Here is an excellent utility for checking whether a Windows client machine is really receiving Microsoft’s updates from its mother ship- the local Windows Server Update Service (WSUS). When administering the patches to machines it’s more satisfying to spend time preventing security breaches, than trying to repair unstable systems.
Evaluation of SolarWinds' WSUS Gadget
- Installing the SolarWinds Diagnostic Tool
- Highlights of the SolarWinds Diagnostic Tool
- Video: Diagnostic Tool for the WSUS Agent
- Troubleshooting and Configuring WSUS Settings
Preamble: Manage Microsoft Updates
Once it was pointed out to me – it was obvious, most malware attacks succeed in the days immediately following the discovery of a security flaw. Furthermore, it’s the law of the jungle that those machines that aren’t patched will get hit, while those who install Microsoft’s updates will be immune.
As someone who has spent time troubleshooting update problems, there is only one thing more frustrating than dealing with a machine with no updates, and that is one where the updates are failing but you don’t know why. Enter SolarWinds free WSUS utility.
Review of SolarWinds Diagnostic Tool for the WSUS Agent
Here is a free product for you to check the status of the Windows updates agent. Note the words ‘Diagnostic’ and ‘Agent’ in this utility’s title.
A typical scenario would be a Windows 7 client configured to receive updates on Microsoft’s Patch Tuesday from a WSUS server, but something goes wrong. At this moment you need an agent to contact the server, which is the source of the patches, and then the ability to diagnose why the update failed to transfer.
An alternative scenario for the SolarWinds Diagnostic Tool for the WSUS Agent would be troubleshooting XP machines who did not get the security update that Microsoft released last Friday. However, SolarWinds’ Patch Manager is better for dealing with failed updates installations.
Setup is easy provided:
- The client computer (e.g. Vista or Windows 8) has Windows Update Agent installed.
- It helps if DNS is configured correctly so that your computer can find the IIS server used by WSUS. If not, no worries, the tool will help you diagnose name resolution problems.
- Due to a misconfiguration on my part, I needed to click on the ‘Start Diagnostic’ button before I got a row of green ticks, see screenshots below.
- Installs on 32-bit as well as 64-bit clients.
- Validates the client computer’s Windows Update configuration settings. For example:
– Checks the version number of the Update Agent.
– Checks this computer is configured with a WSUS server.
- Tries to connect to a WSUS on the network.
- Provides feedback on the connection failures; as a result you can resolve the client computer’s DNS problem.
- Note the dashboard has three sections: Machine state, Windows Update Agent configuration settings (expanded in the screenshot below) and WSUS Server Connectivity.
See Lawrence Garvin's video on how to get the most out of this SolarWinds gadget.
Here is a reminder of the basic WSUS (Windows Server Update Services) concept. Microsoft’s website provides the update packages. XP and later Windows machines have a Windows Update service for installing these packages.
A useful option for medium and large networks is to install the WSUS role on one of their servers, this acts as a holding station for Microsoft’s patches. Perhaps an even bigger benefit than saving internet bandwidth is the ability for Administrators to control which updates get installed, on which clients, at which time.
WSUS is a thing of beauty when it works, but if it goes wrong there are many places where you need to check the settings; it is at this point that SolarWinds WSUS tool is a lifesaver.
Group Policy for WSUS
Policies (Not preferences)
Registry Settings for WSUS
When testing in a non–Active Directory Environment here is where you find the Windows Update settings are stored in the registry: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
Useful keys: WUServer and WUStatusServer
To help you manage the whole update cycle why not take a look at SolarWinds Patch Manager (SPM).
The benefit of this bigger SolarWinds product is that in addition to Microsoft updates, you can push out patches for Mozilla Firefox or Adobe Acrobat, or alternatively, you can create your own custom packages.
Another big benefit of SolarWinds Patch Manager is reporting. You can see easily which patches have been applied to which machines. See more on SolarWinds Patch Manager.
Summary: Review of SolarWinds Diagnostic Tool for the WSUS Agent
Remember the keywords 'Diagnostic and Agent'. What this tool does is validate the update agent on Windows client configurations. Furthermore, it helps in troubleshooting client connection frustrations. This is my sort of tool because SolarWinds’ WSUS suggests repairs.
More Free and Trial Network Software
Here are Guy’s reviews, recommendations and download links for additional handy utilities. Many of these programs are completely free, while others are fully-functional, but time limited. One common theme is that SolarWinds give you a free specialist tool ideal for testing, and then supply a more comprehensive suite for bigger networks. To let you into a secret, for small networks, the free tool is all you’ll ever need.