The DSS Authentication Web Service is not working.

PCIS Support Team .NET Framework
Details
Product: .NET Framework
Event ID: 12052
Source: Windows Server Update Services
Version: 2.0.50727
Symbolic Name: HealthWebServicesDssAuthRed
Message: The DSS Authentication Web Service is not working.
   
Explanation
The Downstream Server Authentication Web service provides authentication of downstream servers.
   
User Action
DSS Authentication Web Service Configuration

Downstream server authentication service is not working end to end. This may be because of configuration issues.

Possible resolutions include:

  • First, troubleshoot any issues with SQL Server before proceeding.
  • Troubleshoot any general issues with IIS.
  • Check permissions.
    1. Open a command window.
    2. Type cd <WSUSInstallDir>\WebServices\DssAuthWebService
    3. Type cacls
    4. The following ACEs should be set:
      • NT AUTHORITY\NETWORK SERVICE:(OI)(CI)R
      • BUILTIN\Users:(OI)(CI)R
      • NT AUTHORITY\Authenticated Users:(OI)(CI)R
      • BUILTIN\Administrators:(OI)(CI)F
      • NT AUTHORITY\SYSTEM:(OI)(CI)F
  • Check the IIS configuration of the reporting Web service using the IIS script adsutil.vbs (or use the IIS Administration UI Tool).
  1. Open a command window.
  2. Locate the adsutil.vbs tool, which is typically in <InetpubDir>\AdminScripts.
  3. Locate WSUS virtual directories on the IIS server: type <InetpubDir>\AdminScripts\adsutil.vbs find path
  4. Find the path of the DssAUthWebService (it will look like W3SVC/<WebSiteID>/ROOT/DssAuthWebService).
  5. Get the properties of the web service: type <InetpubDir>\AdminScripts\adsutil.vbs enum W3SVC/<WebSiteID>/ROOT/DssAuthWebService
  6. Compare the output with typical values below (this is a partial list): KeyType:”IIsWebVirtualDir” AppRoot:”/LM/W3SVC/<WebSiteID>/ROOT/DssAuthWebService” AppFriendlyName:”DssAuthWebService” AppIsolated:2 Path: “<WSUSInstallDir>\WebServices\DssAuthWebService” AccessFlags:513 AccessExecute:False AccessSource:False AccessRead:True AccessWrite:False AccessScript:True AccessNoRemoteExecute:False AccessNoRemoteRead:False AccessNoRemoteWrite:False AccessNoRemoteScript:False AccessNoPhysicalDir:False AspScriptErrorSentToBrowser:False AspEnableParentPaths:False AuthFlags:1 AuthBasic:False AuthAnonymous:True AuthNTLM:False AuthMD5:False AuthPassport:False AppPoolId:WsusPool”
  7. Type <InetpubDir>\AdminScripts\adsutil.vbs enum W3SVC/1
  8. Compare the output with typical values below  (this is a partial list).

    9. KeyType:”IIsWebServer” ServerState2 ServerComment:”Default Website” ServerSize:1 ServerBindings:”:80:” SecureBindings:”:443:” ConnectionTimeout:180 DefaultDoc:”Default.htm,Default.asp,index.htm,iisstart.htm” AspBufferingOn:False LogPluginClsid:”{FF160663-DE82-11CF-BC0A-00AA006111E0}” Win32Error:0 AppPoolId:”DefaultAppPool”

  9. Type <InetpubDir>\AdminScripts\adsutil.vbs enum W3SVC
  10. Compare output with typical values below. This is a partial listing. For more information, see “Appendix C: IIS Settings for Web Services” in the WSUS 3.0 Operations Guide at http://go.microsoft.com/fwlink/?LinkId=81072  KeyType:”IIsWebService” MaxConnections:4294967295 AnonymousUserName:”IUSR_<machinename>” AuthFlags:1 AuthBasic:False AuthAnonymous:True AuthNTLM:False AuthMD5:False AuthPassport:False AppPoolId:”DefaultAppPool” IIs5IsolationModeEnabled:False

Verify

Look for the corresponding error event.

  1. Open a command window.
  2. Type cd <WSUSInstallDir>\Tools
  3. Type wsusutil checkhealth
  4. Type eventvwr
  5. Review the Application log for the most recent events from source Windows Server Update Services a

Related:

Leave a Reply