The SimpleAuth Web Service is not working.

Product: .NET Framework
Event ID: 12042
Source: Windows Server Update Services
Version: 2.0.50727
Symbolic Name: HealthWebServicesSimpleAuthRed
Message: The SimpleAuth Web Service is not working.
The Simple Web Authentication Service provides authentication between the upstream and downstream WSUS servers.
User Action
Simple Web Authentication Configuration

Simple authentication for client-to-server synchronization is not working properly. Downstream servers will not able to synchronize catalog or content with this server.

Possible resolutions include:

  • First, troubleshoot any issues with SQL Server before proceeding.
  • Check permissions.
    1. Open a command window.
    2. Type cd <WSUSInstallDir>\WebServices\SimpleAuthWebService
    3. Type cacls
    4. The following ACEs should be set:
      • BUILTIN\Users:(OI)(CI)R
      • NT AUTHORITY\Authenticated Users:(OI)(CI)R
      • BUILTIN\Administrators:(OI)(CI)F
  • Check the IIS configuration of the reporting Web service using the IIS script adsutil.vbs.
  1. Open a command window.
  2. Locate the adsutil.vbs tool, which is typically in <InetpubDir>\AdminScripts.
  3. Locate WSUS virtual directories on the IIS server: type <InetpubDir>\AdminScripts\adsutil.vbs find path
  4. Find the path of the SimpleAuthWebService (it will look like W3SVC/<WebSiteID>/ROOT/SimpleAuthWebService).
  5. Get the properties of the Web service: type <InetpubDir>\AdminScripts\adsutil.vbs enum W3SVC/<WebSiteID>/ROOT/SimpleAuthWebService
  6. Compare the output with typical values below (this is a partial list): KeyType:”IIsWebVirtualDir” AppRoot:”/LM/W3SVC/<WebSiteID>/ROOT/SimpleAuthWebService” AppFriendlyName:”SimpleAuth WebService” AppIsolated:2 Path:”<WSUSInstallDir>\WebServices\SimpleAuth WebService” AccessFlags:513 AccessExecute:False AccessSource:False AccessRead:True AccessWrite:False AccessScript:True AccessNoRemoteExecute:False AccessNoRemoteRead:False AccessNoRemoteWrite:False AccessNoRemoteScript:False AccessNoPhysicalDir:False AspScriptErrorSentToBrowser: alse AspEnableParentPaths:False AuthFlags:1 AuthBasic:False AuthAnonymous:True AuthNTL:False AuthMD5:False AuthPassport:False AppPoolId:”WsusPool”
  7. Type <InetpubDir>\AdminScripts\adsutil.vbs enum W3SVC/1
  8. Compare the output with typical values below (this is a partial list).
  9. KeyType:”IIsWebServer” ServerState:2 ServerComment:”Default Website” ServerSize:1 ServerBindings:”:80:” SecureBindings:”:443:” ConnectionTimeout:180 DefaultDoc:”Default.htm,Default.asp,index.htm,iisstart.htm” AspBufferingOn:False LogPluginClsid:”{FF160663-DE82-11CF-BC0A-00AA006111E0}” Win32Error:0 AppPoolId:”DefaultAppPool”

  10. Type <InetpubDir>\AdminScripts\adsutil.vbs enum W3SVC
  11. Compare output with typical values below. This is a partial listing. For more information, see “Appendix C: IIS Settings for Web Services” in the WSUS 3.0 Operations Guide at  KeyType:”IIsWebService” MaxConnections:4294967295 AnonymousUserName:”IUSR_<machinename>” AuthFlags:1 AuthBasic:False AuthAnonymous:True AuthNTLM:False AuthMD5:False AuthPassport:False AppPoolId:”DefaultAppPool” IIs5IsolationModeEnabled:False


Look for the corresponding error event.

  1. Open a command window.
  2. Type cd <WSUSInstallDir>\Tools
  3. Type wsusutil checkhealth
  4. Type eventvwr
  5. Review the Application log for the most recent eve


Leave a Reply