WSUS on port 8530, or: FATAL: Failed to show client UI, directive=7, hr=80010108

EDIT: Since our friends at SolarWinds have found their way onto my (small and insignificant) blog and had things to say (and sell?), I feel I need to make a comment here. While I appreciate the comments made to this post, I would also like to clarify that this blog is intended primarily to document errors and solutions I come across in my daily work routine for myself and my colleagues. I’ve allowed Google to crawl the site because it may be of help to someone else as well. I post solutions as I stumble upon them, when they fix my specific error. I do not spend hours researching the exact causes, or if something can be done better. I document as I go, during a hectic work day. So, I would like any readers here to keep in mind that my solutions may not work for you or your setups, and I may get things wrong.

If you would like, have a look at the comment made in this post by a SolarWinds employee. Like I state in my reply, this is what worked for me. I have no idea if the tool recommended by SW is better or not, and as things stand right now, I have no time or need to find out. If anyone has this issue and isn’t helped by my solution, or would like to try something else, by all means try the SW linked application.

ORIGINAL POST:

If you configure WSUS to run on a different port (default seems to be 8530), chances are you’ll see your clients pop up in WSUS, but never report any status. A test with Client Diagnostic Tool will present you with an error message in red stating that:

FATAL: Failed to show client UI, directive=7, hr=80010108

This message appears because the client cannot find the SelfUpdate tree on the WSUS server. The issue here, is that even though you specify WSUS to run on a different port, you MUST have the SelfUpdate virtual directory present on port 80. As far as I know, this cannot be changed.

If you, like me, have a system using port 80 that does NOT allow you to map subdirs (Like F-Secure Policy Manager), you're out of luck using that server for WSUS unless you can change the port of that other application. I'm now running F-Secure PM on port 82 instead, and WSUS is happily chugging along.

Fixing the issue is easy peasy once you can have your default site available in IIS or Apache or whatever. Just copy the path used for SelfUpdate in the WSUS Administration site into a new virtual directory named Selfupdate in the default port 80 website:

wsuspath

That should do it. Try running the Client Diagnostic Tool again and you should have it pass, along with WSUS clients starting to report in (keep in mind that this will still happen at random).

About these ads

3 thoughts on “WSUS on port 8530, or: FATAL: Failed to show client UI, directive=7, hr=80010108

  1. Lawrence Garvin (@LawrenceGarvin)

    Only the most ancient of Windows systems still require access on port 80 for selfupdate. Anything newer than XP SP3 (or Win2003SP1), will look on whatever port has been configured for the assigned WSUS server. If the assigned WSUS server is on port 8530, then that’s the /selfupdate resource that the client will use. However, the WSUS HealthMonitoringService does still expect to see that resource on port 80, and it will create AppEventLog errors if the port 80 ‘selfupdate’ is not available.

    However, the 0×80010108 FATAL error is not about selfupdate, it’s about the WUAgent’s inability to display the client UI (as the error message plainly states). Specifically this is caused by an RPC error.

    From http://inetexplorer.mvps.org/archive/windows_update_codes.htm
    0×80010108 -2147417848 RPC_E_Disconnected

    The Client Diagonostic Tool you cite was written for WSUS v2 and has several defects, the most notable being that it is an x86-only tool, and has not been updated in about eight years. The other being the fact that it does explicitly check for selfupdate resources on port 80, not on the configured URL. Thus, in this case, the error experienced is a unique manifestation of the Client Diagnostic Tool, and is not representative of any loss of capability of the installed Windows Update Agent.

    For more reliable client diagnostics, I suggest using the FREE SolarWinds Diagnostic Tool for the WSUS Agent [http://www.solarwinds.com/products/freetools/diagnostic-tool-for-WSUS-agent.aspx], released in June, 2012. (Note: I do work for SolarWinds).

    Reply
    1. onlyblueatwork Post author

      If 2008 R2 is ancient, and Microsoft tells me this is the solution (and it worked) as stated at http://technet.microsoft.com/en-us/library/ff646934%28v=ws.10%29.aspx I see no reason to doubt. Maybe you are right, and the error is purely a best practice error, but the fact remains that none of our 180 clients reported in during 48 hours prior to the SelfUpdate directory being plopped in place in the default site in IIS.

      I’d like to quote Microsoft here:
      “To make sure that the self-update tree is working correctly, first make sure that there is a Web site set up on port 80 of the WSUS server. You must have a Web site that is running on port 80, even if you put the WSUS Web site on a custom port. The Web site that is running on port 80 does not have to be dedicated to WSUS. WSUS uses the site on port 80 only to host the self-update tree.

      Anyway. The problem was resolved by following Microsoft’s advice. I’m sure yours is sound as well, but since my issue is resolved, and I had no issues switching the port used by our F-Secure Policy Manager, I see no reason to spend more time with it. Perhaps your comment can be helpful to others that stumble on to my blog. I’ll mention it in the post.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s