Powershell – Windows Update Client Sledgehammer aka Reset-WUClient

Posted on by 4 Comments

The following code forces a reset/repair of the Windows Update Client on a device. It  is based on https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors 

Fixes errors in WindowsUpdate.log

0x80070002
0x8024400D
0xc80003f3
0x8024000b
0x8024001E
0x800706B5
hr=8024AFFF

It has some improvements over what else you have probably seen

There are an extra service or two I stop as they can stop the catroot2 folder from being cleaned.

Also for SCCM users, un-comment the local policy file deletion section, as often, this can get corrupted.

It gets rebuilt on reboot and and Software Update Actions are run in the SCCM client

 

 

    [CmdletBinding()]
    [Alias()]
    [OutputType([int])]
    Param
    (
        # Param1 help description
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $Computername
    )

<## From https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors
###########
Fixes
0x80070002
0x8024400D
0xc80003f3
###########
May fix these, but after running this script may need to look at the SCCM Client install for this one - it is probably failing
0x8024402c
08024000E
0x80240022
0x80072ee6
###########

###########
Does not fix:
0x80072EE2
0x8007007e
0x8024800A
###########

###########
Component Based Servicing issue - rebuild PC
0x800b0100
###########

###########
"Fine errors"
0x80244010 - if the log says "Exceeded max server round trips" it just means it has not got a full list of updates yet and may take a  few attempts
You will see this once the windows update client is reset and you run the Software Updates Action in the SCCM Client.
###########

Basic Function of Script:
Rename software distribution backup folders 
1.From Start, search for cmd
2.Select Command Prompt from the results
3.At the Command Prompt, type the following and then push Enter:

Ren %systemroot%\SoftwareDistribution SoftwareDistribution.bak
4.When that command completes, type the following and then push Enter:

Ren %systemroot%\system32\catroot2 catroot2.bak
5.Close the Command Prompt window, and reboot your computer.

#NOTE: Services need to be stopped for the folders to be renamed
##>


if (Test-Connection $Computername -count 1)
{

Get-Service -ComputerName $computername -name bits |Stop-Service
Get-Service -ComputerName $computername -name wuauserv |Stop-Service
Get-Service -ComputerName $computername -name cryptsvc |Stop-Service
Get-Service -ComputerName $computername -name msiserver |Stop-Service

$Datestamp = Get-date -Format "yyMMdd-HH-mm"
#Now it is uninstalled remove the Software Distributiuon directory
##NEED TRY CATCH HERE
if ((Get-Service -ComputerName $computername -name bits ).status     -eq "stopped" -and
    (Get-Service -ComputerName $computername -name wuauserv).status  -eq "stopped" -and
    (Get-Service -ComputerName $computername -name msiserver).status -eq "stopped" -and
    (Get-Service -ComputerName $computername -name cryptsvc).status  -eq "stopped"
     )
    {
    if (get-item -path \\$Computername\c$\windows\SoftwareDistribution)
        {
        Rename-Item   -path "\\$Computername\c$\windows\SoftwareDistribution" -newname "\\$Computername\c$\windows\SoftwareDistribution.old.$Datestamp"
        Rename-Item   -path "\\$Computername\c$\windows\system32\catroot2"    -newname "\\$Computername\c$\windows\system32\catroot2.old.$Datestamp"
        }
    #This bit is a sledgehammer. Often this local group policy is corrupt if window updates are not working
    #File is not a text file but a proprietary MS format
    # Uncomment this bit if you use SCCM , as occasionally the local policy file can get corrupted, confusing the SCCM Client
    # Run the Software updated action on the SCCM Client for it to be recreated
    <##if (get-item -path "\\$Computername\c$\Windows\System32\GroupPolicy\Machine\registry.pol")
        {
        remove-item -path "\\$Computername\c$\Windows\System32\GroupPolicy\Machine\registry.pol" -force
        Invoke-GPUpdate -Computer $Computername
        }
    ##>
    #Lets start the services again
    Get-Service -ComputerName $computername -name bits |Start-Service
    Get-Service -ComputerName $computername -name wuauserv |Start-Service
    Get-Service -ComputerName $computername -name cryptsvc |Start-Service
    Get-Service -ComputerName $computername -name msiserver|Start-Service

    remove-item -path "\\$Computername\c$\windows\SoftwareDistribution.old.$Datestamp" -recurse -force
    remove-item -path "\\$Computername\c$\windows\system32\catroot2.old.$Datestamp" -recurse -force
    }
else
    {
    Write-Error -Exception "Services not stopped" -Message "Services failed to stop in allocated time"
    }
}

 

4 thoughts on “Powershell – Windows Update Client Sledgehammer aka Reset-WUClient

  2. You might want to change the Stop-Service to Stop-Service -Force because when I tried your script as-is, I got an error:

    Stop-Service : Cannot stop service ‘Cryptographic Service’ because it has dependent services. It can only be stopped if the Force flag is set.

    • Thanks d3xt3r, That’s not normal. Unfortunately the script does not handle stop services commands well. What I have found is that if I have an error whilst stopping the services, it either means its is in the middle of doing something OR the service has an underlying fault. I tend to just try again an hour later. But definite using force is an option

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.