none
Force a Wsus client to check for updates

    Question

  • Hi, we have a Wsus server and a GPO that forces all PCs and Servers to work with it.

    in the GPO, "configure automatic updates"  is configured to "notify for download and notify for install"
    and the "schedule install day" is tuesday.

    my question is, how do i make a certain cleint, download the updates (manually by command or something like that)
    and not wait for the scheduled time to come..

    Thanks
    Gil

    Wednesday, January 18, 2012 10:00 AM

Answers

  • Hi,

    Click Start -> Run. Then type wuauclt /detectnow. To refresh the client report on wsus use the parameter /reportnow.

    Kind regards,

    M. Hivner

    • Marked as answer by Gil Kremer Thursday, January 19, 2012 9:16 AM
    Wednesday, January 18, 2012 10:47 AM
  • Hi,

    the "schedule install day" is tuesday.

    Since you choose notify for download and notify for install,the above "schedule install day" doesn't actually function.

     "schedule install day" only functions when you choose the option 4 auto download and schedule the install.There is also a prompt in this GPO.

    As for your question,you choose "notify for download and notify for install",run wuauclt /detectnow will trigger the notification of downloading,and not wait until its detection cycle.

     

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Gil Kremer Thursday, January 19, 2012 9:16 AM
    Thursday, January 19, 2012 2:51 AM
    Moderator
  • in the GPO, "configure automatic updates"  is configured to "notify for download and notify for install"
    and the "schedule install day" is tuesday.

    These two values are inconsistent.

    If the Configure Automatic Updates policy is set to Option #2 (Notify for Download and Notify for Install), then the Scheduled Install Day and Scheduled Install Time are not used, and are ignored, and the client does NOT install updates at a scheduled event.

    my question is, how do i make a certain cleint, download the updates (manually by command or something like that)

    On Windows XP and Windows Server 2003, when a local administrator logs on, they will receive a NOTIFICATION that update(s) are available for download, and they should respond to that notification and initiate the download. They will receive a NOTIFICATION that the update(s) are available for installation, and they should respond to that notification and initiate the installation.

    On Windows Vista and later systems, any logged on user can go to Control Panel | Windows Update and initiate a download or installation if updates are available.

    and not wait for the scheduled time to come..

    To be sure, there is no scheduled event in the configuration you have described.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    • Marked as answer by Gil Kremer Sunday, January 22, 2012 7:22 AM
    Thursday, January 19, 2012 6:57 PM
    Moderator
  • Click Start -> Run. Then type wuauclt /detectnow.

    With the given configuration options, wuauclt /detectnow will not initiate a download, nor an installation.

    To refresh the client report on wsus use the parameter /reportnow.

    As noted several other times and several other places, the /reportnow parameter is only functional when the WUAgent has actual events pending upload to the ReportingEventWebService.

    At any other time this parameter does nothing. It does not refresh the client report on the WSUS server, unless there are events already completed and not yet reported.

    In any event, the parameter has absolutely nothing to do with downloading or installing updates on-demand.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    • Marked as answer by Gil Kremer Sunday, January 22, 2012 7:22 AM
    Thursday, January 19, 2012 7:00 PM
    Moderator
  • actually - our workstations are configured to "download and install" on a specific time.
    and our servers are configured to "notify..."

    so as i understand,  wuauclt /detectnow  is relavant for our workstations (to detect updates earlier than scheduled) but not to our servers - which are constantly updating on new updates given the "notify.." configuration. right? (btw, how often do they check updates to be notified via the Wsus server?

    The wuauclt /detectnow option initiates a detection on all systems, the behavioral differences are a function of the setting of the Configure Automatic Updates policy.

    If AUOption='4' (as you have for your workstations), the command will detect available updates, automatically queue updates for download via BITS, and automatically schedule those updates for installation at the configured time when the download has been successfully completed.

    If AUOption='3' (Notify for Install), the command will detect available updates, automatically queue updates for download via BITS, and then (on WinXP/2003) present a notification to any logged on Administrator inviting them to install the updates or (on Vista and later) present and enable the Install Updates button in the Control Panel WUApp for any user who is not restricted from installing updates.

    If AUOption='2' (Notify for Download), the command will detect available updates and (on WinXP/2003) present a notification to any logged on Administrator inviting them to download the updates or (on Vista and later) --- Hmm... actually, I've never personally see the WUApp on a machine configured with AUOption-'2'! --- but my expectation would be that the WUApp presents a "Download Now" button, rather than an "Install Now" button.

    By default, the WUAgent executes a detection 17.6-22.0 hours after the completion of the previous regular detection event. Using wuauclt /detectnow causes the previously scheduled detection to be 'rescheduled' 17.6-22.0 hours after the completion of the on-demand event. The detection interval can be configured in policy to a shorter interval, but should be matched (logically) with your server synchronization event, and your approval processes. If your server is set to synchronize once-per-day, and your approval process is not a daily occurrence, there is NO value in setting the interval to a shorter value. If your server is set to synchronize more than once per day and you approve updates on a daily basis, there may be value in setting the detection interval to a shorter period, consistent with the server synchronization interval.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    • Marked as answer by Gil Kremer Thursday, January 26, 2012 9:09 AM
    Wednesday, January 25, 2012 3:44 AM
    Moderator
  • if you want it to do it by command - manually or scripted -  you can use the command line tool wuInstall (see http://www.wuinstall.com for details) - in combination with psexec you can also call it remotely
    • Edited by hs2n Friday, January 20, 2012 4:53 PM
    • Marked as answer by Gil Kremer Sunday, January 22, 2012 7:22 AM
    Friday, January 20, 2012 4:52 PM

All replies

  • Hi,

    Click Start -> Run. Then type wuauclt /detectnow. To refresh the client report on wsus use the parameter /reportnow.

    Kind regards,

    M. Hivner

    • Marked as answer by Gil Kremer Thursday, January 19, 2012 9:16 AM
    Wednesday, January 18, 2012 10:47 AM
  • Hi,

    the "schedule install day" is tuesday.

    Since you choose notify for download and notify for install,the above "schedule install day" doesn't actually function.

     "schedule install day" only functions when you choose the option 4 auto download and schedule the install.There is also a prompt in this GPO.

    As for your question,you choose "notify for download and notify for install",run wuauclt /detectnow will trigger the notification of downloading,and not wait until its detection cycle.

     

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Gil Kremer Thursday, January 19, 2012 9:16 AM
    Thursday, January 19, 2012 2:51 AM
    Moderator
  • in the GPO, "configure automatic updates"  is configured to "notify for download and notify for install"
    and the "schedule install day" is tuesday.

    These two values are inconsistent.

    If the Configure Automatic Updates policy is set to Option #2 (Notify for Download and Notify for Install), then the Scheduled Install Day and Scheduled Install Time are not used, and are ignored, and the client does NOT install updates at a scheduled event.

    my question is, how do i make a certain cleint, download the updates (manually by command or something like that)

    On Windows XP and Windows Server 2003, when a local administrator logs on, they will receive a NOTIFICATION that update(s) are available for download, and they should respond to that notification and initiate the download. They will receive a NOTIFICATION that the update(s) are available for installation, and they should respond to that notification and initiate the installation.

    On Windows Vista and later systems, any logged on user can go to Control Panel | Windows Update and initiate a download or installation if updates are available.

    and not wait for the scheduled time to come..

    To be sure, there is no scheduled event in the configuration you have described.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    • Marked as answer by Gil Kremer Sunday, January 22, 2012 7:22 AM
    Thursday, January 19, 2012 6:57 PM
    Moderator
  • Click Start -> Run. Then type wuauclt /detectnow.

    With the given configuration options, wuauclt /detectnow will not initiate a download, nor an installation.

    To refresh the client report on wsus use the parameter /reportnow.

    As noted several other times and several other places, the /reportnow parameter is only functional when the WUAgent has actual events pending upload to the ReportingEventWebService.

    At any other time this parameter does nothing. It does not refresh the client report on the WSUS server, unless there are events already completed and not yet reported.

    In any event, the parameter has absolutely nothing to do with downloading or installing updates on-demand.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    • Marked as answer by Gil Kremer Sunday, January 22, 2012 7:22 AM
    Thursday, January 19, 2012 7:00 PM
    Moderator
  • if you want it to do it by command - manually or scripted -  you can use the command line tool wuInstall (see http://www.wuinstall.com for details) - in combination with psexec you can also call it remotely
    • Edited by hs2n Friday, January 20, 2012 4:53 PM
    • Marked as answer by Gil Kremer Sunday, January 22, 2012 7:22 AM
    Friday, January 20, 2012 4:52 PM
  • Thank you Guys, all of your answers have helped.

    actually - our workstations are configured to "download and install" on a specific time.
    and our servers are configured to "notify..."

    so as i understand,  wuauclt /detectnow  is relavant for our workstations (to detect updates earlier than scheduled)
    but not to our servers - which are constantly updating on new updates given the "notify.." configuration. right? (btw, how often do they check updates to be notified via the Wsus server?)

     

    Sunday, January 22, 2012 7:26 AM
  • actually - our workstations are configured to "download and install" on a specific time.
    and our servers are configured to "notify..."

    so as i understand,  wuauclt /detectnow  is relavant for our workstations (to detect updates earlier than scheduled) but not to our servers - which are constantly updating on new updates given the "notify.." configuration. right? (btw, how often do they check updates to be notified via the Wsus server?

    The wuauclt /detectnow option initiates a detection on all systems, the behavioral differences are a function of the setting of the Configure Automatic Updates policy.

    If AUOption='4' (as you have for your workstations), the command will detect available updates, automatically queue updates for download via BITS, and automatically schedule those updates for installation at the configured time when the download has been successfully completed.

    If AUOption='3' (Notify for Install), the command will detect available updates, automatically queue updates for download via BITS, and then (on WinXP/2003) present a notification to any logged on Administrator inviting them to install the updates or (on Vista and later) present and enable the Install Updates button in the Control Panel WUApp for any user who is not restricted from installing updates.

    If AUOption='2' (Notify for Download), the command will detect available updates and (on WinXP/2003) present a notification to any logged on Administrator inviting them to download the updates or (on Vista and later) --- Hmm... actually, I've never personally see the WUApp on a machine configured with AUOption-'2'! --- but my expectation would be that the WUApp presents a "Download Now" button, rather than an "Install Now" button.

    By default, the WUAgent executes a detection 17.6-22.0 hours after the completion of the previous regular detection event. Using wuauclt /detectnow causes the previously scheduled detection to be 'rescheduled' 17.6-22.0 hours after the completion of the on-demand event. The detection interval can be configured in policy to a shorter interval, but should be matched (logically) with your server synchronization event, and your approval processes. If your server is set to synchronize once-per-day, and your approval process is not a daily occurrence, there is NO value in setting the interval to a shorter value. If your server is set to synchronize more than once per day and you approve updates on a daily basis, there may be value in setting the detection interval to a shorter period, consistent with the server synchronization interval.


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    Principal/CTO, Onsite Technology Solutions, Houston, Texas
    Microsoft MVP - Software Distribution (2005-2012)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    • Marked as answer by Gil Kremer Thursday, January 26, 2012 9:09 AM
    Wednesday, January 25, 2012 3:44 AM
    Moderator
  • I was completely lost after installing a new W2K8 64 bit WSUS server here.  No updates ran for a month (don't tell our fed regulators...)  We have over 125 workstations/servers that would not connect.  After troubleshooting everything else, I finally ran the WSUS-KB2720211-x64 update, then fired off updates with wuauclt /detectnow....and everything is working.  !!!!!!!   :)

    Wednesday, April 10, 2013 9:42 PM
  • After troubleshooting everything else, I finally ran the WSUS-KB2720211-x64 update

    I just cannot say enough about ensuring that systems are fully and properly patched as the first step in troubleshooting any issue.

    Of course, this entire thread occurred in January, 2012, before Flame and before any of the WSUS updates ... so it's also true that whatever issue you encountered as a result of not installing KB2720211 was totally unrelated to anything else discussed in this thread. :-)


    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2013)
    My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Wednesday, May 29, 2013 5:08 PM
    Moderator
  • Or IOW to troubleshooting patching you first need to install a patch. Wonderful.
    Friday, January 17, 2014 3:30 PM
  • Or IOW to troubleshooting patching you first need to install a patch. Wonderful.

    No... that's NOT what I said.

    What I said was before trying to diagnose something perceived to be a "bug", make sure the "perceived bug" hasn't already been fixed by an update that has not been installed yet.

    Or, let me put this another way: It's a total and absolute waste of time to try to diagnose a defect on a system that's not been fully patched. Install the patches THEN diagnose (if still needed).

    But it is a somewhat sad state of affairs that patch administrators are oblivious to the fact that their patch management systems require an update -- even 20 months after the release of that update.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Friday, January 17, 2014 10:01 PM
    Moderator