Scribd
Upload
230 views

Troubleshooting WSUS

This document provides steps to troubleshoot issues with Windows Server Update Services (WSUS) from both the client and server ends. From the client end, it recommends checking the WSUS service status, group policy settings, connectivity to the WSUS server, and logs. From the server end, it recommends checking the WSUS and IIS services, ports, firewall rules, and logs. It also provides links to helpful tools, such as one to reset the Windows Update agent and the WSUS Client Diagnostic Tool.

Uploaded by

anon_106304219
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
230 views

Troubleshooting WSUS

This document provides steps to troubleshoot issues with Windows Server Update Services (WSUS) from both the client and server ends. From the client end, it recommends checking the WSUS service status, group policy settings, connectivity to the WSUS server, and logs. From the server end, it recommends checking the WSUS and IIS services, ports, firewall rules, and logs. It also provides links to helpful tools, such as one to reset the Windows Update agent and the WSUS Client Diagnostic Tool.

Uploaded by

anon_106304219
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Troubleshooting WSUS

From Client End


1. Check whether the WSUS service in running status or not. Then Stop and restart WSUS service on WSUS client
PC.

2. Check whether the relevant group policy settings are applied or not.
Open cmd and run:

i. gpresult /r

1
Udara Kaushalya http://www.uktech.space/
ii. rsop.msc

iii. Check availability of registry entries.

HKLM->Software->Policies->Microsoft->Window->WindowsUpdate

2
Udara Kaushalya http://www.uktech.space/
3. Make sure he WSUS client can see the WSUS website by navigating to :
http://(Name Of WSUS Server):8530/Selfupdate/iuident.cab
and make sure open/download the file

4. Check Connectivity to WSUS Server(Telnet to WSUS Server)


telnet wsus.example.com 8530

5. View Proxy configuration on WSUS client


Open cmd and run :
i. netsh winhttp show proxy
ii. netsh winhttp import proxy source=ie

6. Open cmd and Run ‘wuauclt / detectnow’ command

7. Check WSUS log file in below path for errors


c:\windows\WindowsUpdate.log

8. Sometimes image a machine (or a clone a VM) keeps it’s unique update ID.
If this happens then the first machine with this ID to register gets listed, and all the rest do not. To find out if
this is the problem,
i. locate and stop the WSUS service on the affected client.
ii. Open Registry Editor and navigate to:
HKLM->Software->Microsoft->Windows->Current Version->WinowsUpdate
iii. Delete SusClientID entry.
iv. Restart WSUS service and run below commands.
Wuauclt /resetauthorization /detectnow
Wuauclt /reportnow

3
Udara Kaushalya http://www.uktech.space/
From Server End

9. Troubleshoot from WSUS Server end

i. Check WSUS Service.

In this instance the WSUS service is reporting as running. If it’s not you can run the ‘Restart-Service -
name WsusService’ to attempt to restart it. This service runs as the Network Service user by default.

ii. Check IIS Service


Additionally, we need to ensure that the W3SVC service is running which is IIS, as this is the service that
listens for incoming connections on TCP ports 8530 for HTTP and 8531 for HTTPS. This service runs as
the local system account by default.

iii. Check WSUS port listening


Use netstat command to confirm that the WSUS server is correctly listening for incoming traffic.

WSUS server is listening for connections on the correct ports does not mean that your client machines
are able to connect in. By default, Windows firewall will be running on the WSUS server, however when
you installed WSUS it would have automatically configured two inbound rules called “WSUS” that allow
both TCP 8530 and 8531 through, as shown below.
Check that these allowed inbound rules are still in place.

4
Udara Kaushalya http://www.uktech.space/
iv. Check log file
C:\Program Files\Update Services\LogFiles\ – This file contains information about things that have
changed in WSUS, it may be useful for seeing any recent changes that have taken place and caused the
problem you’re having.

Tools
1. Tool for reset Windows Update Agent is most useful tool to troubleshoot most of client end issues.
It can be downloaded from TechNet Gallery.
https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc

2. WSUS Client Diagnostic Tool


https://www.microsoft.com/en-us/download/confirmation.aspx?id=30827

5
Udara Kaushalya http://www.uktech.space/

You might also like