Disable the SSL warning in the To Do List

Many a times folks in WSUS newsgroup want to know if –


Is there a way to disable the SSL warning in the To-Do list in WSUSAdmin Console?


To Do List

 


WSUS has detected that you are not using Secure Sockets Layer (SSL). Microsoft recommends using SSL to secure administration and client to server communications for better security. For more information, see Using Secure Sockets Layer (SSL).
 
I used to answer that as – “That is not documented anywhere!!. We will have to live with that”. But, thanks to Josh (poster in NG) for this cheeky workaround.
 
WORKAROUND

Make a backup of “C:\program files\Update Services\administration\home\welcome.aspx” file.

Then open the file in notepad and find the last section at the bottom that starts like this:

<td id=”tskNotUsingSSL” class=”Tasks” style=”display: none;”>

Now you can’t delete that line, but delete everything between the <div> and </div> right below that line – Which means you have to delete the following text between <div> and </div>;


 <div>
          <a href=”” onclick=”ShowHelp(‘utilizing_SSL.htm’);return false;”
class=”B”><img src=”<%= Constants.VirtualRoot %>/Common/Images/Warning.gif”
align=”absmiddle” /><%= Resources.GetString(“L_HomeNotUsingSSLTitle_Text”)
%></a></br>
              <%=
String.Format(Resources.GetString(“L_HomeNotUsingSSLDescription_Text”),
              “<a href=\”\” onclick=\”ShowHelp(‘utilizing_SSL.htm ‘);return
false;\” class=\”Normal\”>” +
Resources.GetString(“L_HomeNotUsingSSLHelpLink_Text”) + “</a>”) %>
          <br />
      </div>



Save the file and Voila! Happy Patching :-).

Un-hide hidden updates

lf the logged in user is part of Local Administrators group, then he can use the custom install option to unselect the updates which will be eventually hidden. These updates will not be offered by the WUA at the next detection/scheduled installation time.


Scripting Guru Torgeir Bakken has posted an excellent .vbs script to unhide those hidden updates.


According to Torgeir Bakken (MVP)

If you are afraid that some users will hide some updates using the custom install option, here is a counter-measure you can use if the computers are in an Active Directory domain.

Use a script that unhides all hidden updates every time the computer starts up.


You could put the vbscript below in a computer startup script (with a GPO) that runs as part of the boot up process (before the user logs in).  It runs under the system context and has admin rights.


——————–8<———————-


On Error Resume Next
Dim oSearcher, oSearchResult, i, oUpdate


Set oSearcher = CreateObject(“Microsoft.Update.Searcher”)


‘ use locally cached information
oSearcher.Online = False


‘ find updates that are hidden
Set oSearchResult = oSearcher.Search(“IsHidden=1″)


If Err.Number = 0 Then
   If oSearchResult.Updates.Count > 0 Then
     For i = 0 to oSearchResult.Updates.Count – 1
       Set oUpdate = oSearchResult.Updates(i)
       ‘ unhide the update
       oUpdate.IsHidden = False
     Next
   End If
End If

‘——————–8<———————-


Tip:


IF you configure the deadline whilst approving an update then it will restrict local Administrator from being able to unselect or hide updates.

Windows Server Update Services add-ons — by Steven Manross

Steven Manross has created Windows Server Update Services add-ons in the form of an SQL stored procedure and .vbs / Perl scripts to determine if computers currently show as needing updates.


The SQL stored procedure (spSRMCountComputersNeedingUpdates.sql) is used in conjunction with the WSUSReport.vbs or (WSUSReport.pl) scripts to automatically notify an admin via email that there are computers needing Windows Security-related updates.


In step 1, let’s add the sql stored procedure on WSUS Database Server and in step 2 we will run the .vbs script scripts to automatically notify WSUS Administrator via email that there are computers needing updates.


SAMPLE OUTPUT AS SEEN IN EMAIL:


Subject: WSUS: There are computers needing updates


Type: Software KB Article: 816093 Bulletin: MS03-011
Title: 816093: Security Update Microsoft Virtual Machine (Microsoft VM)
Description: This update helps resolve a vulnerability in the Microsoft virtual machine. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.
More Information: http://go.microsoft.com/fwlink/?LinkId=14964
Server Name(s): computer1.domain.com,computer2.domain.com,computer3.domain.com


PRE-REQUISITES:


The .vbs code below requires Outlook CDO components to be installed or some other application that installs the CDO.Message object from the computer running WSUSReport.vbs.


STEP 1:


Let’s start by adding the following code as a stored procedure (spSRMCountComputersNeedingUpdates.sql);

  • In SQL Enterprise Manager under “instancename\Databases\SUSDB\Stored Procedures”.
  • Right click on the Stored Procedure – click on New Stored Procedure.
  • Paste the code below – click on Check Syntax and make sure it is successful.

spSRMCountComputersNeedingUpdates.sql:-




CREATE PROCEDURE [dbo].[spSRMCountComputersNeedingUpdates]  AS


declare @computersNeedingUpdates int
declare @updatesNeededByComputers int
  SELECT @computersNeedingUpdates = COUNT(DISTINCT(C.TargetID)),
         @updatesNeededByComputers = COUNT(DISTINCT(U.LocalUpdateID))
      FROM tbUpdate AS U
    INNER JOIN dbo.tbUpdateStatusPerComputer AS S WITH (INDEX (nc3UpdateStatusPerComputer)) ON U.UpdateID=S.UpdateID
    INNER JOIN dbo.tbComputerTarget AS C ON C.TargetID = S.TargetID
    WHERE S.SummarizationState IN (2,3,6)  
        AND EXISTS (SELECT * FROM dbo.tbDeployment AS D
                             INNER JOIN dbo.tbRevision AS Re ON Re.RevisionID=D.RevisionID
                             INNER JOIN dbo.tbTargetGroup AS tg ON tg.TargetGroupID = D.TargetGroupID
                             WHERE Re.LocalUpdateID=U.LocalUpdateID AND
                                   D.ActionID IN (0,2) AND
                                   tg.Name <> ‘All Computers’
                   )



select @computersNeedingUpdates as computersNeedingUpdates,@updatesNeededByComputers as updatesNeededByComputers


IF @computersNeedingUpdates > 0
  BEGIN


    SELECT U.LocalUpdateID,
      C.FullDomainName as FullDomainName
      FROM tbUpdate AS U
      INNER JOIN dbo.tbPreComputedLocalizedProperty AS PCLP  ON PCLP.UpdateID=U.UpdateID
      INNER JOIN dbo.tbLanguage as L on L.ShortLanguage = PCLP.ShortLanguage
      INNER JOIN dbo.tbLanguageInSubscription as LIS on LIS.LanguageID = L.LanguageID
      INNER JOIN dbo.tbUpdateType AS UT  ON UT.UpdateTypeID=U.UpdateTypeID
      INNER JOIN dbo.tbUpdateStatusPerComputer AS S ON U.UpdateID=S.UpdateID
      INNER JOIN dbo.tbComputerTarget AS C ON C.TargetID = S.TargetID
      INNER JOIN dbo.tbTargetInTargetGroup AS TITG ON TITG.TargetID = C.TargetID
      INNER JOIN dbo.tbTargetGroup AS TG ON TG.TargetGroupID = TITG.TargetGroupID
      INNER JOIN dbo.tbRevision AS Re ON Re.LocalUpdateID = U.LocalUpdateID
      LEFT JOIN dbo.tbKBArticleForRevision AS KB ON KB.RevisionID = RE.RevisionID
      LEFT JOIN dbo.tbSecurityBulletinForRevision AS SB ON SB.RevisionID = RE.RevisionID
      INNER JOIN dbo.tbMoreInfoURLForRevision AS MI ON MI.RevisionID = RE.RevisionID and MI.ShortLanguage = L.ShortLanguage
      WHERE S.SummarizationState IN (2,3,6)  AND
            EXISTS (SELECT * FROM dbo.tbDeployment AS D
                             INNER JOIN dbo.tbRevision AS Re ON Re.RevisionID=D.RevisionID
                             INNER JOIN dbo.tbTargetGroup AS tg ON tg.TargetGroupID = D.TargetGroupID
                             WHERE Re.LocalUpdateID=U.LocalUpdateID AND
                                   D.ActionID IN (0,2) AND
                                   tg.Name <> ‘All Computers’
                    )


    SELECT U.LocalUpdateID,
      UT.Name as UpdateTypeName,
      KB.KBArticleID,
      case when SB.SecurityBulletinID IS NULL Then ‘None’ Else convert(varchar(15),SB.SecurityBulletinID) End as SecurityBulletinID,
      MI.MoreInfoURL as MoreInfoURL,
      PCLP.Title as UpdateTitle,
      PCLP.Description as UpdateDescription
      FROM tbUpdate AS U
      INNER JOIN dbo.tbPreComputedLocalizedProperty AS PCLP  ON PCLP.UpdateID=U.UpdateID
      INNER JOIN dbo.tbLanguage as L on L.ShortLanguage = PCLP.ShortLanguage
      INNER JOIN dbo.tbLanguageInSubscription as LIS on LIS.LanguageID = L.LanguageID
      INNER JOIN dbo.tbUpdateType AS UT  ON UT.UpdateTypeID=U.UpdateTypeID
      INNER JOIN dbo.tbUpdateStatusPerComputer AS S ON U.UpdateID=S.UpdateID
      INNER JOIN dbo.tbComputerTarget AS C ON C.TargetID = S.TargetID
      INNER JOIN dbo.tbTargetInTargetGroup AS TITG ON TITG.TargetID = C.TargetID
      INNER JOIN dbo.tbTargetGroup AS TG ON TG.TargetGroupID = TITG.TargetGroupID
      INNER JOIN dbo.tbRevision AS Re ON Re.LocalUpdateID = U.LocalUpdateID
      LEFT JOIN dbo.tbKBArticleForRevision AS KB ON KB.RevisionID = RE.RevisionID
      LEFT JOIN dbo.tbSecurityBulletinForRevision AS SB ON SB.RevisionID = RE.RevisionID
      INNER JOIN dbo.tbMoreInfoURLForRevision AS MI ON MI.RevisionID = RE.RevisionID and MI.ShortLanguage = L.ShortLanguage
      WHERE S.SummarizationState IN (2,3,6)  AND
            EXISTS (SELECT * FROM dbo.tbDeployment AS D
                             INNER JOIN dbo.tbRevision AS Re ON Re.RevisionID=D.RevisionID
                             INNER JOIN dbo.tbTargetGroup AS tg ON tg.TargetGroupID = D.TargetGroupID
                             WHERE Re.LocalUpdateID=U.LocalUpdateID AND
                                   D.ActionID IN (0,2) AND
                                   tg.Name <> ‘All Computers’
                    )
    GROUP BY U.LocalUpdateID,UT.Name,KB.KBArticleID,SB.SecurityBulletinID,MI.MoreInfoURL,PCLP.Title,PCLP.Description



  END
–ENDIF
RETURN 1
GO




STEP 2:


Now save the following .vbs code as WSUSReport.vbs for computers needing updates using the stored procedure above. The following code requires Outlook CDO components to be installed or some other application that installs the CDO.Message object from the computer running WSUSReport.vbs.


WSUSReport.vbs:-




‘On Error Resume Next
Const adCmdStoredProc = 4
Const adUseClient = 3


‘Requires the Outlook CDO components to be installed or some other application that installs the CDO.Message object.


smtp_mail_from = “Some Friendly Name <someaddress@somesite.org>”
smtp_mail_to = “Recipient Name <
recipient@somesite.org>”
smtp_server = “somesmtpserver.somesite.org”
smtp_port = “25”


db = “SUSDB”
appname = “SUSDB Mailer”
db_server = “YOUR-DB-SERVER”


Set Conn = CreateObject(“ADODB.Connection”)
if Err.Number <> 0 Then
  WScript.Echo “Failed creating ADODB.Connection object -> ” & Err.Description
  WScript.Quit(0)
End If


Conn.ConnectionTimeout = 15
Conn.CursorLocation = adUseClient
Conn.Open = “DRIVER={SQL Server};SERVER=” & db_server & “;APP=” & appname & “;DATABASE=” & db & “;Trusted_Connection=yes;”


if Err.Number <> 0 Then
  WScript.Echo “Failed opening ADODB.Connection object with DB info-> ” & Err.Description
  WScript.Quit(0)
End If


Set Cmd = CreateObject(“ADODB.Command”)


if Err.Number <> 0 Then
  WScript.Echo “Failed creating ADODB.Command object -> ” & Err.Description
  WScript.Quit(0)
End If
Cmd.CommandText = “spSRMCountComputersNeedingUpdates”
Cmd.CommandType = adCmdStoredProc
Cmd.ActiveConnection = Conn


Cmd.Prepared = 1
Cmd.CommandTimeout = 15


Set RS = Cmd.Execute


if Err.Number <> 0 Then
  WScript.Echo “Failed opening ADODB.Recordset object for Command -> ” & Err.Description
  WScript.Quit(0)
End If


rs_count = RS.RecordCount


Dim string


string = “<HTML><BODY>” & vbCrlf


if RS.Fields(0) > 0 Then
  WScript.Echo “Count = ” & RS.Fields(0).Value
  Set RSUpdates = RS.NextRecordSet
  Set RSData = RS.NextRecordSet
Else
  WScript.Echo “No updates.  Quitting successfully”
  WScript.Quit(1)
End If


‘Loop through all the computers that need updates


  Dim Updates
  Dim Computers
 
  Dim vContainer
  ‘ Create the dictionary instances.
  Set Updates = CreateObject (“Scripting.Dictionary”)
  Updates.CompareMode = StringCompare


x = 0
while (RSUpdates.EOF <> True)
  if Not Updates.Exists(RSUpdates.Fields(“LocalUpdateID”).Value) Then
    Updates.Add RSUpdates.Fields(“LocalUpdateID”).Value, RSUpdates.Fields(“FullDomainName”).Value
  Else
    Updates.Item(RSUpdates.Fields(“LocalUpdateID”).Value) = Updates.Item(RSUpdates.Fields(“LocalUpdateID”).Value) & “,” & RSUpdates.Fields(“FullDomainName”).Value
  End If
 
  RSUpdates.MoveNext
Wend


while (RSData.EOF <> True)
  strUpdateID = RSData.Fields(“LocalUpdateID”).Value
  strSrv = Updates.Item(strUpdateID)
  strUpdateType = RSData.Fields(“UpdateTypeName”).Value
  strKBID = RSData.Fields(“KBArticleID”).Value
  strBulletinID = RSData.Fields(“SecurityBulletinID”).Value
  strInfoURL = RSData.Fields(“MoreInfoURL”).Value
  strUpdateTitle = RSData.Fields(“UpdateTitle”).Value
  strUpdateDesc = RSData.Fields(“UpdateDescription”).Value
  string = string & “<TABLE border = 1>” & vbCrlf & _
           “<TR><TD><b>Type:</B> ” & strUpdateType & “</TD><TD><B>KB Article:</B> ” & strKBID & “</TD><TD><B>Bulletin:</B> ” & strBulletinID & “</TD></TR>” & vbCrlf & _
           “<TR><TD colspan = 3><B>Title:</B> ” & strUpdateTitle & “</TD></TR>” & vbCrlf & _
           “<TR><TD colspan = 3><B>Description:</B> ” & strUpdateDesc & “</TD></TR>” & vbCrlf & _
           “<TR><TD colspan = 3><B>More Information:</B> <A href=” & strInfoURL & “>” & strInfoURL & “</A></TD></TR>” & vbCrlf & _
           “<TR><TD colspan = 3><B>Server Name(s):</B> ” & strSrv & “</TD></TR></TABLE>” & vbCrlf
  RSData.MoveNext
Wend
string = string & “</BODY></HTML>”


Set cdoMessage = CreateObject(“CDO.Message”)
cdoMessage.Subject = “WSUS: There are computers needing updates”
cdoMessage.From = smtp_mail_from
cdoMessage.To = smtp_mail_to
cdoMessage.HTMLBody = string


cdoMessage.Configuration.Fields.Item(“http://schemas.microsoft.com/cdo/configuration/sendusing“) = 2
cdoMessage.Configuration.Fields.Item(“
http://schemas.microsoft.com/cdo/configuration/smtpserver“) = smtp_server
cdoMessage.Configuration.Fields.Item(“
http://schemas.microsoft.com/cdo/configuration/smtpserverport“) = smtp_port
cdoMessage.Configuration.Fields.Update


cdoMessage.Send
If Err.Number = 0 Then
  WScript.Echo “Success”
  WScript.Quit(1)
Else
  WScript.Echo “Error sending CDO Message: ” & Err.Description
  WScript.Quit(0)
End If


MORE INFORMATION


Kudos to Steven – http://www.manross.net/links.html

WSUS SP1 Readme Updated!!

WSUS SP1 Readme is updated (on 21st June 2006) with known issues once you apply WSUS SP1.


Readme for WSUS Service Pack 1: This document describes known issues affecting Windows Server Update Services Service Pack 1 (WSUS SP1).


New Known Issues:


Issue 6: If you are using a proxy server, the SP1 upgrade may clear the proxy configuration username and password


Issue 7: How to recover from a failed upgrade to restore your WSUS server to a consistent state and then retry the upgrade.


Issue 8: WSUS SP1 upgrade can fail in some cases when the WMSDE database has been migrated


Issue 9: WSUS SP1 is not updating WSUS servers which are setup using remote SQL deployments


Issue 10: Changing the computer name prior to upgrading to WSUS SP1 can cause the upgrade to fail


Direct Link: http://download.microsoft.com/download/7/d/c/7dce8ed3-8d44-421f-902c-95391577ecb5/ReadMe.htm

WSUS SP1 Known Issues

Bobbie Harder (MSFT) has posted a list of Top known issues whilst upgrading WSUS to WSUS SP1 on microsoft.public.windows.server.update_services. These issues will be updated in a KB and in the online WSUS SP1 readme.


1.  If you are using a proxy server, in some cases the SP1 upgrade may clear the proxy configuration username and password.  This may cause synchronization of updates from Microsoft Servers to generate an “invalid parameter” error. To address this issue, reset the proxy configuration username and password and re-synchronize your server.


2. Remote SQL deployments: WSUS SP1 is not updating WSUS servers which are setup using remote SQL deployments.


Solution:


The WSUS with SP1 setup Package must be run on both the front end and back end servers.


·         Run the setup package on the front end with no switches and choose to upgrade


·         Run the setup package on the back end with no switches and choose to upgrade.


3. Changed Machine Name after RTM install prior to SP1 upgrade can cause the WSUS SP1 upgrade to fail.


Workaround:


Use the following script to remove and re-add the ASPNET and WSUS Administrators groups.  Then run the upgrade again.


osql.exe -S %computername%\WSUS -E -Q “USE SUSDB DECLARE @asplogin
varchar(200) SELECT @asplogin=name from sysusers WHERE name like ‘%ASPNET’
EXEC sp_revokedbaccess @asplogin”
osql.exe -S %computername%\WSUS -E -Q “USE SUSDB DECLARE @wsusadminslogin
varchar(200) SELECT @wsusadminslogin=name from sysusers WHERE name like
‘%WSUS Administrators’ EXEC sp_revokedbaccess @wsusadminslogin”


osql.exe -S %computername%\WSUS -E -Q “USE SUSDB DECLARE @asplogin
varchar(200) SELECT @asplogin=HOST_NAME()+’\ASPNET’ EXEC sp_grantlogin
@asplogin EXEC sp_grantdbaccess @asplogin EXEC sp_addrolemember
webService,@asplogin”
osql.exe -S %computername%\WSUS -E -Q “USE SUSDB DECLARE @wsusadminslogin
varchar(200) SELECT @wsusadminslogin=HOST_NAME()+’\WSUS Administrators’ EXEC
sp_grantlogin @wsusadminslogin EXEC sp_grantdbaccess @wsusadminslogin EXEC
sp_addrolemember webService,@wsusadminslogin”


osql.exe -S %computername%\WSUS -E -Q “backup database SUSDB to
disk=N'<ContentDirectory>\SUSDB.Dat’ with init”
Note you may have  to replace <ContentDirectory> in the last line with the
path to your actual content store.


4.            


a. WSUS SP1 upgrade can fail in some cases when the WMSDE database has been migrated to a  local SQL 2000 server.


Cause:  


A registry key value must be changed in order for WSUS SP1 setup package to recognize there is no wmsde database to update.


Workaround:


If users have migrated WMSDE to a SQL server (local or remote) they must change the value of the following registry key:

1.      HKLM\Software\Microsoft\Update Services\Server\Setup\WmsdeInstalled, from “1” to “0” before attempting to upgrade to WSUS SP1.

 

According to Bernd Teichert (blog reader), In some cases, you might have to change the InstallType too on local SQL 2000 Server installation;

2.      HKLM\Software\Microsoft\Update Services\Server\Setup\InstallType from “0x80″ to “0x20″. 


b. WSUS SP1 upgrade can fail in some cases when the WMSDE database has been migrated to a remote SQL 2000 server.


Cause:  


Two registry key values must be changed in order for WSUS sp1 setup package to recognize there is no wmsde database to update and the update must be initiated on the backend, followed by the front end server.


Workaround:


If users have migrated WMSDE to a SQL server (local or remote) they must change the values of the following registry keys:


1.      HKLM\Software\Microsoft\Update Services\Server\Setup\WmsdeInstalled, from “1” to “0” before attempting to upgrade to WSUS SP1.


2.      HKLM\Software\Microsoft\Update Services\Server\Setup\InstallType from “0x80″ to “0x20″. 


After updating these registry key values, initiate upgrade on backend and then on front end servers.


 


5. How to recover from a failed upgrade to restore your WSUS server to a consistent state and then retry the upgrade.


Description:


If the upgrade to WSUS SP1 fails it can leave your WSUS installation in an inconsistent and/or unusable state. In order to retry upgrading to WSUS SP1 you need to get your WSUS installation to a consistent state. To do this you can use the backup database created at the beginning of the upgrade process to restore your WSUS server to a pre-upgrade state.


Workaround:  


If the upgrade operation to WSUS SP1 is unsuccessful, you can use the original WSUS backup database that was created at the start of the upgrade process to restore WSUS to a consistent state. In the event of a failed upgrade follow these steps to retry upgrading to WSUS SP1:


To retry upgrading to WSUS SP1;


1.       Determine the location of the backup database by reviewing the contents of the WSUSSetup_%timestamp%.log file. This file is located in the following folder – %programfiles%\Update Services\LogFiles.


2.       Restore the backup database on the WSUS computer.


·         osql.exe -S <DatabaseInstance> -E -Q “USE master ALTER DATABASE
SUSDB SET SINGLE_USER WITH ROLLBACK IMMEDIATE RESTORE DATABASE SUSDB FROM
DISK=N'<PathToDatabaseBackup>’ WITH REPLACE ALTER DATABASE SUSDB SET
MULTI_USER”


·         Remember to replace <DatabaseInstance> and <PathToDatabaseBackup> with values from your installation.


·        For <DatabaseInstance> use the value from the following registry key:
HKLM\Software\Microsoft\Update Services\Server\Setup\SqlServerName


·        For <PathToDatabaseBackup> use the value you identified in step 1.


3.       Uninstall WSUS, but keep the WSUS database, log files and update files when you are prompted to remove them (i.e. Ensure that all options in “Remove Microsoft Windows Server Update Services” are unchecked).


4.       Reinstall WSUS RTM (the original version not WSUS with SP1). Use the existing database when you are prompted to do this. This will return your WSUS system to a consistent state.


5.       Install WSUS SP1.


* Note that you cannot use the backed up database from step 1 above directly in clean install of WSUS SP1 since the database schema has changed between WSUS RTM and WSUS SP1.


For any issues related to WSUS SP1 upgrade, you can post your queries directly on the following thread on microsoft.public.windows.server.update_services.

Error 0xC800021F

You see the following error in %Windir%\WindowsUpdate.log


SYMPTOMS


2006-06-15      17:02:23        2104    83c     Misc    ===========  Logging initialized (build:
5.8.0.2469, tz: -0400)  ===========
2006-06-15      17:02:23        2104    83c     Misc      = Process: C:\WINDOWS\system32\wuauclt.exe
2006-06-15      17:02:23        2104    83c     Misc      = Module: C:\WINDOWS\system32\wuaueng.dll
2006-06-15      17:02:23        2104    83c    
DtaStor FATAL: Failed to initialize datastore,
error = 0xC800021F
2006-06-15      17:02:23        2104    83c     Misc    ===========  Logging initialized (build:
5.8.0.2469, tz: -0400)  ===========


CAUSE


It looks like the client datastore failed to initialize.


WORKAROUND


  1. Open a CMD prompt on the client.
  2. Type “net stop wuauserv” (without quotes) <hit enter>.
  3. Type “cd %Windir%\SoftwareDistribution“.
  4. Type “RD /s /q Datastore” (this will remove the client datastore).
  5. Type “net start wuauserv” (without quotes) <hit enter> .
  6. Type “wuauclt /detectnow then check %Windir%\WindowsUpdate.log if it is successful.


OR, just stop the Automatic Updates Service and delete “%Windir%\SoftwareDistribution\DataStore” folder and start Automatic Updates Service and force the update detection (wuauclt /detectnow)

Ten Principles of Microsoft Patch Management

Ten Principles of Microsoft Patch Management


By Christopher Budd, Security Program Manager, Microsoft Corporation




1. Service packs should form the foundation of your patch management strategy.


2. Make Product Support Lifecycle a key element in your strategy.


3. Perform risk assessment using the Severity Rating System as a starting point.


4. Use mitigating factors to determine applicability and priority.


5. Only use workarounds in conjunction with deployment.


6. Issues with Security Updates are documented in the Security Bulletin Master Knowledge Base Article.


7. Test updates before deployment.


8. Contact Microsoft Product Support Services if you encounter problems in testing or deployment. An important thing to remember is that Microsoft provides no-charge support for issues related to security updates. You can get in touch with Microsoft for security bulletin support through the Security Support Site at http://support.microsoft.com/securityitpro


9. Use only methods and information recommended for detection and deployment.


10. The Security Bulletin is always authoritative.


 

After updating WSUS to WSUS SP1…

SYMPTOMS

After updating WSUS to WSUS SP1…

  • You might see Red X on WSUS Updates Window in WSUSAdmin console and eventually Synchronization fails.
  • Content file download failed. Reason: The parameter is incorrect. Source File:
    /msdownload/update/v3-19990518/cabpool/windowsmedia10-kb917734-x86-enu_499f­e88d62843835153a4225712e1b2f19120527.exe
    Destination File:
    d:\WSUS\WsusContent\27\499FE88D62843835153A4225712E1B2F19120527
  • Source: Windows Server Update
    Category: Synchronization
    Event ID: 386
    Description:-
    Synchronization failed. Reason: The underlying connection was closed: Unable to connect to the remote server.

KNOWN ISSUE


This is a known issue. Once you upgrade to WSUS SP1, you might want to re-configure Synchronization Options (proxy settings – proxy password) in WSUSAdmin console as they are lost during the upgrade.


Save the settings and perform a manual sync to download the updates. Did it work for you?