Problems with WSUS on WSE 2012: no clients seen.

Originally I had WSUS on WHS 2011. I've moved to WSE2012 to educate myself and have hit a problem with WSUS. I've installed it and set up a GPO. I've updated Group Policy on the clients. The clients now try to get their updates from the WSE box running WSUS. But WSUS doesn't see them. They do not appear in the Unassigned Computers or All Computers windows in WSUS.

I've checked DNS and ensured that reverse lookup is enabled. I've got firewall rules set up and also tried disabling the firewall. In all cases on the client PC I get 'Windows could not search for new updates Code 80244019 Windows Update encountered an unknown error'

It appears as below in the Event viewer on the local PC:

Log Name: Microsoft-Windows-WindowsUpdateClient/Operational
Source: Microsoft-Windows-WindowsUpdateClient
Date: 13/01/2014 11:14:15
Event ID: 25
Task Category: Windows Update Agent
Level: Error
Keywords: Failure,Check for Updates
User: SYSTEM
Computer: QUIETPC-PC.qts-home.local
Description:
Windows Update failed to check for updates with error 0x80244019.

Updates are being downloaded by WSUS, but I get the same error when trying to update the server itself.

I can successfully manually get updates from Microsoft Update.

Any ideas?

I've rebooted both clients and server several times.

Here's a section from Windowsupdate.log on a client:

2014-01-13 13:09:50:683 1116 164c Agent *************
2014-01-13 13:09:50:683 1116 164c Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-01-13 13:09:50:683 1116 164c Agent *********
2014-01-13 13:09:50:683 1116 164c Agent * Online = Yes; Ignore download priority = No
2014-01-13 13:09:50:683 1116 164c Agent * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2014-01-13 13:09:50:683 1116 164c Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2014-01-13 13:09:50:683 1116 164c Agent * Search Scope = {Machine}
2014-01-13 13:09:50:683 1116 164c Setup Checking for agent SelfUpdate
2014-01-13 13:09:50:683 1116 164c Setup Client version: Core: 7.6.7600.256 Aux: 7.6.7600.256
2014-01-13 13:09:50:683 1116 164c Misc Validating signature for C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab:
2014-01-13 13:09:50:686 1116 164c Misc Microsoft signed: Yes
2014-01-13 13:09:50:690 1116 164c Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80190194
2014-01-13 13:09:50:690 1116 164c Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80190194
2014-01-13 13:09:50:690 1116 164c Misc WARNING: DownloadFileInternal failed for http://aberdeen.qts-home.local/selfupdate/wuident.cab: error 0x80190194
2014-01-13 13:09:50:690 1116 164c Setup WARNING: SelfUpdate check failed to download package information, error = 0x80244019
2014-01-13 13:09:50:690 1116 164c Setup FATAL: SelfUpdate check failed, err = 0x80244019
2014-01-13 13:09:50:690 1116 164c Agent * WARNING: Skipping scan, self-update check returned 0x80244019
2014-01-13 13:09:50:691 1116 164c Agent * WARNING: Exit code = 0x80244019
2014-01-13 13:09:50:691 1116 164c Agent *********
2014-01-13 13:09:50:691 1116 164c Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates]
2014-01-13 13:09:50:691 1116 164c Agent *************

I've tried wuauclt /a / detectnow

0x80190194 = HTTP 404

Does http://aberdeen.qts-home.local/selfupdate/wuident.cab exist?

http://support.microsoft.com/kb/920659 might be worth looking into.

Snowknight26 said:

0x80190194 = HTTP 404

Does http://aberdeen.qts-home.local/selfupdate/wuident.cab exist?

Click to expand...

Ahh... It's not browsable. The file is there on the server as \Program Files\Update Services\SelfUpdate\wuident.cab.

http://support.microsoft.com/kb/920659 might be worth looking into.

Click to expand...

That's for a version of WSUS on Server 2003 - well out of date.

I've checked that Anonymous Authentication is enabled in IIS Manager. Permissions on the SelfUpdate folder are

C:\Program Files\Update Services>icacls selfupdate
selfupdate NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO
)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

Solved it! I had to explicitly specify the port number, despite WSUS and GPEdit explicitly telling me that it would default to the correct (default) port.