Resetting Windows Update on Domain Joined Computers

Windows Update & WSUS have been a thorn in my side for many many years. When it works its great but when it doesn’t it can be very frustrating to figure out what went wrong. Over the years I’ve had to rebuilt WSUS twice, once when it just stopped pushing updates and another time where it imploded itself and corrupted the database. Recently we had a number of computers, around 10%, stop reporting back to WSUS for status. They also reported no updates available when checking for updates using WSUS. We tried all the troubleshooters, DISM cleanups, etc, but nothing seemed to work. I thought maybe it was WSUS again but that wouldn’t make sense with so many successfully getting updated. Even tried the Microsoft recommendations on resetting Windows Update but in our case BITS didn’t want to stop. And related to this we were getting Task Host errors on shutdown for those machines with the reason being “AutomaticUpdateHost” which would make sense if BITS was stuck.

After some testing we found that the Microsoft recommendations did work when in safe mode. Problem was doing this as easily with the least amount of downtime and hands on touching. To that end I created a series of three batch files. The first one, run as a administrator, will set the boot options to safeboot with networking and reboot:

bcdedit /set {default} safeboot network
shutdown -r -t 5

The second is most of the Microsoft recommendations along with others I’ve found on the internet:

@echo off
echo Stopping Windows Update and BTIS services…
net stop bits /y
net stop wuauserv /y
net stop appidsvc /y
net stop cryptsvc /y
echo Killing any windows updates in process
taskkill /im wuauclt.exe /f
echo Deleting some files…
del /s /q /f "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr.dat" del /s /q /f "%ALLUSERSPROFILE%\Microsoft\Network\Downloader\qmgr.dat"
del /s /q /f "%SYSTEMROOT%\WindowsUpdate.log"
rd /s /q "C:\WINDOWS\SoftwareDistribution"
rd /s /q "%SYSTEMROOT%\system32\Catroot2"
del %USERPROFILE%\AppData\Local\Temp* /s /q
for /d %%x in (%USERPROFILE%\AppData\Local\Temp*) do @rd /s /q "%%x"
del %systemroot%\Temp* /s /q
for /d %%y in (%systemroot%\Temp*) do @rd /s /q "%%y"
echo Reset the BITS service and the Windows Update service to the default security descriptor.
sc.exe sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
sc.exe sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
echo Deleting registry keys….
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionstartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
echo Re-registering Windows Update components…
regsvr32.exe /s c:\windows\system32\atl.dll
regsvr32.exe /s c:\windows\system32\urlmon.dll
regsvr32.exe /s c:\windows\system32\mshtml.dll
regsvr32.exe /s c:\windows\system32\shdocvw.dll
regsvr32.exe /s c:\windows\system32\browseui.dll
regsvr32.exe /s c:\windows\system32\jscript.dll
regsvr32.exe /s c:\windows\system32\vbscript.dll
regsvr32.exe /s c:\windows\system32\scrrun.dll
regsvr32.exe /s c:\windows\system32\msxml.dll
regsvr32.exe /s c:\windows\system32\msxml3.dll
regsvr32.exe /s c:\windows\system32\msxml6.dll
regsvr32.exe /s c:\windows\system32\actxprxy.dll
regsvr32.exe /s c:\windows\system32\softpub.dll
regsvr32.exe /s c:\windows\system32\wintrust.dll
regsvr32.exe /s c:\windows\system32\dssenh.dll
regsvr32.exe /s c:\windows\system32\rsaenh.dll
regsvr32.exe /s c:\windows\system32\gpkcsp.dll
regsvr32.exe /s c:\windows\system32\sccbase.dll
regsvr32.exe /s c:\windows\system32\slbcsp.dll
regsvr32.exe /s c:\windows\system32\cryptdlg.dll
regsvr32.exe /s c:\windows\system32\oleaut32.dll
regsvr32.exe /s c:\windows\system32\ole32.dll
regsvr32.exe /s c:\windows\system32\shell32.dll
regsvr32.exe /s c:\windows\system32\initpki.dll
regsvr32.exe /s c:\windows\system32\wuapi.dll
regsvr32.exe /s c:\windows\system32\wuaueng.dll
regsvr32.exe /s c:\windows\system32\wuaueng1.dll
regsvr32.exe /s c:\windows\system32\wucltui.dll
regsvr32.exe /s c:\windows\system32\wups.dll
regsvr32.exe /s c:\windows\system32\wups2.dll
regsvr32.exe /s c:\windows\system32\wuweb.dll
regsvr32.exe /s c:\windows\system32\qmgr.dll
regsvr32.exe /s c:\windows\system32\qmgrprxy.dll
regsvr32.exe /s c:\windows\system32\wucltux.dll
regsvr32.exe /s c:\windows\system32\muweb.dll
regsvr32.exe /s c:\windows\system32\wuwebv.dll
echo Resetting Winsock…
netsh winsock reset
echo Resetting WinHTTP proxy…
netsh winhttp reset proxy
echo Resetting the services as automatic…
sc.exe config wuauserv start= auto
sc.exe config bits start= delayed-auto
sc.exe config cryptsvc start= auto
sc.exe config TrustedInstaller start= demand
sc.exe config DcomLaunch start= auto
echo Restarting services…
net start bits
net start wuauserv
net start appidsvc
net start cryptsvc
net start DcomLaunch
echo Telling Windows to detect updates…
wuauclt.exe /resetauthorization
wuauclt.exe /detectnow
wuauclt.exe /reportnow
PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()

Then finally once that runs through is the third batch file to set the computer back to a normal boot:

bcdedit /deletevalue {default} safeboot
shutdown -r -t 5

I put all three into a folder and placed it on the desktops of the troubled computers then ran each in sequence. First the computer rebooted in safe mode, then Windows Update gets reset along with deleting all temp files, then the computer reboots normally.

So far every computer this was run on has reported in. Not sure what causes this in the first place but at least we have a quick solution now.

Note: The script was written to be run in regular mode so its stopping services that are normally already stopped in safe mode but was just reused for this purpose on the machines where BITS kept getting stuck.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.