I have always had something of a love/hate relationship with Microsoft’s WSUS Server. On one hand, WSUS provides a very useful service by centralizing patch management. On the other hand, I have definitely had my share of problems with WSUS over the years. Recently though, I discovered a free tool for tracking down problems with WSUS server connectivity.
This tool is provided by SolarWinds and is called the Diagnostic Tool for the WSUS Agent. You can download this tool here.
Installing the Diagnostic Tool for the WSUS Agent is a simple process. You will need to install version 3.5 of the .NET Framework, but aside from that, there is nothing particularly noteworthy about the deployment process. Just run Setup and click Next a few times and the tool will be installed.
The SolarWinds Diagnostic Tool for the WSUS Agent is equipped with a really simple interface, consisting of two tabs. One of those tabs is the Settings tab, which you can see in the screenshot below.
As you can see in the screenshot, the bulk of the settings found on the Settings tab are related to the proxy configuration. In most cases, you won’t have to do anything here, but if your organization does make use of a proxy then this is where you go to provide your proxy address and credentials.
Another option that is found on the Settings tab is an option to set the program’s logging level. By default, the logging level is set to Warning, but you can set the logging level to Off, Error, Warning, Info, or Verbose. Incidentally, the SolarWinds Diagnostic Tool for the Windows Server Update Services writes logging data to the Windows application log. In the screenshot below, for example, you can see an event log entry that was created when I attempted to install the tool without first installing the correct version of the .NET Framework.
The Settings tab also contains a checkbox that you can use to override graphics acceleration. Most people probably won’t end up having to use this option, but if you happen to be running the diagnostic tool on a machine that has trouble rendering the output then you can enable this option to fix the problem. Incidentally, any time that you enable or disable this option, you will have to restart the diagnostic tool.
The last option on the Settings tab is an option to display a debugging window if an error were to occur. Once again, this probably isn’t something that most people will have to worry about because based on my own experience, the diagnostic tool seems to be stable and reliable.
Not surprisingly, the diagnostic tool’s primary functionality is exposed through the Dashboard tab, which you can see in the screenshot below. I have intentionally misconfigured this particular machine so that you can get a sense of how the diagnostic tool works.
As you can see in the screenshot above, the Dashboard is divided into three sections; Machine State, Windows Update Agent Configuration Settings, and WSUS Server Connectivity. Let’s take a look at each one.
The Machine State section displays a few basic machine level settings that are related to the update process. For example, the tool checks to make sure that the user who is currently logged in has the required permissions, and it also checks the operating system version and verifies that the Update Service is running. While it is true that those particular checks are really basic, that does not mean that they are unimportant. After all, the update process cannot succeed if the machine fails to meet the most basic prerequisites.
In addition to checking the basic prerequisites, the diagnostic tool also checks the Windows Update agent version. In this case, you can see that my machine is running an outdated version of the agent. In spite of the error icon, an outdated agent is not usually a catastrophic problem. Somewhat ironically, the solution is usually to run Windows update (although there are techniques that can be used to do a manual update).
Windows Update Agent Configuration Settings
In most situations, the Windows Update Agent Configuration Settings section will provide the most useful information. This section allows you to verify that the agent is pointed to the correct WSUS Server. You can also use this section to make sure that the machine is correctly configured to receive updates automatically.
One of the things that is especially helpful is the “How to Configure a WSUS Client” link. If the diagnostic tool were to display errors that you do not know how to fix, then you can click this link to access Microsoft’s instruction for correctly configuring the WSUS client.
WSUS Server Connectivity
The bottom portion of the diagnostic tool contains the WSUS Server Connectivity section. This section tells you whether or not the client is able to connect to the WSUS server. In this particular case, the diagnostic tool is displaying a message saying that the connectivity check is impossible.
This message is different from a connectivity failure. A “Connectivity Check is Impossible” message is the tool’s way of saying that it does not even know how to connect to the WSUS server. If you look back at the Windows Update Agent Configuration Settings section, you can see that the Use WSUS Server section is empty. Because I have not told the client which WSUS server to use, the agent does not know how to connect to the server, hence the error message.
A solid tool
I really like the SolarWinds Diagnostic Tool for the WSUS Agent, because it greatly simplifies the process of figuring out why updates are failing. One of the really nice things about this tool is that it contains an Export button that you can use to dump the test results to a text file.
Featured image: Shutterstock