cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Summary

When the WSUS Server and WSUS console are not on the same Patch Level and not on the same WSUS server version, an error message for version mismatch is displayed and publishing of packages fails. This is caused by a known incompatibility of different versions of the WSUS Server console and it is purely a Microsoft problem. As SVM leverages the standard WSUS APIs, it is affected indirectly by this issue. 

Symptoms

  • The error appears when you attempt to publish a package from a remote to the WSUS system.
  • SPS returns known error that the version of the console and remote server do not match.
  • The problem is global and it exists for all SVM packages - nothing can be published through SPS.

Error message for version mismatch identified with general error Code: -2146233079Error message for version mismatch identified with general error Code: -2146233079

Cause

  • WSUS Server Console is a different major version than the remotely installed RSAT tools for WSUS.
  • Publishing will fail due to a known Microsoft WSUS console version incompatibility
  • Sometimes the console versions may be on the same version but different Patch levels. 
    • That could also cause the incompatibility problem to occur. 

Steps To Reproduce

  • Users in the following situations are likely to experience the problem:

    • WSUS is installed on Windows 2008 and you try publishing from Windows 8/8.1/10
    • WSUS is installed on Windows 2012 R2 and you attempt publishing from Windows 7/10
    • WSUS is installed on Windows 2016/2019 and you are trying to publish via Windows 7/8/8.1

Resolution

Verify that versions match first

You must first ensure that your versions match. If you have decided to host the Software Vulnerability Manager console on a separate system than the actual WSUS, then you must plan the setup before implementing it. If your setup has already encountered this error, you may have to correct that. 

To do that, perform the following steps of planning and implementation:

  • Find out what is the exact version of your installed WSUS Server Role (and its OS version).
  • Determine what Windows OS flavor/version is appropriate and compatible for remote publishing
    • Install and/or configure this Windows OS version with the required installations:
      • Install the Software Vulnerability Manager Plugin for Internet Explorer
      • Download and install RSAT tools for WSUS for exactly this Windows OS version/flavor
        • Connect the Software Vulnerability Manager to WSUS (using the Patching menu)
        • Attempt publishing and confirm packages are publishing successfully error-free. 

To determine what Windows OS version/flavor you would need for your corresponding WSUS, use this:

  • WSUS on Windows 2008 = publishing will work only from remote Windows 7/2008 system
  • WSUS on Windows Server 2012 = publishing will work only from remote Windows 8/2012
  • WSUS on Windows Server 2012 R2 = publishing will work only from Windows 8.1/2012 R2
  • WSUS on Windows 2016/2019 = publishing will work only from Windows 10/2016/2019

Match Patch Levels if the problem still occurs

When you have matched the WSUS versions, required OS flavors, and have installed the correct RSAT tools for WSUS, you may still have to match the patch levels of both systems. If one of the systems has some particular KB patches while the other does not have the very same, publishing can still fail. 

You can see what has been installed from appwiz.cpl > Installed Updates menu as shown next: 

User-added image
At the bottom of the list, you will find the WSUS updates installed. The range of KB numbers that will fix the incompatibility (or the patch difference) boils down to KB2720211, KB2734608, and KB2828185.

These updates will be required particularly in Windows 2008 WSUS setups and WS 2012 R2 installations. In Windows 10/2016/2019, these should be handled by default and included in the source code already. 

Workaround

Another workaround is to simply install the SVM interface on the very WSUS system and work with the console and WSUS through a single API interface thus eliminating the remote vector that essentially eliminates the version mismatch problem immediately. Many customers prefer this approach instead. 

Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Sep 25, 2019 05:24 AM
Updated by: