When the WSUS Server and WSUS console are not on the same Patch Level and not on the same WSUS server version, an error message for version mismatch is displayed and publishing of packages fails. This is caused by a known incompatibility of different versions of the WSUS Server console and it is purely a Microsoft problem. As SVM leverages the standard WSUS APIs, it is affected indirectly by this issue.
The error appears when you attempt to publish a package from a remote to the WSUS system.
SPS returns known error that the version of the console and remote server do not match.
The problem is global and it exists for all SVM packages - nothing can be published through SPS.
Error message for version mismatch identified with general error Code: -2146233079
WSUS Server Console is a different major version than the remotely installed RSAT tools for WSUS.
Sometimes the console versions may be on the same version but different Patch levels.
That could also cause the incompatibility problem to occur.
Steps To Reproduce
Users in the following situations are likely to experience the problem:
WSUS is installed on Windows 2008 and you try publishing from Windows 8/8.1/10
WSUS is installed on Windows 2012 R2 and you attempt publishing from Windows 7/10
WSUS is installed on Windows 2016/2019 and you are trying to publish via Windows 7/8/8.1
Verify that versions match first
You must first ensure that your versions match. If you have decided to host the Software Vulnerability Manager console on a separate system than the actual WSUS, then you must plan the setup before implementing it. If your setup has already encountered this error, you may have to correct that.
To do that, perform the following steps of planning and implementation:
Find out what is the exact version of your installed WSUS Server Role (and its OS version).
Determine what Windows OS flavor/version is appropriate and compatible for remote publishing
Install and/or configure this Windows OS version with the required installations:
Install the Software Vulnerability Manager Plugin for Internet Explorer
Download and install RSAT tools for WSUS for exactly this Windows OS version/flavor
Connect the Software Vulnerability Manager to WSUS (using the Patching menu)
Attempt publishing and confirm packages are publishing successfully error-free.
To determine what Windows OS version/flavor you would need for your corresponding WSUS, use this:
WSUS on Windows 2008 = publishing will work only from remote Windows 7/2008 system
WSUS on Windows Server 2012 = publishing will work only from remote Windows 8/2012
WSUS on Windows Server 2012 R2 = publishing will work only from Windows 8.1/2012 R2
WSUS on Windows 2016/2019 = publishing will work only from Windows 10/2016/2019
Match Patch Levels if the problem still occurs
When you have matched the WSUS versions, required OS flavors, and have installed the correct RSAT tools for WSUS, you may still have to match the patch levels of both systems. If one of the systems has some particular KB patches while the other does not have the very same, publishing can still fail.
You can see what has been installed from appwiz.cpl > Installed Updates menu as shown next:
At the bottom of the list, you will find the WSUS updates installed. The range of KB numbers that will fix the incompatibility (or the patch difference) boils down to KB2720211, KB2734608, and KB2828185.
These updates will be required particularly in Windows 2008 WSUS setups and WS 2012 R2 installations. In Windows 10/2016/2019, these should be handled by default and included in the source code already.
Another workaround is to simply install the SVM interface on the very WSUS system and work with the console and WSUS through a single API interface thus eliminating the remote vector that essentially eliminates the version mismatch problem immediately. Many customers prefer this approach instead.
on Nov 15, 201807:31 PM - edited on Sep 25, 201905:24 AM by RDanailov