Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 16 Source: AutomaticUpdates

Unable to connect: Windows is unable to connect to the Automatic Updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
In my case, we had a SonicWALL device and one of the IDS signatures on the SonicWALL was blocking Windows Update traffic.
On a 3.0 RC box, we were having a problem getting the large updates (SP2 for Windows Server 2003, SP2 for Windows XP, etc.), though everything else worked OK. We had seen this problem with WSUS 2.0 as well.  Here is what to do:

1. Go to the “Windows Server Update Services Downloads” page.
2.  Download the Server Diagnostic Tool.
3.  Extract it somewhere on the machine (e.g. I created C:\Tools and extracted the file there).
4.  Open a command prompt, go to C:\Tools and run the following command:
“WsusDebugTool.exe /Tool:SetForegroundDownload”. More information on this tool can be found in the readme.txt file (see the Windows Server Update Services Downloads page).
This solved our problem.
This problem was coming up on a WSUS server environment for one workstation out of 200. I installed MS Hotfix ME927891 for Windows XP, rebooted, and it started working.
I tried many of the things that were suggested here. In my case, on a Windows 2000 SP4 server there were no ISA firewall, no proxy settings (set to automatically detect settings). To resolve the problem I copied proxycfg.exe from an XP workstation, opened a command prompt, and ran the following:

proxycfg -d
net stop wuauserv
net start wuauserv.

See ME830605 for more details on the proxycfg.exe configuration tool.
WSUS was not downloading updates (WSUSAdmin page reported that the server had 10GB worth of updates to download, and had downloaded 0.00MB). I also found this error in the system log. I deleted the files in the WSUSContent folder, ran "wsusutil reset", restarted the Automatic Updates service and WSUS began downloading.

Automatic Updates with WSUS doesn’t work if the workstation is installed via Disk Imaging or Disk Cloning. See ME555452 for details.
This can occur if you have specified your WSUS client to use HTTPS for communicating with the WSUS server, and the WSUS server is using a certificate that is not installed on the client computer (e.g., if you are using a certificate generated by your company’s CA and not using one of the well-known ones such as Verisign, etc.).
As per Microsoft: "This behavior may occur if both of the following conditions are true:
1) In your computer's Local Area Network (LAN) settings, the Automatically detect settings check box is selected.
2) You cannot ping the Web Proxy Auto-Discovery (WPAD) server by its Domain Name System (DNS) name". See ME824208 for more information.

See "Troubleshooting Windows Update v.5 Authentication Issue" for information on troubleshooting authentication issues.

Also, check ME328010 to find out how to configure Automatic Updates by using Group Policy or registry settings.

As per Microsoft: "This behavior occurs because the Automatic Update service runs under the Local System account. The Local System account is not a member of the BackOffice Internet Users group and does not have permissions to use the Internet through ISA Server". See ME838177 for a workaround.

See ME830750 if the event description cannot be found.
In our case, the cause had to do with imaged client systems with the same SID. Microsoft PSS suggested following steps to be run on problem workstation:
1. Stop the Automatic Update service: “net stop wuauserv”.
2. Open Regedit and browse to the following Registry Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate.
3. Save a copy of this WindowsUpdate key (File / Export or Right-click / Export).
4. Delete the following registry values: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\PingID.
5. Close Regedit.
6. Start the Automatic Update service: “net start wuauserv”.
7. On this client, force synchronization with the WSUS Server: “wuauclt /detectnow”.

Within 30 minutes, the client in question showed up in the WSUS Console on the server and error 16 was no more.
We have Oracle Managment Console installed and there was no interaction possible between WSUS and the server. After shutting down the service from Oracle, everything works fine.
The cause is inability for the Automatic Updates service to get out through HTTPS (port 443) to the MS Update server. Enable the port and all automatic updates will start working.
See also ME241783 and ME312955 for errors Using Windows Update through a proxy server or firewall.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.