groups as a Permitted Viewers (Recommend to add dedicated group for Users that needs Remote Access Permissions):

Permitted Viewers Window
Permitted Viewers Window

NOW, What happens when you add Accounts into this list (Permitted Viewers) ?

To answer this question, let’s see what ConfigMgr is doing when you enable Remote Control on Clients:

Configuration Manager creates a group called “ConfigMgr Remote Control Users” in local groups on every Machine, and it give this group the local security policy user wright: “Allow Log on Through Remote Desktop Services“. So when you add any accounts to the Permitted Viewers List, ConfigMgr Client will add them to this group. If you want for example to give Domain Admins the permission to use Remote Control to Share Users Desktop in a shared session, put the Domain Admins group in the Permitted Viewers List. Microsoft Doesn’t recommend adding users to this group (ConfigMgr Remote Control Users) directly, instead add them to the Permitted Viewers List.

Thanks for reading

Hossam