All,
On a recent freshly built Windows 2016 server — last night I decided to take a look at the ACL list on the D drive (Which was ported over from a previous build). In the days previous — I was checking file and folder permissions and noticed I had a few orphaned SIDs held over on a few folder from my old build.
I had read some great things about the SetACL tool available in the web and decided I might try it out. Fired it up and input a command to show me my «ghost» SIDs on the D:\ drive. Work great — I see I had about a half dozen oddballs on various folders.
Then I ran another command (copied directly from the SetACL website) that is intended to remove these «ghost» SIDS — I run that and suddenly realized that SetACL removed ALL SIDS from all files and folder and even the drive itself. Panic ensues.
Sidebar: Later I the comments on the thread that had the commands to run via SetACL:
https://helgeklein.com/blog/2012/07/finding-removing-orphaned-sids-in-file-permissions-or-busting-th… Opens a new window
Especially this part (From John):
«I found out the hard way that if you run this remotely, it will kill permissions assigned to local accounts. i.e. Administrators. If, because or the number of machines/shares/folders/etc. being processed you need to use a script, you MUST use psexec or some other way to run it from the target machine.Now I need to find a way to restore the permissions.»
I compose myself and set to restoring the default ACL to the D drive and all it’s files and subfolders. After 5 or 10 minutes — I am back in business — no real damage done.
However — I then realize that my WSUS storage folder is on here and I never did check what the default ACL is supposed to be for the WSUSContent folder etc.
I poked around the web and found a few references on what the permissions list looks like for a default WSUSContent folder and it looks good to me. I reboot the server and let it sit for the night.
This morning — I see two instances of this error in the Event log:
Error 08/29/2018 04:30:20 Windows Server Update Services 12072 9 The WSUS content directory is not accessible. System.Net.WebException: The remote server returned an error: (404) Not Found. at System.Net.HttpWebRequest.GetResponse() at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
I check the perms again. They look good. I do a WSUS sync — it syncs. I test a client or two — they reach out to WSUS properly.
What else could this error condition mean and where do I look to fix it?
Is it worth just reinstalling WSUS and starting clean?
Appreciate any tips on how to deal with this in a quick manner.
Cheers,
B
Getting this error in wsus on 2012. I cannot download any updates.
Log Name: Application
Source: Windows Server Update Services
Date: 7/1/2014 7:26:57 PM
Event ID: 12072
Task Category: 9
Level: Error
Keywords: Classic
User: N/A
Computer: wsus2012
Description:
The WSUS content directory is not accessible.
System.IO.IOException: The device is not ready.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath,
Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.IO.FileInfo.Open(FileMode mode, FileAccess access, FileShare share)
at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»Windows Server Update Services» />
<EventID Qualifiers=»0″>12072</EventID>
<Level>2</Level>
<Task>9</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=»2014-07-02T02:26:57.000000000Z» />
<EventRecordID>485447</EventRecordID>
<Channel>Application</Channel>
<Computer>wsus2012/Computer>
<Security />
</System>
<EventData>
<Data>The WSUS content directory is not accessible.
System.IO.IOException: The device is not ready.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath,
Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.IO.FileInfo.Open(FileMode mode, FileAccess access, FileShare share)
at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)</Data>
</EventData>
</Event>
- Remove From My Forums
-
Question
-
i got these errors
The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)_____________________________________________________________________________________________________
The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (404) Not Found.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)_____________________________________________________________________________________________________
the server is a brand new install its windows server 2016 standard
it is domain attached obviously
the storage is not local on the server it’s a NAS and the path to access storage is like so: \\xx.xx.xx.xx\wsus\wsus
the server when synchronising is downloading updates and storing them fine on the storage but i still get the error that the storage is not accessible.
i checked the path in the IIS manager and it was missing the \\ at the begining of the path.
thats all i can think of for now. can someone help me resolve that?
Answers
-
Hello,
Glad to help.
WSUS could use NAS as its storage location. If there are errors, please check the following settings.
- Registry
Navigate to HKLM > SYSTEM > CurrentControlSet > Services > LanmanServer > Shares
Check the value of
WsusContent and UpdateServicesPackages, the path should be«Path=\\YourPath\Update Services\WsusContent» and
«Path=\\YourPath\Update Services\UpdateServicesPackages»
- IIS
Open IIS Manager, expand
Sites, find site with Content folder. Right-click Conent, choose Manage virtual directory > Advanced Settings.Check the Physical Path, the leading backslashes often lost.
Add Physical Path Credentials, I choose Domain Admin in my lab.
- Sharing permission
Check the permission of the Sharing folder. I add Everyone to share with and give the Read/Write permission in my lab.
After checking above setting, restart the WSUS server and check if it works.
Hope my answer could help you and look forward to your feedback.
Best Regards,
Ray Jia
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.-
Edited by
Friday, August 17, 2018 7:56 AM
-
Marked as answer by
dquevillon
Monday, August 27, 2018 6:05 PM
We have configured a WSUS role on a Windows 2012 server — the database used is WID.
We are getting the updates downloaded (right now we have set the option «Do not store update files locally. Computers install from Microsoft Update» because of not enough space — but this should not be the problem.
We are getting info from all PC’s and servers, which are set up in the GPO.
But:
No updates are rolled out to the PC’s and servers, even if the are set to Install.
In the GPO we have set option 4 -» Auto download and schedule the installation»
We get a WSUS error 12072:
The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.
at Microsoft.UpdateServices.I
WSUS administrator and NETWORK SERVICE has full control on the update directory.
I have found a lot of hints but none of them helped 
- Remove From My Forums
-
Question
-
From https://social.technet.microsoft.com/forums/office/it-it/6acbdea1-b7a0-4051-921c-7d593d3c215f/wsus-event-id-12072-access-to-storage
What are the credentials to enter in the case of a non-domain connected nas? I’ll explain. The WSUS is not under domain and the moving of the contents to a folder on the NAS was successful through «wsusutil postinstall». Also successfully created
registry keys and changes on IIS correctly.
I also get error ID 12072 on the WSUS as it does not recognize the credentials that I set on «Physical Path Credentials» in IIS.
nas ip address \ username is correct? the username is the one set on the NAS shared folder and has full controll.
Thank you all who can help me