It may add more time to the schedule. It is located under Options, as shown here: For more information, see Use the Server Cleanup Wizard. You can uncomment them if you are using standalone WSUS or an older version of Configuration Manager. For standalone WSUS servers or older versions of Configuration Manager, you can continue to use the following steps. Microsoft makes no guarantees regarding the use of this script in any way. Reinstall WSUS with a fresh database. you can use the Server Cleanup Wizard to get rid of unnecessary updates based on rules. If something failed, maintenance can be rescheduled for the next night, once the underlying issue is identified and resolved. In this case, the only known corrective measure is to format the hard drive and reinstall Windows Server. You're actually adding a type of approval in this case. If you have never run WSUS Cleanup wizard, running the cleanup with Unused updates and update revisions may require a few passes. A WSUS server can also be the update source for other WSUS servers within the organization. WSUS enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment. If you would like a log, you can modify the last line of the script as follows: You'll get an FYI/warning in Task Scheduler when you save. The answer is that you probably could, but I wouldn't. Run the following script against SUSDB, to create two custom indexes: If custom indexes have been previously created, running the script again results in an error similar to the following one: Msg 1913, Level 16, State 1, Line 4 Click Next Once again Next without Add any Feature Click once again Next. When you save the task, you may be prompted for credentials of the Run As user. It is required for clients to validate the updates are published from a trusted source. WSUS maintenance can be performed simultaneously on multiple servers in the same tier. This will free up space on your disk and clean up the WSUS server to some extent. Adds SHA256 hash capability for additional security. Then check on their completion via the logging the following morning, before the next scheduled sync. Once the SUP is set up, we close the WSUS console and pretend it doesn't exist. WSUS Group Policy for Windows servers. After it finishes, follow all of the above instructions for running maintenance. In Windows Server 2012, upgrading from any version of Windows Server with WSUS 3.2 installed is blocked during the installation process if WSUS 3.2 is detected. How to Use WSUSUtil.exe to Move the WSUSContent Folder to a New Location. The file specified after the -i parameter is the path to the SQL script you saved in step 1. If you are using standalone WSUS servers or an older version of configuration Manager, you can manually decline superseded updates by using the WSUS console. If errors occur when you attempt to use the PowerShell script to decline superseded updates, an alternative SQL script can be run against SUDB. Select Yes to accept the arguments, and then select Finish to apply: You can test the script by forcing it to run and reviewing the log for errors. You can use the WSUS Cleanup script. The steps to install Windows Server Update Services Role on Windows Server 2019 are as follows : Step 1: Log on to the Windows 2019 server on which you plan to install the WSUS server role using an account that is a member of the Local Administrators group. Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2). Before you run the script, follow the steps in The spDeleteUpdate stored procedure runs slowly to improve the performance of the execution of spDeleteUpdate. Set any other conditions or settings you would like to tweak as well. If the value contains just the server name or server\instance, SUSDB is running on a SQL Server. WSUS Server Cleanup Wizard provides options to clean up the following items: In a Configuration Manager environment, Computers not contacting the server and Unneeded update files options are not relevant because Configuration Manager manages software update content and devices, unless either the Create all WSUS reporting events or Create only WSUS status reporting events options are selected under Software Update Sync Settings. Applies To: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012. Before you start the maintenance process, read all of the information and instructions in this article. As mentioned previously, if you are using Configuration Manager current branch version 1906 or a later version, automate the cleanup procedures by enabling the WSUS Maintenance options in the software update point configuration of the top-level site. Here is a list of available command lines for … If updates are not configured to be immediately expired in Configuration Manager, the PowerShell script must be run with an exclusion period that matches the Configuration Manager setting for number of days to expire superseded updates. For each SUSDB, it's a one-time process. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster. The current version of this tool does not support the following deployment technologies and techniques: Windows Update Catalog. You'll get a warning, similar to the one you got when creating the cleanup task. When you use this option, you can see how many updates were declined by reviewing the WsyncMgr.log file after the synchronization process finishes. And the Results pane will contain messages related to what indexes were rebuilt. After superseded updates have been declined, for best performance, SUSDB should be reindexed again. To determine whether a WSUS server is a replica, check the Update Source settings. Here are the steps to configure SSL on your servers running the Windows Server Update Services. While creating the maintenance plan, consider adding a backup of the SUSDB into the plan as well. It means I would schedule this task to run every first Sunday at 2:00 AM. For example, my CAS site has two SUPs: The basic steps necessary for proper WSUS maintenance include: Back up the WSUS database (SUSDB) by using the desired method. Answer. If the update is no longer in WSUS, it can be imported from the Microsoft Update Catalog, if it hasn't been expired or removed from the catalog. To Install WSUS: Re-add the WSUS Role If you want to learn how to install WSUS, continue to read this part. Generally is not a problem. Update management is the process of controlling the deployment and maintenance of interim software releases into production environments. Open Task Scheduler and select Create a Task. In that case, you will be prompted to first uninstall Windows Server Update Services prior to upgrading your server. Windows Server Update Services is a built-in server role that includes the following enhancements: Can be added and removed by using the Server Manager. Copy and paste the WSUS reindex script, and then select OK: Schedule this task to run about 30 minutes after you expect your cleanup to finish running. It would effectively handle all cleanup operations described in this article, except backup and reindexing of WSUS database. If SUSDB was installed on full SQL Server, launch SQL Server Management Studio and enter the name of the server (and instance if needed) when prompted. This article includes information about the contents of the update and how to obtain the update. 2. Failure to uninstall WSUS 3.2 prior to performing a Windows Server 2012 R2 upgrade will cause the post installation tasks for WSUS in Windows Server 2012 R2 to fail. If your organization cannot determine and maintain a known level of trust within its operating systems and application software, it might have a number of security vulnerabilities that, if exploited, could lead to a loss of revenue and intellectual property. If you google "force wsus client to check in to wsus server", you'll see almost 300,000 results. I did give myself extra time between the Tier3 decline and the Tier3 cleanup since I definitely want to make sure the decline script finishes before running my cleanup. To move the WSUSContent folder to a new location, you will need to use the WSUSUtil.exe tool located in the C:\Program Files\Update Services\Tools directory.In our example, we will move the WSUSContent folder from C:\WSUS to J:\WSUS. Windows Server Update Services is a role present in Windows Server since 2008, but it has been in place since 2001 under the name Software Update Services. Open PowerShell as admin. Since a sync can't be done during the actual cleanup, it's suggested to schedule/complete all tasks overnight. Note: The test URL below uses my-wsus-box as the server name and 8530 as the configured port for the WSUS web site … If you've never cleaned up obsolete updates from WSUS database before, this task may time out. With the understanding that this maintenance needs to be done, you're wondering what maintenance you need to do and how often you need to be doing it. Group Policy-based computer startup script. Windows Internal Database (WID) doesn't have the capability of scheduling a maintenance task though SQL Server Management Studio Express. This guide was written using Server 2012 R2, however it should be the same steps for Windows Server 2008 R2 as well. My cleanup is running at 1:00 AM every first Sunday. Note the SupersededUpdates.csv file, which will contain a list of all updates that are declined by the script: If issues occur when attempting to use the above PowerShell script to decline superseded updates, see the section Running the Decline-SupersededUpdatesWithExclusionPeriod.ps1 script times out when connecting to the WSUS server, or a 401 error occurs while running for troubleshooting steps. The Weekend Scripter blog post mentioned in the previous section contains basic directions and troubleshooting for this step. It should be fully tested in a lab before you use it in production. To download the script, right-click the link, and then select Save target as.... Download the script, remove the .txt file extension, and save the file with a .PS1 extension. In our … My WSUS has been running for years without ever having maintenance done and the cleanup wizard keeps timing out. In the Program/script box, type the following command. On the General tab, set the name of the task, the user that you want to run the PowerShell script as (most people use a service account). On the Triggers tab, set your schedule for once a month or on any schedule you want. If the number of superseded updates is higher than 1500, it can cause various software update related issues on both the server and client sides. Windows Server Update Services (WSUS) is a widely used tool that helps businesses automate their Windows patching process. The Windows PowerShell cmdlets for WSUS operations add flexibility and agility for the system administrator. Ensure that SUPs don't sync during the maintenance process, as it may cause a loss of some work already done. Remove all Drivers from the WSUS Database (Default; Optional). It allows you to see which computers require updates, generate reports based on this information and roll out updates from a single point saving bandwidth of your WAN line.