WSUS: Troubleshooting

Re-Initialize Windows Update DB (Client, local) / Clear Windows "SoftwareDistribution" folder / Error "0x800f081e"

1. Run cmd.exe with Admin-rights

net stop wuauserv
net stop bits
net stop cryptsvc
ren C:\Windows\SoftwareDistribution SoftwareDistribution-OLD
net start cryptsvc
net start bits
net start wuauserv

Error: Cannot Delete RevisionID: XXXX Because it is still deployed to a Non DSS Target Group

Solution

• Change the Approval-Status to "Not Approved"

Check WSUS Agent ID (SusClientId)

On WSUS search your system:

Get-WsusComputer -NameIncludes <Hostname> | fl *

Check the ID from the WSUS-Computer with the SusClientID on the Client (have to be the same):

Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" -Name SusClientId

If there is a mismatch, remove the WSUS-Computer Object in the WSUS-Console and run following on your client:

wuauclt /detectnow /reportnow

(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

Dual Scan (on Windows 10 & Windows Server 2016)

Check Dual Scan Konfiguration

$WinUpdateSvc = New-Object -ComObject "Microsoft.Update.ServiceManager"
$WinUpdateSvc.Services | select Name, IsDefaultAUService

If Windows Update is True -> Dual Scan
If Windows Server Update Service is True -> only WSUS/SUP

Disable Dual Scan

Enable the GPO-Policy under Windows Components/Windows Update -> Do not allow update deferral policies to cause scans against Windows Update
More Informations: https://blogs.technet.microsoft.com/swisspfe/2018/04/13/win10-updates-store-gpos-dualscandisabled-sup-wsus/

Disable with RegKey

reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v DisableDualScan /t REG_DWORD /d 1 /f