If an endpoint is not reporting to WSUS or hasn’t updated its status in over 24 hours, follow these steps to diagnose and resolve the issue:
Step 0: Verify Prerequisites
Before troubleshooting, ensure the endpoint meets the prerequisites for WSUS. Use JetPatch Endpoint Readiness to analyze and pinpoint missing configurations.
Step 1: Run Prerequisite Checks with JetPatch Endpoint Readiness
Step 2: Check Group Policy and Registry Settings
For Domain-Joined Endpoints
-
Open Command Prompt as administrator.
-
Run:
-
Open
GPReport.html
and navigate to: -
Verify that the policy Specify intranet Microsoft update service location is set to:
-
Force a Group Policy Update (if necessary):
For Non-Domain/Non-Policy Endpoints
- Open Registry Editor (
regedit
) as administrator. - Navigate to:
- Verify or update the values for:
WUServer
WUStatusServer
- Ensure these match the WSUS server URL.
After either gp update or regex change, run the following powershell command as admin
$updateSession = new-object -com "Microsoft.Update.Session";$updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates;
Step 3: Perform Basic Connectivity Tests
On the Endpoint
-
Test Network Connectivity:
Open PowerShell as administrator and run (8531 test only needed if using WSUS SSL):
-
Test WSUS Access via Browser:
- Open a browser and access:
- If inaccessible, investigate server-side or network-related issues.
Step 4: Check Windows Update Service
- Open
services.msc
on the endpoint. - Locate the Windows Update Service and ensure:
- The service is running.
- The Startup Type is set to Automatic.
- If the service is not running, start it and recheck.
Step 5: Analyze Windows Update Logs
Manually Check for Updates
- Open Settings on the endpoint.
- Go to Update & Security > Windows Update.
- Click Check for updates.
- If an error occurs, consult Microsoft’s Troubleshooting Guide.
Generate and Review Windows Update Logs
-
Open PowerShell as administrator and run:
-
Open the generated log (saved on the desktop) and look for error codes such as:
- 0x80244010: Communication issues with WSUS server.
- 0x80072EE2: Timeout or network issues.
Step 6: Reset Windows Update Agent Using JetPatch Scripts
- Use JetPatch’s Reset WUA Authorization script (PowerShell or Batch) to reset the Windows Update Agent.
- If needed, run the Advanced WUA RESET script to fully reset all Windows Update settings.
Monitor Endpoint After Reset
- Use Endpoint Readiness to verify WSUS communication after the reset.
- Focus on the WUA Communication column to confirm updates.
Step 7: Leverage JetPatch for Multi-Endpoint Checks
Run Built-In Tasks
- Open Endpoints > Management in JetPatch.
- Filter by the relevant Windows endpoint group(s).
- Select all rows, then click Action > Run Task.
- Search for Check for potential Windows Update Agent issues and run the task.
- Review results under Endpoints > Activities
Comments
0 comments
Please sign in to leave a comment.