PeetersOnline.nl
If you manage a Windows Server Update Services (WSUS) server, you probably run the Server Cleanup Wizard every once and a while. It removes old and superseded updates and computers that haven’t reported their status for more than 30 days. Wouldn’t it be nice to schedule such a cleanup to run every month? Too bad there’s no command line tool I know of that can help you out with this. Powershell to the rescue!
Powershell can not only run the built-in commandlets or even those added by snapins. It can leverage the full power of the .NET Framework. Browse the MSDN Library if you want to find more cool things you can do with it. Here’s a script that uses this information to run the cleanup wizard:
#Region VARIABLES # WSUS Connection Parameters: [String]$updateServer = "myWSUSServer.domain.local" [Boolean]$useSecureConnection = $False [Int32]$portNumber = 80 # Cleanup Parameters: # Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an aproved update. [Boolean]$supersededUpdates = $True # Decline updates that aren't approved and have been expired my Microsoft. [Boolean]$expiredUpdates = $True # Delete updates that are expired and have not been approved for 30 days or more. [Boolean]$obsoleteUpdates = $True # Delete older update revisions that have not been approved for 30 days or more. [Boolean]$compressUpdates = $True # Delete computers that have not contacted the server in 30 days or more. [Boolean]$obsoleteComputers = $True # Delete update files that aren't needed by updates or downstream servers. [Boolean]$unneededContentFiles = $True #EndRegion VARIABLES #Region SCRIPT # Load .NET assembly [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") # Connect to WSUS Server $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$useSecureConnection,$portNumber) # Perform Cleanup $CleanupManager = $Wsus.GetCleanupManager() $CleanupScope = New-Object Microsoft.UpdateServices.Administration.CleanupScope($supersededUpdates,$expiredUpdates,$obsoleteUpdates,$compressUpdates,$obsoleteComputers,$unneededContentFiles) $CleanupManager.PerformCleanup($CleanupScope) #EndRegion SCRIPT |
Download it here: Cleanup-Wsus (rename to .ps1)
Happy scheduling!
Hugo
No related posts.
If you enjoyed this article, please consider sharing it!
Thanks Hugo, I was looking for such script! I have a big hierarchy of WSUS replicas and it’s very messy having to do the clean manually, sever by server.
I will give it a try!
Cheers,
Miguel
@Miguel
Hi Miguel,
Thanks for the comment. Glad you like it!
More tomorrow.
Hugo
Receiving error:
Unable to find type [Microsoft.UpdateServices.Administration.AdminProxy]: make sure that the assembly containing this type is loaded.
At line:1 char:61
+ $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]: <<<< :getUpdateServer($updateServer,$useSecureConnectio
n,$portNumber)
any ideaS?
Craig,
Either run the script on the WSUS server or a server that has the WSUS Snapin installed.
Hugo
Please can you help?
I have the port set to 443 is that problem below?
Kevin
Exception calling “GetUpdateServer” with “3″ argument(s): “The underlying connection was closed: An unexpected error oc
curred on a receive.”
At C:\Scripts\Scripts\cleanup-wsus.ps1:30 char:78
+ $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer( <<<< $updateServer,$useSecureConnectio
n,$portNumber)
You cannot call a method on a null-valued expression.
At C:\Scripts\Scripts\cleanup-wsus.ps1:33 char:42
+ $CleanupManager = $Wsus.GetCleanupManager( <<<< )
You cannot call a method on a null-valued expression.
At C:\Scripts\Scripts\cleanup-wsus.ps1:35 char:31
+ $CleanupManager.PerformCleanup( <<<< $CleanupScope)
Kevin,
Either run the script directly on the WSUS Server or set the $UseSecureConnection to $True and $Portnumber to 443.
Hugo
Should you use this script and encounter the following error:
Exception calling “GetUpdateServer” with “3″ argument(s): “The request failed with HTTP status 407: Proxy Authentication Required.”
Try running the script locally on your WSUS server, and change line 4 to (instead of using the FQDN):
[String]$updateServer = “localhost”
Hey Danny,
Thanks for your contribution!
Hugo
I am using WSUS 3 SP2 and from powershell i get the following error.
New-Object : Cannot find an overload for “.ctor” and
At C:cleanup-wsus.ps1:27 char:27
+ $CleanupScope = New-Object <<<< Microsoft.UpdateSe
tes)
Exception calling "PerformCleanup" with "1" argument(
Parameter name: cleanupScope"
At C:cleanup-wsus.ps1:28 char:31
+ $CleanupManager.PerformCleanup( <<<< $CleanupScope)
Anil,
Make sure the assembly loads OK, by temporarily removing the [void] and watch for errors.
Also, make sure there are no characters missing or added due to copying the script from my site. Retype it if you need.
Hope that helps.
Hugo
How can you add logging and allow results of the cleanup to output to a log file?
Hi Bean,
The cleanup method dos not return anything when successful. So there’s not much to log.
Error handling is a field I’m not too familiar with. Try looking up some information about Powershell error handling on the web.
Greetings,
Hugo
hai, thnx for the script. i think i works good because no errors, but syncronisations ar not cleaned up.
I do love the possibility of automating this.
Although I have one problem. I get timeouts running the script. Is there a way to change the timeout value ?
Not that I know of, sorry.
Hugo
Hello.
Is there anyway to run this against multiple WSUS servers from the one script?
Hi Hugo,
Thanks for script.. I hv saved the script as bat and run it.. But how do I check whether the script is cleaning..
Thanks
thanks!
Hi Hugo,
Your script looks great, unfortunately I get an error I’m not sure of…
PS C:\Scripts> C:\Scripts\cleanup-wsus.ps1
Exception calling “GetUpdateServer” with “3″ argument(s): “The request failed with HTTP status 404: Not Found.”
At C:\Scripts\cleanup-wsus.ps1:30 char:78
+ $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer <<<< ($updateServer,$useSecureConnection,$portNumber)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
You cannot call a method on a null-valued expression.
At C:\Scripts\cleanup-wsus.ps1:33 char:42
+ $CleanupManager = $Wsus.GetCleanupManager <<<< ()
+ CategoryInfo : InvalidOperation: (GetCleanupManager:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At C:\Scripts\cleanup-wsus.ps1:35 char:31
+ $CleanupManager.PerformCleanup <<<< ($CleanupScope)
+ CategoryInfo : InvalidOperation: (PerformCleanup:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Any idea what I've done wrong??
Check your port number. May be Wsus server is listening on 8530 not 80.
My one is on 8530 and after changing the port no the script is working fine.
Thanks Hugo.