5

I recently deployed a WSUS role to a Windows Server 2012 R2 machine. Test operation was successful and it downloaded and distributed a modest selection of updates.

Today, I added a few products to my selection. Then, I clicked the synchronize hyperlink on the dashboard and got engaged in conversation with someone. When I looked back, the dashboard said:

Synchronization Status

Status: Idle
Synchronize Now
Last synchronization result: Succeeded

Download Status

Updates needed files: 6,667
Downloaded 243.00 MB of 4,026,930.930 MB

That's 4 terabytes and 26 gigabytes! I cannot afford to let it download 4 terabytes and 26 gigabytes! (There will be devil to pay! Oh, the bureaucratic horrors...) But there is no stop or cancel button!

I've immediately stopped the BITS and WsusService services and reverted the product selection on the server but I need to cancel this download, without nuking the server and starting new!

Everything I've read on the web about this has been totally useless. The following commands do not work. They return an "Access Denied" error ten times:

bitsadmin /reset /allusers
Get-BitsTransfer -AllUsers | Remove-BitsTransfer

Also it is impossible to stop just the BITS service and leave WsusService on. They depend on each other.

Community
  • 1

2 Answers2

4

You can do it with the PowerShell cmdlets for WSUS:

(Get-WsusServer).CancelAllDownloads()
aydeisen
  • 86
  • 1
  • 6
  • I tried this and received a couple of errors: `Get-WsusServer : Exception of type 'Microsoft.UpdateServices.Administration.WsusInvalidServerException' was thrown.` But after reading the help page and MSDN, I got it to work. –  Jul 04 '17 at 04:58
  • Follow up: Disapproving the queued update after doing this will permanently solve the problem. One has to use the console to create an appropriate view, to find the updates that need to be disapproved. Finally, disabling auto-approval entirely also disables auto-download. –  Jul 04 '17 at 05:23
  • No dice: `Exception calling "CancelAllDownloads" with "0" argument(s): "Maximum stored procedure, function, trigger, or view nesting level exceeded (limit 32)."` – duct_tape_coder Dec 30 '21 at 02:38
0

Currently assuming you're doing this from correct account and with correct permissions...

In most of the threads online most people either use BitsAdmin or else there's an option in the WSUS console to require approval once to download things. Since I don't have a Windows 2012 server close by can't confirm this.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/2f596f9e-9c76-4e22-9899-dfc5921b94b9/cancel-updates-download-wsus-3-sp1?forum=winserverwsus

http://forums.whirlpool.net.au/archive/1264493

I'd be looking to see if there's something in between (an intervening program that is stopping process shutdown of BITS and WsusService) that's holding things up. You may need a utility such as EndItAll to speed up the diagnostic process. Else, just go through services.msc, then BITS/WsusService -> Properties -> Dependencies. Note what you see and shut things down in sequence to shut things down (you could also take a look at the SysInternals suite of utilities to do this as well).

https://technet.microsoft.com/en-us/sysinternals/bb795533.aspx

Something thing to think about is whether or not the WSUS has been updated but the program hasn't reset itself. Hence, the network connection is still running. Killing off the network connection in particular should deal with it...

https://stackoverflow.com/questions/8688949/how-to-close-tcp-and-udp-ports-via-windows-command-line

If all else, try this one.

http://www.sbsfaq.com/?p=3181

Basically, setup a dummy server/DNS entry option somewhere whether it's on your server or on a network device somewhere between your server and the Internet. This will effectively stop the download (you may need to clear your DNS cache or else restart your server though) because the traffic will get re-directed to a non-existent location. If the dummy doesn't work it's probably because you figure out where the traffic is going in which case you'll need to use something like netstat or wireshark and then use this to modify your routing table to stop the download.

Another way is to attempt to fool WSUS with dummy files via a dummy server (you'll need to hack some things obviously). That way it will download the dummy files instead of the real files.

Another way around the problem is if you know of a proxy server at your ISP or elsewhere within your organisation where you can get WSUS updates from use that so that it doesn't add to your ISP bill.

Of course, you can also get around this by copying the relevant files and folders from another WSUS server on to your own to fill the requirements of the database and hopefully it will just skip over the desire to download once more.

Another way is to deliberately attempt to corrupt the WSUS executable so that it literally can't run (think of how executable patching works). It could be as simple as opening up the executable in a Hex Editor and then changing a few strings here and there so that it can't run.

Another way around it is flushing or deliberately corrupting the WSUS database to give you a clear run at things (a side effect is that it will also allow you to achieve selectivity as you desire). Ultimately, this makes me wonder or not whether or not someone out there has built a tool to deal with this issue or whether you can build it yourself if WSUS 4 and Windows 2012 is really that weird.

How to completely wipe WSUS and start again

http://www.urtech.ca/2016/10/solved-how-to-clean-up-and-repair-wsus/

https://blogs.msdn.microsoft.com/george_bethanis/2014/09/18/cm12-r2s-wsus-servers-corrupted-wid-windows-internal-database/

Another way to deal with it is to create a rule in your NIDS/HIDS/IPS/IDS or web proxy to filter out attempts to download particular files which (as a side effect) will also cancel the downloads.

Possibly, take the server offline if it's non critical.

Starting from scratch again is another possibility but it's clear you want to avoid this.

Obviously, one thing to think about is whether or not you have tried restarting the server. If all the correct options are checked but they haven't taken hold yet it's a distant possibility.

WSUS downloading updates when "Do not store updates locally" is set.

dtbnguyen
  • 312
  • 1
  • 5
  • Thanks for going through the effort of writing all this ... in vain, I'm afraid. I am not using BITSADMIN 2.0, or 1.5 but 3.0. WSUS 4 always downloads first, then allows approval or disapproval. And I categorically do not need to go the clunky way of sbsfaq.com to interrupt the traffic, because I know ten other better ways. The questions is: What to do after interrupting the traffic? How to cancel these downloads and only queue up things that I need? –  Jun 07 '17 at 16:21
  • Added more stuff to answer. – dtbnguyen Jun 07 '17 at 17:04