WSUS Cleanup with Powershell

If you manage a Windows Server Update Services (WSUS) server, you probably run the Server Cleanup Wizard every once and a while. It removes old and superseded updates and computers that haven’t reported their status for more than 30 days. Wouldn’t it be nice to schedule such a cleanup to run every month? Too bad there’s no command line tool I know of that can help you out with this. Powershell to the rescue!
Powershell can not only run the built-in commandlets or even those added by snapins. It can leverage the full power of the .NET Framework. Browse the MSDN Library if you want to find more cool things you can do with it. Here’s a script that uses this information to run the cleanup wizard:

#Region VARIABLES
 
# WSUS Connection Parameters:
[String]$updateServer = "myWSUSServer.domain.local"
[Boolean]$useSecureConnection = $False
[Int32]$portNumber = 80
 
# Cleanup Parameters:
# Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an aproved update.
[Boolean]$supersededUpdates = $True
# Decline updates that aren't approved and have been expired my Microsoft.
[Boolean]$expiredUpdates = $True
# Delete updates that are expired and have not been approved for 30 days or more.
[Boolean]$obsoleteUpdates = $True
# Delete older update revisions that have not been approved for 30 days or more.
[Boolean]$compressUpdates = $True
# Delete computers that have not contacted the server in 30 days or more.
[Boolean]$obsoleteComputers = $True
# Delete update files that aren't needed by updates or downstream servers.
[Boolean]$unneededContentFiles = $True
 
#EndRegion VARIABLES
 
#Region SCRIPT
 
# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
 
# Connect to WSUS Server
$Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$useSecureConnection,$portNumber)
 
# Perform Cleanup
$CleanupManager = $Wsus.GetCleanupManager()
$CleanupScope = New-Object Microsoft.UpdateServices.Administration.CleanupScope($supersededUpdates,$expiredUpdates,$obsoleteUpdates,$compressUpdates,$obsoleteComputers,$unneededContentFiles)
$CleanupManager.PerformCleanup($CleanupScope)
 
#EndRegion SCRIPT

Download it here: Cleanup-Wsus (rename to .ps1)

Happy scheduling!

Hugo

»crosslinked«

23 thoughts on “WSUS Cleanup with Powershell”

  1. Thanks Hugo, I was looking for such script! I have a big hierarchy of WSUS replicas and it’s very messy having to do the clean manually, sever by server.

    I will give it a try!

    Cheers,
    Miguel

  2. Receiving error:

    Unable to find type [Microsoft.UpdateServices.Administration.AdminProxy]: make sure that the assembly containing this type is loaded.
    At line:1 char:61
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]: <<<< :getUpdateServer($updateServer,$useSecureConnectio
    n,$portNumber)

    any ideaS?

  3. Please can you help?
    I have the port set to 443 is that problem below?
    Kevin

    Exception calling “GetUpdateServer” with “3″ argument(s): “The underlying connection was closed: An unexpected error oc
    curred on a receive.”
    At C:\Scripts\Scripts\cleanup-wsus.ps1:30 char:78
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer( <<<< $updateServer,$useSecureConnectio
    n,$portNumber)
    You cannot call a method on a null-valued expression.
    At C:\Scripts\Scripts\cleanup-wsus.ps1:33 char:42
    + $CleanupManager = $Wsus.GetCleanupManager( <<<< )
    You cannot call a method on a null-valued expression.
    At C:\Scripts\Scripts\cleanup-wsus.ps1:35 char:31
    + $CleanupManager.PerformCleanup( <<<< $CleanupScope)

  4. Should you use this script and encounter the following error:
    Exception calling “GetUpdateServer” with “3″ argument(s): “The request failed with HTTP status 407: Proxy Authentication Required.”

    Try running the script locally on your WSUS server, and change line 4 to (instead of using the FQDN):
    [String]$updateServer = “localhost”

  5. I am using WSUS 3 SP2 and from powershell i get the following error.

    New-Object : Cannot find an overload for “.ctor” and
    At C:cleanup-wsus.ps1:27 char:27
    + $CleanupScope = New-Object <<<< Microsoft.UpdateSe
    tes)
    Exception calling "PerformCleanup" with "1" argument(
    Parameter name: cleanupScope"
    At C:cleanup-wsus.ps1:28 char:31
    + $CleanupManager.PerformCleanup( <<<< $CleanupScope)

    1. Anil,

      Make sure the assembly loads OK, by temporarily removing the [void] and watch for errors.
      Also, make sure there are no characters missing or added due to copying the script from my site. Retype it if you need.
      Hope that helps.
      Hugo

    1. Hi Bean,
      The cleanup method dos not return anything when successful. So there’s not much to log.
      Error handling is a field I’m not too familiar with. Try looking up some information about Powershell error handling on the web.
      Greetings,
      Hugo

  6. I do love the possibility of automating this.
    Although I have one problem. I get timeouts running the script. Is there a way to change the timeout value ?

  7. Hi Hugo,

    Your script looks great, unfortunately I get an error I’m not sure of…

    PS C:\Scripts> C:\Scripts\cleanup-wsus.ps1
    Exception calling “GetUpdateServer” with “3″ argument(s): “The request failed with HTTP status 404: Not Found.”
    At C:\Scripts\cleanup-wsus.ps1:30 char:78
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer <<<< ($updateServer,$useSecureConnection,$portNumber)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    You cannot call a method on a null-valued expression.
    At C:\Scripts\cleanup-wsus.ps1:33 char:42
    + $CleanupManager = $Wsus.GetCleanupManager <<<< ()
    + CategoryInfo : InvalidOperation: (GetCleanupManager:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At C:\Scripts\cleanup-wsus.ps1:35 char:31
    + $CleanupManager.PerformCleanup <<<< ($CleanupScope)
    + CategoryInfo : InvalidOperation: (PerformCleanup:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    Any idea what I've done wrong??

  8. We have configured wsus server listening port to 80 (default), but still its not working.

    Exception calling “GetUpdateServer” with “3″ argument(s): “The underlying connection was closed: An unexpected error oc
    curred on a receive.”
    At C:\WsusAgent 7.6\Cleanup-wsus.ps1:30 char:78
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer <<<< ($updateServer,$useSecureConnectio
    n,$portNumber)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    You cannot call a method on a null-valued expression.
    At C:\WsusAgent 7.6\Cleanup-wsus.ps1:33 char:42
    + $CleanupManager = $Wsus.GetCleanupManager <<<< ()
    + CategoryInfo : InvalidOperation: (GetCleanupManager:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At C:\WsusAgent 7.6\Cleanup-wsus.ps1:35 char:31
    + $CleanupManager.PerformCleanup <<<< ($CleanupScope)
    + CategoryInfo : InvalidOperation: (PerformCleanup:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

  9. Hello,
    Thanks for the nice script wich i’ve been looking and searching for. Altough I get an “error” on the last line $CleanupManager.PerformCleanup($CleanupScope)

    When i execute this line i get the following message :
    Exception calling “PerformCleanup” with “1″ argument(s): “Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
    The statement has been terminated.”
    At line:1 char:31
    + $CleanupManager.PerformCleanup <<<< ($CleanupScope)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    I suggest that the cleanup is not executed then ? How can i avoid the timeout ?
    Any help would be appriciated.

    Regards,
    Jo

Leave a Reply