[WSUS,筆記註解]清除並重新加入WSUS，並強制去報到

加入wsus 解決id重複刪資料夾重抓無法報到

舜~ 2020-10-07 17:14:10 ‧ 9339 瀏覽

清潔並重新加入WSUS，並強制去報到
存成bat檔，
<<你server的IP>>換成您的IP，
最後面的pause要不要拿掉自在~
用系統管理員執行即可

因為遇到[WSUS]client更新卡住問題這個問題，
發現網路上有很多類似的，
不過完全不知道變更登入檔是為了什麼，
所以花點時間註解一下每個登入檔的用途，
順便記錄下來~~

批次檔功效

加入WSUS
強制報到，解決無法報到問題
解決ID重複問題
透過刪資料夾來解決一些未知問題
繞過憑證問題
重新註冊異常的dll

@echo off

:: 編輯者:阿舜<wewe987001@gmail.com>
:: 日期: 2020/10/7
::
:: 修正紀錄
:: 2020/10/08 因內政部GCB規定，AUOptions改成3
:: 2020/10/14 結合官方DOS Script to Reset Windows Update Agent文章進行調整合併
:: 2020/10/23 拿掉wuauclt /downloadnow 因為找不到定義；AUOptions改回4，因為gpupate /force會自動用GCB蓋掉，所以其實不用特別去改
::
:: 參考來源: 
:: [WIN]WSUS用command line 完成使用群組原則或登錄設定來設定自動更新 
::  https://sungshu.pixnet.net/blog/post/223046281-%5Bwin%5Dwsus用command-line-完成使用群組原則或登錄

:: 建立自家的 Windows Update Server - WSUS
:: https://blog.xuite.net/tolarku/blog/194558299-建立自家的+Windows+Update+Server+-+WSUS+

:: Client Machines Not Reporting to WSUS Properly?
:: https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

:: DOS Script to Reset Windows Update Agent
:: https://gallery.technet.microsoft.com/scriptcenter/Dos-Command-Line-Batch-to-fb07b159

:: ===============================
echo "暫停服務..."
:: ===============================
net stop w32time
net stop wuauserv
net stop bits
net stop msiserver
net stop appidsvc
net stop cryptsvc
net stop ccmexec

:: ===============================
:: "重新註冊dll..."
:: ===============================
regsvr32.exe /s %WinDir%\system32\atl.dll 
regsvr32.exe /s %WinDir%\system32\urlmon.dll 
regsvr32.exe /s %WinDir%\system32\mshtml.dll 
regsvr32.exe /s %WinDir%\system32\shdocvw.dll 
regsvr32.exe /s %WinDir%\system32\browseui.dll 
regsvr32.exe /s %WinDir%\system32\jscript.dll 
regsvr32.exe /s %WinDir%\system32\vbscript.dll 
regsvr32.exe /s %WinDir%\system32\scrrun.dll 
regsvr32.exe /s %WinDir%\system32\msxml.dll 
regsvr32.exe /s %WinDir%\system32\msxml3.dll 
regsvr32.exe /s %WinDir%\system32\msxml6.dll 
regsvr32.exe /s %WinDir%\system32\actxprxy.dll 
regsvr32.exe /s %WinDir%\system32\softpub.dll 
regsvr32.exe /s %WinDir%\system32\wintrust.dll 
regsvr32.exe /s %WinDir%\system32\dssenh.dll 
regsvr32.exe /s %WinDir%\system32\rsaenh.dll 
regsvr32.exe /s %WinDir%\system32\gpkcsp.dll 
regsvr32.exe /s %WinDir%\system32\sccbase.dll 
regsvr32.exe /s %WinDir%\system32\slbcsp.dll 
regsvr32.exe /s %WinDir%\system32\cryptdlg.dll 
regsvr32.exe /s %WinDir%\system32\oleaut32.dll 
regsvr32.exe /s %WinDir%\system32\ole32.dll 
regsvr32.exe /s %WinDir%\system32\shell32.dll 
regsvr32.exe /s %WinDir%\system32\initpki.dll 
regsvr32.exe /s %WinDir%\system32\wuapi.dll 
regsvr32.exe /s %WinDir%\system32\wuaueng.dll 
regsvr32.exe /s %WinDir%\system32\wuaueng1.dll 
regsvr32.exe /s %WinDir%\system32\wucltui.dll 
regsvr32.exe /s %WinDir%\system32\wups.dll 
regsvr32.exe /s %WinDir%\system32\wups2.dll 
regsvr32.exe /s %WinDir%\system32\wuweb.dll 
regsvr32.exe /s %WinDir%\system32\qmgr.dll 
regsvr32.exe /s %WinDir%\system32\qmgrprxy.dll 
regsvr32.exe /s %WinDir%\system32\wucltux.dll 
regsvr32.exe /s %WinDir%\system32\muweb.dll 
regsvr32.exe /s %WinDir%\system32\wuwebv.dll

:: 清掉現有ID，解決有ID重複的問題
echo "清除現有ID..."
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v  SusClientIDValidation /f

:: ===============================
:: 設定WSUS伺服器位置
:: ===============================
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ /v WUServer /t REG_SZ /d http://<<你server的IP>>:8530 /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ /v WUStatusServer /t REG_SZ /d http://<<你server的IP>>:8530 

:: ===============================
:: "其他設定..."(選用)
:: ===============================
:: user是否可以接受或拒絕更新(0:只有管理員可以接受或拒絕更新)
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ /v ElevateNonAdmins /t REG_dword /d 00000000 /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ /v AcceptTrustedPublisherCerts /t REG_dword /d 00000001 /f
:: 數值2:提醒下載和安裝 3:自動下載並提醒安裝 4:自動下載並自動執行計劃的安裝(後面排程時間才會生效)
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v AUOptions /t REG_dword /d 00000004 /f
:: 代表兩次檢測週期之間的間隔時間(小時)
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v DetectionFrequency /t REG_dword /d 00000006 /f
:: 是否啟用自定義檢測頻率控制
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v DetectionFrequencyEnabled /t REG_dword /d 00000001 /f
:: 是否停用自動更新
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v NoAutoUpdate /t REG_dword /d 00000000 /f
:: 是否可自定延遲重開機需求所需分鐘數
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v RebootWarningTimeoutEnabled /t REG_dword /d 00000001 /f
:: 可延遲15分鐘後再重開機
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v RebootWarningTimeout /t  REG_dword /d 00000015 /f
:: 0: 每天。1 到 7：一周的每一天，從周日 (1) 到周六 (7)。
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v ScheduledInstallDay /t REG_dword /d 00000000 /f
:: 以 24 小時形式表示的一天中的時間 (0-23)
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v ScheduledInstallTime /t REG_dword /d 00000020 /f
:: 將此值設置爲 1，則自動更新將使用正運行軟體更新服務而不是 Windows 更新的伺服器。
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v UseWUServer /t REG_dword /d 00000001 /f
:: 如果設置爲 1，當有登錄用戶時，自動更新不會自動重新啓動電腦。
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v NoAutoRebootWithLoggedOnUsers /t REG_dword /d 00000001 /f
:: 代表在啟動系統後，自動更新功能等待，然後才安裝漏掉更新的等待時間的分鐘數
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ /v RescheduleWaitTime /t REG_dword /d 00000020 /f

echo "更新電腦原則(若有GPO，會以GPO為主自動覆蓋掉上述設定)..."
:: 強制更新電腦原則(若有GPO，會以GPO為主自動覆蓋掉)
gpupate /force

:: ===============================
:: "刪掉AU cache資料夾與log檔..."
:: ===============================
:: 刪掉WSUS資料夾
del /f /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" 
del /f /s /q %SystemRoot%\SoftwareDistribution\*.*  
del /f /s /q %SystemRoot%\system32\catroot2\*.* 
del /f /q %SystemRoot%\WindowsUpdate.log  

:: ===============================
:: 重啟服務並去報到
:: ===============================
net start ccmexec
net start cryptsvc
net start appidsvc
net start wuauserv
net start bits
net start w32time
net start msiserver

:: resetauthorization:重設cookie並建立連線 detectnow:檢測是否有新的Service Pack
wuauclt /resetauthorization /detectnow
:: wuauclt /downloadnow  :: 沒找到定義
:: 立即回報更新狀態
wuauclt /reportnow

:: "設定完成 !!"


:: ===============================
:: 取得log回來分析(選用)
:: ===============================
:: 取得log c:\windows\WindowsUpdate.log 回頭確認有無出錯
FOR /F "usebackq" %%i IN (`hostname`) DO SET hname=%%i
set user=%hname%_%USERNAME%
FOR /F "tokens=1-4 delims=/ " %%a IN ("%date%") DO SET MyDate=%%a%%b%%c
FOR /F "tokens=1-4 delims=: " %%a IN ("%time%") DO SET MyTime=%%a%%b%%c

copy %SystemRoot%\WindowsUpdate.log %cd%\ClientLog_%user%_%MyDate%_%MyTime%.log

pause

最後看看c:\windows\WindowsUpdate.log 有無錯誤訊息~

直播研討會

{{ item.channelVendor }} {{ item.webinarstarted }} |

直播中

2 則留言

舜~

iT邦高手 1 級 ‧ 2020-10-13 11:02:37

官方也有提供一個版本
DOS Script to Reset Windows Update Agent
https://gallery.technet.microsoft.com/scriptcenter/Dos-Command-Line-Batch-to-fb07b159

@echo off 
cls 
 
REM ================================================================================== 
REM DESCRIPTION    : This script resets all of Windows Update Agent settings. 
REM AUTHOR         : Luca Fabbri 
REM VERSION HISTORY: 2.0 - Start 
REM ================================================================================== 
 
@echo 1. Stopping Windows Update, BITS, Application Identity, Cryptographic Services and SMS Host Agent services... 
net stop wuauserv 
net stop bits 
net stop appidsvc 
net stop cryptsvc 
net stop ccmexec 
 
@echo 2. Checking if services were stopped successfully... 
sc query wuauserv | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 goto END 
 
sc query bits | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 goto END 
 
sc query appidsvc | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 sc query appidsvc | findstr /I /C:"OpenService FAILED 1060" 
if %errorlevel% NEQ 0 goto END 
 
sc query cryptsvc | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 goto END 
 
sc query ccmexec | findstr /I /C:"STOPPED" 
if %errorlevel% NEQ 0 sc query ccmexec | findstr /I /C:"OpenService FAILED 1060" 
if %errorlevel% NEQ 0 goto END 
 
@echo 3. Deleting AU cache folder and log file...  
del /f /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" 
del /f /s /q %SystemRoot%\SoftwareDistribution\*.*  
del /f /s /q %SystemRoot%\system32\catroot2\*.* 
del /f /q %SystemRoot%\WindowsUpdate.log  
 
REM @echo 3. Renaming AU cache folder and log file... 
REM del /f /q "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" 
REM ren %SystemRoot%\SoftwareDistribution *.bak 
REM ren %SystemRoot%\system32\catroot2 *.bak 
REM ren %SystemRoot%\WindowsUpdate.log *.bak 
 
REM sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) 
REM sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) 
 
@echo 4. Re-registering DLL files... 
cd /d %WinDir%\system32 
regsvr32.exe /s atl.dll 
regsvr32.exe /s urlmon.dll 
regsvr32.exe /s mshtml.dll 
regsvr32.exe /s shdocvw.dll 
regsvr32.exe /s browseui.dll 
regsvr32.exe /s jscript.dll 
regsvr32.exe /s vbscript.dll 
regsvr32.exe /s scrrun.dll 
regsvr32.exe /s msxml.dll 
regsvr32.exe /s msxml3.dll 
regsvr32.exe /s msxml6.dll 
regsvr32.exe /s actxprxy.dll 
regsvr32.exe /s softpub.dll 
regsvr32.exe /s wintrust.dll 
regsvr32.exe /s dssenh.dll 
regsvr32.exe /s rsaenh.dll 
regsvr32.exe /s gpkcsp.dll 
regsvr32.exe /s sccbase.dll 
regsvr32.exe /s slbcsp.dll 
regsvr32.exe /s cryptdlg.dll 
regsvr32.exe /s oleaut32.dll 
regsvr32.exe /s ole32.dll 
regsvr32.exe /s shell32.dll 
regsvr32.exe /s initpki.dll 
regsvr32.exe /s wuapi.dll 
regsvr32.exe /s wuaueng.dll 
regsvr32.exe /s wuaueng1.dll 
regsvr32.exe /s wucltui.dll 
regsvr32.exe /s wups.dll 
regsvr32.exe /s wups2.dll 
regsvr32.exe /s wuweb.dll 
regsvr32.exe /s qmgr.dll 
regsvr32.exe /s qmgrprxy.dll 
regsvr32.exe /s wucltux.dll 
regsvr32.exe /s muweb.dll 
regsvr32.exe /s wuwebv.dll 
 
@echo 5. Removing WSUS Client Id... 
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f 
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f 
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f 
 
@echo 6. Resetting Winsock and WinHTTP Proxy... 
netsh winsock reset 
proxycfg.exe -d 
netsh winhttp reset proxy 
 
@echo 7. Starting SMS Host Agent, Cryptographic Services, Application Identity, BITS, Windows Update services... 
net start ccmexec 
net start cryptsvc 
net start appidsvc 
net start bits 
net start wuauserv 
 
@echo 8. Deleting all BITS jobs... 
bitsadmin.exe /reset /allusers 
 
@echo 9. Forcing AU discovery... 
wuauclt /resetauthorization /detectnow 
 
:END