Managing WSUS 3.0 SP2 on Windows Server
Managing WSUS 3.0 SP2 on Windows Server In this post we will see managing the WSUS Server, generating reports, we will also explore all the options in the WSUS console. In the previous post we saw the installation and configuration of WSUS 3.0 sp2 on windows server.
What exactly is WSUS synchronization – During synchronization, a WSUS server downloads updates (update metadata and files) from an update source. It also downloads any new product classifications and categories. When a WSUS server synchronizes for the first time, it downloads all of the updates that were specified in the synchronization options. After the first synchronization, a WSUS server downloads only updates from the update source, metadata revisions for existing updates, and expirations to updates.
On the WSUS Server, login with user account wsusadmin, Click Start, click All Programs, click Administrative Tools, and then click Windows Server Update Services.
On the left hand side of the console click on Synchronizations. This displays the number times the Synchronizations has been done ( manually / scheduled).
Right click on one of the Synchronization and click Synchronization Report.
Note : To view this report properly you will require Microsoft Report Viewer. The report generated is shown in the below screenshot. In the synchronization report, under the report options we see the start time and end time of synchronization, report created date and time and the server used for reporting data. Under synchronization summary we see that there are 472 new updates that have been synchronized.
Lets now move on to reports. We find lot of options related to reports which includes Update reports, Computer reports, Synchronization reports.
Update Status summary – This report shows the summary of update status displaying one page per update. The report information includes the update description, Product category, MSRC Severity Rating, MSRC Number.
Update Detailed Status – This report shows the summary of update status displaying update status of all computers for each update.
Update Tabular Status – This report shows the summary of update in tabular view. The report can be exported to a spreadsheet.
Update Tabular Status for Approved Updates – This report is similar to the Update Tabular Status, the update status is shown only for approved updates.
Computer Status Summary – This report shows the summary of computer status with one page per computer.
Computer Detailed Status – This report shows details of each computer’s status with update status for each update.
Computer Tabular Status – This report shows summary of computer update status in tabular view.
Computer Tabular Status for Approved Updates – This report shows summary of computer update status in tabular view for approved updates.
Synchronization Reports – This report shows the results of last synchronization. the report information includes start time and end time of synchronization, report created date and time and the server used for reporting data.
Click on Update status summary.
We see few options for New report type : Summary Report, Detailed Report, Tabular Report.
Set the report type to Summary Report. For Include updates for these products, click on any product and select windows 7. Now click on Run Report.
The summary report is now generated.
Lets move on and see the options in WSUS console. There are many options here and lets see one by one.
Update Proxy Source and Server – To synchronize the updates, we have to choose the upstream server. The updates can be synchronized from microsoft update or if there is any existing WSUS server, we can choose that WSUS server as our upstream server.
Products and Classifications – Includes the list of products for which updates are required and Classifications include types of updates.
Update files and Languages – Includes options to download the updates to local machine, download updates when approved and download the updates directly from Microsoft Update.
Synchronization Schedule – You can choose to synchronize the updates manually or you can select Synchronize automatically. You can set synchronizations per day to 24 and that’s the max value.
Automatic Approval – With this option you can specify to approve the updates in a particular classification, choose the product category and approve the update to computer group.
Computers – There are 2 options here.
Use the Update Services console – The new computers will be added to unassigned computers group.
Use Group Policy or registry settings on computer – You can use group policy/registry settings to classify or group the computers.
WSUS Server Cleanup Wizard – This wizard will clean up unused updates, computers that have not contacted wsus server for 30 days or more, unneeded update files, expired and superseded updates. Click Next.
Click finish to close the Wizard.
Email Notifications – The WSUS administrators can now get the notifications of new updates and status reports by configuring email notifications. You can generate the notifications and send it to recipients / group which includes WSUS administrators.
Under Email Server, specify the SMTP server IP, port number 25, under logon information check My SMTP server requires authentication. provide the user name and password. Click Test, if you receive the notification to the recipient address then you are configured it correctly. If you don’t get notification mail then check the SMTP server settings again.
Personalization – You can personalize the way the server information is displayed. The information can be computers and status info of all downstream servers or only the local server.
WSUS Server Configuration Wizard – If you want to reconfigure the above options you can choose to launch the WSUS server configuration wizard.
 Managing WSUS 3.0 SP2 from command line – You can use the wsusutil command-line utility that is provided with Windows Server Update Services (WSUS) 3.0 SP2 to manage WSUS. The wsusutil tool is located in the WSUSInstallDrive:WSUSInstallDirectoryTools folder on WSUS servers. More information on Managing WSUS 3.0 from command line can be found here.
We will not execute all the wsusutil options here, however we will see few important commands.
wsusutil.exe checkhealth – This command checks the health of the WSUS server. The health check is configured by wsusutil healthmonitoring. The results are written to the event logs.
Open the Event Viewer, under Server Roles, click Windows Server Update Services. Double click the first event, we see that the WSUS is working correctly.
wsusutil listinactiveapprovals – Returns a list of approved update titles that are in a permanently inactive state because of a change in server language settings. If you change language options on an upstream WSUS server, the number of approved updates on the upstream server may not match the number of approved updates on a replica server. You can use listinactiveapprovals to see a list of the updates on the parent upstream server that are permanently inactive. If you find any inactive approvals you can use wsusutil removeinactiveapprovals to remove the inactive approvals.
We will surely explore all the other wsusutil commands in the coming posts. In the next topic we will see more on Troubleshooting issue related to WSUS Server.
Prajwal I have a Windows 2016 WSUS server that is not a replica server. and that has successfully completed synchronizing from and an upstream server, but is not downloading the update files.
1) Should the WSUS Content files be deleted/removed and should the Windows Update service and/or BITs be stopped before running “wsusutil.exe reset” command?
2) We also have a number of WSUS servers that are not able to generate status reports using report viewer. The error from the console is that it is unable to access this file:
” C:\Program Files\Update Services\AdministrationSnapin\UpdatesStatusForComputer.rdlc”. The file is available and permissions are the same as permissions on servers that can access the file.
Any input would be greatly appreciated!
Thanks for your Post is very usefull, but i want make you a question, now i have a problem with some servers that have applied a GPO with setting “Configure Automatic Update ” with Option 2 – Notify for Download and auto install acording with GPO setting documentation say When Windows finds updates that apply to this computer, users will be notified that updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates.
but in some servers the updates is downloaded automatically and restart the server with out notifiy users and without his approve, and tis this is a problem for me because this servers are in a production enviroment and for restarts i have to schedule a maintenence window, maybe you know how i can change this
Hi
For WSUS configuration:
1. What is the use of SQL server , I heard its used for gettting update and keep all data at database, Is it right?
2. How to make connectivity with WSUS server , How to import data i mean updates get and keep database.
Kindly update me bro.
waiting for ur valuable reply
Regards
abdul
Is there a way to create a tabular report to list all the computers and the last time it has checked in with the WSUS server?
Thanks,
Steve
Hi,
Thanks for the reply. Yes, the management wants to know which user is attached/ logged to which computer
With WSUS the user information is not shown. Use PSTools to get the information about the user logged to the computer
Hi,
I would like to know if there is a way to generate report from WSUS where it can list out computer as well and which user is attached to it. Is thi spossible?
Thanks in advance
Naveen
Computer information can be generated in the WSUS report but not the user information. Windows updates pertain to computers and not the users logged on.. Any specific need for such report ?