miércoles, 17 de junio de 2026

WINDOWS. WSUS. Script refresh

 


Propósito:

En ocasiones o los PC tardan en entrar en el Wsus o el Wsus en ver los PCs, con lo que he crea un script, para ejecutar en los PCs, para refrescar esta conexión e intentar que se vean sin problemas.

Crea un log en C:\Windows\Temp\wsus_task.log en el que puedes verificar la ejecución de los pasos.

Es una herramienta en la que estoy muy contento, pero cuando le pasa algo no es fácil saber que le esta pasando.

Pasos:

El Script:

Con 


# ================================
# WSUS FULL RESET - ENTERPRISE PRO
# ================================

$log = "C:\Windows\Temp\wsus_task.log"

if (Test-Path $log) {
    if ((Get-Item $log).Length -gt 5MB) {
        Clear-Content $log
    }
}

# --- LOG ---
function Write-Log {
    param([string]$msg, [string]$level = "INFO")
    $timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
    Add-Content -Path $log -Value "$timestamp [$level] - $msg"
}

# --- EJECUCIÓN COMANDOS ---
function Run-Command {
    param(
        [string]$name,
        [scriptblock]$command
    )

    Write-Log "$name - START"

    try {
        $output = & $command 2>&1

        if ($output) {
            foreach ($line in $output) {
                Write-Log "$name OUTPUT: $line"
            }
        }

        Write-Log "$name - OK"
    }
    catch {
        Write-Log "$name - ERROR: $($_.Exception.Message)" "ERROR"
    }
}

Write-Log "===== INICIO SCRIPT WSUS v2 ====="

# --- INFO ---
Write-Log "Equipo: $env:COMPUTERNAME"

# ===================================================
# RED
# ===================================================

Run-Command "Flush DNS" {
    ipconfig /flushdns
}

Run-Command "Registro DNS" {
    ipconfig /registerdns
}

Run-Command "Ping WSUS" {
    ping miservidorsus.com
}

Run-Command "Test WSUS 8531" {

    $test = Test-NetConnection miservidorsus.com `
        -Port 8531 `
        -WarningAction SilentlyContinue

    "TcpTestSucceeded=$($test.TcpTestSucceeded)"
    "RemoteAddress=$($test.RemoteAddress)"
}

# --- NUEVO : VALIDACION HTTPS/TLS WSUS ---
Run-Command "Validacion HTTPS WSUS" {

    try {

        $response = Invoke-WebRequest `
            -Uri "https://miservidorsus:8531" `
            -UseBasicParsing `
            -TimeoutSec 15

        "StatusCode=$($response.StatusCode)"
        "HTTPS CONNECTIVITY OK"
    }
    catch {

        "HTTPS ERROR: $($_.Exception.Message)"
    }
}

# ===================================================
# TIEMPO
# ===================================================

Run-Command "Sincronizar hora" {
    w32tm /resync
}

# ===================================================
# STOP SERVICIOS UPDATE
# ===================================================

Run-Command "Stop servicios update" {

    Stop-Service wuauserv -Force -ErrorAction SilentlyContinue
    Stop-Service bits -Force -ErrorAction SilentlyContinue
    Stop-Service cryptsvc -Force -ErrorAction SilentlyContinue
    Stop-Service usosvc -Force -ErrorAction SilentlyContinue

}

# ===================================================
# RESET WSUS
# ===================================================

Run-Command "Reset identidad WSUS" {

    $wuReg = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

    Remove-ItemProperty `
        -Path $wuReg `
        -Name "AccountDomainSid" `
        -ErrorAction SilentlyContinue

    Remove-ItemProperty `
        -Path $wuReg `
        -Name "PingID" `
        -ErrorAction SilentlyContinue

    # GON a medio plazo quitar SusClientId

    # Remove-ItemProperty `
    #     -Path $wuReg `
    #     -Name "SusClientId" `
    #     -ErrorAction SilentlyContinue

    Remove-ItemProperty `
        -Path $wuReg `
        -Name "SusClientIdValidation" `
        -ErrorAction SilentlyContinue
}

# ===================================================
# START SERVICIOS UPDATE
# ===================================================

Run-Command "Start servicios update" {

    Start-Service cryptsvc -ErrorAction SilentlyContinue
    Start-Service bits -ErrorAction SilentlyContinue
    Start-Service wuauserv -ErrorAction SilentlyContinue
    Start-Service usosvc -ErrorAction SilentlyContinue

}

Run-Command "Estado servicios" {

    Get-Service `
        wuauserv,
        bits,
        cryptsvc,
        usosvc |
    Select-Object Name, Status

}

Start-Sleep -Seconds 10

# ===================================================
# GPO
# ===================================================

Run-Command "GPO Update" {
    gpupdate /force
}

Start-Sleep -Seconds 10

# ===================================================
# VALIDACION WSUS
# ===================================================

Run-Command "Leer config WSUS" {

    $wsus = Get-ItemProperty `
        "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"

    "WUServer=$($wsus.WUServer)"
    "WUStatusServer=$($wsus.WUStatusServer)"
}

# --- NUEVO : HISTORIAL DETECCION ---
Run-Command "Last Detection Result" {

    $path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect"

    if (Test-Path $path) {

        Get-ItemProperty $path |
        Select-Object LastSuccessTime, LastError

    }
    else {

        "Detection history not found"

    }
}

# --- NUEVO : HISTORIAL INSTALACION ---
Run-Command "Last Install Result" {

    $path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install"

    if (Test-Path $path) {

        Get-ItemProperty $path |
        Select-Object LastSuccessTime, LastError

    }
    else {

        "Install history not found"

    }
}

# ===================================================
# DETECCION
# ===================================================

Run-Command "DetectNow COM" {
    (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
}

Start-Sleep -Seconds 10

# ===================================================
# RESET AUTH
# ===================================================

Run-Command "Reset Authorization" {
    wuauclt /resetauthorization /detectnow
}

# ===================================================
# REPORT WSUS
# ===================================================

Run-Command "Report WSUS" {
    wuauclt /reportnow
}

# --- NUEVO : EVENTOS WINDOWS UPDATE ---
Run-Command "Windows Update Events" {

    Get-WinEvent `
        -LogName "Microsoft-Windows-WindowsUpdateClient/Operational" `
        -MaxEvents 30 `
        -ErrorAction SilentlyContinue |
        Select-Object `
            TimeCreated,
            Id,
            LevelDisplayName,
            Message
}

Start-Sleep -Seconds 15

# ===================================================
# USOCLIENT
# ===================================================

Run-Command "UsoClient Scan" {
    UsoClient StartScan
}

Run-Command "Interactive Scan" {
    UsoClient StartInteractiveScan
}

# ===================================================
# DESCARGA
# ===================================================

Run-Command "UsoClient Download" {
    UsoClient StartDownload
}

Start-Sleep -Seconds 30

# ===================================================
# INSTALACION
# ===================================================

Run-Command "UsoClient Install" {
    UsoClient StartInstall
}

Start-Sleep -Seconds 20

# ===================================================
# RESTART WUAUSERV
# ===================================================

Run-Command "Restart wuauserv" {
    Restart-Service wuauserv -Force
}

Start-Sleep -Seconds 15

# ===================================================
# VALIDACION SUSCLIENTID
# ===================================================

Run-Command "Validar SusClientId" {

    $wuReg = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

    $sus = Get-ItemProperty `
        $wuReg `
        -ErrorAction SilentlyContinue

    "SusClientId=$($sus.SusClientId)"
}

# --- NUEVO : DIAGNOSTICO IDENTIDAD WSUS ---
Run-Command "WSUS Identity Check" {

    $wuReg = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

    $data = Get-ItemProperty `
        $wuReg `
        -ErrorAction SilentlyContinue

    "SusClientId=$($data.SusClientId)"
    "SusClientIdValidation=$($data.SusClientIdValidation)"
    "PingID=$($data.PingID)"
}

# --- NUEVO : UPDATE ORCHESTRATOR ---
Run-Command "Update Orchestrator Status" {

    Get-Service usosvc `
        -ErrorAction SilentlyContinue |
    Select-Object Name, Status, StartType

}

# ===================================================
# GENERACION LOG WINDOWS UPDATE
# ===================================================

Run-Command "Generar WindowsUpdate.log" {

    Get-WindowsUpdateLog |
    Out-File "C:\Windows\Temp\WindowsUpdate_debug.log"

}

# ===================================================
# RESUMEN FINAL
# ===================================================

Run-Command "WSUS Health Summary" {

    "========== SERVICES =========="

    Get-Service `
        wuauserv,
        bits,
        cryptsvc,
        usosvc |
    Select-Object Name, Status

    ""

    "========== WSUS CONFIG =========="

    $wsus = Get-ItemProperty `
        "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" `
        -ErrorAction SilentlyContinue

    "WUServer=$($wsus.WUServer)"
    "WUStatusServer=$($wsus.WUStatusServer)"

    ""

    "========== CLIENT ID =========="

    $client = Get-ItemProperty `
        "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" `
        -ErrorAction SilentlyContinue

    "SusClientId=$($client.SusClientId)"
}

Write-Log "===== FIN SCRIPT ====="

 Si la cosa no se soluciona probrar


Stop-Service wuauserv
Stop-Service bits

Remove-ItemProperty `
-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" `
-Name SusClientId `
-ErrorAction SilentlyContinue

Remove-ItemProperty `
-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" `
-Name SusClientIdValidation `
-ErrorAction SilentlyContinue

Remove-ItemProperty `
-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" `
-Name PingID `
-ErrorAction SilentlyContinue

Remove-ItemProperty `
-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" `
-Name AccountDomainSid `
-ErrorAction SilentlyContinue

Rename-Item `
C:\Windows\SoftwareDistribution `
SoftwareDistribution.old

Start-Service bits
Start-Service wuauserv

wuauclt /resetauthorization /detectnow



by GoN | Published: Jun 2026 | Last Updated: Jul 2026

No hay comentarios: