Last Updated on May 17, 2017 by Dave Farquhar
In my younger days, I administered WSUS on a small (300 servers or so) network. Every once in a while, I ran into an issue where a server just didn’t want to talk to WSUS. These days, some companies prefer to push patches with SCCM but it uses the same mechanism to push patches.
Apparently my old problem still happens from time to time. So I did some research to come up with a solution. This mechanism is still largely a black box, but it’s a lot better documented now than it was in my day. Here’s what I came up with for troubleshooting WSUS or SCCM.
First, check the simplest thing. When the C drive fills up, WSUS and SCCM start acting weird. So make sure the computer has enough space on drive C. Next, empty the temp directory. Bursting temp directories tend to make systems act weird.
If it wasn’t one of the easy fixes, move on to the more complex fix.
This assumes you’re logged in to the box locally and open a command prompt. If not, you can adapt this to your situation. You can even script it out if you have a large number of unhealthy machines and someone’s pressuring you to fix it all right now.
First, from a command prompt, enter this command:
net stop wuauserv
Next, delete files/folders in C:\Windows\SoftwareDistribution\Download that are more than a few days old (10-30 days).
Then check the integrity of the database:
esentutl /g \\%%i\c$\windows\softwaredistribution\datastore\datastore.edb
If the check says the database is unhealthy, attempt repair of the database:
esentutl /p \\%%i\c$\windows\softwaredistribution\datastore\datastore.edb
If repair fails, rename or delete datastore.edb:
ren datastore.edb datastore.edb.bak
Finally, restart the service.
net start wuauserv
At this point, the machine should be able to talk to WSUS or SCCM again. That’s it! Now you can say you know something about troubleshooting WSUS or SCCM.
In a related vein, if you ever have to install a troublesome patch by hand, here are some tips for troublesome patches. And if you do a lot of patch management, here’s my patch management strategy for success.
David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.
Snort… “Small network” cough cough. 😉
I guess it depends on perspective. It’s small compared to the total number of systems where I work now, but few, if any of their applications use as many servers as that application did.
Does that make things easier, or harder? Both.