locked
Check if Automatic Updates are idle/running? Check if reboot needed? RRS feed

  • General discussion

  • Is there a way to find out if scheduled Automatic Updates are idle or in progress (checking, downloading, installing)?

    Is there a way to find out, if scheduled Automatic Updates are done, if a reboot is needed to finish updating?

    ,

    I am looking for a low-maintenance and free way to set up overnight scheduled automatic updates, that can ONLY run at night and never during the day when people are using the machines. If a machine misses the overnight scheduled Window, that absolutely does not mean the updates should install the next morning when an employee logs on to the machine and is trying to get their work done.

    In general I already know what needs to be done, though it's the finer points of saving energy that are a problem. I don't want to leave machines on all night. I want the machines to turn on, and do their automatic updates from Microsoft as scheduled (no need for WSUS). If a reboot is needed, then do that, and resume updating after the restart if needed. If all done and no restart needed, do some other maintenance tasks like defragging, and shut down the system.

    The general plan goes like this:

    1. AD GPO, Computer policy: Set Windows Update service to Manual start so it cannot run during the daytime, ever. Stop the service if it is running.
    2. AD GPO, Computer policy: Set Windows Update to automatic updates, automatic install, at 2:00 am
    3. Power up machines overnight on a schedule (via Wake on LAN scheduler or BIOS timer), at 1:50 am
    4. AD GPO, Computer policy: Scheduled task to run script every day with Local System user account at 1:55 am
    5. Script starts Windows Update service (net start wuauserv)
    6. Script waits about ten minutes for Windows Automatic Updates to start. (2:05 am)
    7. Poll Windows Update to check status. If busy with checking, downloading or installing, then wait another five minutes and repeat polling task.
    8. If Windows Update is found to be idle, check if Restart required. If yes, schedule a one-time startup task to restart this script, and reboot the system. On system restart, this script is run again, Windows Update service starts, and updates may continue to install if required.
    9. If Windows Update is found to be idle, and no restart is needed, defrag all local hard drives, and then shut down the system.

    ,

    It seems simple enough, but I don't see how to read the state of the Windows Update API when it is doing scheduled automatic updates.

    It seems possible to try to grep the current status / progress out of the WindowsUpdate.log, but that looks like an extremely painful roll-your-own solution, and I've not found a script yet that's already capable of reading the logfile to get the current state of the Windows Update service.




    Tuesday, March 25, 2014 11:58 AM

All replies

  • So what's your question?

    -- Bill Stewart [Bill_Stewart]

    Tuesday, March 25, 2014 2:18 PM
    Moderator
    • Is there a (scripted) way to find out if scheduled Automatic Updates are idle or in progress (checking, downloading, installing)?

    • If scheduled Automatic Updates are done (or idle, no updates needed), is there a (scripted) way to find out if a reboot is needed to finish updating?




    Tuesday, March 25, 2014 2:23 PM
  • I don't have a full answer for you but at least some of it is possible, see this blog post on the scripting guy site: http://blogs.technet.com/b/heyscriptingguy/archive/2013/02/20/use-powershell-to-find-servers-that-need-a-reboot.aspx

    This codeplex project might also be of use (linked on the comments in the blog post): http://gallery.technet.microsoft.com/scriptcenter/Get-PendingReboot-Query-bdb79542

    Tuesday, March 25, 2014 2:39 PM
  • Thanks, I will look these over.

    Though detecting if the scheduled automatic updates are in progress is also very important.

    Tuesday, March 25, 2014 2:52 PM
  • Documentation is here:

    Windows Update Agent Object Model

    If the status you're looking for is not available via the object model, you're probably out of luck.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, March 25, 2014 4:07 PM
    Moderator
  • Please do not mark this question as answered until someone actually replies with a solution. If that means leaving this question open for months, fine with me. If someone tries to mark this discussion as answered before that happens, I will reopen it.

    I know people love to quickly mark posts as answered on the Microsoft forums, even if an issue is not fully resolved, or has no (currently known) resolution, as if it is a managerial requirement to do so.

    Thursday, March 27, 2014 3:27 PM
  • Please do not mark this question as answered until someone actually replies with a solution. If that means leaving this question open for months, fine with me. If someone tries to mark this discussion as answered before that happens, I will reopen it.

    I know people love to quickly mark posts as answered on the Microsoft forums, even if an issue is not fully resolved, or has no (currently known) resolution, as if it is a managerial requirement to do so.

    It is.

    If you don't want an answer marked, change this thread type to discussion.

    Also, I'll ask the same question that's already been asked. What's your specific scripting question?


    Don't retire TechNet! - (Don't give up yet - 12,700+ strong and growing)

    Thursday, March 27, 2014 3:39 PM
  • All of your requests are controlled by Group Policy.  They cannot be managed by a script.

    This question should be moved to the Group Policy forum.


    ¯\_(ツ)_/¯

    Thursday, March 27, 2014 4:28 PM
  • The unanswered question that remains is:

    • Is there a (scripted) way to find out if scheduled Automatic Updates are idle or in progress (checking, downloading, installing)?

    ,

    And by scripted, I mean any sort of programmed query, whether a Microsoft API, WMIC, COM, some other mechanism.

    ,

    The worse-case scenario will be to find a way to actively monitor the C:\windows\WindowsUpdate.log while it is being written by the update agent, and scan for keywords in the log. I don't know of any code to do this, but in general, I can see what it would have to look for.

    2014-03-25 12:42:02:447 1168 fec AU ## START ##  AU: Search for updates

    2014-03-25 18:03:18:547 1168 600 AU ##  END  ##  AU: Download updates

    2014-03-23 21:00:08:410 1168 1944 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]

    2014-03-23 21:00:08:429 1168 610 AU ##  END  ##  AU: Search for updates [CallId = {F5268308-5645-486F-9614-7E948C0BBD01}]

    (etc)

    The actual order and syntax of these log entries to be monitored, is currently unknown to me.


    Thursday, March 27, 2014 4:49 PM
  • Currently there is no active way to know if WU is running.  The log can show an end to the session and another one can immediately begin.

    We use GP to manage when updates are applied.  It also determines what to do if a user is  logged in.  If a user is active the update will automatically postpone for a predetermined time.  This can only be set correctly via Group Policy.

    There is no API outside of the WU COM object.  The low level API is only accessible from C++ or, with much pain, from C#.  THe lowlevel API has no facility for monitoring WU that I have ever seen.


    ¯\_(ツ)_/¯

    Thursday, March 27, 2014 4:56 PM
  • Thursday, March 27, 2014 4:57 PM
  • Just because YOU, as a self-proclaimed "expert" do not know of an answer that can be found within 72 hrs, does not mean it cannot be solved. It just demonstrates your own hubris and egotism.

    An answer might still be found by others who have not seen this post yet.

    Thursday, March 27, 2014 5:08 PM
  • Your original post is a specification for a custom Windows update application and is not really a scripting question. There are probably a number of third-party tools that can meet (at least some of) your requirements.


    -- Bill Stewart [Bill_Stewart]

    Thursday, March 27, 2014 5:08 PM
    Moderator
  • Just because YOU, as a self-proclaimed "expert" do not know of an answer that can be found within 72 hrs, does not mean it cannot be solved. It just demonstrates your own hubris and egotism.

    An answer might still be found by others who have not seen this post yet.

    I have worked with this PI as have many others here.  This question has come up dozens of times over the years.  The answer is always the same.

    You can parse the log but it will not tell you if another task is ready or will be fired.   Th scheduled task will be explicit.  Yo can use that but it will still not allow you to do what you ask.  GP will give you what you want.

    Why are you so stubbornly refusing to use GP?  That doesn't make any sense.


    ¯\_(ツ)_/¯

    Thursday, March 27, 2014 5:14 PM
  • I agree with Bill.  This is someone who is not a system programmer or technician trying to get free consulting.  Unfortunately no one here is willing to do the work. It is a pretty big shopping list.

    I recommend hiring a system consultant with goo low level programming experience.


    ¯\_(ツ)_/¯

    Thursday, March 27, 2014 5:17 PM
  • Well just leave this open, and perhaps in the next year someone who is not you will have found an answer.

    The one providing the answer might end up being me, if I suffer through figuring out the syntax for that log file.

    ,

    Looking more at that WindowsUpdate.log, I see the following obvious end markers and time breaks:

    2014-03-23 14:58:25:811 1168 1658 Report CWERReporter finishing event handling. (00000000)

    2014-03-23 20:59:29:914 1168 fec AU #############

    (6 hrs passed, no further log entries)

    ,

    2014-03-23 21:00:08:430 1168 1944 Report CWERReporter finishing event handling. (00000000)
    2014-03-24 08:29:36:502 1168 fec AU AU setting next sqm report timeout to 2014-03-25 13:29:36

    (12 hrs passed, between further log entries)

    ,

    2014-03-24 10:11:05:281 1168 9bc Report CWERReporter finishing event handling. (00000000)
    2014-03-24 11:28:29:074 1168 7a0 Report CWERReporter finishing event handling. (00000000)

    (1 hr 17 min passed, between further log entries)

    ,

    Hmmmmmm, so apparently something like this might work?

    If the last event written to WindowsUpdate.log contains "Report CWERReporter finishing event handling", and the log file has stayed idle and untouched for more than 15 minutes, then issue "NET STOP WUAUSERV" to halt any more events from firing, and scan the log backwards to see what happened.

    I'll have to research some more, since apparently no one else has ever done this.


    Thursday, March 27, 2014 5:36 PM
  • I really hate it when someone is so stubborn that they will not take any advice from anyone not matter how experienced just because they think they know something.  Even providing the detailed API won't convince this guy.

    By the way.  Simple eyeballing will tell a tech that the log is a simple space delimited log file with leadin datetime plus process and msg codes

    We have all parsed this file before.  LogParser 2 is exspecially good at parsing and querying to WU log.

    session ->>>end session

    In a session ther can be a very long wait for some installs.  Net Framework can take hours on a busy system.


    ¯\_(ツ)_/¯

    Thursday, March 27, 2014 5:42 PM
  • Well just leave this open

    I'm not sure there's really a point to not marking an answer if one isn't forthcoming (at least in the short term). If you're able to figure it out (or you find something that tells you the answer), you can mark it as the answer.


    -- Bill Stewart [Bill_Stewart]

    Thursday, March 27, 2014 6:35 PM
    Moderator
  • As a moderator, I don't see your reasoning for gaming a forum mechanism that is intended to help site visitors find solutions to problems.

    Are you penalized as a moderator if you have too many unanswered questions open in "your" forum for too long? Do you get demerits for it? They take away your gold ranking?

    If you cannot tolerate this not being marked as answered when it is not, then switch it to a discussion, because any other choice is basically lying to the other people that are coming here looking for answers, that you are supposed to be helping.

    Thursday, March 27, 2014 6:49 PM
  • The question has been answered, a number of different ways.

    Experts have already answered this question in the past the same way.  Nothing has changed with the API so nothing would have changed with the answer.  The link to the API has been posted so you can look and see for yourself.  

    Perhaps there are 'hacks' you can perform to determine if the WUA is not active, but those have already been pointed out as unreliable.  An alternative, free method to meet those of your needs that can be has already been proposed.

    I'm sure the moderator's intent to close the unanswered question is to prevent people from uselessly spending time beating a dead horse that could be better spent solving problems that can be solved.


    I hope this post has helped!

    Thursday, March 27, 2014 7:38 PM
  • Not liking the answer doesn't mean it's not an answer.

    Just a reminder that this forum is a free peer-to-peer forum with volunteer participants and as such there is no service-level agreement that guarantees that anyone will furnish you with a solution.


    -- Bill Stewart [Bill_Stewart]

    Thursday, March 27, 2014 7:44 PM
    Moderator
  • Your original post is a specification for a custom Windows update application and is not really a scripting question.

    Actually, no. I can already do steps 1-6 using group policy management, and it works, as far as that goes. Step 7 is the main problem. I would post screenshots of what I've been doing, but this thread has become so hostile, that I don't see the point of bothering.


    Thursday, March 27, 2014 10:07 PM
  • Step 7 may be more complex than you think, as already noted by the responses. What you are asking isn't really trivial and is really outside the scope of this forum. If you want to design your own customized updating system based on Windows update you are of course free to do so. There isn't any point in being upset about the fact that others don't see the value in contributing to your project. The help here is free, after all.

    If you really need more control over updates, I would recommend not reinventing the wheel and exploring commercial alternatives. Either that or train your users to deal with the needed reboots. Sorry we can't be of more help.


    -- Bill Stewart [Bill_Stewart]

    Friday, March 28, 2014 2:49 PM
    Moderator
  • Your logic is flawed, BTW. If the Windows Update service is offline for most of the day, it won't have checked and downloaded pending updates. The Group Policy scheduled time is only for installation (the time it actually checks is randomised during the day to balance load) and you will in all likelihood not be giving the service time to actually go off and do a check.

    If the goal is just to have the machines powered off for most of the night, why not just have a script that wakes them up for say half an hour, around the time of the scheduled installation of updates and defrag the disks. If the update is in progress when shutdown is triggered, Windows will gracefully complete the installation as part of the shutdown process.

    Friday, March 28, 2014 3:05 PM
  • Reboots can be very narrowly and granularly controlled with Group Policy.  We have been using this for years.  I have never found a problem outside of companies that cannot make decent policy decisions.

    There may be one or two systems that can never be updated while in production.  These will need custom handling.  We have handled them manually and, at times, with a simple script that takes the server out of production and forces the updates.  We can do this with WSUS because WSUS can give us the status of the server as far as compliance goes. THis script is specific to the production needs of the resources on the server.  THis is the pice you have to write. No one can do this for you.


    ¯\_(ツ)_/¯

    Friday, March 28, 2014 3:08 PM
  • LogParser looks interesting, but I'd prefer a solution that doesn't involve installing more software on all clients. Powershell is present, so might as well use that.

    ,

    I suspect the following pounds the system rather hard. But hey, I'm not the one who lets log files grow to 25+ megs. And it is the middle of the night anyway, so, eh.  Apparently Microsoft does not believe in logrotate, as it wasn't invented there.

    Import-csv C:\windows\windowsupdate.log -Delimiter "`t" `
       -header "Date", "Time", "Code1", "Code2", "Action", `
       "Description" | select -Skip 16000 | Where-Object `
       {$_.Action -eq "AU"}


    Where does the Skip come from? Well...

    # To ignore all prior log entries,
    # get number of lines before starting service:
    $WULogStart = (get-content $WULog).count
    
    # Start windows update service
    net start wuauserv
    

    Working on it.

    How to read the Windowsupdate.log file

    Article ID: 902093

    http://support.microsoft.com/kb/902093/en-us

    Friday, March 28, 2014 3:34 PM
  • Well thanks, your insight into AU is very helpful. So start the service and tell AU to check now.

    # Manually start service
    net start wuauserv
    
    # Give service time to start
    start-sleep -second 60
    
    # Force AU to check for updates now
    wuauclt.exe /detectnow
    
    # Wait for check to begin
    start-sleep -Second 300
    
    
    Loop ... start watching logfile for 5-10 minutes of idle, check what it's been doing, whether done or busy. If busy, keep watching.

    Friday, March 28, 2014 4:01 PM
  • Here is where it help to do a little training on PowerShell before trying to use it:

    In PowerShell:
    Start-Service wuaserv

    This does not return until the service has successfully started.

    Wuauclt cannot be waited on.

    Get-Content -tail1 will get the last new line in the file and you can test it.

    Get-COntent windoslog.log -wait -tail


    ¯\_(ツ)_/¯


    • Edited by jrv Friday, March 28, 2014 4:22 PM
    Friday, March 28, 2014 4:22 PM
  • Sorry mis-typed:

    Get-Content windowupdatelog.log -tail 1 -wait | Select-String "end of session"


    ¯\_(ツ)_/¯


    • Edited by jrv Friday, March 28, 2014 4:25 PM
    Friday, March 28, 2014 4:24 PM
  • You will need to check if a reboot is needed, reboot and run it all again until no more updates are pending.  This can occur many, many times. It can take an hours or more to complete in some cases.  Most of the time it finishes in a single session in less than 30 minutes.


    ¯\_(ツ)_/¯

    Friday, March 28, 2014 4:28 PM
  • Hmm, that one-line get-content command looks a little shorter than the looping pseudocode I've been working on hacking into the proper PS syntax.

    $debug = True
    $WULog = "C:\windows\windowsupdate.log"
    
    # (via GP, WUAUSERV set to Manual start, stop if running)
    # (via GP, run this PS script via scheduled task as SYSTEM)
    
    If ($debug)
    {
        "Stopping wuauserv for debug testing..."
        net stop wuauserv
    }
    
    # To ignore all prior log entries,
    # get number of lines before starting service:
    $WULog_Start = (get-content $WULog).count
    
    # Start windows update service
    net start wuauserv
    
    # Wait for service to do background stuff
    start-sleep -Second 60
    
    # Force automatic update check
    wuauclt.exe /detectnow
    
    # Wait for 5 minutes updates to begin, if any
    If ($debug)
        {start-sleep -Second 30}
    Else
        {start-sleep -Second 300}
    
    # Loop: Checking if AU agent is done or didn't run)
    $WULog_prev = $WULog_Start
    $AU_done = False
    Do {
        "Checking if AU Agent running yet."
    
        # Loop: Wait for log to become idle for more than ten minutes
        $Exit_Loop = False
        Do {
            $wulog_current= (get-content $WULog).count
            If ($wulog_current -eq $wulog_prev)
            {
                $Exit_loop=True
                "Log has been idle."
            }
            else
            {
                $wulog_prev = $wulog_current
                If ($debug)
                    {start-sleep -Second 60}
                Else
                    {start-sleep -Second 600}
                "Log isn't idle yet."
            }
        } Until ($Exit_loop)
    
        # So the log has been idle, what has it been up to?
        $Logged_data = get-content $WULog | select -Skip $WULog_Start
    
        "Something goes here."
    
        $AU_done = True
    } Until ($AU_done -eq True)
    
    # More stuff goes here

    Your eyes! They bleed!

    But oh well. I can program AutoIT, Second Life LSL, MS QB 4.5, so I should be able to figure this out too, if no one else will.

    Friday, March 28, 2014 4:46 PM
  • start-service wuauserv
    wuauclt.exe /detectnow
    Get-Content <wUlog> -tail 1 -wait | 
    ForEach{
    if($_|Select-String 'end of session'){break}
    } Write-Host 'We are here so the trigger line has been found'

    PowerShell is much easier to use if you just look at the steps. It does all of that linear stuff for you. That is why we use PowerShell and Group Policy.


    ¯\_(ツ)_/¯




    • Edited by jrv Friday, March 28, 2014 5:26 PM
    Friday, March 28, 2014 5:22 PM
  • Ahahaha, the know-nothing Microsoft moderators are the most egotistical of all. The answer to this question is literally a one-liner in Powershell:

    new-object -com Microsoft.update.Installer | ft isBusy

    Why are you people so deathly afraid of APIs? All he wanted to know is if it was busy, and WuApi provides the exact response to his question, without having to parse logs or anything insanely overkill like that.

    Thursday, November 1, 2018 3:31 AM
  • It's hilarious that this was written as a Consultant/Partner answer, when there has been a way to know since a least Win7. (Not sure if it works in Vista, don't care.)

    new-object -com Microsoft.update.Installer | ft isBusy

    I have no idea why people are so afraid of COM APIs that they'll go to any effort to skim logs and other crazy workarounds to avoid a one-line powershell command. Surprise, COM is more than just C++!

    Thursday, November 1, 2018 3:37 AM
  • 1) The IsBusy method is documented as follows:

    Gets a Boolean value that indicates whether an installation or uninstallation is in progress on a computer at a specific time.

    That may or may not be sufficient for what the OP was asking.

    2) I linked directly to the documentation in my second response in the thread, noting that "If the status you're looking for is not available via the object model, you're probably out of luck." (Note that the IsBusy method is right there with the other documentation.)

    I think we can close this thread, as I doubt any further posts will be helpful or illuminating.


    -- Bill Stewart [Bill_Stewart]

    Thursday, November 1, 2018 8:47 PM
    Moderator