sticky
How to Uninstall WSUS

    General discussion

  • There are no comprehensive documented procedures for doing a forced uninstall on Windows Server 2008. There is an article in the WSUS Technical Reference which says to use Programs and Features to uninstall WSUS.

    That will work on a perfectly functional system, but it almost always fails on a broken system.

    Obviously the preferable method is to remove the WSUS Role using Server Manager, but this may fail, possibly because of the dependencies on the Windows Internal Database feature and/or dependencies on reading from the database itself.

    The TechRef article specifies to first uninstall the Windows Internal Database

    msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} callerid=ocsetup.exe

    Then to uninstall WSUS using Program and Features.

    So that would be my first suggestion

    If uninstalling using the above procedures is not successful, then my second suggestion is to try using the Windows Installer Cleanup Utility, as described in the WSUS Support Team Blog Post (November 2008), following that complete procedure to clean up the WSUS installation. The challenge with this procedure, though, is that it is dependent upon the Windows Installer Cleanup Utility (WICU), which is no longer available from the Microsoft Download Center. If you have the WICU (or can get the WICU), then that procedure does still work.

    If you cannot obtain the WICU, then there is also a procedure using MSIZAP that appears to be still valid for Win2008SP2  and Win2008R2 systems:

    • Step 1: Run MSIZAP T {2C0D7E35-EE6E-4DC7-BA13-2C68AEDEB59D}.
    • Step 2: Run sc delete wsusservice.
    • Step 3: Run MSIZAP T {2C0D7E35-EE6E-4DC7-BA13-2C68AEDEB59D} again.
    • Step 4: Reboot.
    • Step 5: Run aspnet_regiis -i.
    • Step 6: Run iisreset.

    To confirm that WSUS is fully removed, check the following resources:

    • In the registry the key HKLM\Software\Microsoft\Update Services key should be gone. Delete it if it's still there.
    • In the filesystem, the folder %ProgramFiles%\Update Services should be gone. Delete it if it's still there.
    • In the filesystem, the folder ~\WSUS\UpdateServicesDbFiles should be empty. Delete the SUSDB.mdf and SUSDB_log.ldf files if they are still there.

    If any of the above resources were still present, reboot the server again.

    Inspect Server Manager and confirm that the WSUS Role and the Windows Internal Database Feature are no longer listed as installed. (They should not be if you have successfully performed the above procedure.)

    [Added 12/19/2012 LG]: If you continue to experience issues related to the Windows Internal Database, and the Windows Internal Database has been updated at any time (e.g. Service Pack installation or Security Updates), it is possible that the issue described in KB971187 is applicable. If so, perform the manual Fix-It steps described in that article.

    You may also wish to consider removing and rebuilding the Web Server Role, depending on what other resources are dependent on that role, and whether it was originally installed to the correct WSUS specifications, or it was customized at any time after that installation.

    Then select the WSUS Server Role for installation (and hopefully it does). (Also make note that if this server was configured as a WSUS client of itself, you will need to reconfigure it to be an AU client again, so that you can obtain the WSUS installation bits from Microsoft Update. The easiest way to do this is:

    1. Run gpupdate /force to reset the Policy Refresh timer.
    2. Change the registry value HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU "UseWUServer" to =0=. (This will make the system an AU client for at least the next hour.)
    3. Restart the Windows Update service.
    4. Add the WSUS Server Role. (When the Group Policy refresh occurs 60-120 minutes later the machine will automatically revert back to being a WSUS client of itself again.
    5. [Added 7/13/2012] Critical: Reinstall KB2720211.

    If this was a downstream server, it should be able to get the Dynamic Installer from its upstream server, without any reconfiguration required.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com





    Friday, November 04, 2011 7:56 PM
    Moderator