locked
Connect to WSUS via powershell RRS feed

  • Question

  • Can anyone help me out with this, I have been connecting to the WSUS server via the command below to automate some tasks which was working using the command below.

    [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“wsusserver01”,$False,8530)

    However we have now reconfigured the WSUS server to use HTTPS and I don't seem to be able to connect any more.

    [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“wsusserver01.domain.com”,$True,8531)

    I have updated the command to reflect this change but I can getting the following error:

    Exception calling "GetUpdateServer" with "3" argument(s): "The remote server returned an error: (403) Forbidden."

    At line:2 char:1

    Reference to the blog I used in the past to connect via powershell, but I can't find any reference on how to check via SSL on port 8531

    https://blogs.technet.microsoft.com/heyscriptingguy/2012/01/17/use-powershell-to-perform-basic-administrative-tasks-on-wsus/

    Does anyone have any ideas on where I am going wrong?



    • Edited by Yan Li_ Friday, November 24, 2017 8:14 AM edit
    Thursday, October 12, 2017 7:38 AM

Answers

  • Thank you for the replies I managed to resolve this by adding the server short name into the subject alternative name in the certificate used on the WSUS server.

    I'm still not sure why I couldn't use the FQDN with running the script from the WSUS server itself, but my connection string above is the correct one.

    • Marked as answer by Rapp_ Thursday, October 19, 2017 9:05 AM
    Thursday, October 19, 2017 9:05 AM

All replies

  • First, I can only gather you're trying to do the server cleanup wizard and other maintenance tasks via PowerShell (a good thing). Instead of re-inventing the wheel, why not use my script that does WAY MORE than any other single script out there.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.

    Second, if you're doing something else, connecting with https uses:

    [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($WSUSServer,$True,'8531');

    The big question is how did you configure WSUS for SSL? Did you follow the technet guide and run the wsusutil command?

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Proposed as answer by AJTek.caMVP Monday, October 23, 2017 3:28 AM
    Friday, October 13, 2017 1:20 AM
  • Hello,

    Can you browser https://wsusserver:8531?

    I suggest you disable firewall on both side and check whether you can run the command successfully. 

    Regards,

    Yan


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Yan Li_ Friday, October 13, 2017 8:20 AM
    Friday, October 13, 2017 7:28 AM
  • Thank you for the replies I managed to resolve this by adding the server short name into the subject alternative name in the certificate used on the WSUS server.

    I'm still not sure why I couldn't use the FQDN with running the script from the WSUS server itself, but my connection string above is the correct one.

    • Marked as answer by Rapp_ Thursday, October 19, 2017 9:05 AM
    Thursday, October 19, 2017 9:05 AM