WSUS Error: Unexpected Error

WSUS Error: Unexpected Error

In the organization I work for, we have roughly 130K Windows machines that are domain joined that are reporting into our WSUS implementation. We only use one WSUS cluster to manage all of them…. if you want to know more about how we set that up, please let me know in the comments!

Once we got the majority of clients/servers reporting in, we started seeing this error every time we tired to expand some of the computer groups.

Error: Unexpected Error
An unexpected error occurred. Please contact your system administrator if the problem persists. 

One of my admins, clicked on the Copy Error to Clipboard and sent it to me – there is usually a good start in trouble shooting in that error text, that is when I started hunting. The exact error was: (note: the non-ASCII character is changed to ‘[]’ below)

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

System.Xml.XmlException -- '[]', hexadecimal value 0x16, is an invalid character. Line 1, position 11167920. Source System.Xml Stack Trace:
at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args)
at System.Xml.XmlTextReaderImpl.ParseNumericCharRefInline(Int32 startPos, Boolean expand,
StringBuilder internalSubsetBuilder, Int32& charCount, EntityType& entityType)
at System.Xml.XmlTextReaderImpl.ParseCharRefInline(Int32 startPos, Int32& charCount,
EntityType& entityType)
at System.Xml.XmlTextReaderImpl.ParseText(Int32& startPos, Int32& endPos, Int32&
outOrChars)

Okay, so they are apparently using a XML reader from the data they are getting back from the WSUS web services and he chokes to death on a non-ASCII character… cool (seems like that the WSUS database has great data quality checks in place there [sarcasm]).

So where is the data coming actually from?…. If you open up Wireshark and reproduce the error, it shows that there are two calls made when you try to expand a group in the WSUS console (one for the group, then another one for the computers in the selected group).

The web service seems to be calling a stored procedure in the database called [dbo].[spSearchComputers] which outputs an XML file… so I manually ran thís stored procedure (for all computer groups) and exported the file as one massive TXT file (which was 133389 lines).

So, I then searched in that text file for this little non-ASCII char – “[]”….  I found 3 results!

The issue for us was the Model column in the database. In the text file, I grabbed the ComputerID GUID for each of the 3 culprits and queried their data to get their TargetID’s since that is how the WSUS database seems to store Make/Model/BIOS, in a different table [dbo].[tbComputerTargetDetail].

I manually updated the ComputerModel column to ‘Unknown’ for the 3 culprits, then gave it a try in the WSUS console, worked like a charm!!

But, I knew this only fixes the issue until those 3 clients report in again and I assumed there was probably another stored procedure that is called for merging the computer detail table. After looking for a bit, I found a procedure called [dbo].[spRegisterComputer] that I am guessing is called when a computer reports it’s data. I ended up actually updating that stored procedure to include this:

DECLARE @newComputerModel nvarchar(64)
IF UNICODE(@ComputerModel) between 32 and 255
SET @newComputerModel = @ComputerModel;
ELSE
SET @newComputerModel = 'Unknown';

That way, when the ComputerModel gets another non-ASCII character, it will write ‘Unknown’ instead of something that XML will not like.

The root cause of this issue is – that in our domain, there seems to be a couple machines with some “junk” written into the motherboard that is most likely picked up by WMI. Though I really think the WSUS database could do a better job of data quality.

Thanks for reading!

/Matt

My favorite paragraph this year.

“In this age of infinite information and endless distraction, it’s easy to spend an entire day reacting and responding. Demands coming at you from others will always consume some portion of your day. Yet in most cases, what you will be most proud of a decade from now will not be anything that was a result of you simply responding.
What will matter in life is what you initiate today – striking up a conversation that leads to a new friendship, sharing an idea with someone at work turns into a new product or offering, or investing in another person’s growth and watching him/her succeed over the years. If you want to create a positive charge for others, your ability to do so will be almost directly proportional to the amount of time you can spend initiating instead of responding”

– Tom Rath “Are you Fully Charged?”

Choosing the best Azure Data Center

Speed is obviously the number one thing you should look at when deciding where to stick your Azure services/resources. The faster the speed, the better the performance. Want to know which data center has the lowest latency from you? (tested against blob storage) Check this out link – http://azurespeedtest.azurewebsites.net/

However, please note that not all services are available in all Azure regions, this is actually one of the deciding factors of how we chose which Azure Data Center to be in.

For example, in Europe, features appear first in the West Europe (Netherlands) before North Europe (Ireland). So, if you want to be on the bleeding edge, this might be a deciding factor.

What to know what is available where? Check this out – http://azure.microsoft.com/en-us/regions#services

Hope this helps!!

/Matt

 

How do you dynamically change the proxy configuration on Windows laptop computers depending on network, all using PowerShell?

Determining if an IP address is within a range is quite cumbersome when you think about it in terms of programming…

Here was the problem we had to solve while migrating from a proxy solution:
Today, all managed computers (100’000+) that we have in our domain are using a proxy to gain access to the outside, there are 5 proxy servers split out by region (As an example: Europe, North America, Australia, Singapore, and China). These proxy servers are configured on the clients using our home grown computer management system which is backboned by PowerShell… we specify a configuration value on the computer and the agent that is installed on the computer assigns the proper proxy server to Internet Options. However, starting now, we are in the middle of rolling out default routes at all sites and that project will take about many months to complete….

The problem:

We can dynamically change the configuration value of all computers at a site in our system to “Disable Proxy” and Windows would just use the default route… easy, right?

Well, what happens when we assign that new value to 20 mobile laptops at one site and then those users travel to a different site that does not have the same solution in place? (a specified proxy is required) Well, the internet would not work for that computer… obviously 

So, our problem was, how do we dynamically change the proxy configuration on laptop computers depending on if that computer was located as a legacy proxy site or default route site, all using PowerShell?

Before implementing what we did…. we investigated a lot of options (like .pac files) but we needed something dynamic that could be changed on the fly.
The first solution we played with was we ended up getting the IP address on a computer and checking if it was in range of a list of networks on a distributed file share (UNC), this worked but it was very slow and the project did not want to list each network on a text file because there are dozens of networks at one location and that list would become massive over time. Remember, we are talking about 500+ sites in 60+ countries… we had to think big.

So, the solution we implemented and we are using today is kind of just combining a bunch of stuff we already knew. Here are the steps:

  1. Laptop computers grab a list of networks from a DFS – I will talk about what this looks like and how it is setup below
  2. PowerShell checks if their current IP address is within any network on that list – we do a lot of checking like (is the computer on VPN?, is the computer on a local network (home)?, etc. etc.) – this all happens client side
  3. Depending on the flow, the PowerShell script modifies the proxy settings and refreshes Internet Settings to instantly update computer – this is done in the user’s context since proxy settings are in HKCU.

The list of networks is maintained by a network administrator (from the rollout project) in a DFS, the text file looks something like this:
10.0.0.0/20#Site A LAN
10.60.20.0/23#Site B Wireless

Then the admin double clicks on a RunMe.cmd file that just calls a PowerShell script in the same directory to create the actual file that the computer grabs, which contains:
167772160..167776255#10.0.0.0/20#10.0.0.0-10.0.15.255#Site A LAN
171709440..171709951#10.60.20.0/23#10.60.20.0-10.60.21.255#Site B Wireless
(the PowerShell script that creates the script also copies the previous file into a backup folder in case of rollback purposes)

The first part of each line is the IP address’ span in decimal format, separated by “..” so that PowerShell treats that as an array. The rest of each line is just information, like the entered network, the actual span and the comment. We transport this information to the local client for logging purposes like “proxy disabled because it is in span XXX called XXX”

When the logon script runs, it fetches the file (if newer than the one it might already have) and does a check, as an example:
If ((Convert-IPAddressToDecimal $ipAddress) -in 171709440..171709951)
{
         #Do things
}

If you think of another solution, I would love to hear it…. Or if you want me to go into details or need the functions to convert IP Address’ let me know as well.

Tack!
/Matt

Unleash yourself from that email

During the last six weeks I have been playing with an “auto reply” message that everyone receives when they send me an email. I did this for numerous reasons but the couple main points were:

  • I am no longer tied to email and I can close Outlook when I am working on something and…
  • That people now expect to have a rough idea when I would get back to them, if they didn’t like that… they just need to call me.

After having this message active for the last month and a half, I have received emails from six people asking me if this was something they could copy for their personal work emails, I of course had no problem with it.

The message goes something like this:

 

Hej!

In an effort to increase productivity and efficiency I am beginning a new personal email policy.

I’ve recently realized that I spend more time shuffling through my inbox and less time focused on the task at hand. It has become an unnecessary distraction that ultimately creates longer lead times on my ever-growing ‘to do’ list.

Going forward I will only be checking/responding to email in the morning at 08:00 CET and after lunch at 13:00 CET on business days. I will try and respond to email in a timely manner.

If you need an immediate time-sensitive response… please don’t hesitate to call me. Phones are always more fun anyways.

Hopefully this new approach to email management will result in shorter lead times with more focused & creative work on my part.

Cheers & here’s to life outside of my inbox!

Best regards,
Matt

 

 

I do realize this is not possible for everyone, like my wife who seems to be in meetings from 08:00 – 17:00 and has to do email whenever there is chance. If you are hired to just answer email… then obliviously this not for you. I highly recommend giving it a try!

I have to give a huge thank you to Timothy Ferriss for releasing the book called “The 4-Hour Workweek”, this is where the idea has come from. I will continue to leave the message on.

Regards,
Matt

Visual Studio 2013 Cool Features!

Hey,

At work today we updated all development machines that myself and colleague use to Visual Studio 2013 (not really update but we installed it along side 2010). I must say, I was a huge skeptic of the new IDE but after using it for 8 hours today… I am a huge believer!

Why? Here are four features that I love:

1. User settings are now synced with your account you use with VS2013… this will save me a huge amounts of time. Why? Well my department is also in charge of evaluating, testing and preparing new models of computers in the environment and every year it seems someone comes to me and hands me a laptop and says “use this now”… I comply and roll my eyes knowing that I will spend the next business day setting it up to be perfect (I like everything to be in a particular way). Now… I will install VS2013 through a deployment machine (automated), I will fire it up and log on with my live account and boom…. all settings are synced. No more turning on line numbers or changing the VS theme to blue. Its all done for me   🙂

2. Code Peeking, at first I didn’t know about this one, but in the afternoon I was in a WebEx meeting with our Microsoft go to person and I was running through the code for Hyper-V 2012 R2 integration and was clicking on methods and hitting F12 to jump to it, like any programmer would do. All I heard on the phone was “No, no, no… Alt+F12 Matt!”… my mind was blown. It showed me the code while still being on the same page!

Code Peeking, awesome!!
Code Peeking, awesome!!

3. Not really a VS2013 feature but one of my favorites that came along, 64 bit Edit and Continue – If you are starting any new projects of have the possibility to convert an existing one to .NET Framework 4.5.1, I highly suggest you do so for the sole reason of debugging on the fly. Just like the 32 bit .NET applications, you can now debug the application and make changes while still debugging… no more error messages!!

vs2013_01

4. Code Map (this is only available in Visual Studio 2013 Ultimate), you ever wonder what code is talking to or linked together? Now you can right click and choose “Show on Code Map” and boom… A graph appears showing this exact information. I believe this was introduced in VS2012 but I never used that version (it was the Vista of Visual Studio, haha).

One word of warning though, do not go deleting or commenting out code just because it is not linked to something else. For example, WPF data binding does not show on Code Map… investigate the same way you would before before doing something stupid  🙂

vs2013_02

vs2013_03

Enjoy!

/Matt