Issue
ADR stopped working with the following errors in ruleengine.log:
09-27-2021 16:07:24.251 SMS_RULE_ENGINE 68180 (0x10a54) Failed to download the update content with ID 808654 from internet. Error = 12002 09-27-2021 16:07:24.251 SMS_RULE_ENGINE 68180 (0x10a54) Failed to download ContentID 808654 for UpdateID 914183. Error code = 12002
Analysis
12002 refers to
Error Code: 0x2EE2 (12002)
Error Name: ERROR_WINHTTP_TIMEOUT
Error Source: WinHTTP
It should be related to network. In my case, the updates to download come from the site download.windowsupdate.com which can be identified from query in the ruleengine.log, eg.
Query to run is: SELECT CI.CI_ID FROM dbo.fn_ListUpdateCIs(1033) CI JOIN (SELECT B.CI_ID, SUM(CF.FileSize)/1024 AS ContentSize FROM v_UpdateInfo B JOIN vCIAllContents AC ON AC.CI_ID = B.CI_ID JOIN vSMS_CIContentFiles AS CF on CF.Content_ID = AC.Content_ID GROUP BY B.CI_ID) AS CS ON CI.CI_ID = CS.CI_ID WHERE IsExpired = 0~ and (ArticleID like N'%915597%' or ArticleID like N'%2267602%')~ and (DateRevised>=N'2021-08-28 08:32:15')~ and (IsSuperseded=0)~ and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'Product:8c3fcc84-7410-4a95-8b89-a166a0190486')))~ and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'UpdateClassification:e6cf1350-c01b-414d-a61f-263d14d133b4', N'UpdateClassification:e0789628-ce08-4437-be74-2495b842f43b')))
You may need to modify it a bit to get the update content download source url (SourceURL column), eg.
select * from vSMS_CIContentFiles where CI_UniqueID in (SELECT CI_UniqueID FROM dbo.fn_ListUpdateCIs(1033) CI JOIN (SELECT B.CI_ID, SUM(CF.FileSize)/1024 AS ContentSize FROM v_UpdateInfo B JOIN vCIAllContents AC ON AC.CI_ID = B.CI_ID JOIN vSMS_CIContentFiles AS CF on CF.Content_ID = AC.Content_ID GROUP BY B.CI_ID) AS CS ON CI.CI_ID = CS.CI_ID WHERE IsExpired = 0 and (ArticleID like N'%915597%' or ArticleID like N'%2267602%') and (DateRevised>=N'2021-08-28 08:02:34') and (IsSuperseded=0) and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'Product:8c3fcc84-7410-4a95-8b89-a166a0190486'))) and (CI.CI_ID in (select CI_ID from v_CICategories_All where CategoryInstance_UniqueID in (N'UpdateClassification:e6cf1350-c01b-414d-a61f-263d14d133b4', N'UpdateClassification:e0789628-ce08-4437-be74-2495b842f43b'))));
To find out the network issue, there are several ways to try with.
We can use psexec to test the download link accessibility as System user.
- Download psexec – PsExec – Windows Sysinternals | Microsoft Docs
- Open an elevated CMD window and run: psexec -s -i cmd
- Run whoami to confirm that the command window is running under the System account.
- Run: PowerShell
- Run: tnc download.windowsupdate.com -Port 80
An error will display if the SUP cannot make a connection to port 80 on download.windowsupdate.com site.
Another way is to launch Internet Explorer at Step 4 by running start iexplore.exe. Then visit the link SourceURL retrieved from the above query. You should see “This page can’t be displayed” error.
You can also capture a network trace but that would take more time.
Solution
Option 1:
Set proxy “Use a proxy when downloading content by using automatic deployment rules” for SUP – https://docs.microsoft.com/en-us/mem/configmgr/sum/get-started/install-a-software-update-point#proxy-server-settings
Option 2:
Set proxy for Internet Explorer in System user context
Option 3:
Use netsh to set the proxy in System user context
netsh winhttp set proxy <proxy>:<port>