Windows Server TechCenter >
Windows Server Forums
>
WSUS
>
Looking for a WSUS client all-in-one MEGAFIX script or batch file
Looking for a WSUS client all-in-one MEGAFIX script or batch file
- When troubleshooting individual clients that fail to update via WSUS, there are several possible problems on the client that may need to be fixed depending on the cause.
I'd like to get a script that just clears and resets everything on the client. For instance, I'd like it run it and have to do this:
stop automatic updates and BITs services
rename sofware distribution directory to softwaredistribution.old
rename windowsupdate.log to windowsupdate.old
reset wsus client ID
force-reinstall WindowsUpdateAgent30-x86.exe
reregister all WSUS client related DLLs
restart windows update service and BITS services
redetect for updates and reset authorization
Is this available or can someone make it?
Answers
- I use one of these myself that I just posted elsewhere. I've also found that Internet Explorer cache, cookies and history as well as stale local DNS cache entries can cause issues with WSUS during the registration so I have those in here as well. With some of your suggestions, here's an updated version of my file:
@Echo Off
::Stop Windows Update Service
NET STOP WUAUSERV
::Stop Background Intelligent Transfer Service
NET STOP BITS
::Delete WU Software Distribution Directory
RD %SYSTEMROOT%\SoftwareDistribution /s /q
::Delete Temporary Internet Files
::Works with IE 7+ ONLY!!! Earlier versions must be done manually if you see an error message
::Temporary Internet File Cache
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
::Cookies
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
::History
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
Echo.
Echo Manually clear out the Internet Explorer Temporary Internet File Cache,
Echo the Cookies and the History if you just saw three error messages instead
Echo of progress bars.
Echo.
Pause
::Flush the DNS Cache
IPCONFIG /FLUSHDNS
::Delete Windows Temporary Files
DEL %TEMP%\*.* /F /S /Q
DEL %SYSTEMROOT%\Temp\*.* /F /S /Q
::Delete WSUS Client ID Registry Keys
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /va /f
::Backup the Windows Update log file and rename the original in order to get a clean log file
If Exist %SYSTEMROOT%\WindowsUpdate.old.log Del %SYSTEMROOT%\WindowsUpdate.old.log
Rename %SYSTEMROOT%\WindowsUpdate.log WindowsUpdate.old.log
::Force Reinstall of the Windows Update Agent Software
IF "%PROCESSOR_ARCHITECTURE%"=="x86" %CD%\WindowsUpdateAgent30-x86.exe /wuforce
IF "%PROCESSOR_ARCHITECTURE%"=="AMD64" %CD%\WindowsUpdateAgent30-x64.exe /wuforce
IF "%PROCESSOR_ARCHITECTURE%"=="IA64" %CD%\WindowsUpdateAgent30-ia64.exe /wuforce
::Start Background Intelligent Transfer Service
NET START BITS
::Start Windows Update Service
NET START WUAUSERV
::Force run WSUS Client authentication and detection
WUAUCLT /resetauthorization /detectnow
Pause
The only thing this doesn't do on your list is rename the SoftwareDistribution folder and re-register the WSUS dll files. I've never seen a need for the old SoftwareDistribution folder so I always just delete it and re-registering the WSUS client dll files right after forcefully reinstalling the WSUS Client seems a bit redundant. In my experience, I've only had 1% of my WSUS-impaired machines even NEED the WSUS Client reinstallation but it seems like a good idea to add anyway.
Please note, the WindowsUpdateAgent30-???.exe files need to be in the same folder as the batch file is running or you need to add the full path to the files inside the batch file in place of the %CD% variable.- Edited byCitizenRon Friday, October 30, 2009 11:26 PMFix formatting errors again
- Edited byCitizenRon Friday, October 30, 2009 11:25 PMFix formatting errors
- Edited byCitizenRon Friday, October 30, 2009 11:26 PMFix formatting errors again
- Marked As Answer byMyGposts Saturday, October 31, 2009 6:36 AM
All Replies
- I use one of these myself that I just posted elsewhere. I've also found that Internet Explorer cache, cookies and history as well as stale local DNS cache entries can cause issues with WSUS during the registration so I have those in here as well. With some of your suggestions, here's an updated version of my file:
@Echo Off
::Stop Windows Update Service
NET STOP WUAUSERV
::Stop Background Intelligent Transfer Service
NET STOP BITS
::Delete WU Software Distribution Directory
RD %SYSTEMROOT%\SoftwareDistribution /s /q
::Delete Temporary Internet Files
::Works with IE 7+ ONLY!!! Earlier versions must be done manually if you see an error message
::Temporary Internet File Cache
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
::Cookies
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
::History
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
Echo.
Echo Manually clear out the Internet Explorer Temporary Internet File Cache,
Echo the Cookies and the History if you just saw three error messages instead
Echo of progress bars.
Echo.
Pause
::Flush the DNS Cache
IPCONFIG /FLUSHDNS
::Delete Windows Temporary Files
DEL %TEMP%\*.* /F /S /Q
DEL %SYSTEMROOT%\Temp\*.* /F /S /Q
::Delete WSUS Client ID Registry Keys
REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /va /f
::Backup the Windows Update log file and rename the original in order to get a clean log file
If Exist %SYSTEMROOT%\WindowsUpdate.old.log Del %SYSTEMROOT%\WindowsUpdate.old.log
Rename %SYSTEMROOT%\WindowsUpdate.log WindowsUpdate.old.log
::Force Reinstall of the Windows Update Agent Software
IF "%PROCESSOR_ARCHITECTURE%"=="x86" %CD%\WindowsUpdateAgent30-x86.exe /wuforce
IF "%PROCESSOR_ARCHITECTURE%"=="AMD64" %CD%\WindowsUpdateAgent30-x64.exe /wuforce
IF "%PROCESSOR_ARCHITECTURE%"=="IA64" %CD%\WindowsUpdateAgent30-ia64.exe /wuforce
::Start Background Intelligent Transfer Service
NET START BITS
::Start Windows Update Service
NET START WUAUSERV
::Force run WSUS Client authentication and detection
WUAUCLT /resetauthorization /detectnow
Pause
The only thing this doesn't do on your list is rename the SoftwareDistribution folder and re-register the WSUS dll files. I've never seen a need for the old SoftwareDistribution folder so I always just delete it and re-registering the WSUS client dll files right after forcefully reinstalling the WSUS Client seems a bit redundant. In my experience, I've only had 1% of my WSUS-impaired machines even NEED the WSUS Client reinstallation but it seems like a good idea to add anyway.
Please note, the WindowsUpdateAgent30-???.exe files need to be in the same folder as the batch file is running or you need to add the full path to the files inside the batch file in place of the %CD% variable.- Edited byCitizenRon Friday, October 30, 2009 11:26 PMFix formatting errors again
- Edited byCitizenRon Friday, October 30, 2009 11:25 PMFix formatting errors
- Edited byCitizenRon Friday, October 30, 2009 11:26 PMFix formatting errors again
- Marked As Answer byMyGposts Saturday, October 31, 2009 6:36 AM
When troubleshooting individual clients that fail to update via WSUS, there are several possible problems on the client that may need to be fixed depending on the cause.
I'd like to get a script that just clears and resets everything on the client. For instance, I'd like it run it and have to do this:
stop automatic updates and BITs services
rename sofware distribution directory to softwaredistribution.old
rename windowsupdate.log to windowsupdate.old
reset wsus client ID
force-reinstall WindowsUpdateAgent30-x86.exe
reregister all WSUS client related DLLs
restart windows update service and BITS services
redetect for updates and reset authorization
Is this available or can someone make it?
Smashing a container of crates up with a sledge hammer because each one of them has some loose screws or nails is overkill.
Most all issues with clients failing to update via WSUS can be resolved with very simple tactical remediations.
When a large number of clients is involved, it's quite often a systemic issue, and generally caused by something at the server, or the network infrastructure, in which case smashing up all the crates and replacing them with new crates won't help a whit if the container has a leak in the roof.
If you'd like to share the *problem*, rather than asking for advice on an almost certainly inappropriate solution, I'd be happy to help.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.comI've also found that Internet Explorer cache, cookies and history as well as stale local DNS cache entries can cause issues with WSUS during the registration so I have those in here as well.
The Internet Explorere cache, cookies, and history have ABSOLUTELY NOTHING to do with the functionality of the Windows Update Agent.
A stale DNS cache entry could cause an issue, but only if the IP Address for a WSUS Server has been recently changed, like more recently than the default timeout of a Windows DNS address record -- which is like 1 Hour.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- We have had various wsus client problems that have been fixed over the last year by using one or several of the fixes listed in original post.
In the last couple of weeks, we have had a rash of clients that have needed the Windows update client completely reinstalled. I suspect the sudden frequent need to completely reinstall multiple Windows Update clients is due to a problem with one or more of the security updates from last Patch Tuesday.
The updates also broke almost everyone's Visio Viewer (which also required reinstallation).
Instead of spending so much time troubleshooting and using trial and error to determine which fix of several possible fixes will cure an individual clients WSUS client failure (when others in the same group are working fine), we would like to just blast all the cached and possible corrupted files and settings away and bring the windows update client and related settings on that client into a clean and fresh state. If it only takes 1 minute or less to reset everything with a script, why not do this instead of taking much more time troubleshooting, reconfiguring, renaming files, stopping and restarting services and running commands manually? We have had various wsus client problems that have been fixed over the last year by using one or several of the fixes listed in original post.
In the last couple of weeks, we have had a rash of clients that have needed the Windows update client completely reinstalled. I suspect the sudden frequent need to completely reinstall multiple Windows Update clients is due to a problem with one or more of the security updates from last Patch Tuesday.
The updates also broke almost everyone's Visio Viewer (which also required reinstallation).
Instead of spending so much time troubleshooting and using trial and error to determine which fix of several possible fixes will cure an individual clients WSUS client failure (when others in the same group are working fine), we would like to just blast all the cached and possible corrupted files and settings away and bring the windows update client and related settings on that client into a clean and fresh state. If it only takes 1 minute or less to reset everything with a script, why not do this instead of taking much more time troubleshooting, reconfiguring, renaming files, stopping and restarting services and running commands manually?
This is certainly your choice; I'm merely suggesting to you that doing so is highly unlikely to permanently solve anything.
As to why not take 1 minute to blow everything away instead of taking more time to diagnose and apply the correct solution? -- I guess you missed the point in my analogy about smashing up the crates when the real problem is the hole in the roof. If the cause of your problems is *not* the Windows Update Agent, then gutting and replacing the entire Windows Update Agent [a] won't solve anything, and [b] is quite likely to create more problems in addition to the ones you've not really identified yet.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.comThe Internet Explorere cache, cookies, and history have ABSOLUTELY NOTHING to do with the functionality of the Windows Update Agent.
While I'm sure that the history wouldn't cause issues and it's more of a general cleaning issue, I'm curious about why you're so sure about the cache and cookies. Looking in the WindowsUpdate.log file always shows many entries referring to cookies. Such as:
A stale DNS cache entry could cause an issue, but only if the IP Address for a WSUS Server has been recently changed, like more recently than the default timeout of a Windows DNS address record -- which is like 1 Hour.
Uploading 7 events using cached cookie, reporting URL = http://wsus-02:8530/ReportingWebService/ReportingWebService.asmx
WARNING: Cached cookie has expired or new PID is available
Initializing simple targeting cookie, clientId = 89732a45-5d10-4ff7-95d2-bfa2ecdbf65a, target group = Workstations, DNS name = t140pu94.domain.name
etc. etc. Are these not regular Internet cookies? I'm not trying to argue, just gather information. I'm fairly new at WSUS but it's been my experience that this has contributed to helping fix WSUS interactions. Also, I have personally handled cases of where the only event that took place between a computer not working with WSUS and it working with WSUS was to clear out the temporary internet information such as Cache, Cookies and History.
Yes, the DNS situation was when we were changing servers and DNS entries so that's not likely to come up very often, but since it CAN fix a possible problem, it is totally non-destructive, and it takes like 0.02 seconds for the script to do it, I don't see why I would not want it in a general purpose WSUS fixit script.
I'm leaning towards your stance on forcing the WSUS client software installation though. I have had only one machine that has ever actually needed to have that done and it kind of takes the simple nature away from the script. Everything else in the script in non-destructive and having it all in one script greatly assists remediation time to fix a WSUS problem.
While I'm sure that the history wouldn't cause issues and it's more of a general cleaning issue, I'm curious about why you're so sure about the cache and cookies.
Aside from the fact that I've been knee deep in this product for five years and I know for a fact that the *browser* has absolutely nothing to do with the Windows Update Agent? :-)
Looking in the WindowsUpdate.log file always shows many entries referring to cookies.
No, they're not. They're Windows Update Agent "cookies". The word "cookie" being used here in the more generic sense of "information stored by the application on the client computer".
Are these not regular Internet cookies? I'm not trying to argue, just gather information.
but it's been my experience that this has contributed to helping fix WSUS interactions.
Perhaps these activities, combined with something that actually made an impact, created the perception that clearing IE cookies and the cache was making a difference.
Also, I have personally handled cases of where the only event that took place between a computer not working with WSUS and it working with WSUS was to clear out the temporary internet information such as Cache, Cookies and History.
I'd be very interested in seeing the WindowsUpdate.log for such a system both before and after the implemented IE changes. I suspect something else occurred concurrent with the IE changes which is actually responsible for the remediation.
I don't see why I would not want it in a general purpose WSUS fixit script.
You might. :) I don't. I don't want to execute any changes on a system, particularly on a server, unless I've first determined that such an action is necessary to remedate an identified issue.
I'm leaning towards your stance on forcing the WSUS client software installation though. I have had only one machine that has ever actually needed to have that done and it kind of takes the simple nature away from the script. Everything else in the script in non-destructive and having it all in one script greatly assists remediation time to fix a WSUS problem.
It's my position that 98% of instances where the SoftwareDistribution folder was deleted (or less intrusively, renamed), such actions were not necessary, but were done so because "common wisdom" (read: the "Internet") said that was the way to fix all ills of the WUAgent.
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com- Thanks for the answers! As I said, I'm fairly new to WSUS and had limited experience with the older SUS system and just want to increase my knowledge of the new system that I have to maintain and I've seen you demonstrate your knowledge extensively here and elsewhere.
I'll definitely check out removing the IE stuff from my script. That was a pain to get working in the first place. I looked at the SoftwareDistribution folder a bit more and I do see the merits of renaming it instead of just deleting it now if for nothing else than the ReportingEvents.log file.
I'd love to be in a position where I can spend all the time in the world troubleshooting and really getting to the root of a problem before making changes, but unfortunately, I can't. In my job, I have to keep things working and if they're not working, I have to get them fixed as soon as possible. Having a script that can run through a series of non-destructive tasks that are almost guaranteed to fix a local WSUS problem simply makes my life easier.
It's my position that 98% of instances where the SoftwareDistribution folder was deleted (or less intrusively, renamed), such actions were not necessary, but were done so because "common wisdom" (read: the "Internet") said that was the way to fix all ills of the WUAgent.
If you don't mind me asking, what have you found to be the biggest problem in WSUS Clients not working properly in a WSUS system?
I'd love to be in a position where I can spend all the time in the world troubleshooting and really getting to the root of a problem before making changes, but unfortunately, I can't. In my job, I have to keep things working and if they're not working, I have to get them fixed as soon as possible. Having a script that can run through a series of non-destructive tasks that are almost guaranteed to fix a local WSUS problem simply makes my life easier.
I certainly understand. The key word here, though, is "nondestructive". :)
Lawrence Garvin, M.S., MCITP:EA, MCDBA
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
My Blog: http://onsitechsolutions.spaces.live.com
