Event ID 1008 — WSHA Windows Update Assessment

  • Article

Applies To: Windows Server 2008

The Windows Security Health Agent (WSHA) uses Windows Server Update Services (WSUS) to validate Windows software update status and compliance. In order to perform this validation, the client must be able to connect to the configured WSUS server.

Event Details

Product: Windows Operating System
ID: 1008
Source: Microsoft-Windows-SystemHealthAgent
Version: 6.0
Symbolic Name: MSSHA_EVENT_OFFLINE_SEARCH_FAILURE
Message: The Windows Security Health Agent failed to complete an offline scan.
Failure Code: %1

Resolve

Enable Windows Update Services

To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

To enable the Windows Update service for automatic startup and start the service:

  1. On the Network Access Protection (NAP) client computer, click Start, click Run, type services.msc, and then press ENTER.
  2. In the console tree, double-click Windows Update.
  3. In the Windows Update Properties window, next to Startup type, choose Automatic.
  4. Under Service status, click Start.
  5. If the service has been started successfully, the service status will be displayed as Started. Click OK.

Verify

To use WSUS, the Windows Update service must be running and configured to contact an available WSUS server.

To verify that the Windows Update service is running:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type net start, and then press ENTER.
  3. In the command output, under These Windows services are started, verify that Windows Update appears.

To verify the WSUS server configuration:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s, and then press ENTER.
  3. In the command output, verify that the server names displayed next to WUServer and WUStatusServer are correct.

To verify that the WSUS server is available:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type wuauclt /detectnow, and then press ENTER. This command will force the Windows Update service to check for software updates.
  3. In the command window, type findstr /I /C:"report" %WinDir%\WindowsUpdate.log. This command will filter the WindowsUpdate.log file and display success, failure, and warning events.
  4. In the command output, verify that the last line reads "Success Software Synchronization."

WSHA Windows Update Assessment

NAP Infrastructure