Update 2012 R2 with CMD command line

Question

question

Margohda-9028 asked Apr 22, '22 AJTek-Adam-J-Marshall commented yesterday

Update 2012 R2 with CMD command line

04/22/2022 - 11:24

Hello,

I am studying in a computer science school, and I work in a telecommunication company (sandwich course). I have a project to do to validate my year.
I have a Windows server 2012 R2.
My goal is to update my computer with command lines.
I have the constraint to use only CMD and not Powershell.
I found the following commands on internet:
wuauclt.exe /detectnow /updatenow
Once I have run them, I unfortunately have no direct return to the CMD window.

Do you know other command lines ?
Don't hesitate to ask me questions, if you don't understand something, or if you need more information.
I will make updates if I find new things.
Thanks in advance for your feedback.
(Sorry, for my bad English)

windows-server-update-services windows-server-2012

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2022-04-22T12:30:01.787Z

AJTek-Adam-J-Marshall answered Apr 22, '22 Margohda-9028 commented Apr 25, '22

Take a read here:
https://www.ajtek.ca/wsus/does-wuauclt-exe-detectnow-reportnow-work/

Then look at the client side script section here:
https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Margohda-9028 · Apr 25 at 06:19 PM

@AJTek-Adam-J-Marshall

Hi, Thanks a lot for your answer!

Concerning the first link:
During the request : /detectnow ; I found a log file incremented in :
C:\Windows\Logs\CBS.log.
In it, there is the list of KB to update.
But I can't find an equivalent log file for the command : /updatenow.
Have you got an idea ?
About the second link:
Yes, my client machine is accessing WSUS correctly because I can do the update, manually with Windows Update Manager.
But, I still can't find a solution to make the execution of :
Wuauclt.exe /detectnow and /update on CMD.

0 ·

Answer 2 · 2022-04-25T08:56:00.503Z

RitaHu-MSFT answered Apr 25, '22 OctavianDm-6011 commented yesterday

@Margohda-9028
We could add the related registry value to push the Server scan for updates from the internet. Here is related link for you:
https://docs.microsoft.com/en-us/windows/deployment/update/waas-wu-settings#configuring-automatic-updates-by-editing-the-registry

Reference command:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /V AUOptions /T REG_DWORD /D 4

Here is a related screenshot for you:

In addition, please refer to the Official Document to know more about reg add command:
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/reg-add

In additon, I attached my registry file for your reference:
195997-auupates.log

Best regards,

Rita

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

7.png (107.8 KiB)

auupates.log (656 B)

· 3

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Margohda-9028 · Apr 26 at 07:58 AM

Hello,

Thank you for your answer Rita,

My company receives the WSUS from Microsoft once a month (the 15th).

I expose you my problem:
I have 200 servers to update manually every month. On which I have to connect 1 at a time to do the update manually.
->This method works very well, the updates are done, but it takes me a lot of time in the month...

My goal:
I'm looking for a way to run the updates in command lines on CMD, from another machine.
I would have to automate and trigger when I want the windows updates.

Currently, I still haven't found why the commands wuauclt.exe /detectnow /updatenow on CMD don't work.

PS: I hope you understand my request.
Thank you for helping me

0 ·

RitaHu-MSFT Margohda-9028 · Apr 27 at 01:43 AM

I totally understanding your requirement. But I was wondering that it doesn't make sense to build a WSUS Server if you want to update your devices manually.

In my opinion, the Configure Automatic Updates group policy may be helpful.

0 ·

9.png (138.5 KiB)

OctavianDm-6011 · yesterday

If you have 200 servers to use, I highly recommend using Collection Commander. You can send powershell code to it through remote commands quickly and efficiently to however many systems you need to! It's set up to return one value at the end, which gets more difficult to try to see the progress, but allows you to queue updates manually at the same time with 1 command instead of 200.

https://www.recastsoftware.com/resources/configmgr-docs/configmgr-community-tools/collection-commander/

0 ·

Answer 3 · 2022-04-25T19:39:03.287Z

MotoX80 answered Apr 25, '22 AJTek-Adam-J-Marshall commented yesterday

Why can't you use Powershell?

https://docs.microsoft.com/en-us/windows-server/get-started/removed-deprecated-features-windows-server-2016

Windows Update The wuauclt.exe /detectnow command has been removed and is no longer supported. To trigger a scan for updates, run these PowerShell commands:
$AutoUpdates = New-Object -ComObject "Microsoft.Update.AutoUpdate"
$AutoUpdates.DetectNow()

While it doesn't apply to your 2012 R2 server's use of wuauclt, MS's direction for server administration is (has been for years) Powershell.

Years ago I wrote a VB script (pre Powershell days) that used that com interface to install the updates on the servers for my company. I didn't have much luck with wuauclt. I found it rather frustrating that "wuauclt /? or /help or sdfflhgdb" produced no output. Poor design if you ask me. There should be console output to report what it did.

I have found posts that indicate that usoclient.exe can do installs. You could try that if it's on 2012R2.

https://social.technet.microsoft.com/Forums/windows/en-US/c18a95b4-2235-49e8-a1b2-fb47bd0111ab/run-windows-update-from-commandline-manually-cause-update-check

https://omgdebugging.com/2017/10/09/command-line-equivalent-of-wuauclt-in-windows-10-windows-server-2016/

If it were me, I would be advocating for Powershell.

· 3

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Margohda-9028 · Apr 26 at 12:06 PM

Hello,

Thank you very much for your answer Moto =)
I expose you my problem:
I have 200 servers to update manually every month. On which I have to connect 1 at a time to do the update manually.
->This method works very well, the updates are done, but it takes me a lot of time in the month...
If I create .ps1 scripts to do the KB detection, updates and reboot of the machines. I'll have to drop the scripts on my 200 servers.
That's why I don't want to use Powershell.
I thought that running commands on CMD from head machine on all servers was easier.
I just tried the UsoClient command on my CMD and it doesn't work, it returns an error message "is not recognized as an internal or external command, operable program or batch file".

0 ·

OctavianDm-6011 Margohda-9028 · yesterday

If you can use powershell, you can do the things you want on your remote systems in a loop of the systems you need very easily. You can store your systems in a csv and read them in and then do your code you would do on one system in the loop and then just iterate through that for each system. Something similar to this:

servers.csv:
hostname1
hostname2
hostname3

$servers = get-content servers.csv
foreach ($server in $servers) {
Invoke-Command -ComputerName $server -ScriptBlock {
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /V AUOptions /T REG_DWORD /D 4
wuauclt.exe /detectnow /updatenow
}
}

0 ·

AJTek-Adam-J-Marshall OctavianDm-6011 · yesterday

Please see https://www.ajtek.ca/wsus/does-wuauclt-exe-detectnow-reportnow-work/

Running wuauclt.exe /detectnow /updatenow does NOT work the way you expect it to! /detectnow will be executed (since it's < Server 2016) and the default reporting will happen at the default time.

0 ·

Answer 4 · 2022-04-26T14:38:08.947Z

MotoX80 answered Apr 26, '22

The easiest solution is to use AD group policy and let the servers update themselves.

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates

We used a scheduled task to call a script because we had numerous requirements from both management and our application teams.

Patch database servers before web/app servers.
Look for long running "number crunching" processes and delay the install/reboot until those processes completed.
Gracefully shut down Oracle DB instances before the reboot.
After the 1st install and reboot, check to see if any other patches are now available and install them.
After the reboot, verify that any service that was set to start=automatic was running, and start them if they are stopped.

There was a whole lot more that we did as part of the "patch weekend" process. We were updating thousands of servers.

With "only" 200 servers you should be able to do that with a spreadsheet and a couple of Powershell scripts.

There are lots of examples on the internet. Find something that fits your organization's requirements and try it out on few test servers first to see how it works.

https://www.bing.com/search?q=powershell+install+updates+script

https://petri.com/how-to-manage-windows-update-using-powershell/

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

question