I made a question earlier this month regarding how I can use vbscript to check to see if a server has any critical updates pending. The answer that was provided worked great and I sent out the script to our QA environment for additional testing.
There is a "vault" environment that a server can run in, and it has no access to Windows Update Agent and can only get windows updates directly through WSUS. Is there a way with VBScript to only check for critical updates directly through WSUS and not Windows Update Agent.
I receive a 0x8024402C error with this code (logic taken from the previous question). It is wrapped in a subroutine which will give PASS or FAIL output depending on the outcome. I have verified this works on some servers.
Dim count
count = 0
'Microsoft Magic
Set updateSession = CreateObject("Microsoft.Update.Session")
Set updateSearcher = updateSession.CreateupdateSearcher()
Set searchResult = updateSearcher.Search("IsAssigned=1 and isHidden=0 and IsInstalled=0 and Type='Software'")
'End Microsoft Magic
If searchResult.Updates.Count <> 0 Then ' If Updates were found
For i = 0 to searchResult.Updates.Count - 1 'Just count the number of updates
count = count + 1
Next
objResult.Text = "FAIL"
objComment.Text = "There are " & count & " updates that need to be installed"
Else
objResult.Text = "PASS"
objComment.Text = "All updates are installed"
End If
If NOT len(objResult.Text) Then 'Just in case searchResult produces an error
objResult.Text = "FAIL"
objComment.Text = "Could not query Windows Update Server"
End If
At the very least, is there a way with my current code to check for an error if it cannot connect to Windows Update Agent and just output that like I am doing above, so I can continue on with the rest of my script?
There is a "vault" environment that a server can run in, and it has no access to Windows Update Agent and can only get windows updates directly through WSUS. Is there a way with VBScript to only check for critical updates directly through WSUS and not Windows Update Agent.
Perhaps a note on architecture will help with this. Every system has a Windows Update Agent. It ships with the Operating System. The Windows Update Agent does all of the work, whether it's a home system talking to Automatic Updates, an older system browsing to Windows Update in IE, using the Control Panel WUApp, or talking to a WSUS server -- it's the Windows Update Agent that does the work.
The above script talks to the WSUS server and retrieves information based on what the Windows Update Agent has reported to the WSUS server.
A system that is disconnected, which is what I believe the reference to a "vault environment" is refering to, cannot access AU/WU/MU, but depending on the size of the "vault environment", it is possible to implement a WSUS server within that environment. The WSUS documentation includes detailed instructions on how to deploy and manage a WSUS server in a disconnected network.
If there is no WSUS server in the disconnected network, you can also use the offline scan cab (WSUSSCN2.CAB), but its important to note that this offline file does not contain all updates -- it contains Security Updates, Update Rollups, and Service Packs, so if the desire is to get all Critical Updates, that won't meet the needs.
The script will (try to) check whatever update server is configured with the respective host. If the host is configured to use a WSUS the script will check that server. If the host is configured to check with Microsoft's Windows Update servers it will try to connect to those.
Error 8024402C
indicates that the computer can't connect to the configured update server. Check whether your host is configured to use a WSUS:
Const HKLM = &h80000002
Const wuKey = "SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
Set wmi = GetObject("winmgmts://./root/default:StdRegProv")
status = wmi.GetStringValue(HKLM, wuKey, "WUServer", wsus)
If status = 0 Then
WScript.Echo "Using WSUS: " & wsus
Else
WScript.Echo "Using Windows Update directly."
End If
Then check if you can connect to the respective server (change port 80 to the port specified in the WUServer value if necessary):
telnet wsus.example.com 80
or (for Windows Update):
telnet windowsupdate.microsoft.com 80
Note that without a WSUS your host must be able to connect to all URLs listed in MSKB article 885819.
Also make sure that name resolution works on your host.
User contributions licensed under CC BY-SA 3.0