Posts Tagged ‘WSUS’

These are the steps that definitely fixed the issue for me:

Delete the computer from the WSUS console
On the affected client, stop the Windows Update service
On the affected client, rename the folder C:\Windows\SoftwareDistribution
Start the Windows Update service
Run the following command in and administrative prompt:

wuauclt /detectnow /reportnow /scannow /resetauthorization

After 15 minutes or so the client will reappear in the WSUS console and report correctly

 

I had a related issue with MDT deployed machines not detecting any updates.

I ran this script on the PC.

https://www.tenforums.com/tutorials/24742-reset-windows-update-windows-10-a.html

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

If your windows 10 machines get their updates from WSUS then you might get Error 0x800F081F while installing .NET Framework 3.5 on Windows 10. This is probably due to Windows 10 not being able to search your Windows Updates location for the Feature.


Approve these updates

Synchronise Server and try again

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently on adding some machines and updates to a existing WSUS server that had been stable for a whole year, I was getting the server being unresponsive , and the reset server node would not work

After restarting the Windows Update Server Service , the error below would display in the event log : 

The WSUS content directory is not accessible. System.Net.WebException: The remote server returned an error: (503) Server Unavailable. at System.Net.HttpWebRequest.GetResponse() at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

Running IISRest in the Command prompt brought the site back online  , however clearly this was a workaround to teh crash , Turns out you need some tweaking of the Website in IIS to stop this!

  1. On your WSUS Server, launch the IIS Manager
  2. Open Application Pools
  3. Right click ‘WsusPool’ and select ‘Advanced Settings…’
  4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000
  5. If your server is NUMA aware, change ‘Maximum Worker Processes’ from the default 1 to 0. If you don’t know if your server is NUMA aware, leave this value default
  6. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel
  7. Change ‘Failure Interval (minutes) from the default 5 to 30
  8. Change ‘Maximum Failures’ from the default 5 to 60
  9. Click ‘OK’ to save the App Pool changes
  10. From an administrative command prompt, type IISRESET

This is also a good Cleanup script to schedule : 

https://community.spiceworks.com/scripts/show/2998-wsus-automated-maintenance-formerly-adamj-clean-wsus

VN:F [1.9.22_1171]
Rating: 10.0/10 (2 votes cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)

 

Run Vmware Powercli

Run 

Connect-ViServer %name of server%

Run the output of below to a text file

E.g. .\Get-PendingUpdate.ps1 | Output-File file.txt

 

Function Get-PendingUpdate { 
<# 
.SYNOPSIS 
Retrieves the updates waiting to be installed from WSUS 
.DESCRIPTION 
Retrieves the updates waiting to be installed from WSUS 
.PARAMETER Computer 
Computer or computers to find updates for. 
.EXAMPLE 
Get-PendingUpdates 
 
Description 
----------- 
Retrieves the updates that are available to install on the local system 
.NOTES 
Author: Boe Prox 
Date Created: 05Mar2011 
#> 
 
#Requires -version 2.0 
[CmdletBinding( 
DefaultParameterSetName = 'computer' 
)] 
param( 
[Parameter( 
Mandatory = $False, 
ParameterSetName = '', 
ValueFromPipeline = $True)] 
[string[]]$Computer 
) 
Begin { 
$scriptdir = { Split-Path $MyInvocation.ScriptName –Parent } 
Write-Verbose "Location of function is: $(&$scriptdir)" 
#Create container for Report 
Write-Verbose "Creating report collection" 
$report = @() 
} 
Process { 
ForEach ($c in $Computer) { 
Write-Verbose "Computer: $($c)" 
If (Test-Connection -ComputerName $c -Count 1 -Quiet) { 
Try { 
#Create Session COM object 
Write-Verbose "Creating COM object for WSUS Session" 
$updatesession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$c)) 
} 
Catch { 
Write-Warning "$($Error[0])" 
Break 
} 
 
#Configure Session COM Object 
Write-Verbose "Creating COM object for WSUS update Search" 
$updatesearcher = $updatesession.CreateUpdateSearcher() 
 
#Configure Searcher object to look for Updates awaiting installation 
Write-Verbose "Searching for WSUS updates on client" 
$searchresult = $updatesearcher.Search("IsInstalled=0") 
 
#Verify if Updates need installed 
Write-Verbose "Verifing that updates are available to install" 
If ($searchresult.Updates.Count -gt 0) { 
#Updates are waiting to be installed 
Write-Verbose "Found $($searchresult.Updates.Count) update\s!" 
#Cache the count to make the For loop run faster 
$count = $searchresult.Updates.Count 
 
#Begin iterating through Updates available for installation 
Write-Verbose "Iterating through list of updates" 
For ($i=0; $i -lt $Count; $i++) { 
#Create object holding update 
$update = $searchresult.Updates.Item($i) 
 
#Verify that update has been downloaded 
If ($update.IsDownLoaded -eq "True") { 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = ($update.Title -split('\('))[0] 
$temp.KB = (($update.title -split('\('))[1] -split('\)'))[0] 
$temp.IsDownloaded = "True" 
$report += $temp 
} 
Else { 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = ($update.Title -split('\('))[0] 
$temp.KB = (($update.title -split('\('))[1] -split('\)'))[0] 
$temp.IsDownloaded = "False" 
$report += $temp 
} 
} 
 
} 
Else { 
#Nothing to install at this time 
Write-Verbose "No updates to install." 
 
#Create Temp collection for report 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = "NA" 
$temp.KB = "NA" 
$temp.IsDownloaded = "NA" 
$report += $temp 
} 
} 
Else { 
#Nothing to install at this time 
Write-Warning "$($c): Offline" 
 
#Create Temp collection for report 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = "NA" 
$temp.KB = "NA" 
$temp.IsDownloaded = "NA" 
$report += $temp 
} 
} 
} 
End { 
Write-Output $report 
} 
}
 
 
$GetVM = Get-VM | 
Where {$_.Guest -match 'windows'} | 
Where {$_.PowerState -eq 'PoweredOn'}
 
Foreach ($vm in $GetVM)
{
$vm.Name
Get-PendingUpdate -Computer $vm.Guest.IPAddress[0]
}

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

WorksiteSaveOperationThe first step is to make sure you see the actual WSUS server name in the log – if not that indicates a policy or registry setting used for the policy is not in place.
Next get the errors for the client trying to contact WSUS and check the error code against the error code reference for Windows Update agent. For a reference see:

Windows Update information is stored in c:\%windir%\Windowsupdate.log.

Perform the following on the client workstation.
1. Delete the registry keys in
HKLM\Software\Microsoft\Windows\Currentversion\Windowsupdate
2. Restart Automatic Updates service.
3. Issue the command wuauclt /resetauthorization /detectnow.
Updates will start downloading

Removing managed by your system administrator message to update them manually

Set Group Policy Manually
Start -> Run -> gpedit.msc
 
Computer configuration -> Administrative Templates -> Windows Components -> Windows Update
Configure Automatic updates
Choose enabled
Choose option 5 – Allow local admin to choose setting
 
User configuration -> Administrative Templates -> Windows Components -> Windows Update
Remove access to use all Windows Update features
Choose Disabled

After above clients where still not showing up in the WSUS gui after downloading the updates from the server. I checked

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate (SusClientId) which was cloned across all the servers. We had to run this:
Rem - Batch script to delete duplicate SusClientIDs 
Rem - Implement this script as a "Startup" or "Logon"  script 
Rem - Script creates an output file called %Systemdrive%\SUSClientID.log 
Rem - If the %Systemdrive%\SUSClientID.log is already present, then the script simply exits
 
@Echo off 
if exist %systemdrive%\SUSClientID.log goto end 
net stop wuauserv 
net stop bits 
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f  > %systemdrive%\SUSClientID.log 2>&1 
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f  >> %systemdrive%\SUSClientID.log 2>&1 
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f  >> %systemdrive%\SUSClientID.log 2>&1 
net start wuauserv 
wuauclt.exe /resetauthorization /detectnow          
:end 
exit
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)