Managing WSUS 3.0 SP2 from the Command Line
The wsusutil command-line utility is used in managing WSUS servers and is located in the WSUSInstallDir\Tools folder of WSUS servers. The table below summarizes the different parameters that can be used with this utility, and later sections explain the syntax and usage of each parameter.
Hinweis
You can also use Windows® PowerShell® to access the WSUS 3.0 APIs from the command line.
Using the wsusutil utility
You must be an administrator to run the wsusutil utility. This utility is installed only on WSUS server machines, not on console-only installations.
.gif) Tipp |
|---|
| To see all wsusutil parameters, type wsusutil help on the command line. To see usage for each of the parameters, type wsusutil helpparameterName. |
Summary of wsusutil Commands
| Command | Description |
|---|---|
| configuressl | Updates the WSUS server registry key after the IIS configuration has changed. |
| healthmonitoring | Configures health monitoring values in the database. If new values are not specified, the current values are displayed. |
| export | Part of the export/import process used to synchronize a downstream WSUS without using a network connection. Exports update metadata to an export package file. You cannot use this parameter to export update files, update approvals, or server settings. |
| import | The second part of the export/import process. Imports update metadata to a server from an export package file created on another WSUS server. This synchronizes the destination WSUS server without using a network connection. |
| movecontent | Changes the file system location where the WSUS server stores update files, and optionally copies any update files from the old location to the new location |
| listfrontendservers | Lists the front-end servers related to this WSUS server. |
| deletefrontendserver | Deletes the specified front-end server from the WSUS database. |
| checkhealth | Checks the health of the WSUS serve. Results will appear in the Application Event log. |
| reset | Checks that every update metadata row in the database has corresponding update files stored in the file system. If update files are missing or have been corrupted, downloads the update files again. |
| listinactiveapprovals | Returns a list of update titles with approvals that are in a permanently inactive state because of a change in server language settings. |
| removeinactiveapprovals | Removes approvals for updates that are in a permanently inactive state because of a change in WSUS server language settings. |
| usecustomwebsite | Changes the port number used by the WSUS Web services from 80 to 8530 or vice versa. |
| Parameter | Description |
|---|---|
| ServerCertificateName | An optional parameter. When present, it provides the name in the Issued to field of the server certificate. |
Hinweis
You may set or get only one parameter at a time.
| Parameter | Description | ||
|---|---|---|---|
| **IntervalsInMinutes** *\[DetectInterval\] \[RefreshInterval\]* | Sets the values for detect and refresh intervals. If the detect interval is 0, the detect cycle will not run. If the refresh interval is 0, the refresh cycle will not run. For more information about the detect and refresh cycles, see [Health Monitoring in WSUS 3.0 SP2](https://technet.microsoft.com/7f2a52af-1738-4320-9066-e58fa904fc70). | ||
| **DiskSpaceInMegabytes** *\[ErrorLevel\] \[WarningLevel\]* | Sets the amount of available disk space (in megabytes) at which a low disk space warning or error event should be logged. | ||
| **CatalogSyncIntervalInDays** *\[Days\]* | Sets the number of days that should have passed after synchronization before a warning event should be logged.. | ||
| **InstallUpdatesInPercent** *\[WarningPercent\]\[ErrorPercent\]* | Sets the percentage of update installation failures at which a warning or error event should be given. | ||
| **InventoryInPercen** *\[WarningPercent\]\[ErrorPercent\]* | Sets the percentage of inventory reporting failures at which a warning or error should be given. | ||
| **SilentClientsInPercent** *\[WarningPercent\]\[ErrorPercent\]* | Sets the percentage of clients not reporting to the server at which a warning or error should be given. | ||
| **SilentClientsInDays** *\[Days\]* | Sets the number of days clients can fail to report before an error should be given. | ||
| **TargetComputersInPercent** *\[WarningPercent\]\[ErrorPercent\]* | Sets the maximum percentage of target computers reporting to this server below which a warning or error event should be given. For example, if you set values of 80 and 60, a warning event will be logged if only 80 percent of computers have reported, and an error event will be logged if only 60 percent of computers have reported. | ||
| **CheckAcls** *on|off* | If on, health monitoring should check ACLs on the relevant directories. | ||
| **CheckForLowDiskSpace** *on|off* | If on, health monitoring should check for low disk space. | ||
| **CheckForCatalogSyncFailures** *on|off* | If on, health monitoring should check for catalog synchronization failures. | ||
| **CheckForContentSyncFailures** *on|off* | If on, health monitoring should check for content synchronization failures. | ||
| **CheckForEmailNotificationFailures** *on|off* | If on, health monitoring should check for e-mail notification failures. | ||
| **CheckSelfUpdate** *on|off* | If on, health monitoring should check for client self-update failures. | ||
| **CheckClientsExist** *on|off* | If on, health monitoring should check whether this server has any clients. | ||
| **CheckForUpdateInstallFailures** *on|off* | If on, health monitoring should check for update installation failures. | ||
| **CheckForInventoryFailures** *on|off* | If on, health monitoring should check for clients failing to report inventory.. | ||
| **CheckForSilentClients** *on|off* | If on, health monitoring should check for clients that have failed to report to the server. | ||
| **CheckForTooManyClients** *on|off* | If on, health monitoring should check whether the number of clients is approaching the maximum number allowed. | ||
| **CheckReportingWebService** *on|off* | If on, health monitoring should check the Reporting Web service. | ||
| **CheckApiRemotingWebService** *on|off* | If on, health monitoring should check the API Remoting Web service. | ||
| **CheckServerSyncWebService** *on|off* | If on, health monitoring should check the Server Synchronization Web service. | ||
| **CheckClientWebService** *on|off* | If on, health monitoring should check the client Web service. | ||
| **CheckSimpleAuthWebService** *on|off* | If on, health monitoring should check the Simple Authentication Web service. | ||
| **CheckDssAuthWebService** *on|off* | If on, health monitoring should check the Downstream Server Authentication Web service. | ||
Output
The output from wsusutil paramName is usually the current state of the given parameter. Some examples are given below:
wsusutil healthmonitoring IntervalsInMinutes
Output:
Detect interval: 10 min, Refresh interval: 360 min
wsusutil healthmonitoring DiskSpaceInMegabytes
Output:
Error level: 200 MB, Warning level: 500 MB
However, with the parameters setting on or off the different health monitoring checks (for example, wsusutil healthmonitoringCheckAcls), the output will simply be a warning that the WSUS Service must be stopped and restarted for the change to take effect.
export
For more information about exporting and importing updates, see the Set Up a Disconnected Network (Import and Export the Updates) section in the Windows Server Update Services 3.0 SP2 Deployment Guide.
Syntax
wsusutil export package logfile
| Parameter | Description |
|---|---|
| package | The path and file name of the package .cab to create. |
| logfile | The path and file name of the log file to create. |
Hinweis
Exporting from a WSUS 2.0 server to a WSUS 3.0, WSUS 3.0 SP1, or WSUS 3.0 SP2 server (or from a WSUS 3.0, WSUS 3.0 SP1, or WSUS 3.0 SP2 server to a WSUS 2.0 server) is not supported.
Import
For background and procedural information about exporting and importing updates, see the WSUS Deployment Guide at WSUS Deployment Guide (https://go.microsoft.com/fwlink/?LinkId=139832).
Syntax
wsusutil import package logfile
| Parameter | Description |
|---|---|
| package | The path and file name of the package .cab to import. |
| logfile | The path and file name of the log file to import. |
Hinweis
Importing from a WSUS 2.0 server to a WSUS 3.0, WSUS 3.0 SP1, or WSUS 3.0 SP2 server (or from a WSUS 3.0, WSUS 3.0 SP1, or WSUS 3.0 SP2 server to a WSUS 2.0 server) is not supported.
Movecontent
When you run this command, wsusutil does the following:
- Copies the update files from the old location to the new location. The old location is not deleted.
- Updates the WSUS database to refer to the new location of the update files.
- Ensures that the content and metadata are synchronized. This check is always run, even if the –skipcopy parameter is used.
The destination folder to which update files are moved must be on an NTFS partition. The utility will not try to copy update files if they already exist in the destination folder. The destination folder will have the same permissions that were set on the original folder.
Hinweis
You can use xcopy, the Backup utility, or other methods to copy update files from the old location to the new one. If you copy the files by using a method other than wsusutil, you still need to run wsusutil to perform the second part of the move, using the -skipcopy parameter. See the "Syntax" section for more information.
There are two scenarios in which you might move update files from one WSUS drive to another:
- If the drive is full
- If the hard disk fails
If the drive is full
If the drive where WSUS stores update files is full, you can do one of the following:
- Add more space to your current drive by using NTFS functionality. This operation can be done without using wsusutil, because it does not affect WSUS configuration or operation.
- Install a new drive, and then move the update files from the old drive to the new location by using wsusutil.
If the hard disk fails
If the hard disk fails, you must do the following:
- Install the new disk on your computer, and then restore the update files from your backup files. Note: If you have not backed up your update files, WSUSutil.exe downloads the missing files at the end of the content move operation.
- Run wsusutil movecontent newLocation, specifying the location for the new disk. In addition, you specify the -skipcopy parameter, because you are either putting the files in the new folder through the backup utility or the source folder does not exist; the update files will be downloaded at the end of this process.
- When the move operation is complete, all the missing files are downloaded.
Syntax
wsusutil movecontent contentpath logfile -skipcopy
| Parameter | Description |
|---|---|
| contentpath | The new root for content files. The path must exist. |
| logfile | The path and file name of the log file to create. |
| -skipcopy | Indicates that only the server configuration should be changed, and that the content files should not be copied. |
| Parameter | Description |
|---|---|
| serverName | The name of the front-end server to be deleted. |
Wichtig
This command removes the front-end server from the database only. You will need to run wsussetup /u on the front-end server to uninstall WSUS.
checkhealth
This command checks the health of the WSUS server. The health check is configured by wsusutil healthmonitoring). The results are written to the event logs.
Syntax
wsusutil checkhealth
reset
You use this command if you store updates locally on your WSUS server and want to ensure that the metadata information stored in your WSUS database is accurate. With this command, you verify that every update metadata row in the WSUS database corresponds to update files stored in the local update file storage location on your WSUS server. If update files are missing or have been corrupted, WSUS downloads the update files again. This command might be useful to run after you restore your database, or as a first step when troubleshooting update approvals.
Syntax
wsusutil reset
listinactiveapprovals
If you change language options on an upstream WSUS server, the number of approved updates on the upstream server may not match the number of approved updates on a replica server. For example, consider the following scenario. You configure your upstream server to synchronize all languages, then synchronize and approve 300 updates, of which 50 are non-English language updates. Afterward, you change the language setting on the server to English only. Later, a replica server synchronizes from the upstream server and downloads the "active" approvals, which now are only the English language ones (replica servers synchronize only active approvals). At this point, you will see 300 updates approved on the upstream server, but only 250 approved on the replica server. You can use listinactiveapprovals to see a list of the updates on the parent upstream server that are permanently inactive—in this case, the 50 updates that are not English. You do not have to run this command before running the removeinactiveapprovals command.
Syntax
wsusutil listinactiveapprovals
removeinactiveapprovals
See the explanation above for a description of situations in which you might need to use removeinactiveapprovals. You do not have to run the listinactiveapprovals command before running this command.
Syntax
wsusutil removeinactiveapprovals
usecustomwebsite
If you set this value to true, WSUS Setup will use port 8530 for its Default Web site. If you set it to false, WSUS will use port 80.
Wichtig
You must use this command before you configure SSL.
Wichtig
If you are installing SharePoint on the same machine as WSUS, the value of usecustomwebsite should be set to true before the install.
Wichtig
Using this command after running WSUS Setup will fail if the index of the default Web site is set to a value other than 1.
Syntax
wsusutil usecustomwebsite true