WSUS: Windows Update Server. Most common Problems. FAQ

by butsch 10. April 2014 00:42

Connect to SQL Internal WSUS Datbase on diffrrent OS:

Auf 2003:    \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query
Auf 2012R2: \\.\pipe\microsoft##WID\tsql\query

Missing "SelfUpdate" in Default Website when running WSUS under 8530


To make sure that the self-update tree is working correctly, first make sure that there is a Web site set up on port 80 of the WSUS server. You must have a Web site that is running on port 80, even if you put the WSUS Web site on a custom port. The Web site that is running on port 80 does not have to be dedicated to WSUS. WSUS uses the site on port 80 only to host the self-update tree. After verifying the Web site on port 80, you should run the WSUS script to guarantee a correct configuration of self-update on port 80. Open a Command prompt on the WSUS server and type the following:

cscript  WSUSInstallDirectory \setup\installselfupdateonport80.vbs (WSUSInstallDirectory is the directory in which WSUS is installed).

For more information about SelfUpdate, see Issues with Client Self-Update on Microsoft TechNet or download the Windows Server Update Services 3.0 SP2 Operations Guide from the Microsoft Download Center.


Sample from WSUS Server running under Server 2008R2 on Port 8530

Wrong WSUS:

Missing Virtual Directories under the "Default Web Site"



Fix the self-update virtual directory on port 80:

C:\>cd "Program Files"

C:\Program Files>cd "Update Services"

C:\Program Files\Update Services>cd setup

C:\Program Files\Update Services\setup>cscript installselfupdateonport80.vbs



Missing ASPNET_Client Folder in WSUS


Reset ASP-NET in IIS

Remove: aspnet_regiis –u

Install: aspnet_regiis -u

Make sure you install this Update for WSUS 3.0 SP2

An update for Windows Server Update Services 3.0 Service Pack 2 is available

  • Öffnen Sie cmd.exe im erhöhten Modus auf dem Windows-Client.
  • Geben Sie die folgenden Befehle ein.

    Net Stop wuauserv

    RD/s %windir%\softwaredistribution\

    Net start wuauserv

Check the WSUS Server with wsusutil.exe

C:\Program Files\Update Services\Tools>wsusutil.exe

Windows Server Update Services-Verwaltungsdienstprogramm. Versuchen Sie Folgendes:
        wsusutil.exe help checkhealth
        wsusutil.exe help configuressl
        wsusutil.exe help configuresslproxy
        wsusutil.exe help deletefrontendserver
        wsusutil.exe help listinactiveapprovals
        wsusutil.exe help removeinactiveapprovals
        wsusutil.exe help export
        wsusutil.exe help healthmonitoring
        wsusutil.exe help import
        wsusutil.exe help listfrontendservers
        wsusutil.exe help movecontent
        wsusutil.exe help reset
        wsusutil.exe help usecustomwebsite
        wsusutil.exe help listunreferencedpackagefolders

DB slow, unstable console, Check WSUS SQL Database (Internal)


WsusDBMaintenance.sql (4.64 kb)



sqlcmd -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i c:\edv\WsusDBMaintenance.sql

2012 R2 erscheint nicht im WSUS sondern unter 6.1


Installieren 2 Hotfixe auf 2003 R2 WSUS 3.0

  3. Cleanup SQL script laufen lassen (Achtung die Funktion COPY CODE nicht benutzen!)
  4. Cleanup Wizard im WSUS selber laufen lassen

Command Line Options fuer WSUS Client

The following are the command line for wuauclt.exe

Most used:

wuauclt.exe /reportnow

wuauclt.exe /reportnow /detectnow

wuauclt.exe /UpdateNow

wuauclt.exe /resetauthorization /detectnow



/a /ResetAuthorization

Initiates an asynchronous background search for applicable updates. If Automatic Updates is disabled, this option has no effect.

/r /ReportNow

Sends all queued reporting events to the server asynchronously.

/? /h /help

Shows this help information.

Client Version XP/W7:


2003R2 Server version:


Most of these options don't give any noticable response, but that may be because of the state of the service. The command 'wuauclt /ResetAuthorization /DetectNow' worked for me right away.


Batch to Reset WSUS client



net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow



Windows Update Client Stuck on Server




 Windows Update Client Stuck on Server

1) Als erstes wuauclt.exe /resetauthorization /detectnow

Reboot des Server und Kontrolle ob es schon geht.

2) Siehe

3) Loeschen der Registry Keys:

  • HKEY_LOCAL_MACHINE\COMPONENTS\AdvancedInstallersNeedResolving

4) Loeschen der Datei pending.xml in Ordner %systemroot%/winsxs


Missing or corrupt WSUS Console.


Check the File "wsus" in Profile:

C:\Dokumente und Einstellungen\admin.butsch\Anwendungsdaten\Microsoft\MMC





BATCH to Full reset alls WSUS clients components:


@echo off
@echo Please read:
@echo -----------------------------------------
@echo This totally resets all of your Windows Update Agent settings.
@echo Many times, the computer will do a full reset and will not be able to
@echo install updates for the rest of the day. This is so that the server
@echo does not get overutilized because of the reset.
@echo If you don't receive any updates after this script runs, please
@echo wait until tomorrow.
@echo Re-running this script will reset the PC again and it will have
@echo to wait again.
PING -n 1 -w 30000 >NUL
net stop bits
net stop wuauserv
regsvr32 /u wuaueng.dll /s
@echo Deleting AU cache...
del /f /s /q %windir%\SoftwareDistribution\*.* del /f /s /q %windir%\windowsupdate.log
@echo Registering DLLs...
regsvr32 wuaueng.dll /s
regsvr32.exe %windir%\system32\wups2.dll /s
regsvr32.exe %windir%\system32\wuaueng1.dll /s
regsvr32.exe %windir%\system32\wuaueng.dll /s
regsvr32.exe %windir%\system32\wuapi.dll /s
%windir%\system32\regsvr32.exe /s %windir%\system32\atl.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\jscript.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\msxml3.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\softpub.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuapi.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuaueng1.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wucltui.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wups.dll
%windir%\system32\regsvr32.exe /s %windir%\system32\wuweb.dll
@Cleaning registry...
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
net start bits
net start wuauserv
@echo Checking in...
@echo It's possible the server will not release the updates in
@echo just one session, so it's ok if this script does not immediately
@echo install updates.
@echo This is due to the full reset on this PC. Just let it be for a few
@echo hours and updates should resume as normal.
wuauclt.exe /resetauthorization /detectnow
PING -n 1 -w 30000 >NUL
@echo Script has completed. Please restart your PC.
PING -n 1 -w 30000 >NUL



Client Management | Hotfixes / Updates | Scripting | WSUS

HP biosconfigutility.exe and password in BIOS options, error 10

by butsch 22. April 2013 00:24
HP this is absolue confusing! Not all syntax provided in the "Biosconfigutlity.exe" seem to work in a certain order!

Here is the correct syntax and a working example under Windows PE 3.X 32BIT boot media:

Biosconfigutlity.exe /cspwd:"youroldbiospassword" /cspws:"yournewbiospassword"

And an example to renew the existing BIOS password and write new BIOS Setting in one command:

BiosConfigUtility.exe /cspwd:"youroldbiospassword" /nspwd:"yournewbiospassword" /set:"%cd:~0,3%bios\6300\settings\6300.txt"

  • %cd:~0,3% = Current Drive letter your batch is on
  • bios\6300\settings\6300.txt (The config file with the new bios settings in some file Directory structure bios\modelltype\settings\modelltypeconfigfile.txt (Just an example)
  • Yes, you have to mention the "-chars (Quotation marks)
  •  "IF" you provider a existing password (cspwd), AND it does not match, it will be overseen and the NEW password written (cspws)
  • The exact syntax and ORDER of the options have to be followed

Make sure you don't mess UP with this tool. On certain newer laptops if you mess UP the BIOS password you "Can't" reset it with a jumper. There are two way (Send device to HP or buy a unlock key from russia for USD50). A cutomer from us has tried and did not understand the tool correct.

 If you don't want plain text passwords in your scripts you may have to use "HPQPswd.exe" which makes a password.BIN file from your entrys with the password encrypted.



Client Management | Deployment | Frontrange Enteo V6/7 | Microsoft SCCM 2007 | Scripting

Internet Explorer 9 Setup Breaks Active Setup of further MSI Packages

by butsch 8. July 2012 22:32


Active Setup is used in Windows Installer technology to setup certain Registry or file changed to all users of a computer. If you have a shared computer with several different local users this method is used to apply a certain setting to all profiles that exist on the machine.

The Internet Explorer 9 setup uses Active Setup to Switch between two different versions of Internet Explorer. In this example from IE8 and IE9. This can only happen after the Reboot of the Internet Explorer Setup.

If a regular (Domain User) without Admin permissions does Logon after the Reboot the Active setup does not get handheld correct. This si not by design and is an error of the IE9 Setup (Also IEAK Version).

To fix this remove Following Registry Setting after the reboot and installion of Internet Explorer 9. We had this problem also under Germans Windows 64BIT with IEAK 9 Setup.

reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

 Frontrange/Enteo V7.1 Package (Exported and packed with 7ZIP)

{B090D188-091B-4470-95D4-A422E4991B49}.7z (2.90 kb)


Deployment | Frontrange Enteo V6/7 | Hotfixes / Updates | Scripting

Adobe Flash Player (10e) Deployment silent

by butsch 4. January 2012 00:08

Adobe Flash Player (10e) Deployment silent

Download Flash Player (EXE or MSI)

Download the Uninstaller fort the old version

Doku Adobe:


Sample of how to deploy it with batch only:
:: Butsch Informatik
:: --------------------------------------------------------------------------------------------------------
:: V1.1 16.02.2011 mms.cfg Korrektur auf aktuelle Version
:: V2.0 07.03.2011 M. Butsch, Flash March 2011 (Flash10n.ocx)
:: V2.1 23.03.2011 M. Butsch, Flash April 2011 (Flash10o.ocx),
:: V2.2 18.04.2011 M. Butsch, Flash April 2011 II (Flash10p.ocx)
:: V2.3 25.05.2011 M. Butsch, Flash Mai 2011 (flash10q.ocx)
:: V2.4 08.06.2011 M. Butsch, Flash Juni 2011 (flash10t.ocx)
:: V2.5 20.06.2011 M. Butsch, Flash Juni II 2011 (flash10t.ocx)
:: V2.6 18.08.2011 M. Butsch, Flash August 2011 (flash10v.ocx)
:: V2.7 22.09.2011 M. Butsch, Flash September 2011 (Flash10x.ocx)
:: V2.8 10.10.2011 M. Butsch, Flash Oktober 2011 (Flash11c.ocx)
:: v2.9 04.01.2011 M. Butsch, Flash Januar 2012 (Flash11e.ocx)
:: Kontrolliere ob Version_11.1.102.55 schon vorhanden
if exist "c:\WINDOWS\system32\Macromed\Flash\flash11e.ocx" goto vorhanden
:: Kopiere PSKILL ins Root
if not Exist c:\windows\system32\pskill.exe copy \\server\software$\adobe_flash\Version_11.1.102.55\pskill.exe c:\windows\system32 /y
:: Kill running PLUGIN Tasks
"c:\windows\system32\pskill.exe" firefox.exe
"c:\windows\system32\pskill.exe" iexplore.exe
"c:\windows\system32\pskill.exe" firefox
"c:\windows\system32\pskill.exe" iexplore
"c:\windows\system32\pskill.exe" firefoxportable
"c:\windows\system32\pskill.exe" firefoxportable.exe
"c:\windows\system32\pskill.exe" firefoxportabel
"c:\windows\system32\pskill.exe" firefoxportabel.exe
\\server\software$\adobe_flash\Version_11.1.102.55\uninstall_flash_player_32bit.exe -uninstall activex
\\server\software$\adobe_flash\Version_11.1.102.55\install_flash_player_11_active_x_32bit.exe -install
copy \\server\software$\adobe_flash\Version_11.1.102.55\mms.cfg c:\windows\system32\Macromed\Flash /y
if exist "c:\WINDOWS\system32\Macromed\Flash\flash11c.ocx" md \\server\logfiles$\adobe\flash11e\%computername%.FLASH11e.OK
if not exist "c:\WINDOWS\system32\Macromed\Flash\flash11e.ocx" md \\server\logfiles$\adobe\flash11e\NOT.OK.%computername%.FLASH11e.OK

mms.cfg (21.00 bytes)


Client Management | Deployment | Scripting

Powershell Links for Exchange 2007/2010

by butsch 25. October 2011 22:22

Hot wo automate a Powershell on Windows Server:

Free ActiveRoles Management Shell for Active Directory 32/64-bit from Quest:

How to load the Powershell Plugins into the Shell (As example Exchange and the Quest)

Add-PSSnapIn -Name Microsoft.Exchange.Management.PowerShell.Admin,Quest.ActiveRoles.ADManagement

Here is how to skip/catch the error if the SNAP in has laready been registered.


  1. #Load Exchange PS Snapin
  2. If (@(Get-PSSnapin -Registered | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.E2010"} ).count -eq 1) {
  3.     If (@(Get-PSSnapin | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.E2010"} ).count -eq 0) {
  4.          Write-Host "Loading Exchange Snapin Please Wait...."; Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010}
  5.          }
  7. #Load Exchange PS Snapin
  8. If (@(Get-PSSnapin -Registered | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.Admin"} ).count -eq 1){
  9.     If (@(Get-PSSnapin | Where-Object {$_.Name -eq "Microsoft.Exchange.Management.PowerShell.Admin"} ).count -eq 0) {
  10.         Write-Host "Loading Exchange Snapin Please Wait...."; Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin}
  11.         }


Removing mailbox export and import requests from command New-MailboxExportRequest -Mailbox $Identity -FilePath $pstshare$user".pst"


Exchange 2007 | Exchange 2010 | Scripting | Server 2008 R2