Thursday, May 18, 2017

WSUS Clients not Reporting or downloading updates

I had a large customer where all clients stopped downloading updates in November 2016.  Even after building a new WSUS server, clients would not update.

Clients were reporting the following error:

Code: 80244008 Windows Update encountered an unknown error.


The newly built WSUS server had all clients coming up in the "All Computers" list however no clients were reporting.

To resolve the issue, we had to delete the "C:\Windows\SoftwareDistribution" folder on each workstation.  This can be done with the following batch script:

net stop wuauserv
rd /s /q %windir%\SoftwareDistribution
net start wuauserv
wuauclt /detectnow /reportnow


After running this, the client then reports into WSUS and begins downloading updates.


 
Now this client has approximately 1000 computers on their network.  We do not want to go around to every workstation to run the batch script and delete the SoftwareDistribution.
 
You can use psexec from SystemInternals to do this across all computers in one batch script.  Save the batch script above to \\domain\netlogon as shown below:
 
@ECHO OFF
For /f %%i in (c:\computers.txt) do (
Echo ************************
Echo %%i
Echo ************************
psexec \\%%i -h -u domain\username -p password "\\domain\netlogon\resetsoftwaredistribution.bat"
)
pause
 
You will need to get a list of all computers from WSUS that are not reporting.  As you can not export lists from WSUS Management Console, you will need to install SQL Management Studio and connect to the Windows Internal Database (WID) hosting WSUS - or an external database in the event your not using WID!
 
 
Use the following TSQL query to get the first 1000 rows from the tbComputerTarget table in the SUSDB database.
 
SELECT TOP (1000) [TargetID]
,[ComputerID]
,[SID]
,[LastSyncTime]
,[LastReportedStatusTime]
,[LastReportedRebootTime]
,[IPAddress]
,[FullDomainName]
,[IsRegistered]
,[LastInventoryTime]
,[LastNameChangeTime]
,[EffectiveLastDetectionTime]
,[ParentServerTargetID]
,[LastSyncResult]
FROM [SUSDB].[dbo].[tbComputerTarget]
 
Use the following TSQL query to get the first 1000 rows from the tbComputerTarget table in the SUSDB database.  All the computers who have never reported or synced will have status NULL.
 
Use the FullDomainName column to copy and paste the hostnames of the computers into the c:\computers.txt text file on your PSEXEC computer.
 
 
 Running the script against all the remote workstations will fix your issue!