WSUS automated cleanup script

The script runs WSUS cleanup tasks using stored procedures in WSUS database directly, avoiding timeout errors and WSUS service crash that may occur when using WSUS' Cleanup Wizard.

 
 
 
 
 
4.2 Star
(27)
38,291 times
Add to favorites
Windows Update
3/12/2018
E-mail Twitter del.icio.us Digg Facebook
  • Running against SQL
    2 Posts | Last post January 18, 2020
    • I read a lot of the comments and it sounds like running the script remotely requires you to specify the SQL server, possibly the instance? I'm just curious if that's the case when using a dedicated SQL server, not WID.
    • Never mind. I found it!
  • Stop script?
    1 Posts | Last post January 17, 2020
    • Script appears to be doing its job well (about 15% done after running for a day); but appears to be possibly stopping workstations from pulling down updates while it's running. Is there any way to stop it gracefully so that I can start it again later to pick up where it left off? Thanks! SC
  • Error message
    4 Posts | Last post November 27, 2019
    • This is the output I receive:
      
      Connecting to database SUSDB on MICROSOFT##WID
      Declining expired updates
      Unhandled exception:
      Cannot validate argument on parameter 'Message'. The argument length of 19027271 is too long. Shorten the length of the
      argument to less than or equal to "32766" and then try the command again.
      Completed script execution with 2 error(s)
      Execution time 1 hours and 60 minutes.
      
      WS2012 WSUS, using WID
    • Hi JRVCr,I've the same error message, have you found the solution? thanks
    • To those who may have the same concern: 
      1,remark the line 49 so it will not write message to event.
      2,line 125, change the timeout value from 600 to 1800(optional)
      
      this error is because too many updates,e.g., I've more than 20,000 declined updates, it really 
       cost a lot of time. once the cleanup done(a couple of days?), be sure to add a cleanup task every 1 month.
    • Thanks Ericli911 - My script was running fine(administratively) for a while and then noticed it started having this same error everyone is mentioning.  Restarted and same problems immediately when running it administratively, but I remarked line 49 and increased timeout for line 125 and the script then was fine again.
  • Decline supeseded updates
    1 Posts | Last post October 07, 2019
    • Hi,
      
      I've checked your script and I can see that all superseded updates are not declined.
      Is there a specific condition, setting needed to be able doing that?
      
      Thannks in advance,
      Augustin
  • Got time out anyway
    2 Posts | Last post June 07, 2019
    • Hi
      I did use the script in PowerShell ISE because the console crashed with timeout
      ... as did the script :
      
      Reading obsolete update list.
      Unhandled exception:
      Exception calling "ExecuteReader" with "0" argument(s): "Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not 
      responding."
      Completed script execution with 1 error(s)
      Execution time 0 hours and 10 minutes.
      
    • Hi,
      have a look at the script itself. For every action there are timeouts defined. I got the same error as you and I'm now adjusting the timeouts and will try again
  • Doesn't work
    3 Posts | Last post April 08, 2019
    • Exequting locally, hostname and db name checked.
      
      PS C:\Users\admin> C:\Temp\wsus-cleanup-updates-v4.ps1
      Exception calling "SourceExists" with "1" argument(s): "The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security."
      At C:\Temp\wsus-cleanup-updates-v4.ps1:43 char:10
      +     if ( -not [System.Diagnostics.EventLog]::SourceExists($log_source ...
      +          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : SecurityException
    • I didn't work too
    • Looks like the account running the script does not have permissions to list event sources and/or create a new one. Try running the script using an account with local administrator permissions on the server or replace logging code to dump ifo to a file instead of event log. Something like
      
      function log_init{
        "Log started" | Out-File "c:\temp\wsuscleanup.log" -force
      }
      
      function log( [string] $msg, [int32] $eventID, [System.Diagnostics.EventLogEntryType] $level ){
        "$level : $eventID : $msg" | Out-File "c:\temp\wsuscleanup.log" -append
      }
  • Was working now it is throwing an error
    2 Posts | Last post April 08, 2019
    • Unhandled exception:
      Cannot determine SQL server name
      Completed script execution with 1 error(s)
      Execution time 0 hours and 0 minutes.
      
      I am using WIDS DB not SQL.
    • When running the script remotely (not on the WSUS server), you will need to spesify sql server name in the $SqlServer variable at the top of the script. 
  • Not showing any saved space
    2 Posts | Last post April 08, 2019
    • It says that it is deleting updates (## of 8120)
      but it does not appear to be cleaning any space from the drive
    • the script will only attempt to delete unused content files when running locally on WSUS server (sql server name variable at the top of the script is left empty). The cleanup itself is done by invoking WSUS' own cleanup procedure. If it reports that 0 bytes were freed, it means that that deleted updates had no content stored locally. This is expected when WSUS is configured to download content after update is approved. 
  • OS ?
    1 Posts | Last post March 19, 2019
    • nice work but in what version did you run?
  • Connection Error
    1 Posts | Last post December 03, 2018
    • Hi,
      
      I got errors while trying to run the script.
      
      OS: Windows Server 2016 Standart
      Server Version: 10.0.14393.2608
      DB: WID
      
      Error Message:
      wsus-cleanup-updates-v4.ps1
      
      Connecting to database SUSDB on MICROSOFT##WID
      Unhandled exception:
      Exception calling "Open" with "0" argument(s): "A network-related or instance-specific error occurred while establishing a connection to SQL Server. The
       server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (pr
      ovider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)"
      Completed script execution with 1 error(s)
      Execution time 0 hours and 0 minutes.
      
1 - 10 of 12 Items