Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WSUS report of computers waiting to reboot

803 views
Skip to first unread message

Fabio Martins

unread,
Mar 19, 2009, 4:18:03 PM3/19/09
to
Hey!

I have set up servers to download from WSUS automatically in a pre defined
time and just install the updates when it shuts down.

Is there a way to get a report from WSUS of servers that are just waiting
the reboot to install the updates that they've already downloaded?

Thankyou in advance.

Lawrence Garvin [MVP]

unread,
Mar 19, 2009, 10:59:33 PM3/19/09
to
"Fabio Martins" <support.m...@fabiomartins.net> wrote in message
news:ehvc1%23MqJH...@TK2MSFTNGP04.phx.gbl...

> Hey!
>
> I have set up servers to download from WSUS automatically in a pre defined
> time and just install the updates when it shuts down.

Minor point. You cannot control when the updates download. You can schedule
the *installation* time, which presupposes that the detection/download is
already complete.

If the installation time is reached before somebody actually initiates an
Install Updates and Shutdown event, you may find yourself with an unexpected
server restart.


> Is there a way to get a report from WSUS of servers that are just waiting
> the reboot to install the updates that they've already downloaded?

In the Computer Detailed Status report, if you click on the hyperlinked
Update Status column (e.g. "Not Installed") and a download is complete, the
popup dialog will give you that status information.

Another way to get there is by looking at the update metadata screen, click
on the "Computers needing this update" legend hyperlink (when the value is >
0), and that will trigger an Update Details Status report, where you can
then click on the hyperlink in the Status column.

Unfortunately, though, these capabilities are only available on a per-update
basis by drilling down through the status column. There is no report that
will show this status information across all systems/updates.

To get that information, you have a few additional options:

1. If you're using a full-license copy of SQL Server (Workgroup, Standard,
Enterprise) you can use the SSRS Report Builder to customize a report
against the WSUS database to get that information.

2. You can develop a custom application programmed against the WSUS API to
extract the needed data.

3. You might be interested in a third-party add-on package for WSUS from
Eminentware (http://www.eminentware.com).

--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Dave Mills

unread,
Mar 20, 2009, 2:26:07 AM3/20/09
to

Maybe I am missing something but I simply have the servers in their own group.
Then the default report lists updates needed. I then approve the updates on one
server and usually by the time I get to the 6th or 7th all those approved for
the first server are downloaded. I then RDP to that server and run
wuauclt/detectnow and repeat for the rest. By the time I have done this on the
last server the first has completed its download so I can manually install them.
Repeat for the other servers and the fist will have completed the install and be
waiting for a reboot (if required).

This uses option 3 - download and notify. Installing on shutdown leaved the
server off and if a problem for remote servers. How I wish for an "Install
updates and Reboot" option.

>
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.

Fabio Martins

unread,
Mar 20, 2009, 2:59:15 PM3/20/09
to
>> I have set up servers to download from WSUS automatically in a pre
>> defined time and just install the updates when it shuts down.
>
> Minor point. You cannot control when the updates download. You can
> schedule the *installation* time, which presupposes that the
> detection/download is already complete.

Yes, we're using the option "Auto download and schedule to install", and
it's scheduled to install on wednesdays at 10am.

> If the installation time is reached before somebody actually initiates an
> Install Updates and Shutdown event, you may find yourself with an
> unexpected server restart.

But we set the option "No auto-restart with logged on users for scheduled
automatic update installations" to enabled, so it will restart only when a
user shut's down the server, won't it?

>> Is there a way to get a report from WSUS of servers that are just waiting
>> the reboot to install the updates that they've already downloaded?
>
> In the Computer Detailed Status report, if you click on the hyperlinked
> Update Status column (e.g. "Not Installed") and a download is complete,
> the popup dialog will give you that status information.
>
> Another way to get there is by looking at the update metadata screen,
> click on the "Computers needing this update" legend hyperlink (when the
> value is > 0), and that will trigger an Update Details Status report,
> where you can then click on the hyperlink in the Status column.
>
> Unfortunately, though, these capabilities are only available on a
> per-update basis by drilling down through the status column. There is no
> report that will show this status information across all systems/updates.

Humm.... Our Idea were, to create 3 groups:

One group, will be the servers that will be the "test group", the group that
we'll teste the updates. We are planning to make a rule to automatically
aprove updates for this group.

Other group, will be the servers. After the updates are installed
successfully on the "test group", we aprove the updates for this groups.

The third group, will be some servers that we preffer to make windows update
manually.
So, We thought that on wednestays we could make a report from the servers
that are waiting the reboot to finishles the update, so someone could in the
next possible tima restart them manually.

> To get that information, you have a few additional options:
>
> 1. If you're using a full-license copy of SQL Server (Workgroup, Standard,
> Enterprise) you can use the SSRS Report Builder to customize a report
> against the WSUS database to get that information.

We are not using the full license copy. What we want is possible with a full
licence copy of SQL server?

> 2. You can develop a custom application programmed against the WSUS API to
> extract the needed data.

argh.. I am not a programmer...

> 3. You might be interested in a third-party add-on package for WSUS from
> Eminentware (http://www.eminentware.com).

I'll check that!


Thankyou very much.

Fabio Martins

unread,
Mar 20, 2009, 3:28:06 PM3/20/09
to
Hi! Thankyou for answering.

Sorry... but what is "RDP"? -- my english vocabulary is not so rich!
Correct me if i misunderstood you... this way, you do all updates manually,
don't you?

I am thinking that it can be another way to do what we want, just notify and
we can check the report "needed" and then the guy goes there, install and
reboot.

The problem we have is that we have 45 MS Servers, and they can't reboot any
time, and each one has specific times that we can reboot them.

FM

"Dave Mills" <Ne...@nospam--djmills-dot-co.uk> escreveu na mensagem
news:h5d6s45anj4eu30gj...@4ax.com...

Harry Johnston [MVP]

unread,
Mar 20, 2009, 8:28:36 PM3/20/09
to
Fabio Martins wrote:

>>> I have set up servers to download from WSUS automatically in a pre
>>> defined time and just install the updates when it shuts down.

>> Minor point. You cannot control when the updates download. You can
>> schedule the *installation* time, which presupposes that the
>> detection/download is already complete.

> Yes, we're using the option "Auto download and schedule to install", and
> it's scheduled to install on wednesdays at 10am.

This almost certainly isn't what you want to do.

>> If the installation time is reached before somebody actually initiates an
>> Install Updates and Shutdown event, you may find yourself with an
>> unexpected server restart.
>
> But we set the option "No auto-restart with logged on users for scheduled
> automatic update installations" to enabled, so it will restart only when a
> user shut's down the server, won't it?

NO. It will reboot immediately unless someone is logged in interactively. File
server connections, for example, don't count.

In any case, it is important that you don't install updates until you are ready
to reboot. The server may be in an unstable state inbetween installation and
reboot, which might cause a system crash or worse. (It's fairly unlikely, but
in general not a risk worth taking.)

Note that if you're going to manually reboot a server anyway, it isn't that much
more effort to manually install the updates first using option 3.

RDP: Remote Desktop Protocol, aka Remote Desktop or Terminal Services.

Harry.

Dave Mills

unread,
Mar 21, 2009, 4:04:07 AM3/21/09
to
On Fri, 20 Mar 2009 16:28:06 -0300, "Fabio Martins"
<support.m...@fabiomartins.net> wrote:

>Hi! Thankyou for answering.
>
>Sorry... but what is "RDP"? --

Harry answered this.


> my english vocabulary is not so rich!
>Correct me if i misunderstood you... this way, you do all updates manually,
>don't you?

For servers - Yes. 1) I want to control when and 2) I want "know" that is
rebooted and not find out hours later that a server has failed to restart. For
example I will reboot a DC but will not start the update on another DC un till
the first is up and has been running for 5 minutes. I also get to notice that
sometime no reboot is needed so I can do the updates more quickly. Note thought
that "No Reboot" does not mean "No service outage". Exchange update will often
stop the service but not reboot the server so the clients are still denied the
service.

>
>I am thinking that it can be another way to do what we want, just notify and
>we can check the report "needed" and then the guy goes there, install and
>reboot.

That is what almost all do for servers. "Guy goes there" using Remote Desktop.

Fabio Martins

unread,
Mar 23, 2009, 10:29:13 AM3/23/09
to
Really... this way, it's better use option 3.

Thankyou.

FM

"Harry Johnston [MVP]" <ha...@scms.waikato.ac.nz> escreveu na mensagem
news:eMjv6vbq...@TK2MSFTNGP06.phx.gbl...

Fabio Martins

unread,
Mar 23, 2009, 10:31:47 AM3/23/09
to
Thankyou very much, I think it's the better way to update our servers.

FM


"Dave Mills" <Ne...@nospam--djmills-dot-co.uk> escreveu na mensagem

news:ac79s4tovaum2ktjs...@4ax.com...

Dave Mills

unread,
Mar 25, 2009, 2:58:14 AM3/25/09
to
There is one thing regarding using remote desktop. If somebody is logged on to
the root console (W2003/W2000) when you connect you do not get the yellow
install update shield. This is especially troublesome if you have deployed RDP 6
as you cannot connect to the root session (console 0). I have found it works OK
providing there is no session on console 0. The solution is to remotely logoff
the console 0 user, then run wuauclt /detectnow.

On Mon, 23 Mar 2009 11:31:47 -0300, "Fabio Martins"

0 new messages