Last Updated on May 17, 2017 by Dave Farquhar
In my younger days, I administered WSUS on a small (300 servers or so) network. Every once in a while, I ran into an issue where a server just didn’t want to talk to WSUS. These days, some companies prefer to push patches with SCCM but it uses the same mechanism to push patches.
Apparently my old problem still happens from time to time. So I did some research to come up with a solution. This mechanism is still largely a black box, but it’s a lot better documented now than it was in my day. Here’s what I came up with for troubleshooting WSUS or SCCM.
First, check the simplest thing. When the C drive fills up, WSUS and SCCM start acting weird. So make sure the computer has enough space on drive C. Next, empty the temp directory. Bursting temp directories tend to make systems act weird.
If it wasn’t one of the easy fixes, move on to the more complex fix.
This assumes you’re logged in to the box locally and open a command prompt. If not, you can adapt this to your situation. You can even script it out if you have a large number of unhealthy machines and someone’s pressuring you to fix it all right now.
First, from a command prompt, enter this command:
net stop wuauserv
Next, delete files/folders in C:\Windows\SoftwareDistribution\Download that are more than a few days old (10-30 days).
Then check the integrity of the database:
esentutl /g \\%%i\c$\windows\softwaredistribution\datastore\datastore.edb
If the check says the database is unhealthy, attempt repair of the database:
esentutl /p \\%%i\c$\windows\softwaredistribution\datastore\datastore.edb
If repair fails, rename or delete datastore.edb:
ren datastore.edb datastore.edb.bak
Finally, restart the service.
net start wuauserv
At this point, the machine should be able to talk to WSUS or SCCM again. That’s it! Now you can say you know something about troubleshooting WSUS or SCCM.
In a related vein, if you ever have to install a troublesome patch by hand, here are some tips for troublesome patches. And if you do a lot of patch management, here’s my patch management strategy for success.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
Snort… “Small network” cough cough. 😉
I guess it depends on perspective. It’s small compared to the total number of systems where I work now, but few, if any of their applications use as many servers as that application did.
Does that make things easier, or harder? Both.