So we auto patch servers using WSUS (Version: 6.2 on Server 2012) which is great as all servers (and we have loads) get patched and we don’t have to do anything (except fix shitty MS updates).
Last week WSUS patched itself and all of a sudden the WSUS Admin console was inaccessible:
Clicking the copy error to clipboard gave this:
The WSUS administration console was unable to connect to the WSUS Server via the remote API. Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\. System.IO.IOException -- The handshake failed due to an unexpected packet format. Source System Stack Trace: at System.Net.Security.SslState.StartReadFrame(Byte buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) ** this exception was nested inside of the following exception ** System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send. Source Microsoft.UpdateServices.Administration Stack Trace: at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object args) at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber) at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer() at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()
So after much Googling I found KB3148812 is the update that broke it.
To recover your console, run the following in an elevated command prompt (assuming Windows is installed on drive C):
cd C:\Program Files\Update Services\Tools
Wsusutil.exe postinstall /servicing
Then reset the server node or reboot WSUS, and you’re back in!
Once your back you may find that client scans against WSUS no longer succeed.
To restore client-server communication, enable HTTP Activation on your WSUS server via the Add Features and Roles Wizard in your Server Manager: