Event ID 1024 — WSHA Windows Update Assessment

Updated: May 25, 2011

Applies To: Windows Server 2008 R2

red

The Windows Security Health Agent (WSHA) uses Windows Server Update Services (WSUS) to validate Windows software update status and compliance. In order to perform this validation, the client must be able to connect to the configured WSUS server.

Event Details

Product: Windows Operating System
ID: 1024
Source: Microsoft-Windows-SystemHealthAgent
Version: 6.1
Symbolic Name: MSSHA_EVENT_WSC_CHANGE_DETECTION_FAIL
Message: Windows Security Center detected a system health state change but the Windows Security Health Agent could not enumerate the state change.
Failure Code: %1

Resolve

Enable Windows Update Services

To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

To enable the Windows Update service for automatic startup and start the service:

  1. On the Network Access Protection (NAP) client computer, click Start, click Run, type services.msc, and then press ENTER.
  2. In the console tree, double-click Windows Update.
  3. In the Windows Update Properties window, next to Startup type, choose Automatic.
  4. Under Service status, click Start.
  5. If the service has been started successfully, the service status will be displayed as Started. Click OK.

Verify

To use WSUS, the Windows Update service must be running and configured to contact an available WSUS server.

To verify that the Windows Update service is running:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type net start, and then press ENTER.
  3. In the command output, under These Windows services are started, verify that Windows Update appears.

To verify the WSUS server configuration:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s, and then press ENTER.
  3. In the command output, verify that the server names displayed next to WUServer and WUStatusServer are correct.

To verify that the WSUS server is available:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type wuauclt /detectnow, and then press ENTER. This command will force the Windows Update service to check for software updates.
  3. In the command window, type findstr /I /C:"report" %WinDir%\WindowsUpdate.log. This command will filter the WindowsUpdate.log file and display success, failure, and warning events.
  4. In the command output, verify that the last line reads "Success Software Synchronization."

Related Management Information

WSHA Windows Update Assessment

NAP Infrastructure

Community Additions

ADD
Show: