Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Patch Manager > Unable to publish packages from Patch Manager to the WSUS server

Unable to publish packages from Patch Manager to the WSUS server

Overview

When you publish packages from Patch Manager to the WSUS server, the process fails and the Patch Manager Publishing Wizard returns the following error message: 

Message: Failed to publish packageName. Publishing operation failed because the console and remote server versions do not match.

Environment

All Patch Manager versions

Cause

Microsoft® Windows Server® Update Services (WSUS) requires all components in the WSUS publishing to be identical. If they are not identical, the Patch Manager Publishing Wizard return an error message.

For example, if the WSUS server API is at version 6.2, all of the other WSUS servers (including any Patch Manager Automation servers) must also be at version 6.2 with the same patches installed on both servers.

Resolution

The following table describes the different combinations of Patch Manager and WSUS. The table also shows the ones that connect locally and others that require an additional Automation Role server (typically installed on the WSUS server, but it can also be a third system).
 

 

Patch Manager on 2008R2 SP1

(WSUS v3 console)

Patch Manager on WS2012 (WSUS v6.2 console)

Patch Manager on WS2012 R2 (WSUS v6.3 console)

WSUS v3

(2008R2 SP1)

Direct Connection from PAS works

Requires AutoServer on WSUS v3 server or other system running Windows Server 2008 R2 SP1

Requires AutoServer on WSUS v3 server or other system running 2008 R2 SP1

WSUS v6.2 (on WS2012)

Requires Automation Server on WSUS v6.2 server or other system running Windows Server 2012

Direct Connection from PAS works

Requires AutoServer on WSUS v6.2 server or other system running Windows Server 2012

WSUS v6.3 (on WS2012R2)

Requires Automation Server on WSUS v6.3 server or other system running Windows Server 2012 R2

Requires AutoServer on WSUS v6.3 server or other system running Windows Server 2012 R2 

Direct Connection from PAS works

During publishing, if you select Verify WSUS version compatibility and required signing certificate is distributed, it displays the client and server API mismatch such as version 6.3.XXXX versus 6.3.YYYY.  If that is the case, you may be able to uncheck this box to proceed without changes. If you continue receiving an error and failure to publish, follow the steps for CASE 1. 

See Issues with the latest WSUS Update for additional information. 

CASE 1 (Direct connection from PAS)

All WSUS servers and Patch Manager Automation servers must have the same Microsoft patches installed.

  1. Log onto the server you need to check.
  2. Open Control Panel > Programs and Features.
  3. In the left pane, click View installed updates.
  4. Scroll until you find the Windows Server Update Services section.
  5. Record the KB numbers (in parentheses) at the end of each entry.
  6. Install any missing patches to the applicable servers.

CASE 2 (Requires Automation Server)

The Automation Server role is required to route requests when a WSUS console and WSUS server API mismatch occurs.

  1. If Patch Manager and WSUS have different major versions, install an additional Automation Role server for each WSUS server.
  2. Create an Automation Server Routing Rule (ASRR). The ASRR tells the Patch Manager server to route all requests for the WSUS server through the appropriate Automation Role server.

NOTE:  Without proper ASRR the request may be routed through the incorrect Automation Server and create an API mismatch where none would be.  For example a 2012 R2 server talking to the PAS on 2012 and a 2016 server with the Automation Server role.  Without ASRR the request may be routed from the 2012 R2 PAS to the 2016 Automation Server before reaching the 2012 R2 WSUS server.  ASRRs will resolve this issue.

 

See Install and configure an Automation Server for WSUS for details about deploying an Automation Server and building an ASRR. 

 

Last modified
14:29, 7 Sep 2017

Tags

Classifications

Public