EDIT: Since our friends at SolarWinds have found their way onto my (small and insignificant) blog and had things to say (and sell?), I feel I need to make a comment here. While I appreciate the comments made to this post, I would also like to clarify that this blog is intended primarily to document errors and solutions I come across in my daily work routine for myself and my colleagues. I’ve allowed Google to crawl the site because it may be of help to someone else as well. I post solutions as I stumble upon them, when they fix my specific error. I do not spend hours researching the exact causes, or if something can be done better. I document as I go, during a hectic work day. So, I would like any readers here to keep in mind that my solutions may not work for you or your setups, and I may get things wrong.
If you would like, have a look at the comment made in this post by a SolarWinds employee. Like I state in my reply, this is what worked for me. I have no idea if the tool recommended by SW is better or not, and as things stand right now, I have no time or need to find out. If anyone has this issue and isn’t helped by my solution, or would like to try something else, by all means try the SW linked application.
If you configure WSUS to run on a different port (default seems to be 8530), chances are you’ll see your clients pop up in WSUS, but never report any status. A test with Client Diagnostic Tool will present you with an error message in red stating that:
FATAL: Failed to show client UI, directive=7, hr=80010108
This message appears because the client cannot find the SelfUpdate tree on the WSUS server. The issue here, is that even though you specify WSUS to run on a different port, you MUST have the SelfUpdate virtual directory present on port 80. As far as I know, this cannot be changed.
If you, like me, have a system using port 80 that does NOT allow you to map subdirs (Like F-Secure Policy Manager), you’re out of luck using that server for WSUS unless you can change the port of that other application. I’m now running F-Secure PM on port 82 instead, and WSUS is happily chugging along.
Fixing the issue is easy peasy once you can have your default site available in IIS or Apache or whatever. Just copy the path used for SelfUpdate in the WSUS Administration site into a new virtual directory named Selfupdate in the default port 80 website:
That should do it. Try running the Client Diagnostic Tool again and you should have it pass, along with WSUS clients starting to report in (keep in mind that this will still happen at random).