Command Line Tools

There are a few command-line tools that can help you identify problems, query for information, or speed up the detection update process. The following is a list of these tools:

■ WSUS Client Diagnostics Tool (ClientDiag.exe) Downloadable from Microsoft's Web site.

■ Wuauclt.exe Part of the Windows source code after an AU client is installed.

■ Gpudate.exe and Secedit.exe Gpupdate.exe is part of Windows XP and Windows Server 2003 source code. Secedit.exe is built into Windows 2000 source code.

■ Gpresult.exe and RSoP.msc Gpresult.exe is part of the Windows 2000 Resource Kit, Supplement 1, and RSoP (RSoP.msc) is part of Windows XP and Windows Server 2003 source code.

■ Regsvr32.exe Part of all Windows source code.

■ Srvinfo.exe and Uptime.exe Part of the Windows 2000 and 2003 Resource Kits.

■ Reg.exe Part of the source code in Windows XP and Windows Server 2003, and part of the Windows 2000 Resource Kit, Supplement 1.

WSUS Client Diagnostic Tool

The WSUS Client Diagnostic Tool is a simple utility that provides the status of your AU client, its configuration, and its ability to connect to your WSUS server. The ClientDiag.exe utility has only one command-line parameter, which is used to dump the results to the ClientDiag.log log file in addition to displaying it on the screen.To run the diagnostic tool this way, type ClientDiag.exe /t. (A successful run of the utility is shown in Figure 7.27.) The WSUS server location in the registry was changed to show you what might happen if there is a problem resolving or contacting your WSUS server by name (see Figure 7.28).

Figure 7.27 Showing a Successful ClientDiag Output

o\] Command Prompt clicntdiag




WSUS Client Diagnostics Tool

Checking Machine State

Checking for admin eights to vim tool

Background Intelligent Transfer Service is not running.

This version is WSUS 2.0


All Option is 4: Scheduled Install

Option is froii Policy settings


Checking Proxy Configuration

Checking for uinhttp local machine Proxy settings . . . Uinhttp local nachine access type

(Direct Connection) Winhttp local nachine Proxy.

Winhttp local nachine ProxyBypass

Checking User IE Proxy settings

(Jeer IE Proxy

User IE ProxyByPass

User IE AutoConfig URL Proxy

User IE AutoDetect flutoDetect not in use



Checking Connection to USUS/SUS Server WUServer = http://usus WUStatusServer = http://wsus

tlseMuSeruer is enabled

Connection to server

SelfUpdate folder is present


Press Enter to Complete.


Figure 7.28 Showing a ClientDiag Error

Command Piompl - dientdiag


USDS Client Diagnostics Tool

Checking Machine State

Checking for adnirt rights to turn tool PASS

Automatic Updates Service is running. PASS

Background Intelligent Transfer Service is not running. PASS

Uuaueng.dll version PASS

This version is USUS 2.8

Checking AU Settings

AU Option is 4: Scheduled Install PASS

Option is from Policy settings

Checking Proxy Configuration

Checking for uinhttp local nachine Proxy settings . . . PASS Uinhttp local machine access type (Direct Connection}

Win http local machine Proxy NONE

W in http local machine ProxyBypass NONE

Checking User IE Proxy settings PASS

User IE Proxy NONE

User IE ProxyByPass NONE

User IE AutoConfig URL Proxy NONE

User IE AutoDetect AutoDctcct not in use

Checking Connection to WSUS/SUS Server UUServer = http://bogus WUStatusServer = http://«sus UseWuServer is enabled PASS

UerifyMJSerwerURLO failed with hr=0x800?2ee? The server- nane or address could not be resolued

Press Enter to Complete^

The ClientDiag.exe utility can be downloaded from or from the official home of WSUS at

Speeding Up Group Policy and Client Detection

By default, Group Policy is set to update clients every 90 minutes with a random offset. If you want to speed this up because you need to push out WSUS client configuration changes quicker, consider using the following commands to force a client policy update. To revisit commands that were run earlier, you can use both gpudate.exe and secedit.exe to force your clients to pull new Group Policy settings.

For Windows XP and Windows Server 2000 machines, run the following command:

gpupdate /target:computer /force

For Windows 2000 machines, issue the following command:

secedit /refreshpolicy machine_policy /enforce

To force a client detection update from your WSUS server, type the following built-in AU client command:

Wuauclt.exe /detectnow

Troubleshooting Group Policy Conflicts

When setting up large server environments, you usually end up with a very complex OU and Group Policy configuration. When different groups of servers have different downtime schedules, the development server clients need different WSUS client settings, productions servers, and so on. Consequently, you may find yourself with some GPO conflict.To show the final set of policies for your WSUS clients, and depending on the client version, you can use one of the following tools. Gpresult.exe is a command-line utility with switch options that print out all of the policies that the machine has applied or denied. Following is the syntax for this command:

usage: gpresult [/V] [/S] [/C | /U] [/?] /V Verbose mode

/S Super verbose mode

/C Computer settings only

/U User settings only

Use the /C switch when troubleshooting GPO issues with your WSUS settings, to speed up the computation output.

Windows XP and Windows Server 2003 have a much richer graphical tool for displaying the RSoP Microsoft Management Console (MMC) snap-in console, which can be accessed by typing Start | Run | rsop.msc (see Figure 7.29).

Figure 7.29 Showing the Results of a WSUS Client's RSoP

Iff Resultant Set of Policy m

File Action View Favorites Window Help

I 1 Console Root

0-Jf administrator onWINDOWSXP - RSc H -jjp Computer Configuration S-di Software Settings S-di Windows Settings El- LJ Administrative Templates B LJ Windows Components Windows Update B-jjP User Configuration S-LJ Software Settings lil-Pl Windows Settings ^



GPO Name

Configure Automatic Updates Enabled

^jf Specify intranet Microsoft update service location Enabled

^ Reschedule Automatic Updates scheduled installations Enabled

No auto-restart for scheduled Automatic Updates installations Enabled

§1 Automatic Updates detection frequency Enabled

Allow Automatic Updates immediate installation Enabled

\ Extended Standard /

WSUS for Workstations Common WSUS Settings WSUS for Workstations WSUS for Workstations Common WSUS Settings Common WSUS Settings

The snap-in looks like you are looking at the Group Policy Editor; however, only a subset of the components are displayed. The snap-in only shows what has been configured on the machine based on the policies pushed down to it. Where gpresult.exe is good for only showing polices that a client machine receives, the RSoP snap-in shows both of the settings that a client receives and the policy where the settings were obtained.

Miscellaneous Useful Commands

The following is a list of some miscellaneous commands that can be used for WSUS client troubleshooting and the day-to-day maintenance of a WSUS environment.

Regsvr32.exe is a Windows dynamic link library (DLL) registration utility. If your WSUS client does not seem to be functioning correctly, try unregistering and reregistering your AU client DLL file by running the following from a command-line window:

regsvr32.exe /u wuauclt.dll regsvr32.exe /r wuauclt.exe

Srvinfo.exe and uptime.exe are two resource kit utilities that allow you to obtain system uptime from a remote command prompt. This is good for quickly checking whether a system that you expect to reboot after a patch update has in fact rebooted, and how long it has been up since its reboot. The following is the syntax for both commands:

srvinfo.exe \\remoteclient uptime remoteclient

Notice that the uptime.exe utility does not require a prepending \\ like srvinfo.exe does. Lastly, command utility reg.exe has been shown to be a very handy utility for querying remote registry keys. It can also be used in a massive batch file to quickly enumerate and audit an existing WSUS client environment for re-verification that all of the clients are set up correctly.

Was this article helpful?

+3 0


  • noah
    How to use rsop command for update proxy setting?
    3 years ago
    How to run WSUS Client Diagnostics Tool?
    2 years ago
  • haylom
    How to run clientdiag on server 2003?
    12 months ago

Post a comment