WSUS Cleanup Tips

Here are some tips if you have an ever growing wsuscontent directory and you are running out of space:

1. Decline superseded update

You can delete superseded updates IF you have approved the superseding updates. If you decline the superseded updates the “Server Cleanup Wizard” will delete them and you will get more free disk space.

2. WsusDebugTool.exe

WsusDebugTool.exe /Tool:PurgeUnneededFiles

Deletes files no longer needed.

3. WSUS Cleanup Script

http://www.codeplex.com/WSUS/Release/ProjectReleases.aspx?ReleaseId=17612

Unable to create new Software Package

When I try to create a software package on my System Center Essentials I get the following error:

 

Create Directory Failed
Note:  The following information was gathered when the operation was attempted.  The information may appear cryptic but provides context for the error.  The application will continue to run.
System.ComponentModel.Win32Exception: CreateDirectory failed
  at Microsoft.UpdateServices.Internal.FileSystemUtilities.CreateDirectory(String path)
  at Microsoft.UpdateServices.Internal.BaseApi.Publisher.CreatePackageDirectory(String customDirectoryName)
  at Microsoft.UpdateServices.Internal.BaseApi.Publisher.PublishPackage(String sourcePath, String additionalSourcePath, String packageDirectoryName)
  at Microsoft.UpdateServices.Internal.BaseApi.Publisher.PublishPackage(String sourcePath, String packageDirectoryName)
  at Microsoft.EnterpriseManagement.SCE.Internal.UI.NewUpdatePackageWizard.PreparingPackagePage.PreparePackageBackgroundWorkerDoWork(Object sender, DoWorkEventArgs e)

 

The problem was that all the shares hadn’t been created at setup.

 

I created the following shares, which were missing, and it started working:

\servernameUpdateServicesPackages – C:SCEUpdateServicesPackages

\servernameWsusContent – C:SCEWsusContent

\servernameWsusTemp – C:Program FilesUpdate ServiceslogFilesWSUSTemp

On all of these I added the following permission:

Domain Admins – Full Control

NETWORK SERVICE – Full Controll

Thanks to the guys at ITPROFFS.se

WSUS Setting Defaults

Clients

Computer Configuration – Administrative templates – Windows Components – Windows Update

Do not display “Install Updates and Shut Down” option in Shut Down Windows dialog box Disabled
Do not adjust default option to “Install Updates and Shut Down” in Shut Down Windows dialog box    Disabled
Configure automatic updates Enabled
– Configure Automatic Updating 4 – Auto download and schedule the install
– Scheduled install day 0 – Every Day
– Scheduled install time 12:00
Specify intranet Microsoft update service location Enabled
– Set the intranet update service for detecting updates:                          http://wsusserver
– Set the intranet statistics server: http://wsusserver
Enable clients-side Targeting Enabled
– Target group name for this computer                                                Clients
Reschedule Automatic Updates scheduled installations Enabled
– Wait after system startup (minutes) 30
No auto-restart for scheduled Automatic Updates installation Enabled
Automatic Updates detection frequency Enabled
– Check for updates on the following interval (Hours) 22
Allow Automatic Updates immediate installation Enabled
Delay Restart for scheduled installation Disabled
Re-prompt for restart with scheduled installations Disabled
Allow non-administrators to receive update notification Disabled
Enable recommended updates via Automatic Updates Enabled
Enable Windows Update Power Management to automatically to wake up the system to install scheduled updates Enabled
Allow signed content from intranet Microsoft update service location Enabled

 

Servers 

Computer Configuration – Administrative templates – Windows Components – Windows Update

Do not display “Install Updates and Stut Down” option in Shut Down Windows dialog box Enabled
Do not adjust default option to “Install Updates and Shut Down” in Shut Down Windows dialog box    Enabled
Configure automatic updates Enabled
– Configure Automatic Updating 3 – Auto download and notify for install
– Scheduled install day 0 – Every Day
– Scheduled install time 22:00
Specify intranet Microsoft update service location Enabled
– Set the intranet update service for detecting updates:                          http://wsusserver
– Set the intranet statistics server: http://wsusserver
Enable clients-side Targeting Enabled
– Target group name for this computer                                                Servers
Reschedule Automatic Updates scheduled installations Enabled
– Wait after system startup (minutes) 30
No auto-restart for scheduled Automatic Updates installation Enabled
Automatic Updates detection frequency Enabled
– Check for updates on the following interval (Hours) 22
Allow Automatic Updates immediate installation Disabled
Delay Restart for scheduled installation Disabled
Re-prompt for restart with scheduled installations Disabled
Allow non-administrators to receive update notification Disabled
Enable recomended updates via Automatic Updates Enabled
Enable Windows Update Power Management to automatically to wake up the system to install scheduled updates Disabled
Allow signed content from intranet Microsoft update service location Enabled

Svchost is taking 100% CPU during Automatic Update Detection Cycle

There is a known bug on some computers running Windows XP SP2 with Ofice 2003 installed. When Automatic update is running an update cycle the computer becomes unresponsive.

The is a fix here but this fix apparently does not fix the problem on all computers. I talked to a friend at PSS and he told me that it can be fixed by downloading a new AU client. This is not as easy as it sounds… because it only exists in the beta distibution of WSUS 3.0… and there is no easy way to extract it from there.

To fix this for now you need to connect the computer and let it update once from a WSUS 3.0 update server. That way it will get the new AU client.

Edit: There is now a possibility to download the WSUS 3.0 Client from Microsoft to solve this problem. I found this info here. Download links, look below.

Edit2: I found some more links to this problem:

http://www.somelifeblog.com/2007/05/windows-xp-svchostexe-100-cpu-high.html
http://www.somelifeblog.com/2007/07/svchostexe-100-cpu-and-windows-update.html
http://support.microsoft.com/kb/932494
http://support.microsoft.com/kb/927891
http://www.technibble.com/how-to-fix-svchost-using-100-cpu-memory-leak/

Links

Microsoft KB
Download 1
Download 3 for SBS

 

Problems with Windows Update under Windows Vista

I am trying to run Vista on my mail computer and ran into a problem with updating Vista with Windows Update. Apparently there is a problem with running Windows Update after you have applied a Group Policy setting WSUS settings.

The solution is to remove the reg key:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate

Migrate Content and Approvals from SUS to WSUS

Here is a short description on how to migrate Content and Approvals from SYS to WSUS. First di the following:

1. Install the new WSUS server.
2. Configure it (Proxy, Update types and so on
3. Synchronize the WSUS server with Microsoft

Migrate Content and Approvals from SUS to WSUS

Now that you have configured and synchronized WSUS, you can migrate content and approvals from the SUS server(s) in your environment to your WSUS server. Migrate content and approvals from the local SUS server first. If you have additional SUS computers, you can configure SUS for remote migration and then migrate any remote content and approvals, mapping these approvals to a WSUS target group. This is optional.

Step 5 contains the following procedures:

Migrate local content and approvals.

Create WSUS target groups for mapping remote SUS approvals (optional).

Share remote content on SUS for migration to WSUS (optional).

Migrate remote content and approvals, mapping approvals to WSUS target groups (optional).

Use WSUSutil.exe to migrate local SUS content and approvals. By default, WSUSutil.exe appears in the following location:

WSUSInstallationDrive:Program FilesUpdate ServicesTools

You must be a member of the local Administrators group on the WSUS server to import approvals or content from SUS. These operations can only be run from the WSUS server itself. You can only run WSUSutil.exe on a 32-bit platform.

Although SUS does not have to be running in order for you to move updates or approvals, you do have to make sure that SUS is not synchronizing before you migrate content or approvals. Although WSUSutil.exe allows you to move both approvals and updates, you are not required to migrate one, the other, or both.

To migrate local content and approvals from SUS and map approvals to the All Computers target group on WSUS

1.

At the command prompt, navigate to the directory that contains WSUSutil.exe.

2.

Type the following:

wsusutil.exe migratesus /content PathToLocalSUSContent /approvals SUSServerName /log filename

For example:

wsusutil.exe migratesus /content c:suscontentcabs /approvals sus1 /log local_migration.log

Mapping remote approvals to a WSUS computer group is optional. It is helpful if you have multiple SUS servers in a single location and want to consolidate the SUS servers onto one WSUS server. If you intend to map remote SUS approvals to a WSUS computer group, first create the group on WSUS.

To create a computer group

1.

In the WSUS console toolbar, click Computers.

2.

Under Tasks, click Create a computer group.

3.

In the Group name box, type a name for your new computer group, and then click OK.

Once you have created the WSUS target group, you can migrate remote approvals and content by using WSUSutil.exe. This command-line utility uses HTTP to get approvals and SMB to copy updates from a remote SUS installation. To copy updates from a remote computer, this tool requires Read share permissions on the remote SUS Content folder and all its subfolders.

To share remote content on SUS for migration to WSUS

1.

On the remote SUS computer, locate the SUS content store in the file system. By default, SUS content is stored in C:SUSContent.

2.

Right-click the Content folder, and then click Sharing and Security (or Sharing, on computers running Windows 2000).

3.

In the Properties dialog box for the Content folder, click Share this folder.

4.

Click the Security tab, and ensure that the Everyone group has Read NTFS permissions for the Content folder.

5.

Click OK.

6.

Repeat this step on each SUS server you intend to migrate.

To migrate remote content and approvals from SUS and map approvals to a custom computer group on WSUS

1.

At the command prompt, navigate to the folder that contains WSUSutil.exe.

2.

Type the following:

wsusutil.exe migratesus /content LocationOfRemoteSUSContent /approvals SUSServerName  WSUSTargetGroupName” /log filename

For example:

wsusutil.exe migratesus /content \sus1contentcabs /approvals sus1 “all desktops” /log remote_migration.log

 

Source: Microsoft