Hello All,

Due covid-19, since all employees are working from home, we didn't not released windows updates to client systems fromlast 3 months as all employees don't have vpn connectivity and most are are using limited internet.

We have 4 WSUS servers in different branch offices.

I want to generate the specific reports  from WSUS servers & I have no idea how to generate the wsus reports.

I have gone through some of youtube videos and those were not helped in this specific task.

1.Since 3 months, client systems have not contact with WSUS servers/ Can i get the reports ?

2.I want to know what was the last date client system got installed update and what was that KB article number.

3.Once reports generated, Can i convert them into excel format ? and How ?

I hope some expert will help me on this.

Thanks. 

Ram

This is kind of a double-post but my other post is an add-on to an earlier, similar post and it's not getting any hits.

Good afternoon, my WSUS server was working fine until about a month ago. I now have a lot of workstations that aren't getting their updates and the only pertinent message showing up in the WSUS server's Event Log is Event ID 10032 and the only text is "The server is failing to download some updates." That message shows up daily at 0200, 0800, 1400 and 2000 and the data in the error doesn't help me much either: 

-<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">-<System><ProviderName="Windows Server Update Services"/><EventIDQualifiers="0">10032</EventID> <Level>2</Level><Task>7</Task> <Keywords>0x80000000000000</Keywords><TimeCreatedSystemTime="2020-06-09T09:00:49.000000000Z"/><EventRecordID>841646</EventRecordID> <Channel>Application</Channel><Computer>srv-Appy.link.com</Computer> <Security /></System>
- <EventData><Data>The server is failing to download some updates.</Data></EventData></Event>

I use Nexpose to find workstations with vulnerabilities and when I run Windows Update Online from those workstations I find several to many updates that need to be installed. I've looked for errors in those workstation's Event Logs under WindowsUpdateClient but I've never found errors in that log. 

Anybody have any ideas on what to look for?

Thanks,

Joe B

Hello,

we installed WSUS on multiple windows server 2019 essentials to serve as down-streamer to our Main WSUS (server 2016 standard) , one for each branch to reduce network traffic (maximum 10 computers in every branch)

our ADDC is running on  (server 2016 standard) with all FSMO rules

but our essentials servers shutdown automatically every week with these events:

Event 38

The User Count Check detected a condition in your environment that is out of compliance with the licensing policy. This server will be automatically shut down if the issue is not corrected in 10 day(s) 0 hour(s) 0 minute(s). Please look for additional events for User Count Check to troubleshoot.

Event 74

The User Count Check detected a condition in your environment that is out of compliance with the licensing policy. This server does not comply with the End User License Agreement (EULA). The EULA permits a maximum of 25 user accounts. This Active Directory forest has 529 user accounts.

Event 20

The Forest Trust Check detected a condition in your environment that is out of compliance with the licensing policy. A trust relationship exists outside your forest. Please remove the trust now.

Event 38

The Non-domain Member Check detected a condition in your environment that is out of compliance with the licensing policy. This server will be automatically shut down if the issue is not corrected in 10 day(s) 0 hour(s) 0 minute(s). Please look for additional events for Non-domain Member Check to troubleshoot.

Event 57

The Non-domain Member Check policy detected a condition in your environment that is out of compliance with the licensing policy. This server can only be in a workgroup or be a domain controller.

essentials are member of large domain (Full data center environment).

how to solve this issue ?

Hi,

Computers are not syncing and in event viewer it is showing that "The Server Synchronization Web Service is not working."

Please help me to resolve the issue.

Regards.

Yogesh

We use WSUS to update our Windows computers. We configure Windows 10 to install any approved updates at 2:00 AM.  We configure Windows to automatically restart to complete the update install as long as nobody is logged into Windows at that time.  If someone is logged in at 2:00 AM, then Windows will NOT restart and instead rely on the user to restart at a time of their choosing.  If the user doesnt restart in seven days, Windows will auto-restart regardless of whether the user is logged in or not.

When i am reviewing WSUS to see which computers are not fully updated, i would like to be able to tell when Windows plans to restart the OS to complete updates.  Is that possible?  Is there a way to see when Windows is intending to restart to finish updates?  and can i do that without having to actually sign on to the Windows computer? Can i check it remotely from the event viewer or registry?  is there a setting/event log/WMI call that shows "Windows will restart on <date> and <time> to complete updates"?

I have a network that is isolated from the internet

Domain controller (Server 2016) and ~ 80 servers  (2012R2,2016) and 250 workstations (Win10, Win 7)

I need to add selected updated manually to the WSUS.

Please direct me to the best method.

Raf

I have a problem at two sites where I have a Windows 2016 server running WSUS.  I can't deploy any servicing stack updates at either of these sites.  This is definitely a problem with the WSUS server, since I can install them manually on all of the workstations with no problem. Also, this problem has been ongoing since the inception of Servicing Stack updates.  I've updated the workstations themselves at one site to Win10 1909, but that hasn't made any difference at all.

When I approve the Servicing Stack update in WSUS, it shows up on the workstation for installation. However, the update never downloads. It will sit there at "Downloading 0%" till the end of time.  In order to fix it, I have to delete and recreate the Software Distribution folder on the workstation.

I'm looking for some useful, creative ideas as to what might fix this.  Please don't quiz me on the basics. I've been using WSUS for many years, so I know that everything is configured properly, the proper policies are in place, and that the update does actually get downloaded to the WSUS server, etc., etc. All other updates install with no problems on the workstations.

Thanks,

Deb

Deb

WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

I am getting the above error message while sync with Microsoft WSUS. Please help . Thanks in advance.

hi,

In the past two days, we found that the Win7 of our employees was automatically upgraded to Win10. How can I prevent the phenomenon of automatic upgrade to WiN10 from Win7?

Our WSUS Server system is Windows Server 2016, and we have also canceled the upgrade of the product category; searched online, it may be related to KB3035583, but I did not find the KB from the WSUS patch, there should be other reasons.

Please also help to deal with it, looking forward to your reply!

Please remember to mark the replies as answers if they help. "Windows 10 Installation, Setup, and Deployment" forum will be migrating to a new home on Microsoft Q&A (Preview)! We invite you to post new questions in the "Windows 10 Installation, Setup, and Deployment" forum’s new home on Microsoft Q&A (Preview)! For more information, please refer to the sticky post.

Hi guys, i have a problem with a Server Windows 2008 SP1 Standar x86, when i tried to reinstall the role of WSUS 3.1 the ServerManager show this Error and i could install again the role.
Thanks for your help:
The Error of the event viewer is the nexT:

Log Name:      Setup
Source:        Microsoft-Windows-ServerManager
Date:          27/03/2009 05:53:21 p.m.
Event ID:      1617
Task Category: None
Level:         Error
Keywords:     
User:          DOMAIN\Administrator
Computer:      SOOB.DOMAIN.COM
Description:
Installation failed. A restart is required.

Roles:

Web Server (IIS)
   Error: The server needs to be restarted to undo the changes.

Windows Server Update Services
   Error: Installation failed because a required role service or feature could not be installed.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ServerManager" Guid="{8c474092-13e4-430e-9f06-5b60a529bf38}" />
    <EventID>1617</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2009-03-28T00:53:21.056Z" />
    <EventRecordID>23</EventRecordID>
    <Correlation />
    <Execution ProcessID="1100" ThreadID="2736" />
    <Channel>Setup</Channel>
    <Computer>SOOB.DOMAIN.COM</Computer>
    <Security UserID="S-1-5-21-696557799-1245526101-3093723089-500" />
  </System>
  <UserData>
    <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS">
      <message>

Roles:

Web Server (IIS)
   Error: The server needs to be restarted to undo the changes.

Windows Server Update Services
   Error: Installation failed because a required role service or feature could not be installed.

</message>
      <identifiers>WsusRole, WebServerRole, WebServerComponent, CommonHttpFeatures, StaticContent, DefaultDocument, Performance, DynamicContentCompression, ApplicationDevelopment, AspNetPages, InternetServiceApiExtensions, InternetServiceApiFilters, NetFxExtensibility, SecurityComponents, RequestFiltering, WindowsAuthentication, WebServerManagementTools, InternetInformationServices6ManagementCompatibility, InternetInformationServices6DatabaseCompatibility</identifiers>
    </EventXML>
  </UserData>
</Event>

Hi,

I have WSUS on Windows 2019 server. I configured the GPO to install the updates automatically at 2:00 AM every third Tuesday. It works fine with the desktop on the internal network, but for laptops which use VPN to connect to organization network, the auto installation doesn't happen because they are not on the network at the scheduled time.

I thought the install would happen at the next time when the laptops connect to VPN, but it wouldn't. On the laptop, it shows the updates were downloaded but pending for install.

How can I make the install happen automatically when the laptop are back online?

Need help!

Thanks,

Grace

I have multiple Window Server 2016's (v. 1607) that when running a Windows Update, it would fail with an error "There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x8024500c)".

Looking at the Windows Update logs like ReportingEvents.log and CBS.log, it looks like it's trying to reach out - maybe outside of the WSUS.
ReportingEvents.log:
{19F548A8-36AA-4C0C-AC57-EAB8ADA38464}2020-06-16 13:15:28:042-07001147 [AGENT_DETECTION_FINISHED]101{00000000-0000-0000-0000-000000000000}00 UpdateOrchestratorSuccessSoftware SynchronizationWindows Update Client successfully detected 0 updates.
{8F1D680B-E3F3-4863-942D-C1319DC755E5}2020-06-16 13:15:28:058-07001156 [AGENT_STATUS_30]101{00000000-0000-0000-0000-000000000000}00 UpdateOrchestratorSuccessPre-Deployment CheckReporting client status.
{8061B3DA-16B9-421C-8139-A779E72822FF}2020-06-16 13:15:28:121-07001148 [AGENT_DETECTION_FAILED]101{00000000-0000-0000-0000-000000000000}08024500cUpdateOrchestratorFailureSoftware SynchronizationWindows Update Client failed to detect with error 0x8024500c.

CBS.log:
2020-06-16 12:57:21, Info                  CBS    DWLD: Failed to begin WU search [HRESULT = 0x8024500c - Unknown Error]
2020-06-16 12:57:21, Info                  CBS    Failed to search Windows update [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]
2020-06-16 12:57:21, Info                  CBS    Failed to enumerate cloud capabilities [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]

We have a GPO that specifies to a WSUS server.

The server should be checking the WSUS, right? But, running the Windows Update and checking the firewall monitor, the server 2016 looks like it's trying to reach out to Microsoft Online Update Servers. Could this be what's causing the error for 0x8024500c? Is there a way to prevent the Server 2016's not to check online but directly to the WSUS?

Let me what you think..

Here's the GPO settings

I have multiple Window Server 2016's (v. 1607) that when running a Windows Update, it would fail with an error "There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x8024500c)".

Looking at the Windows Update logs like ReportingEvents.log and CBS.log, it looks like it's trying to reach out - maybe outside of the WSUS.
ReportingEvents.log:
{19F548A8-36AA-4C0C-AC57-EAB8ADA38464}2020-06-16 13:15:28:042-07001147 [AGENT_DETECTION_FINISHED]101{00000000-0000-0000-0000-000000000000}00 UpdateOrchestratorSuccessSoftware SynchronizationWindows Update Client successfully detected 0 updates.
{8F1D680B-E3F3-4863-942D-C1319DC755E5}2020-06-16 13:15:28:058-07001156 [AGENT_STATUS_30]101{00000000-0000-0000-0000-000000000000}00 UpdateOrchestratorSuccessPre-Deployment CheckReporting client status.
{8061B3DA-16B9-421C-8139-A779E72822FF}2020-06-16 13:15:28:121-07001148 [AGENT_DETECTION_FAILED]101{00000000-0000-0000-0000-000000000000}08024500cUpdateOrchestratorFailureSoftware SynchronizationWindows Update Client failed to detect with error 0x8024500c.

CBS.log:
2020-06-16 12:57:21, Info                  CBS    DWLD: Failed to begin WU search [HRESULT = 0x8024500c - Unknown Error]
2020-06-16 12:57:21, Info                  CBS    Failed to search Windows update [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]
2020-06-16 12:57:21, Info                  CBS    Failed to enumerate cloud capabilities [HRESULT = 0x800f0906 - CBS_E_DOWNLOAD_FAILURE]

We have a GPO that specifies to a WSUS server.

The server should be checking the WSUS, right? But, running the Windows Update and checking the firewall monitor, the server 2016 looks like it's trying to reach out to Microsoft Online Update Servers. Could this be what's causing the error for 0x8024500c? Is there a way to prevent the Server 2016's not to check online but directly to the WSUS?

Let me what you think..

Here's the GPO settings

I hope I can get assistance with this.  I had a corrupt version of WSUS 3.0 on a VM Win Server 2012 R2 that was only running IIS and WSUS.  I walked through the uninstall process completely from a post from https://ittherapist.net/2013/12/17/how-to-fix-windows-server-2012-and-2012-r2-wsus-post-install-fails-immediately/. I also followed the install process using PowerShell to install WSUS again.  Everything worked fine until the post installation taks happened, from which I used Power Shell again.  

PS C:\Users\administrator> & 'C:\Program Files\Update Services\Tools\WsusUtil.exe' postinstall contentdir=C:\WSUS
Log file is located at C:\Users\administrator\AppData\Local\Temp\2\tmp94DF.tmp
Post install is starting
Fatal Error: Unable to open the physical file "C:\Windows\WID\Data\SUSDB.mdf". Operating system error 2: "2(The system c
annot find the file specified.)".
Unable to open the physical file "C:\Windows\WID\Data\SUSDB.mdf". Operating system error 2: "2(The system cannot find th
e file specified.)".
Could not restart database "SUSDB". Reverting to the previous status.
ALTER DATABASE statement failed.
File activation failure. The physical file name "C:\Windows\WID\Data\SUSDB_log.ldf" may be incorrect.
File activation failure. The physical file name "C:\Windows\WID\Data\SUSDB_log.ldf" may be incorrect.
PS C:\Users\administrator> & 'C:\Program Files\Update Services\Tools\WsusUtil.exe' postinstall contentdir=C:\WSUS
Log file is located at C:\Users\administrator\AppData\Local\Temp\2\tmp225F.tmp
Post install is starting
Fatal Error: Unable to open the physical file "C:\Windows\WID\Data\SUSDB.mdf". Operating system error 2: "2(The system c
annot find the file specified.)".
Could not restart database "SUSDB". Reverting to the previous status.
ALTER DATABASE statement failed.
File activation failure. The physical file name "C:\Windows\WID\Data\SUSDB_log.ldf" may be incorrect.
PS C:\Users\administrator>

When I go into the directory holding the SUSDBs, they are not there.  However, the XML states it found the DBs and they exist.  How can that be?  I am stuck in the water now trying to get our WSUS working properly with a fresh install again. I do not have the deleted SUSDB files because this is a VM and we only backup MetaData, not disk Images for VM not holding company files.  I need to find a way for WSUS to fully create new SUSDBs and log files for this work.  Any guidance would be appreciated.

Hi all,
a company finally decided to use Windows 10 1909.
Some laptop inside company are 1903 at the moment.

In this company there is a WSUS Server (Windows Server 2016 + WSUS Role).

I would spread this upgrade from 1903 to 1909 using WSUS.

I have done these steps:

1) I have checked in "Products and Classifications" two options: Windows 10, version 1903 and later and Windows 10

2) After I have searched under "Updates > All Updates" the keyword1909 and I have approved for "Clients"
"Feature update to Windows 10 (business editions), version 1909...". I have done the same forConsumer Edition.

Finally I have seen under "Updates > All Updates" that there are option that I have confirmed in the before steps.
I have checked on some laptop,with Windows 10 1903, but they did not get upgrade to Windows 10 1909.

I have lost some configuration?

Thanks!
Federico

I've posted a few times asking for advice after suffering GUI & Powershell timeouts when using the standard PS scripts in order to clean/tidy the WSUS DB.

However this post is meant to offer a few key answers in order to help others and share my knowledge.  Finally I've managed to tame the DB in order to display All Updates (+27,000), run clean up scripts without timeouts and view All Computers without the GUI crashing.

unable to connect to the WSUS console.  Please find the error below.

Error: Connection Error

An error occurred trying to connect the WSUS server.  The error can happen for a number of reasons.  Check connectivity with the server.  Please contact your network administrator if the problem persists

Click Reset server node to try to connect to the server again.

1.  Address IIS default limitations

Make the following "Advanced Settings" for WSUS Application Pool in IIS:   

- Queue Length: 25000 from 1000   

- Limit Interval (minutes): 15 from 5   

- "Service Unavailable" Response: TcpLevel from HttpLevel* (Stop IIS first) Edit the web.config ( C:\Program Files\Update Services\WebServices\ClientWebService\web.config ) for WSUS:   

- Replace <httpRuntime maxRequestLength="4096" /> with<httpRuntime maxRequestLength="204800" executionTimeout="7200"/><add key="maxInstalledPrerequisites" value="400"/> change to 800*

Adjust the app pool private memory limit.   

- If you have WSUS Automated Maintenance (WAM), from the WAM Shell run:.\Clean-WSUS.ps1 -SetApplicationPoolMemory 4096- If you don't have WAM, edit the pool's configuration directly to change it to 4194304 (4GB)

Some also recommend changing pool memory to O i.e no memory limit

2. SQL - how to connect to WSUS WID DB

The internal WID SQL DB can be accessed  from local (maybe remote also) SQL Management Tools  via this computer name:\\.\pipe\MICROSOFT##WID\tsql\query

If that fails make sure you run management tools using Admin and:

np:\\.\pipe\MICROSOFT##WID\tsql\query

Open as Domain Admin or any member of the server Admin group

3.  Timeouts  - time to clean the SUS DB using TSQL

The internal WID SQL DB can be access from local 2012 Management Tools (needs installing) via this computer name:\\.\pipe\MICROSOFT##WID\tsql\query

If that fails make sure you run management tools using Admin and:

np:\\.\pipe\MICROSOFT##WID\tsql\query

Open as Domain Admin or any member of the server Admin group

3  Re-index the SUS DB

/****************************************************************************** 

This sample T-SQL script performs basic maintenance tasks on SUSDB 

1. Identifies indexes that are fragmented and defragments them. For certain    tables, a fill-factor is set in order to improve insert performance.    Based on MSDN sample at http://msdn2.microsoft.com/en-us/library/ms188917.aspx    and tailored for SUSDB requirements 

2. Updates potentially out-of-date table statistics. 

******************************************************************************/  

USE SUSDB; 

GO 

SET NOCOUNT ON;  

-- Rebuild or reorganize indexes based on their fragmentation levels 

DECLARE @work_to_do TABLE (     objectid int     , indexid int     , pagedensity float     , fragmentation float     , numrows int 

)  

DECLARE @objectid int; 

DECLARE @indexid int; 

DECLARE @schemaname nvarchar(130);  

DECLARE @objectname nvarchar(130);  

DECLARE @indexname nvarchar(130);  

DECLARE @numrows int 

DECLARE @density float; 

DECLARE @fragmentation float; 

DECLARE @command nvarchar(4000);  

DECLARE @fillfactorset bit 

DECLARE @numpages int  

-- Select indexes that need to be defragmented based on the following 

-- * Page density is low 

-- * External fragmentation is high in relation to index size 

PRINT 'Estimating fragmentation: Begin. ' + convert(nvarchar, getdate(), 121)  

INSERT @work_to_do 

SELECT     f.object_id     , index_id     , avg_page_space_used_in_percent     , avg_fragmentation_in_percent     , record_count 

FROM      sys.dm_db_index_physical_stats (DB_ID(), NULL, NULL , NULL, 'SAMPLED') AS f 

WHERE     (f.avg_page_space_used_in_percent < 85.0 and f.avg_page_space_used_in_percent/100.0 * page_count < page_count - 1)     or (f.page_count > 50 and f.avg_fragmentation_in_percent > 15.0)     or (f.page_count > 10 and f.avg_fragmentation_in_percent > 80.0)  

PRINT 'Number of indexes to rebuild: ' + cast(@@ROWCOUNT as nvarchar(20))  

PRINT 'Estimating fragmentation: End. ' + convert(nvarchar, getdate(), 121)  

SELECT @numpages = sum(ps.used_page_count) 

FROM     @work_to_do AS fi     INNER JOIN sys.indexes AS i ON fi.objectid = i.object_id and fi.indexid = i.index_id     INNER JOIN sys.dm_db_partition_stats AS ps on i.object_id = ps.object_id and i.index_id = ps.index_id  

-- Declare the cursor for the list of indexes to be processed. 

DECLARE curIndexes CURSOR FOR SELECT * FROM @work_to_do  

-- Open the cursor. 

OPEN curIndexes  

-- Loop through the indexes 

WHILE (1=1) 

BEGIN     FETCH NEXT FROM curIndexes     INTO @objectid, @indexid, @density, @fragmentation, @numrows;     IF @@FETCH_STATUS < 0 BREAK;      SELECT          @objectname = QUOTENAME(o.name)         , @schemaname = QUOTENAME(s.name)     FROM          sys.objects AS o         INNER JOIN sys.schemas as s ON s.schema_id = o.schema_id     WHERE          o.object_id = @objectid;      SELECT          @indexname = QUOTENAME(name)         , @fillfactorset = CASE fill_factor WHEN 0 THEN 0 ELSE 1 END     FROM          sys.indexes     WHERE         object_id = @objectid AND index_id = @indexid;      IF ((@density BETWEEN 75.0 AND 85.0) AND @fillfactorset = 1) OR (@fragmentation < 30.0)         SET @command = N'ALTER INDEX ' + @indexname + N' ON ' + @schemaname + N'.' + @objectname + N' REORGANIZE';     ELSE IF @numrows >= 5000 AND @fillfactorset = 0         SET @command = N'ALTER INDEX ' + @indexname + N' ON ' + @schemaname + N'.' + @objectname + N' REBUILD WITH (FILLFACTOR = 90)';     ELSE         SET @command = N'ALTER INDEX ' + @indexname + N' ON ' + @schemaname + N'.' + @objectname + N' REBUILD';     PRINT convert(nvarchar, getdate(), 121) + N' Executing: ' + @command;     EXEC (@command);     PRINT convert(nvarchar, getdate(), 121) + N' Done.'; 

END  

-- Close and deallocate the cursor. 

CLOSE curIndexes; 

DEALLOCATE curIndexes;   

IF EXISTS (SELECT * FROM @work_to_do) 

BEGIN     PRINT 'Estimated number of pages in fragmented indexes: ' + cast(@numpages as nvarchar(20))     SELECT @numpages = @numpages - sum(ps.used_page_count)     FROM         @work_to_do AS fi         INNER JOIN sys.indexes AS i ON fi.objectid = i.object_id and fi.indexid = i.index_id         INNER JOIN sys.dm_db_partition_stats AS ps on i.object_id = ps.object_id and i.index_id = ps.index_id      PRINT 'Estimated number of pages freed: ' + cast(@numpages as nvarchar(20)) 

END 

GO   

--Update all statistics 

PRINT 'Updating all statistics.' + convert(nvarchar, getdate(), 121)  

EXEC sp_updatestats 

PRINT 'Done updating statistics.' + convert(nvarchar, getdate(), 121)  

GO 

4 - Some useful Information

TSQL

--get the count of total updates, superseded ,declined updates.

use SUSDB; select (Select count (*) 'Total Updates' from vwMinimalUpdate ) 'Total Updates', (Select count (*) 'Live updates'  from vwMinimalUpdate where declined=0) as 'Live Updates', (Select count (*) 'Superseded'  from vwMinimalUpdate where IsSuperseded =1) as 'Superseded', (Select count (*) 'Superseded But NoDeclined'  from vwMinimalUpdate where IsSuperseded =1 and declined=0) as 'Superseded but not declined', (Select count (*) 'Declined'  from vwMinimalUpdate where declined=1) as 'Declined', (Select count (*) 'Superseded & Declined' from vwMinimalUpdate where IsSuperseded =1 and declined=1) 'Superseded & Declined'

Total Updates: count of all updates which includes superseded ,decline .This basically include all updates in your wsus db.

Live updates: Count of updates without declined .This includes all updates with superseded/without superseded but not declined. These updates are considered to generate the update catalog file.

Superseded: Count of all superseded updates

Superseded but not declined: Count of all superseded updates but they are not declined yet.

Declined:Count of updates that are declined. Declined updates never goes into update catalog file .

5.  Decline those pesky superseded updates

PS scripts to perform this decline on superseded updates would regular timeout, so we have to perform the action on the DB directly using TSQL

Set @testRun to 1 to test without declining anything

-- Decline superseded updates in SUSDB; 



USE SUSDB



DECLARE @thresholdDays INT = 90 -- Specify the number of days between
today and the release date for which the superseded updates must not be
declined (i.e., updates older than 90 days). This should match configuration of
supersedence rules in SUP component properties, if ConfigMgr is being used with
WSUS.

DECLARE @testRun BIT = 0 -- Set this to 1 to test without declining
anything.

-- There shouldn't be any need to modify anything after this line.



DECLARE @uid UNIQUEIDENTIFIER

DECLARE @title NVARCHAR(500)

DECLARE @date DATETIME

DECLARE @userName NVARCHAR(100) = SYSTEM_USER



DECLARE @count INT = 0



DECLARE DU CURSOR FOR

         SELECT MU.UpdateID,
U.DefaultTitle, U.CreationDate FROM vwMinimalUpdate MU         JOIN PUBLIC_VIEWS.vUpdate
U ON MU.UpdateID = U.UpdateId

WHERE MU.IsSuperseded = 1 AND MU.Declined = 0 AND MU.IsLatestRevision =
1

         AND MU.CreationDate <
DATEADD(dd,-@thresholdDays,GETDATE())

ORDER BY MU.CreationDate



PRINT 'Declining superseded updates older than ' + CONVERT(NVARCHAR(5),
@thresholdDays) + ' days.' + CHAR(10)



OPEN DU

FETCH NEXT FROM DU INTO @uid, @title, @date

WHILE (@@FETCH_STATUS > - 1)

BEGIN

         SET @count = @count + 1         PRINT 'Declining update '+ CONVERT(NVARCHAR(50), @uid) + ' (Creation Date ' + CONVERT(NVARCHAR(50),
@date) + ') - ' + @title + ' ...'         IF @testRun = 0                 EXEC
spDeclineUpdate @updateID = @uid, @adminName = @userName, @failIfReplica = 1         FETCH NEXT FROM DU INTO
@uid, @title, @date

END



CLOSE DU

DEALLOCATE DU



PRINT CHAR(10) + 'Attempted to decline ' + CONVERT(NVARCHAR(10), @count)+ ' updates.'

6.  Delete Obsolete updates

Another PShell function which regularly timed out, again let's use TSQL directly on the SUS DB - it wont timeout no matter how long it runs for!

USE SUSDB

IF object_id('tempdb..#MyTempTable') is not null
DROP TABLE #MyTempTable

create table #MyTempTable (

LocalUpdateID int

)

IF object_id('tempdb..#MyTempTable1') is not null
DROP TABLE #MyTempTable1

create table #MyTempTable1 (

LocalUpdateID int

)

GO

insert INTO #MyTempTable1 (LocalUpdateID)

EXEC susdb.dbo.spGetObsoleteUpdatesToCleanup

select * from #MyTempTable

insert into #MyTempTable select top (2000) * from
#MyTempTable1

DECLARE @x INT

DECLARE @Msg VARCHAR(50)

DECLARE @Count INT

SELECT @Count = COUNT(*) FROM #MyTempTable

SELECT @msg = 'Number of updates to be deleted:' +
CAST( @Count AS VARCHAR(10))

RAISERROR(@msg, 0, 1) WITH NOWAIT

declare c1 cursor local static for

select * from #MyTempTable

open c1

fetch c1 into @x

while @@FETCH_STATUS = 0

begin

SELECT @msg = 'Deleting update with ID:' + CAST (@x
AS VARCHAR(10))

RAISERROR(@msg, 0, 1) WITH NOWAIT

EXEC spDeleteUpdate @localUpdateID=@x

fetch c1 into @x

END

close c1

deallocate c1

SELECT @msg = 'Deletion completed'

RAISERROR(@msg, 0, 1) WITH NOWAIT 

7.  Using the GUI and opening 'All Computers' crashes with Reset Error message

Make sure https://support.microsoft.com/en-us/help/4511553/windows-10-update-kb4511553 is installed.

Clear out suspect Computers via SQL Management Tools

Open SUSDB

Navigate to > Tables >tbComputerTarget Right click Edit Top 200 rows, or if you need more rows, right click on an entry returned from the 200 row > Pane > SQL:

SELECT       TOP (2000) TargetID, ComputerID, SID, ParentServerTargetID, LastSyncTime, LastReportedStatusTime, LastReportedRebootTime, IPAddress, FullDomainName, IsRegistered, LastInventoryTime, LastNameChangeTime,

                        EffectiveLastDetectionTime, LastSyncResult

FROM           tbComputerTarget

ParentServerTargetID should all be NULL, if 2 or any other select them and delete.

Or this also apparently works:

update tbComputerTarget set ParentServerTargetID = NULL where ParentServerTargetID is NOT NULL

Ref: 

https://support.microsoft.com/en-us/help/4490644/complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maint

http://eskonr.com/2019/06/clean-up-your-wsus-database-for-better-performance-and-sccm-software-update-compliance/

I have KB3159706 installed on my WSUS server running on Windows 2012. I am not sure if the deadly KB3148812 was ever installed.

I am unable to start Update services. I get an eventID 507: Update Services failed its initialization and stopped. 

I also tried the steps in KB 3159706:

"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing 

Then I installed: HTTP Activation under .NET Framework 4.5 Features. 

I do not think we are using SSL on this update server because if I try the steps for SSL i get an error that it cannot find the specified file: (takeown /f web.config /a   does not work)

However I am still unable to start WSUS services? What logs can I review to fix this? Where would you start looking? 

I have a windows server 2012 r2 that I am updating. Software Center is failing on two older updates, 2017, that it says it needs. the older updates are KB3179574 and KB2919355. When I try to install them it "Failed to resolve package kb4025335"

KB4025335 is only for windows 8.1 and I am updating a windows server 2012 r2. I have done all the DISM and SFC commands to try and fix the issue. How can I remove the need for wsus to call for kb4025335 when it does not even belong to this OS?

I have even done the DISM /remove-package command and it says it was successful but the updates still fail to resolve the kb4025335 when I install them. Help?

I'm setting up WSUS for the first time ever, so be slow for me.

The client PC is Windows 10 Enterprise and the server is Windows Server 2012 R2.

When I look in the WSUS console I can see this Windows 10 machine in it's group.  So Computers\All Computers\ProductionComputers

There are a ton of critical and Security updates to run.  I've approved a bunch of the Critical Updates.  Under approval I see "install."  

When I go to the Windows 10 Enterprise PC that needs these updates and I click on "Check for updates" I'm told that my device is up to date and I get an appropriate timestamp for the last time I tapped the check button.

I've ensured that WSUS Server has downloaded all of the updates that I've approved.  I've not seen the WSUS folder get any larger over the last couple of hours, so I'm confident that I have all the required files to make the update happen.  I just can't get that client PC to recognize that it has updates.

What do do?