Archive for March, 2013

What’s new in WSUS in Windows Server 2012

March 27th, 2013 No comments

Installation of WSUS on Windows Server 2012

I started to install WSUS service on Windows Server 2012. I selected to install Windows Internal Database as store of WSUS metadata.

WSUS installation

I selected to store updates on local C:\ drive (it’s just testing machine):

Store updates localy

After first run on Windows Server Update Services management tool WSUS asks again if I want to store updates locally or not:

WSUS complete installation

When I click Run, post-installation starts to run:


And I received Post-installation “notification” 🙂 in Microsoft word it means I have a problem (Failed to restart the current database. The currecnt database is switched to master):

Post-installation error

So if computer has problem with restarting database, let’s restart service. Didn’t help 🙂 Let’s restart whole computer. Didn’t help either. So the problem will be somewhere else.

I tried to install WSUS from scratch. I uninstalled WSUS and also Windows Internal Database feature. I also deleted data for Windows Internal Database from directory C:\Windows\WID. Then I installed WSUS with all dependecies – WID, IIS, …

Now I’m getting different error:

WSUS illegal character in path

Problem was backslash in input window for defining directory to store updates 😀 This path was predefined by wizard and it was wrong. This is really funny 🙂

So after reinstallation of WSUS and WID and defining “correct” path to update store directory (without backslash on the end 🙂 ) everything looks to be done correctly:

Post-installation done

Let click Close and look what’s new in WSUS. First we need to configure WSUS and I did it using WSUS Wizard. I don’t see any news in this Wizard compared to older one.

Exploring WSUS

I haven’t notice any news in WSUS mmc console. I always use client side group targeting. This feature allows you to create groups of computers in WSUS structure. It can be used to target updates specified for testing to just group of computers and so on. To make this working you need to set client side of group targeting by defining name of Group and also you need to create new Computer Group in WSUS structure. What I always forget it to create these Computer Groups in WSUS structure 🙂 I would love to see some option to allow WSUS to create these Computer Groups automatically. But this didn’t happend of this version of WSUS.

I think the most powerful thing Microsoft added into WSUS is support for Powershell cmd-lets. Most of the time WSUS settings about update Classifications and update Products are same from customer to cutosmer, so you can automate this settings using cmd-lets Get-WsusClassification, Set-WsusClassification, Get-WsusProduct and Set-WsusProduct.

To get some information about WSUS Server it selft you can use cmd-let Get-WsusServer:


There are more interesting cmd-lets. One is Get-WsusComputer which prints out some more information about computer reported into WSUS:


Get-WsusComputer has lot of ability to filter out computers on some conditions. Failed, Needed, …

To manage updates from powershell you can use cmd-lets Get-WsusUpdate, Approve-WsusUpdate and Deny-WsusUpdate. You can for example approve all updates that are Unapproved and FailedOrNeeded:

Get-WsusUpdate -Classification All -Approval Unapproved -Status FailedOrNeeded | Approve-WsusUpdate -Action Install -TargetGroupName “All Computers”

And the last cmd-let I really love, because I can make scheduled task to run Clean-up Wizard. Cmd-let is Invoke-WsusServerCleanup. You can do every cleanup task you can make from GUI.


I don’t think there is too much to improve on WSUS, but little powershell support for WSUS is handy.

Quickie: Kerio has also some bug

March 14th, 2013 No comments

Today I solved one network issue. Customer has Tomcat webserver. This server is located at central site. Users which use this Tomcat website are located at branches. These branches are connected via MLPS network. There is Kerio in between MPLS network and central site. Problem was that people from central site could use Tomcat website, but people from branch offices couldn’t use it. After couple minutes of analyzing network using Wireshark, I found out that problem is caused by IP fragmentation.

I solved it by Enabling PMTU black hole detection and Disabling PMTU Discovery as described HERE.

I found also old article about this issue at Kerio support forum.

Quickie: Exchange analyzer as stant-alone applications

March 12th, 2013 No comments

Today was new version of Exchange testing applications released. More about it is HERE.

Run script in elevated mode with active UAC

March 4th, 2013 No comments

I had to run one vbs script on Windows 7 with UAC enabled. This script was implemented as part of Run/RunOnce technology in Windows. When you want some script/application to run everytime you log in or just once you log in, you can use this technology built-in Windows. You can read about it here. Implementation of these registry keys was easy. Problem raised when I found out that script doesn’t run in elevated mode – without administrative privileges.

If you need to run some script in elevated mode, you can right-click on script and select “Run as administrator”. This is fine, but what about script that is part of registries? There is no way to right-click 🙂 You have to use UNDOCUMENTED parameter “runas” of parameter ShellExecute of object Shell.Application. It’s really undocumented on official sites!

Another bad thing of running script in elevated mode is that you cannot access network drives which you have mapped. You need to remap them and then you can use them.

There are nice articles which describe how to run scripts in elevated mode:

This saved me couple hours of fight with scripts 🙂


VBS Script: How to find out actual path of running script

March 1st, 2013 No comments

When you need to find out what path is the running script located at you can use following script:

Dim strFullPath, strPath

strFullPath = WScript.ScriptFullName

strPath = Left(strFullPath, InStrRev(strFullPath,”\”))