Tinus EngOps Wiki

Logo

OpsaC - Operating as PowerShell code

Links

Home

PowerShell Blog

PowerShell Index

PowerShell Search

Additional Websites

View my GitHub Profile

View my GitHub Gists

View Tinus IT Wiki

View my Photo Website

Windows Updates

tags: PowerShell categories: System-Engineering

Table of Contents

Possible causes of Windows update problems

Ther are many possible causes if windows update failed.

Diskspace Systemdrive

If the storage space is less than 20 GB, the Windows Update packages cannot be downloaded.

$FreeDiskGB = (Get-CimInstance -ClassName Win32_logicaldisk | Where-Object {$_.DeviceID -eq 'C:'}).FreeSpace/1gb
if($FreeDiskGB -lt 20){
    Write-Host "Insufficient space on the system drive (Free space: $([Math]::Round($FreeDiskGB))GB)" -ForegroundColor Yellow
}

Free Memory

Windows updates require at least 800MB of free space to download and install all packages.

$FreeMemMB = (Get-CimInstance -Class Win32_OperatingSystem).FreePhysicalMemory / 1024
if($FreeMemMB -lt 800){
    Write-Host "Not enough memory (Free memory: $([Math]::Round($FreeMemMB))MB)" -ForegroundColor Yellow
}

Pending Reboots

Install the Module Pending Reboots from the PowerShell Gallery. This Module detect for Windows OS pending reboots.

Install-Module -Name PendingReboot
Test-PendingReboot | Select -ExpandProperty IsRebootPending

Group Policy

Dual scan or Windows Update for Business

$ItemPropertyValue = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DisableDualScan'
if($ItemPropertyValue -eq 1){
    Write-Host 'DisableDualScan' -Foregroundcolor Green
}else{
    Write-Host 'DisableDualScan' -Foregroundcolor Yellow
}

Do not connect to any Windows Update Internet locations

$ItemPropertyValue = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations'
if($ItemPropertyValue -eq 1){
    Write-Host 'DoNotConnectToWindowsUpdateInternetLocations' -Foregroundcolor Green
}else{
    Write-Host 'DoNotConnectToWindowsUpdateInternetLocations' -Foregroundcolor Yellow
}

Windows Update Server

$ItemPropertyValue = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer'
if($ItemPropertyValue -match 'http://'){
    Write-Host $ItemPropertyValue -Foregroundcolor Green
}else{
    Write-Host $ItemPropertyValue -Foregroundcolor Yellow
}

Windows Update Reporting Server

$ItemPropertyValue = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer'
if($ItemPropertyValue -match 'http://'){
    Write-Host $ItemPropertyValue -Foregroundcolor Green
}else{
    Write-Host $ItemPropertyValue -Foregroundcolor Yellow
}

Disable Automatic Updates if you use SCCM

$ItemPropertyValue = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate'
if($ItemPropertyValue -eq 1){
    Write-Host 'NoAutoUpdate' -Foregroundcolor Green
}else{
    Write-Host 'NoAutoUpdate' -Foregroundcolor Yellow
}

Configure client to get updates from a WSUS server

$ItemPropertyValue = Get-ItemPropertyValue 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer'
if($ItemPropertyValue -eq 1){
    Write-Host 'UseWUServer' -Foregroundcolor Green
}else{
    Write-Host 'UseWUServer' -Foregroundcolor Yellow
}

Reset Local Group Policy Settings

Remove-Item -Path "$($env:SystemRoot)\System32\GroupPolicy\Machine\registry.pol" -Force
gpupdate /force

WMI Repository

Performs a consistency check on the WMI repository.

$verifyrepository = winmgmt /verifyrepository
if($verifyrepository -match 'WMI repository is consistent'){
    Write-Host $verifyrepository -Foregroundcolor Green
}else{
    Write-Host $verifyrepository -Foregroundcolor Yellow
}

Perform a consistency check. If an inconsistency is detected, it rebuilds the repository.

winmmgmt /salvagerepository

The repository is reset to the initial state when the operating system is first installed.

winmgmt /resetrepository

Reset Windows Update cache

Catroot and catroot2 are Windows operating system folders that are required for the Windows Update process. When you run Windows Update, the catroot2 folder stores the signatures of the Windows Update package and helps in its installation.

The Cryptographic service makes use of the %windir%\System32\catroot2\edb.log file for the updating process. The updates are stored in the SoftwareDistribution folder which are then used by Automatic Updates to carry out the updating process.

Resetting or deleting the contents of the catroot2 folder has been known to fix several Windows Update problems.

If you receive a Access Denied or Open in another program message when you go on to delete the catroot2 folder, it is possible because the Cryptographic service is making use of the log file.

NOTE: Please do not delete or rename the Catroot folder. The Catroot2 folder is automatically recreated by Windows, but the Catroot folder is not recreated if the Catroot folder is renamed.

If you find that the catroot or catroot2 folder is missing or does not recreate if you accidentally deleted it, you can create a new folder with this name in the System32 folder, restart your computer and then run Windows Update.

Get-Service -name wuauserv, cryptsvc, BITS, msiserver | Select Name,DisplayName,Status,StartType

Stop-Service -name wuauserv, cryptsvc, BITS, msiserver

Write-Host "Reset Software Distribution Folder"
Remove-Item -Path "$($env:SystemRoot)\SoftwareDistribution" -Recurse -Force

Write-Host "Reset Window Update Signatures Folder"
Remove-Item -Path "$($env:windir)\System32\catroot2" -Recurse -Force

Start-Service -name wuauserv, cryptsvc, BITS, msiserver

Get-Service -name wuauserv, cryptsvc, BITS, msiserver | Select Name,DisplayName,Status,StartType

Errors in Device Manager

Run the function described in Errors in Device Manager.

Proxy Settings

Wrong character in proxy bypass list or wrong settings.

System wide

netsh.exe winhttp show proxy

Current user

Open “C:\Windows\System32\inetcpl.cpl”, Internet Options, Connections, LAN settings, Proxy server, Advanced, Proxy Settings, Exceptions

Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' | Select Proxy*

Find Information about Hotfixes

WmiObject

Get-HotFix cmdlet wraps the Win32_QuickFixEngineering WMI class, investigate in Win32_ReliabilityRecords.

Get-Hotfix | Sort-Object InstalledOn -Descending

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------
Computer      Security Update  KB4503308     NT AUTHORITY\SYSTEM  27.06.2019 00:00:00
Get-CimInstance -Class Win32_QuickFixEngineering | Sort-Object InstalledOn -Descending

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------
              Security Update  KB4503308     NT AUTHORITY\SYSTEM  27.06.2019 00:00:00
$InstalledUpdate = Get-WmiObject -Class Win32_ReliabilityRecords -filter "SourceName = 'Microsoft-Windows-WindowsUpdateClient'" |
Select-Object @{LABEL = "InstalledOn";EXPRESSION = {$_.ConvertToDateTime($_.timegenerated)}}, User, Productname

$InstalledUpdate | ForEach-Object {

    $expression = $_.Productname
    $regex1  = '^\d{4}\-\d{2}'
    $regex2  = 'KB\d{6,7}'

    $patchID = $expression | select-string -Pattern $regex1 -AllMatches | ForEach-Object {$_.Matches.Value}
    $patchKB = $expression | select-string -Pattern $regex2 -AllMatches | ForEach-Object {$_.Matches.Value}

    [PSCustomObject]@{

        InstalledOn = $_.InstalledOn
        InstalledBy = $_.User
        HotFixID    = $patchKB
        UpdateID    = $patchID
        Description = $_.Productname

    }
} | ft

InstalledOn         InstalledBy         HotFixID UpdateID Description
-----------         -----------         -------- -------- -----------
27.06.2019 08:16:55 NT AUTHORITY\SYSTEM KB4503308 2019-06  Security Update for Adobe Flash Player for Windows 10...

ComObject

function Get-InstalledUpdate{
    <#
    .Synopsis
        Gets updates installed on the system
    .Description
        Gets windows and microsoft updates installed on the system
    .Example
        Get-InstalledUpdate
    .Link
        https://github.com/StartAutomating/Patchy
    #>
    [CmdletBinding()]
    param()

    process {
        $srch = (New-Object -ComObject "Microsoft.Update.Session").CreateUpdateSearcher()
    	$count = $srch.GetTotalHistoryCount()
        for ($i = 0; $i -lt $count; $i++) {
            $update = $($srch.QueryHistory($i, 1))
            $title     = $update.Title
            $installed = $update.Date
            $kbnumber  = $title.split(' ') | Where-Object {$_ -match 'kb\d+'} | ForEach-Object {$_.Replace('(', '').Replace(')','').Replace(",","")}
            [PSCustomObject]@{
                Installd = $installed
                KBNumber = $kbnumber
                Title    = $title
            }
        }
        Write-Verbose "Found $($count) installed updates on $($env:COMPUTERNAME)"
    }
}

$Updates = Get-InstalledUpdate -Verbose
$Updates | Where-Object Title -match 'Kumulatives Update'

See also

Find Information About Hotfixes

[ Top ] [ Blog ]