none
WSUS Server Cleanup Wizard not working as expected RRS feed

  • Question

  • I'm experiencing a strange behaviour on a WSUS 3 server.

    I read a lot of docs about the Server Cleanup Wizard, but I can't cleanup some already downloaded updates files.

    We approved (and downloaded) some Visual Studio 2008 updates in the past; these updates were 100% installed.
    Now we upgraded to Visual Studio 2010, so I'd like to purge VS2008 update files since they're not needed anymore.
    Well, I declined all of them (taking note of their filenames), then run the Server Cleanup Wizard.

    When the wizard completes VS2008 updates still appear into updates list (as declined, and that's OK), but their content files are still there into WsusContent folder.

    What's going wrong?

    PS: following is an example of an undeleted update
    KB971092 - Security Update For Microsoft Visual Studio 2008 SP1
    update filename .../WsusContent/39/2B405E4704121D10A91374905E64A76EEA5B5239.exe

    Tuesday, September 6, 2011 8:51 AM

Answers

  • Problem SOLVED!

    After a reboot of the WSUS server, all the orphaned files disappeared and the size of Content folder decreased from 9 to 5Gb.

    Content folder ACL was the culprit.

    Thanks again for your help.

     


    Wednesday, September 7, 2011 8:14 AM

All replies

  • Do you have any downstream WSUS servers?

    How long after declining the updates did you run the Server Cleanup Wizard?

    Did you try running the Server Cleanup Wizard a second time?


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Tuesday, September 6, 2011 12:41 PM
    Moderator
  • Hi, thanks for your prompt reply.
    As for your questions:

    > Do you have any downstream WSUS servers?
    NO, single server on Windows Server 2008 R2

    > How long after declining the updates did you run the Server Cleanup Wizard?
    Immediately after the decline, then after 30 minutes and again now (just before this reply)

    > Did you try running the Server Cleanup Wizard a second time?
    YES

    Just double checked: the update is marked as declined and its update file is still there.




    • Edited by nicorac Tuesday, September 6, 2011 3:23 PM
    Tuesday, September 6, 2011 3:22 PM
  • Just double checked: the update is marked as declined and its update file is still there.



    This is definitely unusual and unexpected.

    It's possible that the WSUS server thinks the file has already been deleted, and isn't targeting it for a deletion. What does the console update list show as the "File Status" for that update?

    It's possible the ACLs on the file are incorrect and the SCW cannot delete the file. Check the ACLs on the
    ~\WSUSContent folder and verify that SYSTEM, NETWORK SERVICE, Administrators, and WSUS Administrators all have "Full Control" and it is fully inherited downstream, and that the Users group has Read, Read & Execute and List Folder Contents, and those are fully inherited.

    You can manually delete the file if you wish.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Tuesday, September 6, 2011 4:57 PM
    Moderator
  • Lawrence, thanks for your help.

    The "File Status" says "Ready for installation (files not downloaded)", which seems wrong: how could they be ready if not downloaded?

    More other updates have the same file status (I checked at least five into the Declined updates list), so I'd like to avoid a manual deletion.

    ACLs on Wsus Content files is:
    SYSTEM: Full
    Administrators: Full
    Users: Read, Read & Execute, List Folder Content

    "NETWORK SERVICE" and "WSUS Administrators" ACLs were missing, now fixed.

    I retried the cleanup wizard, unsuccessfully.

    Is there a way to tell WSUS to re-check if update files exist?

    Otherwise I'll extract a list of all file names that should be deleted with a SQL query, then delete them in a batch file... can you give me a hint?


    • Edited by nicorac Wednesday, September 7, 2011 7:31 AM
    Wednesday, September 7, 2011 7:30 AM
  • Problem SOLVED!

    After a reboot of the WSUS server, all the orphaned files disappeared and the size of Content folder decreased from 9 to 5Gb.

    Content folder ACL was the culprit.

    Thanks again for your help.

     


    Wednesday, September 7, 2011 8:14 AM
  • The "File Status" says "Ready for installation (files not downloaded)"
    That's why the SCW didn't delete it; it doesn't know the file is there.  As you now know it's because the ACLs were incorrect, and the files were not visible to WSUS.
    which seems wrong: how could they be ready if not downloaded?
    Yeah, one of a couple annoying UI quirks in the console.
    Is there a way to tell WSUS to re-check if update files exist?
    wsusutil reset will reconcile the list of Approved updates against what is in the content store and queue a download request to BITS for any files that are missing.
    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2011)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    My Blog: http://onsitechsolutions.spaces.live.com
    Wednesday, September 7, 2011 3:48 PM
    Moderator