There may be a situation where you wish to completely reinstall WSUS from scratch. This can occur for a number of reasons, but most commonly is due to database corruption, or performance issues due to a WSUS database that hasn’t been maintained properly with the normal maintenance.
Commonly, when regular maintenance hasn’t occurred on a WSUS database, when an admin finally performs it, it can take days and weeks to re-index the database, clean up the database, and run the cleanup wizards.
Also, due to timeouts on IIS, the cleanup wizard may fail which could ultimately cause database corruption.
Administrators often want or choose to blast away their WSUS install, and completely start from scratch. I’ve done this numerous times in my own environment as well as numerous customer environments.
In this guide, we are going to assume that you’re running WSUS on a Windows Server that is dedicated to WSUS and is using the WID (Windows Internal Database) which is essentially a built-in version of SQL Express.
PLEASE NOTE: If you are using Microsoft SQL, these instructions will not apply to you and will require modification. Only use these instructions if the above applies to you.
What’s involved
WSUS (Windows Server Update Services) relies on numerous Windows roles and features to function. As part of the instructions we’ll need to completely clear out:
- WSUS Role, Configuration, and Folders/Files
- IIS Role, Configuration, and Folders/Files
- WID Feature, Configuration, and Database Files
Since we are completely removing IIS (Role, Configuration, and Folders/Files), only proceed if the server is dedicated to WSUS. If you are using IIS for anything else, this will completely clear the configuration and files. You also do not want to run this on a domain controller as Active Directory also uses WID.
Let’s get to it!
Instructions
- Open “Server Manager” either on the host, or remotely and connect to the host you’d like to reinstall on.
- Open “Remove Roles and Features” wizard.
- Click “Next”, and select the Server, and click “Next” again.
- On the “Remove server roles” screen, under “Roles”, we want to de-select the following: “Web Server (IIS)” and “Windows Server Update Services” as shown below.
- Click “Next”
- On the “Remove features” screen, under “Features”, we want to de-select the following: “Windows Internal Database” and “Windows Process Activation Service” as shown below.
- Click “Next” and follow the wizard to completion and remove the roles and features.
- Restart the Server.
- Open an administrative command prompt on the server, and run the command “powershell” or open powershell directly.
- Run the following command in powershell to remove any bits and pieces:
Remove-WindowsFeature -Name UpdateServices,UpdateServices-DB,UpdateServices-RSAT,UpdateServices-API
- Restart the Server.
- We now must delete the WSUS folders and files. Delete the following folders:
C:\WSUS C:\Program Files\Update Services
Note: You may have stored the WSUS content directory somewhere else, please delete this as well. - We now must delete the IIS folders and files (and configuration, including the WsusPool application pool, bindings, etc.). Delete the following folders:
C:\inetpub C:\Windows\System32\inetsrv
Note: You may have issues deleting the “inetsrv” directory. If this occurs, simply rename it to “inetsrv.bad”. - We now must delete the WID (Windows Internal Database) folders and files (including the WSUS SQL Express database). Delete the following folder:
C:\Windows\WID
- While we removed the IIS folders and files, we deleted a needed system file. Run the following command to restore the file:
sfc /scannow
- Restart the Server.
WSUS, IIS, and WID have at this point been completely removed. We will now proceed to install, apply a memory fix, and configure WSUS.
For instructions on installing WSUS on Server Core, please click here: https://www.stephenwagner.com/2019/05/15/guide-using-installing-wsus-windows-server-core-2019/
- Open “powershell” (by typing powershell) and Install the WSUS Role with the following command:
Install-WindowsFeature UpdateServices -Restart
- (Optional) If you want to install the WSUS MMC Snap-In/GUI, run the following command in the powershell window:
Install-WindowsFeature UpdateServices-RSAT, UpdateServices-UI
- Run the post installation task command in command prompt to configure WSUS:
"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
- AT THIS POINT DO NOT CONTINUE CONFIGURING WSUS AS YOU MUST APPLY A MEMORY FIX TO IIS.
- Apply the “Private Memory Limit (KB)” fix as provided here: https://www.stephenwagner.com/2019/05/14/wsus-iis-memory-issue-error-connection-error/
- Restart the Server.
- Open the WSUS MMC on the server or remotely from a workstation on the network and connect it to the WSUS instance on your Server Core install.
- Run through the wizard as you would normally and perform an synchronization.
- WSUS has been re-installed.
And that’s it. You’ve completely reinstalled WSUS from scratch on your Windows Server.
what a mess 🙁
Thanks you saved my day
Thank you, everything was on point
GAHHH…I’ve tried reinstalling WSUS three or four times and keep getting the same error – “one or several parent features are disabled so current feature can not be enabled”
I sought out someway to I’ve tried following these instructions twice and the powershell install command fails. DISMAPI_Error__Failed_To_Enable_Updates,Microsoft.Windows.ServerManager
Hi Jim,
Sounds like you might be having some issues with the OS itself that might be stopping this from working.
Are you running these commands as admin? Is the OS experiencing any other odd issues?
Cheers
I am a domain admin. It doesn’t appear the OS is experiencing any other issues. I’m not sure what ‘parent features’ could be derailing it.
Also – side note – I removed IIS per your instructions but when I run the scm /scannow command it completes but didn’t find any integrity violations so ….nothing was repaired?
Hi Jim,
The scan command should replace files that were deleted in previous steps. I’ve noticed sometimes that it doesn’t report anything is missing.
That’s odd about the parent features error. Are you copying and pasting the commands exactly as they are detailed in the post? Which command reports that issue?
Stephen
I’m redoing it now but I believe it was the first install command
Install-WindowsFeature UpdateServices -Restart
that generates the DISMAPI_Error__Failed_To_Enable_Updates,Microsoft.Windows.ServerManager
So if I use the regular server manager installer I get the parent message. When I use the Powershell command I get the DISMAPI error.
Here’s the error I receive.
PS C:\Windows\system32> Install-WindowsFeature UpdateServices -Restart
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
False Maybe Failed {}
Install-WindowsFeature : Call was canceled by the message filter.
At line:1 char:1
+ Install-WindowsFeature UpdateServices -Restart
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : DeviceError: (Microsoft.Manag…rDetailsHandle):CimException) [Install-WindowsFeature],
Exception
+ FullyQualifiedErrorId : UnSupportedTargetDevice,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureComman
d
PS C:\Windows\system32>
I found this.
https://stackoverflow.com/questions/46729839/enable-feature-tcp-activation-on-windows-server-2016-fa…
It explains how to find what the disabled Parent feature could be but I don’t know what -WindowsFeature component to test. I tried -Name Web-Server for IIS and UpdateServices but both DependsOn fields came up blank. What other features are installed with WSUS that I can try?
Jim,
I would recommend checking the event log and troubleshooting this. I have a feeling that your OS install has issues and it might be worth while correcting it before it turns in to something big in the future.
This has saved my skinny behind, phew!
Thank you Mr.Stephen Wagner, I try and success. You saved my time to reinstall from begin.
Thank you.
Hi Duong,
Glad to the post helped! 😀
Stephen
I have other web services running on the same server, so I don’t want to completely remove IIS if possible, any advice?
Because of our server restrictions, I had to run the “postinstall CONTENT_DIR=C:\WSUS” command as follows:
cd “C:\program files\update services\tools\”
then
.\wsusutil.exe postinstall content_dir=D:\wsus
(we use D: instead of C:)
For anyone who is getting the “Unexpected token ‘postinstall’ in expression or statement.” error
This worked perfectly on windows 2019, had to run post installation task in Admin CMD.
Confused how this can work for anyone: the commands for reinstalling WSUS from PowerShell don’t reinstall IIS after removing it on Server 2016. It’s partly there (looks like 10 of 43 components installed according the info in the Add Server Roles window), but there is no IIS Management section to run the Memory Fix in step #5. In fact, there’s no IIS anywhere in the Start menu.
Is there a missing step where we’re supposed to use the Add Roles and Features Wizard or another PowerShell command to restore the other removed pieces of IIS? Do we need to do the install from the “Add Roles and Features Wizard” to ensure IIS installs properly?
Hi GraniteStateColin,
When you install WSUS, it will install the required IIS prerequisites.
If you’re going to locally manage IIS, you’ll need to install the feature/role for the IIS Management MMC.
To answer your other question, if you had any special IIS features installed that you need back, you’ll need to manually install those using powershell or the “Add/Remove Features and Roles” as it won’t reinstall any custom combinations of features or roles you may have had before.
Hope this helps!
Cheers,
Stephen
Stephen, thanks for the quick response. I’m not sure why, but when I followed the steps above, I do not get all of the needed IIS components installed. In the Add Roles and Features set, it shows 10 of 43 installed, so some pieces of IIS installed, but not the IIS Manager. On the other hand, when I use Add Roles & Features, to add WSUS per the standard new-install instructions, I get 11 out of 43 IIS components and the IIS Manager is included. 11 vs. 10.
If this doesn’t sound right to you, maybe that’s a sign that something is wrong with the server I’m trying to fix, but seems strange that 10 of the needed 11 IIS components did install, and that all install as expected if I use the GUI method.
Is there any downside in your experience to installing from Add Roles & Features in place of re-install steps 1 – 3?
Hi GraniteStateColin,
No worries. Sorry I’m a bit more delayed today.
When you say that you didn’t get all the needed IIS components, are you referring to what’s needed for WSUS, or what’s needed for something else?
Using the commands in this post, will install what’s needed for a basic install of WSUS using the command line to get up and running fast. When you re-install, you can also use the GUI as well if you’d like which may install more components. This is a bare install (which I do for security reasons).
As mentioned, if you want to run the IIS Manager locally, you’ll need to add it using the Add Server Roles/Features wizard. The command in this post skips this as most people use RSAT from another system or server.
You can use the the command or the Add Roles and Features to install. The most important thing is uninstalling it properly to make sure no traces are left.
Cheers,
Stephen
Stephen, specifically, in your step #5 of the reinstall, where it refers to your other page to remove the memory limit for WSUS in IIS, at least for me, that’s impossible following the PowerShell commands here. I was able to get that to work by instead using the Add Roles and Features Wizard and add WSUS that way instead. That added 1 more IIS module (11 out of 43 vs 10 out of 43 when using the PowerShell commands).
Everything seems to be working again for me, with that change to the instructions (reinstall using the GUI instead of the commands on this page so that it’s possible to remove the memory limit via IIS). Your steps to ensure a full uninstall were profoundly helpful.
The command to install the IIS Manager varies, version to version, on Windows, so I didn’t include it since it can be easily installable via the Add Features and Roles wizard.
I’m glad to hear you’re up and running though! 🙂
Really, Thanks for these informatio, but when I tried to install after uninstall I have this error from PowerShell:
Install-WindowsFeature : The request to add or remove features on the specified server failed.
The operation cannot be completed, because the server that you specified requires a restart.
At line:1 char:1
+ Install-WindowsFeature UpdateServices -Restart
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : DeviceError: (@{Vhd=; Credent…Name=localhost}:PSObject) [Install-WindowsFeature], Exce
ption
+ FullyQualifiedErrorId : DISMAPI_Error__Failed_Reboot_Required,Microsoft.Windows.ServerManager.Commands.AddWindow
sFeatureCommand
IIS Did not appear to install in Server2019 as others have mentioned.
The inetpub and sub-directories ARE there but service does not appear.
You can’t do the Mem config before starting IIS cuz IIS isn’t available.
Even with mmc.exe I can’t add IIS after reboot. Had to go to Add remove Roles and Add IIS Management Console for it to be accessible to make the mem change suggested.
Other than that everything seemed to work. Thanks.
Thanks for guidance i have reinstalled WSUS successfully.
After run post install for WSUS on a Server 2016 DC server we receive database errors:
ClientConnectionId:ef156204-4956-4309-8cd4-0b7d2c353c62
Error Number:3605,State:1,Class:16
Fatal Error: Schema verification failed for database ‘SUSDB’.
ALTER DATABASE statement failed.
Failed to restart the current database. The current database is switched to master.
SQL query to set database to Master is failed with same error
I removed WSUS, reboot server, Removed WID en reboot server.
Removed all folders of WSUS en WID
Framework 4.7 is not installed
Reinstalled WID en reboot server
Installed WSUS en reboot server
Run post install task en receive the database error
On server server 2016 DC it is running without any problems, only this server give troubles.
Help please.
Hi Ralph,
You should not install WSUS on a domain controller. Also, I strongly recommend not performing the steps in this post on a domain controller, as Active Directory also uses WID so you cannot remove or alter it.
Hi,
thanks you for the post. It is really well done !
Just a word, with the reinstallation steps, it only miss the IIS console Management installation step and we are all good. Indeed, I strictly followed your tutorial, and this is the only missing step I have noticed.
Have a good day and thank you again for this:)
Cheers
Step 4 should be installing IIS… i think. Here is command line:
Install-WindowsFeature -name Web-Server -IncludeManagementTools
I am getting below error after:
“C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall CONTENT_DIR=E:\WSUS
PS C:\Windows\system32> “C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall CONTENT_DIR=E:\WSUS
At line:1 char:55
+ … Program Files\Update Services\Tools\wsusutil.exe” postinstall CONTENT …
+ ~~~~~~~~~~~
Unexpected token ‘postinstall’ in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken
What could I be doing wrong
Hi Kevin,
Looks like you’re running it in PowerShell. You need to run it in a Command Prompt.
Cheers,
Stephen
Thanks.
This guide seems the most comprehensive and on point, touching every steps in order.
Thank you for this.