If you have Windows 10 clients on a WSUS server and you want to confirm that they are receiving patches from that WSUS server and not going directly to Microsoft to update, you used to just read the %SystemRoot%\WindowsUpdate.log. Under Windows 10 however, that log now looks like:
Windows Update logs are now generated using ETW (Event Tracing for Windows).
Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.
For more information, please visit http://go.microsoft.com/fwlink/?LinkId=518345
wuauclt /detectnow
Get-WindowsUpdateLog -SymbolServer https://msdl.microsoft.com/download/symbols -LogPath C:\windowsupdate.log
UPDATE: Oct 13, 2016: Microsoft Partner Support tells me that at least on Windows 10, specifying the SYMBOL SERVER is not required as it will automatically pull down any missing symbols without the switch so you can use:
wuauclt /detectnow
Get-WindowsUpdateLog -LogPath C:\windowsupdate.log
I have tested this and found it definitely works on Windows 10 1607.
If you want to run this on a remote machine use:
Get-WindowsUpdateLog -ETLPath \\<HOSTNAME>\C$\windows\Logs\WindowsUpdate -SymbolServer https://msdl.microsoft.com/download/symbols -LogPath C:\LOGS\windowsupdate_<HOSTNAME>.log
You can then open the log with notepad and look for “WSUS” like:
…
2016-09-22 15:08:04.9264690 724 25384 Agent WSUS server: http://ch-ms:8530
2016-09-22 15:08:04.9264694 724 25384 Agent WSUS status server: http://ch-ms:8530
2016-09-22 15:08:04.9264697 724 25384 Agent Target group: (Unassigned Computers)
…or the URL of your WSUS Server like:
…
2016-09-22 15:08:05.9325837 724 24984 ProtocolTalker ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCBB7}, Server URL = http://ch-ms:8530/ClientWebService/client.asmx
…
If you want to look further into your Windows 10 client’s you can check the registry to see what it:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
but that is only a confirmation that your Windows 10 PC received the registry entries from your GPO… not that it is paying attention to that GPO. For instance, I am currently troubleshooting all my customers Windows 10 Enterprise 1607 Anniversary PC’s that have the GPO applied (according to GPRESULT /R) and the correct registry entry but NOT taking updates from WSUS. When I find an answer, I will post it here.
This website uses cookies.
View Comments
This worked for me in build 1909, however, I don't see a date/time stamp in the log file. Did this change or am I missing something?
Hi Rose;
I just ran the two lines in PowerShell again:
wuauclt /detectnow
Get-WindowsUpdateLog -LogPath C:\windowsupdate.log
and found that the log did show the date and time:
...
2020-09-17 17:25:27.5260937 77112 87432 Agent Initializing global settings cache
2020-09-17 17:25:27.5260947 77112 87432 Agent WSUS server: http://cal-mss2:8530
2020-09-17 17:25:27.5260957 77112 87432 Agent WSUS status server: http://cal-mss2:8530
2020-09-17 17:25:27.5260965 77112 87432 Agent Alternate Download Server: (null)
...
Can you post a sample of what your log looked like?
Thanks for this!
Hello,
At the end there you said you would post the answer when you find it.
Did you ever find it? Or is it posted somewhere else?
Thanks,
Joe
Sorry Joe, I did not find anymore useful information on the source of Windows Updates.
In cmd.exe (or even in powershell.exe) type:
findstr "WSUS server:" c:\windows\WindowsUpdate.log
This will give you output similar to:
2016-11-09 09:39:45:820 872 a8c AU # WSUS server: http://wsus-XX:8530
2016-11-11 04:02:41:404 852 53c Agent * WSUS server: http://wsus-XX:8530
That's your WSUS server.
Cheers,
---Roman
Hi, Thanks for posting this - couldn't find the info anywhere else. Unfortunately when I generate the log files they have no info in them about the source of the updates (no 'Agent' tags, URL etc) . I have 1607. Am I missing something? Thanks, Jon
Hi Jon;
I have run that command on 1511 and 1607 and both produced the results shown in post. Have you searched for the name of your WSUS server in the logs?
Hi Ian, Thanks for your reply. No sign of anything to do with the WSUS server in the log files, even though I now know that it is at last going to the WSUS server for updates.