none
Clear Declined Updates in WSUS 3.0 with SP1

    Question

  • Hi,

    We are using SCE 2007 with SP1 with WSUS 3.0 SP1 on same server. We use SCE 2007 to approve and decline updates. I run the " Server Cleanup Wizard" on WSUS console.

    I can still see 1800 updates which are already declined and are published from Aug 2008 to till date.

    Is there any way to delete this DECLINED updates from WSUS.

    Thanks for your time..

    -Tejas
    getting message " This resource can only be scheduled up to 31 days in advance."
    Tuesday, January 06, 2009 11:46 PM

Answers

  • To repeat what I fundamentally stated in the previous message: Update *listings* cannot be removed, only the content *files* are removable -- with the exception of removing a Language, which supports removing metadata for a Language no longer needed.

    The only way to remove updates in the update list is to reinstall WSUS (deleting the database), and reconfiguring WSUS to not use the products and/or classifications containing those updates (e.g. Office XP, Service Packs). Obviously there are other impacts of purging your existing WSUS databse to be considered as well.

    Perhaps, though, the easiest and best solution is this: DECLINE the updates. Since the Update view filters do not provide for viewing Declined and Not-Declined updates at the same time, this simple solution of Declining (thus "hiding" those updates from all of the listings of active updates), is easily and quickly obtainable.


    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Thursday, January 08, 2009 6:38 AM
    Moderator

All replies

  • Hi Tejas,

    You can download WSUS server diagnostic tool and run this command:

    wsusdebugtool.exe  /tool: purgeunneededfiles

    Microsoft Windows Server Update Services Tools and Utilities

    http://technet.microsoft.com/en-us/wsus/bb466192.aspx

    Wednesday, January 07, 2009 9:48 AM
    Moderator
  • Thanks Eric for your reply,

    I have downloaded and run WsusDebugTool.exe /tool:purgeunneededfiles and i got below messages..

    Running... PurgeUnneededFiles
    Starting a state machine reset...
    State machine reset completed...

    after this i go back to WSUS console and i still have same amount of declined updates..

    Any ideas..

    -Tejas
    getting message " This resource can only be scheduled up to 31 days in advance."
    Wednesday, January 07, 2009 3:31 PM
  • Unfortunately, Tejas, the WSUSDebugTool /Tool:PurgeUnneededFiles (a WSUS 2.0 tool) isn't capable of removing anything that wouldn't have already been removed by the WSUS 3 Server Cleanup Wizard.

    The question to be asked/answered is: Why aren't your declined updates (from Aug 2008 until now) being deleted.

    The correct answer to what is, I believe, your true question, that was unfortunately misinterpreted is this:
     
        DECLINED update listings will never be removed from the WSUS catalog, only the *content* in the filesystem can be deleted. The views in WSUS 3.0 are specifically designed to accomodate this scenario. You can either view Declined *only* updates, or you can view updates that are not declined. The only metadata listings that can be permanently removed from the system are for expired revisions, and those will only be removed if it has been more than 90 days since that revision was last in a state of "Approved".

    The specific details of how the Server Cleanup Wizard works can be found in the WSUS Operations Guide.

    With regard to your description: "SCE 2007 with SP1 with WSUS 3.0 SP1 on same server" -- WSUS is the core component of System Center Essentials. When SCE is installed, it installs its own custom-managed instance of WSUS, so I'm curious/confused by your characterization that you have WSUS installed with SCE. It's impossible to not have WSUS with SCE. Certainly, I hope, you don't mean that you have a *second* (independent) instance of WSUS installed on your SCE server (which is, interestingly enough, not impossible to do).
    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Wednesday, January 07, 2009 6:45 PM
    Moderator
  • I have a similar situation where I am trying to 'get rid' of Office Updates from my WSUS 3 SP1 server.  I have removed and updated the classification but the updates still appear in WSUS.  I followed a recommendation from another source which stated to decline all updates but I'm not sure what to do next so that I see the classifications I want to see.  Any help would be appreciated!
    Thursday, January 08, 2009 1:06 AM
  • To repeat what I fundamentally stated in the previous message: Update *listings* cannot be removed, only the content *files* are removable -- with the exception of removing a Language, which supports removing metadata for a Language no longer needed.

    The only way to remove updates in the update list is to reinstall WSUS (deleting the database), and reconfiguring WSUS to not use the products and/or classifications containing those updates (e.g. Office XP, Service Packs). Obviously there are other impacts of purging your existing WSUS databse to be considered as well.

    Perhaps, though, the easiest and best solution is this: DECLINE the updates. Since the Update view filters do not provide for viewing Declined and Not-Declined updates at the same time, this simple solution of Declining (thus "hiding" those updates from all of the listings of active updates), is easily and quickly obtainable.


    Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2009)
    Thursday, January 08, 2009 6:38 AM
    Moderator
  • i am completely agreed with lawrence and the logic behind not able to delete updates from the database which actually contains it is that if those of the updates get deleted from the database WSUS won't be able to know which updates have been superseeded and which update is a revision

    Lawrence i have a question isn't possible to delete the updates from wsus database if someone actually wants to  by using SQl server manger which is used to delete synchronization history

    Sunday, March 04, 2012 6:19 AM
  • I can still see 1800 updates which are already declined and are published from Aug 2008 to till date.
    Correct. This is expected behavior.
    Is there any way to delete this DECLINED updates from WSUS.
    No. The Server Cleanup Wizard does not delete Declined updates; it only deletes Expired updates or old revisions of current updates.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Monday, March 05, 2012 9:15 PM
    Moderator
  • You can download WSUS server diagnostic tool and run this command:

    wsusdebugtool.exe  /tool: purgeunneededfiles

    That tool will not do what the O.P. has described.

    Furthermore, that tool is deprecated and unsupported!, and should not be used with WSUS v3 systems, as all of the relevant functionalitiy is provided in the Server Cleanup Wizard (which is supported!).

    And all of that information is already contained in a post in this thread from 2009 (that you previously marked as an answer)!


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin



    Monday, March 05, 2012 9:16 PM
    Moderator
  • after this i go back to WSUS console and i still have same amount of declined updates..
    Correct. The Server Cleanup Wizard is the WSUS v3 (supported) implementation of the function in that CLI utility, which was originally designed (and not supported) in the API Samples and Tools Kit for WSUS v2. As noted, Declined Updates cannot be deleted from the WSUS server using any currently available tools. If you truly want to delete those updates (not recommended), you'll have to build a tool using the WSUS API, or find a tool that has implemented that capability.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Monday, March 05, 2012 9:19 PM
    Moderator
  • ...and the logic behind not able to delete updates from the database which actually contains it is that if those of the updates get deleted from the database WSUS won't be able to know which updates have been superseeded and which update is a revision

    Well, actually, I said nothing of the sort, nor is that logic correct. An update contains a fully self-contained list of the UpdateIDs that it supersedes. The Windows Update Agent evaluates that list of superseded updates to eliminate those updates from further consideration. Deleting a superseded update will not impact the ability of the WUAgent to know that -- not that it would matter anyway since the WUAgent doesn't even care about the superseded updates!

    Furthermore, the WUAgent knows which updates are revisions, because every UpdateID is appended with a sequential integer number representing the Revision Number. If the Revision Number associated with an update obtained from the WSUS server is higher than the Revision Number stored in the client cache of updates, then the older update is ignored and the current revision is automatically used.

    ...isn't possible to delete the updates from wsus database if someone actually wants to by using SQl server manger which is used to delete synchronization history

    Important point: I never said it was not possible to delete updates. I said it could not be done with the tools under discussion; or more specifically, that the tools under discussion could not delete declined updates.

    Updates can be deleted by building utility that calls the appropriate methods via the WSUS API (supported). There are 3rd party products available that provide this functionality.

    Theoretically updates can be deleted by removing rows from a table -- but unless you know the database schema and ALL of the references in the database that need to be removed to delete an update -- I promise you you'll mess something up and possibly leave the database in an unusuable, or unreliable, state. I do not discuss unsupported WSUS activities in this forum.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

    Monday, March 05, 2012 9:29 PM
    Moderator
  • This answer comes a little bit late, but other people may still stuble over this thread and might end up deleting the WSUS role from their Windows server and reinstalling the whole WSUS just to get rid of some updates, as some people suggested here. DO NOT DO THAT!

    I can still see 1800 updates which are already declined and are published from Aug 2008 to till date.

    Is there any way to delete this DECLINED updates from WSUS.

    Yes, deleting declined updates is possible, however not from the GUI. Instead you will have to resort to the API (refer to the DeleteUpdate method). To save you the hassle of writing a script yourself, you can for example use the PoshWSUS powershell script from http://poshwsus.codeplex.com . The script does not do much more than wrapping the respective API calls in powershell commands.

    1. Decline the updates that you want to delete in your WSUS console.
    2. Download the ZIP file from the website above and extract it.
    3. In the current version of the PoshWSUS script there seems to be a syntax error, at least with my WSUS version: To fix that, open the file Remove-WSUSUpdate.ps1 in a texteditor and change line 54 from $wsus.DeleteUpdate($guid, $True) to $wsus.DeleteUpdate($guid) so that it only has 1 parameter.
    4. Open a Powershell window (at least version 2) on a computer that is running the WSUS 3.0 Console
    5. Import the script: Import Module C:\Extracted\Path\PoshWSUS
    6. Connect to the website of WSUS: Connect-WSUSServer -WsusServer "yourhostname" -port "yourport". If successful, the command will print out the version of your WSUS.
    7. Nuke the updates that you want to get rid of: Remove-WSUSUpdate -Update "foo bar". This will delete all updates that have the string foo bar in their name. You will get a list of all deleted updates and they should disappear from WSUS afterwards. Note that only the metadata will be removed, not the installation files in the WsusContent folder.
    • Proposed as answer by welph Wednesday, April 18, 2012 3:09 PM
    Wednesday, April 18, 2012 3:09 PM
  • Just an FYI for anyone who is still struggling with this. A more simple way to achieve the same is by copying and pasting the following three lines into your powershell window: 

    [reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
     
    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
     
    $wsus.GetUpdates() | Where {$_.IsDeclined -eq $true} | ForEach-Object {$wsus.DeleteUpdate($_.Id.UpdateId.ToString()); Write-Host $_.Title removed }

    WSUS administration website has to be running for the second line to connect successfully to WSUS. 

    There are other ways to deal with this, as I outlined here http://www.flexecom.com/how-to-delete-driver-updates-from-wsus-3-0. Reinstalling WSUS will not solve the problem, at least not permanently, especially in distributed environments where you have upstream/downstream WSUS servers. 

    Hope this helps someone out there. 

    Cheers


    • Edited by Dennis Suhanovs Friday, March 07, 2014 6:32 PM removed last name
    Friday, March 07, 2014 6:31 PM