Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 506 Source: WindowsServerUpdateServices

The SelfUpdate Tree is not working. Clients may not be able to update to the lastest WUS client software and communicate with the WUS Server.
I had this issue when WSUS was installed on the same server as Exchange and https was setup on the default web site for Outlook anywhere and RPC. I went to the directory security of the virtual SelfUpdate folder and removed “Require Certificate”. I restarted IIS and the Update Services service and the problem disappeared.
This error can be caused by changing the listening port in IIS for the default website. If you need a different port, best to add it as an additional one, rather than changing it from 80.
Is WSUS was installed on a machine that was later protomed to a DC, uninstall WSUS and IIS, and reinstall them for WSUS to work properly.
This event can have multiple causes. See ME920659 for details on this problem.
I was receiving this error with all the proper security settings configured (port 80, IUSR access, etc). However, I had installed WSUS on an existing SQL2005 server installed with a named instance. I had to re-install WSUS onto the default instance to eliminate the error.

See the link to "WSUS - SelfUpdate Tree is not working" for more information.
Go to for information on this event. Read the article, What does WSUS mean by "Selfupdate service not running".
In my case, this error appeared when I configured the default website in IIS to use SSL encryption. That was wrong; you may not use SSL for the WSUS directories "Content", "ReportingWebService" and "SelfUpdate". I had to uninstall the certificate in IIS. Also, look at the article “Secure Your WSUS Deployment” for more information on using SSL on WSUS.
I got this error fixed when i checked the ACL (Access Control List) on C:\Program files\Update Services\SelfUpdate. Internet Guest Account must have at least Read rights for this path.
On my server, the fault was the IUSR password. I changed that password, then I put the new password in Internet Information Services/Websites/Default Web Site/Selfupdate Properties/Directory Security, and then, I changed the password for anonymous access. This solved my problem.
Here is something useful that I found out the hard way. If you have a server running WSUS on port 8530 and you have more than 1 website running on port 80, as I did, you have to make sure that the SelfUpdate tree virtual site exists on all of your port 80 sites (I use host headers to point the users to the correct site on the server). When I ran the script to install SelfUpdate tree, it only installed it on 1 of my sites running on port 80, not all of them. To fix this, save the SelfUpdate tree virtual file configuration. Then import it on each of your sites running on port 80. Reset IIS, reset the Update Services service and you should be good to go.
From a newsgroup post: "If you are not using the default website for anything, I would stop the default website, change the port number for the WSUS to port 80, and restart IIS. If you still have some web applications that need port 80 or you prefer to keep WSUS on port 8530, you will need to run installselfupdateonport80.vbs in the \Program Files\Update Services\Setup directory. The will restore the selfupdate virtual folder that SUS removed during it’s uninstall".

See the link to "Automatic Updates must be updated" for additional information on this issue.
I got this error logged into my event Log after I ran WSUS for the first time. Although it was logged, my SelfUpdate Tree was ok. To test this I restarted Update Services (WSUS) service and the error disappeared. So be aware, that WSUS might sometimes log it by mistake. See the link to “SelfUpdate Tree is not working” for information on this event.
See the link to "WSUS Wiki" for information on Windows Server Update Services.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.