Managing WSUS 3.0 SP2 on Windows Server In this post we will see managing the WSUS Server, generating reports, we will also explore all the options in the WSUS console. In the previous post we saw the installation and configuration of WSUS 3.0 sp2 on windows server.
What exactly is WSUS synchronization – During synchronization, a WSUS server downloads updates (update metadata and files) from an update source. It also downloads any new product classifications and categories. When a WSUS server synchronizes for the first time, it downloads all of the updates that were specified in the synchronization options. After the first synchronization, a WSUS server downloads only updates from the update source, metadata revisions for existing updates, and expirations to updates.
On the WSUS Server, login with user account wsusadmin, Click Start, click All Programs, click Administrative Tools, and then click Windows Server Update Services.
On the left hand side of the console click on Synchronizations. This displays the number times the Synchronizations has been done ( manually / scheduled).
Right click on one of the Synchronization and click Synchronization Report.
Note : To view this report properly you will require Microsoft Report Viewer. The report generated is shown in the below screenshot. In the synchronization report, under the report options we see the start time and end time of synchronization, report created date and time and the server used for reporting data. Under synchronization summary we see that there are 472 new updates that have been synchronized.
Lets now move on to reports. We find lot of options related to reports which includes Update reports, Computer reports, Synchronization reports.
Update Status summary – This report shows the summary of update status displaying one page per update. The report information includes the update description, Product category, MSRC Severity Rating, MSRC Number.
Update Detailed Status – This report shows the summary of update status displaying update status of all computers for each update.
Update Tabular Status – This report shows the summary of update in tabular view. The report can be exported to a spreadsheet.
Update Tabular Status for Approved Updates – This report is similar to the Update Tabular Status, the update status is shown only for approved updates.
Computer Status Summary – This report shows the summary of computer status with one page per computer.
Computer Detailed Status – This report shows details of each computer’s status with update status for each update.
Computer Tabular Status – This report shows summary of computer update status in tabular view.
Computer Tabular Status for Approved Updates – This report shows summary of computer update status in tabular view for approved updates.
Synchronization Reports – This report shows the results of last synchronization. the report information includes start time and end time of synchronization, report created date and time and the server used for reporting data.
Click on Update status summary.
We see few options for New report type : Summary Report, Detailed Report, Tabular Report.
Set the report type to Summary Report. For Include updates for these products, click on any product and select windows 7. Now click on Run Report.
The summary report is now generated.
Lets move on and see the options in WSUS console. There are many options here and lets see one by one.
Update Proxy Source and Server – To synchronize the updates, we have to choose the upstream server. The updates can be synchronized from microsoft update or if there is any existing WSUS server, we can choose that WSUS server as our upstream server.
Products and Classifications – Includes the list of products for which updates are required and Classifications include types of updates.
Update files and Languages – Includes options to download the updates to local machine, download updates when approved and download the updates directly from Microsoft Update.
Synchronization Schedule – You can choose to synchronize the updates manually or you can select Synchronize automatically. You can set synchronizations per day to 24 and that’s the max value.
Automatic Approval – With this option you can specify to approve the updates in a particular classification, choose the product category and approve the update to computer group.
Computers – There are 2 options here.
Use the Update Services console – The new computers will be added to unassigned computers group.
Use Group Policy or registry settings on computer – You can use group policy/registry settings to classify or group the computers.
WSUS Server Cleanup Wizard – This wizard will clean up unused updates, computers that have not contacted wsus server for 30 days or more, unneeded update files, expired and superseded updates. Click Next.
Click finish to close the Wizard.
Email Notifications – The WSUS administrators can now get the notifications of new updates and status reports by configuring email notifications. You can generate the notifications and send it to recipients / group which includes WSUS administrators.
Under Email Server, specify the SMTP server IP, port number 25, under logon information check My SMTP server requires authentication. provide the user name and password. Click Test, if you receive the notification to the recipient address then you are configured it correctly. If you don’t get notification mail then check the SMTP server settings again.
Personalization – You can personalize the way the server information is displayed. The information can be computers and status info of all downstream servers or only the local server.
WSUS Server Configuration Wizard – If you want to reconfigure the above options you can choose to launch the WSUS server configuration wizard.
Managing WSUS 3.0 SP2 from command line – You can use the wsusutil command-line utility that is provided with Windows Server Update Services (WSUS) 3.0 SP2 to manage WSUS. The wsusutil tool is located in the WSUSInstallDrive:WSUSInstallDirectoryTools folder on WSUS servers. More information on Managing WSUS 3.0 from command line can be found here.
We will not execute all the wsusutil options here, however we will see few important commands.
wsusutil.exe checkhealth – This command checks the health of the WSUS server. The health check is configured by wsusutil healthmonitoring. The results are written to the event logs.
Open the Event Viewer, under Server Roles, click Windows Server Update Services. Double click the first event, we see that the WSUS is working correctly.
wsusutil listinactiveapprovals – Returns a list of approved update titles that are in a permanently inactive state because of a change in server language settings. If you change language options on an upstream WSUS server, the number of approved updates on the upstream server may not match the number of approved updates on a replica server. You can use listinactiveapprovals to see a list of the updates on the parent upstream server that are permanently inactive. If you find any inactive approvals you can use wsusutil removeinactiveapprovals to remove the inactive approvals.
We will surely explore all the other wsusutil commands in the coming posts. In the next topic we will see more on Troubleshooting issue related to WSUS Server.