Submit a ticketCall us

WebinarUpcoming Webinar: Know What’s Changed – with NEW Server Configuration Monitor

Change management in IT is critical. But, even with a good change management process, changes are too often not correctly tracked, if at all. The configuration of your servers and applications is a key factor in their performance, availability, and security. Many incidents can be tracked back to an authorized (and sometimes unauthorized) configuration change, whether to a system file, configuration file, or Windows® Registry entry. Join SolarWinds VP of product management Brandon Shopp to discover how the new SolarWinds® Server Configuration Monitor is designed to help you.

Register now.

Home > Success Center > Patch Manager > Patch Manager - Knowledgebase Articles > Unable to publish packages from Patch Manager to the WSUS server

Unable to publish packages from Patch Manager to the WSUS server

Updated July 9, 2018

Overview

When you publish packages from Patch Manager to the WSUS server, the process fails and the Patch Manager Publishing Wizard returns the following error message: 

Message: Failed to publish packageName. Publishing operation failed because 
the console and remote server versions do not match.

Environment

All Patch Manager versions

Cause

Microsoft® Windows Server® Update Services (WSUS) requires all components in the WSUS publishing to be identical. If they are not identical, the Patch Manager Publishing Wizard return an error message.

For example, if the WSUS server API is at version 6.2, the remaining WSUS servers (including any Patch Manager Automation servers) must also be at version 6.2 with the same patches installed on both servers.

Resolution

The following table describes the different combinations of Patch Manager and WSUS. The table also shows the versions that connect locally and others that require an additional Automation Server role (typically installed on the WSUS server, but it can also be a third system).
 

WSUS

Version

Patch Manager on 2008R2 SP1

(WSUS v3 console)

Patch Manager on WS2012 (WSUS v6.2 console)

Patch Manager on WS2012 R2 (WSUS v6.3 console)

WSUS v3

(2008R2 SP1)

Direct Connection from PAS works

Requires AutoServer on WSUS v3 server or other system running Windows Server 2008 R2 SP1

Requires AutoServer on WSUS v3 server or other system running 2008 R2 SP1

WSUS v6.2 (on WS2012)

Requires Automation Server on WSUS v6.2 server or other system running Windows Server 2012

Direct Connection from PAS works

Requires AutoServer on WSUS v6.2 server or other system running Windows Server 2012

WSUS v6.3 (on WS2012R2)

Requires Automation Server on WSUS v6.3 server or other system running Windows Server 2012 R2

Requires AutoServer on WSUS v6.3 server or other system running Windows Server 2012 R2 

Direct Connection from PAS works

During publishing, if you select Verify WSUS version compatibility and required signing certificate is distributed, it displays the client and server API mismatch such as version 6.3.XXXX versus 6.3.YYYY. When this occurs, uncheck this box to proceed without changes. If you continue receiving an error and failure to publish, follow the steps for CASE 1. 

See Issues with the latest WSUS Update for additional information. 

CASE 1: Direct connection from PAS

All WSUS servers and Patch Manager Automation servers must have the same Microsoft patches installed on the server.

  1. Log on to the server you need to check.
  2. Open Control Panel > Programs and Features.
  3. In the left pane, click View installed updates.
  4. Scroll down to Windows Server Update Services.
  5. Record the KB numbers (in parentheses) at the end of each entry.
  6. Install any missing patches to the applicable servers.

CASE 2: Requires an Automation Server

The Automation Server role is required to route requests when a WSUS console and WSUS server API mismatch occurs.

  1. If Patch Manager and WSUS have dissimilar versions, install an additional Automation Server role for each WSUS server.
  2. Create an Automation Server Routing Rule (ASRR). The ASRR instructs the Patch Manager server to route all requests for the WSUS server through the appropriate Automation Server role.

Without the proper ASRR, the request could be routed through the incorrect Automation Server and generate an API Mismatch error where none would be. For example, a server running Windows Server 2012 R2 communicating with the PAS running Windows Server 2012 and an Automation Server running Windows Server 2016. Without an ASRR, the request may be routed from the PAS running Windows Server 2012 R2 to the Automation Server running Windows Server 2016 before reaching the WSUS server running Windows Server 2012 R2. ASRRs will resolve this issue.

 

See Install and configure an Automation Server for WSUS for details about deploying an Automation Server and building an ASRR. 

 

Last modified

Tags

Classifications

Public