PSD icon indicating copy to clipboard operation
PSD copied to clipboard
verified publisher icon FriendsOfMDT

Windows Update step seems not to work with internal WSUS

Open stefanweilguni-oss opened this issue 2 months ago • 2 comments

I cant get Updates from the internal WSUS as I could with MDT.

WSUS ist configured in CustomSettings.ini: WSUSServer=http://vwx0XXXXX.domain.com:8530

VERBOSE: PSDWindowsUpdate.ps1: The task sequencer log is located at C:\MININT\SMSTSLog\SMSTS.LOG. For task sequence failures, please consult this log. VERBOSE: GET with 0-byte payload VERBOSE: received 113-byte response of content type application/xml; charset=utf-8 VERBOSE: PSDWindowsUpdate.ps1: Creating COM object for WU Exception from HRESULT: 0x80244011 At C:\MININT\Cache\Scripts\PSDWindowsUpdate.ps1:54 char:1

  • $objResults = $objSearcher.Search($search);
  •   + CategoryInfo          : OperationStopped: (:) [], COMException
  + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException

Exception from HRESULT: 0x80244011 At C:\MININT\Cache\Scripts\PSDWindowsUpdate.ps1:54 char:1

  • $objResults = $objSearcher.Search($search);
  •   + CategoryInfo          : OperationStopped: (:) [], COMException
  + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException

VERBOSE: PSDWindowsUpdate.ps1: Searching for updates VERBOSE: "Downloaded [0] Updates to Install" PS>$global:? True

Registry Keys for WSUS seems to be missing

Image

stefanweilguni-oss avatar Oct 24 '25 19:10 stefanweilguni-oss

I have to start a script like this in a task before windows update task incl. reboot: Powershell

# get wsus server
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$wsusServer = $tsenv.Value("WSUSSERVER")

# set registry items
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "AUOptions" -Value 3 -Type DWord -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer" -Value 1 -Type DWord -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUServer" -Value $wsusServer -Type String -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name "WUStatusServer" -Value $wsusServer -Type String -Force

And I have to set the variable $serverSelection in PSDWindowsUpdate.ps1 to "1". I haven't found out where this variable is defined, comes from.

With this it works with an internal WSUS!

stefanweilguni-oss avatar Oct 25 '25 11:10 stefanweilguni-oss

I don't change anything in the PSDWindowsUpdate.ps1 but always have used these registry keys for internal WSUS.

    Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" -Name "UseWUServer" -Value 1
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name WUServer -Value ""
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name WUStatusServer -Value ""
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name TargetGroup -Value ""
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name AcceptTrustedPublisherCerts -Value 1
	Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name SetPolicyDrivenUpdateSourceForDriverUpdates -Value 0

theQ23 avatar Nov 24 '25 20:11 theQ23