Hi, I would like to know if you are going to implement the WSUS function. If so, do you have a deadline? Thanks

Documentation in Readme and examples use xHotfix but resource in code is called xWindowsUpdate, one or the other should be changed so it's actually correct. Which one is the preferred naming?

Repro Steps

do something in windows update which triggers Windows Update to need a restart
run a configuration that use xHotFix and uninstalls a hotfix

Expected

it should not hang

Actual

it hangs

Also, it would be helpful to state the long term behavior in the Readme :

if I apply a configuration with UpdateNow = $true, will the server

-continue to apply updates after the initial set-dscconfiguration based on what the LCM mode is.
-report errors in the future in the DSC Operational Logs if there are new available updates?

Hello,
When using xWindowsUpdate 2.2, I get the following error when running Get-DscConfiguration:

Get-DscConfiguration : A parameter cannot be found that matches parameter name 'Path'.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [
   Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.GetHotFixCommand,Get-DscConfigurati
   on

Get-DscConfiguration : The property 'HotFixId' cannot be found on this object. Verify that the property exists.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get
   -DscConfiguration], CimException
    + FullyQualifiedErrorId : PropertyNotFoundStrict,Get-DscConfiguration

Get-DscConfiguration : The PowerShell DSC resource MSFT_xWindowsUpdate threw one or more non-terminating errors while
running the Get-TargetResource functionality. These errors are logged to the ETW channel called
Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
At line:1 char:1
+ Get-DscConfiguration
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager)
   [Get-DscConfiguration], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider,Get-DscConfiguration

I've fixed the issue in Pull Request #11

I would like to add a resource within xWindowsUpdate to allow for individual KBArticles to be downloaded and installed to target nodes using a WUA service manager rather than a path or uri. The name for the resource would be MSFT_xKBArticle. This would be a MOF-based resource compatible with WMF 4.0. This would use the Windows Update Agent (WUA) api to download and install the updates. A use case for this would be with OEM supplied systems where the vendor specifies which updates are approved for use with their software. If preferred I can add this functionality to the existing MSFT_xWindowsUpdate resource.

Repro Steps

Get-Process -Name wmip* | Stop-Process -Force
configuration foo
{
import-dscresource -modulename xwindowsupdate
xHotFix bar
{
Path = 'http://download.microsoft.com/download/0/1/C/01CD1394-5649-4129-B284-A62F87E31E9E/Windows8.1-KB3013816-x64.msu'
Id = '3013816'
Ensure = 'Present'
}
}
foo
Start-DscConfiguration .\foo -Wait -Verbose -Force

Expected

If the update is not installed, installing the update will require an update. DSC should indicate a reboot is required

Actual

The resource does not indicate to dsc an reboot is required

The error below is generated when trying to install a Hotfix. The issue can be re-produced by trying to install one of the following hotfixes;

KB2996883
KB3046481
KB3054249

-------------------------- Error ----------------------

4252 Error MIResult: 1Error Message: The variable '$LASTEXITCODE' cannot be retrieved
because it has not been set.Message ID: VariableIsUndefinedError Category:
7Error Code: 7Error Type: MI
--------------------------- Error ----------------------

It may be related to the hotfix not installing due a pending reboot as the hotfixes do eventually install.
If it is pending reboot related, the xHotfix resource should be checking for pending reboots and NOT trying install a hotfix if a pending reboot exists (sending a warning) OR don't check for $LASTEXITCODE if a pending reboot exists.

FYI, we prefer not to use xPendingReboot on production server as we can't risk production servers going into an endless reboot if there is some issue. A warning message from xHotfix about a pending reboot is a much safer option.

0x80244022 -2145107934 WU_E_PT_HTTP_STATUS_SERVICE_UNAVAIL Same as HTTP status 503 - the service is temporarily overloaded. wuerror.h

xHotfix incorrectly calls for the installation of an update that is already installed on the system. Set-TargetResource responds with:
"PowerShell DSC resource MSFT_xWindowsUpdate failed to execute Set-TargetResource functionality with error message:
Could not install the windows update. Details are stored in the log C:\Windows\TEMP\tmpEC3B.tmp.etl . Error message is
Windows update could not be installed because of error 2359302 "" (Command line: ""C:\Windows\system32\wusa.exe" "\Server\updates\windows10.0-kb4025339-x64_463d31d0ef8c18800ad5e5cc09927b263a99c352.msu" /quiet /norestart /log:"C:\Windows\TEMP\tmpEC3B.tmp.etl" ") .
Please look at Windows Update error codes here for more information - http://technet.microsoft.com/en-us/library/dd939837(WS.10).aspx"

Error message at this URL is: 0x240006 | WU_S_ALREADY_INSTALLED | The update to be installed is already installed on the system.

My command
define command{
command_name check_ms_win_updates2
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -t 60 -c check_ms_win_updates -a '-wd 45 -cd 90 -M PSWindowsUpdate'
}

My service
define service{
use generic-service
host_name TGKW001
service_description WSUS
check_command check_ms_win_updates2
servicegroups Windows Updates
}
Part of my nsclient

; Section for external scripts configuration options (CheckExternalScripts).
[/settings/external scripts]

; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 60

; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"[]{}) characters in arguments.
allow nasty characters = 0

; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
; allow arguments = 0
allow arguments = 1
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: =<script>
[/settings/external scripts/scripts]

check_ms_win_updates = cmd /c echo scripts/powershell/check_ms_win_updates.ps1 $ARG1$; exit $LastExitCode | powershell.exe -command -

Now I ran it from Powershell v5 on my Windows 10 Pro computer

PS C:\program files\nsclient++\scripts\powershell> .\check_ms_win_updates.ps1 -M PSWindowsUpdate
CRITICAL: Last successful update at 2016/01/13 18:26:22 exceeded critical threshold of 150 days. Pending updates {Total:

It takes a very long time to run 15 20 minutes.

It does not think it is up to date either this Windows 10 machine is current with updates.

I have it working on Windows 7 machines Windows 2012
Trying Windows 2008 soon

Any ideas

Thank you

Tom

Hi There!

Is there any plans to be able to schedule a time to push patches and to do an auto reboot?

Work need to be done to convert this repository to use the new CI pipeline.

https://dsccommunity.org/blog/convert-a-module-for-continuous-delivery/

WMF 5.1 on Windows Server 2012R2
xWindowsUpdate 2.6.0.0

Using the following configuration:

xWindowsUpdateAgent UpdateSource {
    IsSingleInstance = "Yes"
    Category = "Security","Important"
    Source = "MicrosoftUpdate"
}

When running Get-DscConfiguration the following error is thrown:

Get-DscConfiguration : The PowerShell DSC resource  returned results that are not valid from Get-TargetResource. The Service key is not a
valid property in the corresponding DSC resource schema file. The results from Get-TargetResource must be in a Hashtable format. The keys
in the Hashtable must be the same as the properties in the corresponding DSC resource schema file.
At line:1 char:28
+ $currentDscConfiguration = Get-DscConfiguration -Verbose
+                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidResult: (MSFT_DSCLocalConfigurationManager:root/Microsoft/...gurationManager) [Get-DscConfiguration],
    CimException
    + FullyQualifiedErrorId : GetOperationResultInvalidResultFormat,Get-DscConfiguration

I am not sure if this the right place to put this, because it's not really an "issue" as much as a feature request. I had been testing this using Server 2012R2 and Server 2016 Preview 3 core, and it wasn't updating what the GUI shows as far as Microsoft update being set to Automatic or Manual. Then I read on here that all it is supposed to do is check the box in the GUI for enabling Microsoft Update.

In Server Core versions I would like to be able to set the Windows Update Settings to Automatic or Manual and have that change reflected in the GUI. I poked around on MSDN looking at the Microsoft.Update.ServiceManager stuff and that's well above my head.

Also, the documentation should be updated to mention that this enables Microsoft Update, and not Windows Update, which are two separate things.

Hi There -

Im struggeling to get the Windows Update running several times - i tried to create the resource twice and add a dependency on them - but without luck - it says they are equal to each other.

I just see after reboot i get several new updates i can apply.

When Microsoft Update has been enabled, but later disabled, the Get-TargetResource method returns the incorrect state.

It currently tests is for the presence of the service registration, not whether it's actually enabled. This results in Test-TargetResource returning $true if Microsoft Update has been installed, regardless of it's state.

Applies to version 2.3.0.0

Parse error in file C:\Users\psgadmin\Documents\WindowsPowerShell\Modules\xWindowsUpdate\2.3.0.0\Examples\Sample_xMicrosoftUpdate.ps1: The DSC engine could not load the module 'xMicrosoftUpdate'. It was not found on the system at line 5 column 5.Parse error in file C:\Users\psgadmin\Documents\WindowsPowerShell\Modules\xWindowsUpdate\2.3.0.0\Examples\Sample_xMicrosoftUpdate.ps1: Undefined DSC resource 'xMicrosoftUpdate'. Use Import-DSCResource to import the resource at line 9 column 9.Parse error in file C:\Users\psgadmin\Documents\WindowsPowerShell\Modules\xWindowsUpdate\2.3.0.0\Examples\Sample_xWindowsUpdateFromPath.ps1: Undefined DSC resource 'xHotfix'. Use Import-DSCResource to import the resource at line 8 column 5. ```

We want to use xWindowsUpdate and WSUS to patch our servers because:

1. The servers have no internet connectivity
2. WSUS provides necessary patch management features including reporting

When Notifications parameter is set to ScheduledInstallation/Disabled, does it modify the registry settings?

ie registry areas like:
"HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"

Or are these settings only set during the instance of windows update that is run when the configuration is being applied.

Would like to be able to install multiple hotfixes without rebooting after each install.

This is from a review comment in PR #31 by @TravisEz13.

This is a comment of the description of the Category parameter for the resource xWindowsUpdateAgent in the README.md.

The description is not accurate. Please update the description. Please include the impact on Optional and Important updates.

Description

0x8024402F error unhandled in xWindowsUpdateAgent

Details

"Message":  "PowerShell DSC resource MSFT_xWindowsUpdateAgent  failed to execute Test-TargetResource functionality with error message: Exception from HRESULT: 0x8024402F ",
                      "Data":  {

                               },
                      "InnerException":  {
                                             "ErrorRecord":  "Exception from HRESULT: 0x8024402F",
                                             "WasThrownFromThrowStatement":  true,
                                             "Message":  "Exception from HRESULT: 0x8024402F",
                                             "Data":  "System.Collections.ListDictionaryInternal",
                                             "InnerException":  "System.Management.Automation.RuntimeException: Exception from HRESULT: 0x8024402F ---> System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x8024402F
   at System.Management.Automation.ComInterop.ComRuntimeHelpers.CheckThrowException(Int32 hresult, ExcepInfo& excepInfo, ComMethodDesc method, Object[] args, UInt32 argErr)
   at CallSite.Target(Closure , CallSite , ComObject , Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1)
   at CallSite.Target(Closure , CallSite , Object , Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1)
   at System.Management.Automation.Interpreter.DynamicInstruction`3.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   --- End of inner exception stack trace ---
   at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
   at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke clauseToInvoke, Boolean createLocalScope, Dictionary`2 functionsToDefine, List`1 variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args)
   at System.Management.Automation.ScriptBlock.\u003c>c__DisplayClass57_0.\u003cInvokeWithPipe>b__0()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(Action action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Boolean propagateAllExceptionsToTop, List`1 variablesToDefine, Dictionary`2 functionsToDefine, Object[] args)
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(Cmdlet contextCmdlet, Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Object[] args)
   at Microsoft.PowerShell.Commands.InvokeCommandCommand.EndProcessing()
   at System.Management.Automation.CommandProcessorBase.Complete()",
                                             "TargetSite":  "System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject] Invoke(System.Collections.IEnumerable)",
                                             "StackTrace":  "   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32& resultStatusHandle, Collection`1& result, ErrorRecord& errorRecord, PSModuleInfo localRunSpaceModuleInfo)",
                                             "HelpLink":  null,
                                             "Source":  "System.Management.Automation",
                                             "HResult":  -2146233087
                                         },
                      "TargetSite":  null,
                      "StackTrace":  null,
                      "HelpLink":  null,
                      "Source":  null,
                      "HResult":  -2146233079
                  },
    "TargetObject":  null,
    "CategoryInfo":  {
                         "Category":  7,
                         "Activity":  "",
                         "Reason":  "InvalidOperationException",
                         "TargetName":  "",
                         "TargetType":  ""

Details of the scenario you tried and the problem that is occurring

Azure DSC Server and Azure VMs

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Single Resource configuration:

  Import-DSCResource -ModuleName xWindowsUpdate
        xWindowsUpdateAgent UpdateNode
        {
            IsSingleInstance = 'Yes'
            UpdateNow        = $true
            Category = @('Security','Important')
            Source           = 'WindowsUpdate'
            Notifications    = 'Disabled'
        }

Multiple Resources Configuration

$ConfigurationData = @{ 
    AllNodes = @(
        @{
            NodeName = 'localhost'
            PSDscAllowPlainTextPassword = $true
        }
    )
}

Configuration PostBuildNoDomain

{   



    Import-DSCResource -ModuleName ComputerManagementDsc
    Import-DscResource -ModuleName PSDscResources
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DSCResource -ModuleName NetworkingDsc
    Import-DSCResource -ModuleName xWindowsUpdate
    #domain credentials to be given here   
    $SecureCred = Get-AutomationPSCredential 'ADJoin'


    $TimeZone = 'Mountain Standard Time'
   
        
    node localhost 
    {
       

         TimeZone TimeZoneExample
        {
            IsSingleInstance = 'Yes'
            TimeZone         = $TimeZone
		}
		
		WindowsFeatureSet WindowsFeatureSetExample
        {
            Name                    = @("Windows-Defender")
            Ensure                  = 'Absent'
            IncludeAllSubFeature    = $true
        }
		
		Registry DisableFloppy 
        {
            Ensure      = "Present"
            Key         = "HKLM:\SYSTEM\CurrentControlSet\Services\flpydisk\"
            Force       = $True
            ValueName   = "Start"
            ValueData   = "4"
            ValueType   = "Dword"
        #Hex = $true
        }



        FirewallProfile DisablePublic 
        {
            Enabled = "False"
            Name   = "Public"
        }
        FirewallProfile DisablePrivate 
        {
            Enabled = "False"
            Name   = "Private"
        }
        FirewallProfile DisableDomain 
        {
            Enabled = "False"
            Name   = "Domain"
        }

        xWindowsUpdateAgent UpdateNode
        {
            IsSingleInstance = 'Yes'
            UpdateNow        = $true
            Category = @('Security','Important')
            Source           = 'WindowsUpdate'
            Notifications    = 'Disabled'
        }


       
    }
}

I've tried in Windows server 16, 19, domain joined and single instance,a ll with the same result.

I copied this contents of the xWindowsUpdate directory (which contains 2.3.0.0 and then all the files/directories within that to my C:\Program Files\WindowsPowerShell\Modules in a Windows 2012 R2 install that ships with v4 installed however doing Get-DSCResource the resource isn't listed. PowerShell can't run any configurations making use of this resouce as it cannot find the module.

Doing Get-DSCResource on a server with v5 installed it shows up fine. Doing Get-Module -ListAvailable I get...

Directory: C:\Program Files\WindowsPowerShell\Modules\xWindowsUpdate\2.3.0.0\DscResources

ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_xMicrosoftUpdate {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Script 0.0 MSFT_xWindowsUpdate {Get-TargetResource, Set-TargetResource, Test-TargetResource}

Any ideas?

Edit

I found out you need to specify the exact folder paths with Import-Module with v4. Even so I still couldn't get this working and it's not just an issue with this module as I tried others so I guess I am doing something wrong. It's odd though that the old version of this module that still resides here works how I would expect however it appears to have a bug in that it doesn't inform LCM the server is needing a reboot.

Hello,

I am trying below config file to push windows udpate and getting access denied error.
Anyone has idea about what's wrong with this?

Configuration Update_test_config
{
    param(
            

        [Parameter(Mandatory = $true)]
        [ValidateNotNullorEmpty()]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $MyCredential

    )
    
    Import-DscResource -Module xWindowsUpdate

    Node $Node1
    {
        xMicrosoftUpdate "EnableMSUpdate"
        {
            Ensure = "Present"
        }
    }
}

$cd = @{
    AllNodes = @(
        @{
            NodeName             = 'WSFC1'
            PSDscAllowDomainUser = $true
            PSDscAllowPlainTextPassword = $true

        }
    )
}

$crendentials = Get-Credential -Message "Enter credentials"
Update_test_config -MyCredential @credentials


$Node1 = "WSFC1"
Update_test_config -OutputPath E:\Automation\DSC_Scripts\Learning_Script

Start-DscConfiguration -Path C:\Windows\system32\Update_test_config -ComputerName WSFC1 -Verbose -Wait

Error Details :

Access is denied.

CategoryInfo : PermissionDenied: (root/Microsoft/...gurationManager:String) [], CimException
FullyQualifiedErrorId : HRESULT 0x80070005
PSComputerName : WSFC1

Would like to be able to only install patches during a specified maintenance window.

Tests are lacking for Set-TargetResource and the various helper functions that the resource uses, this is affecting overall coverage for the resource when people do PRs.

I'm working on this now so can someone mark this work in progress?

We use DSC via Azure Automation and have it configured to auto-correct any consistency issues.
It's my understanding that xWindowsUpdateAgent with UpdateNow = $true will run with each consistency check (every 15min in our case) and if updates are available, will install them and reboot the system (if necessary).
This is great for an Initial consistency check, but I'd prefer to let the Azure Automation Update Management service take over and manage updates after a new VM is up and running.

Is such an option to only run xWindowsUpdateAgent during the Initial consistency check already available? If not, can such a feature be added?

I have copied the example from README.md for updateNow and it does not work. When I log into the VM and check windows update, the last checked time is 'never' and no updates have been appllied. The only modification to the example is that I have removed the notifications parameter.

xWindowsUpdateAgent MuSecurityImportant
{
    IsSingleInstance = 'Yes'
    UpdateNow        = $true
    Category         = @('Security','Important')
    Source           = 'MicrosoftUpdate'
}

I am constantly getting errors in the DSC Operational Log, when I check the system in verbose mode I get the following in my DSC failure

VERBOSE: []: LCM: [ Start Test ] [[xWindowsUpdateAgent]WUSetting1]
VERBOSE: []: [[xWindowsUpdateAgent]WUSetting1] TryGet RebootRequired...
VERBOSE: []: [[xWindowsUpdateAgent]WUSetting1] Got rebootRequired: False
VERBOSE: []: [[xWindowsUpdateAgent]WUSetting1] Searching for updating using: IsHidden=0 and IsInstalled=0
VERBOSE: []: [[xWindowsUpdateAgent]WUSetting1] Get default search service: 7971f918-a847-4430-9279-4a52d1efe18d
VERBOSE: []: [[xWindowsUpdateAgent]WUSetting1] updateNow compliant: False
VERBOSE: []: [[xWindowsUpdateAgent]WUSetting1] notifications compliant: True
VERBOSE: []: [[xWindowsUpdateAgent]WUSetting1] service compliant: True
VERBOSE: []: LCM: [ End Test ] [[xWindowsUpdateAgent]WUSetting1] False in 3.9310 seconds.
VERBOSE: []: LCM: [ End Resource ] [[xWindowsUpdateAgent]WUSetting1]

my settings are:

xWindowsUpdateAgent WUSetting1 {
IsSingleInstance = 'Yes'
UpdateNow = $true
Category = @('Security','Important','Optional')
Source = 'MicrosoftUpdate'
}

my LCM is

ActionAfterReboot : ContinueConfiguration
AgentId : C69D62DD-D5F5-11E7-9F55-00155DF2B712
AllowModuleOverWrite : False
CertificateID :
ConfigurationDownloadManagers : {}
ConfigurationID :
ConfigurationMode : ApplyAndMonitor
ConfigurationModeFrequencyMins : 60
Credential :
DebugMode : {NONE}
DownloadManagerCustomData :
DownloadManagerName :
LCMCompatibleVersions : {1.0, 2.0}
LCMState : Idle
LCMStateDetail :
LCMVersion : 2.0
StatusRetentionTimeInDays : 10
SignatureValidationPolicy : NONE
SignatureValidations : {}
MaximumDownloadSizeMB : 500
PartialConfigurations :
RebootNodeIfNeeded : True
RefreshFrequencyMins : 60
RefreshMode : Push
ReportManagers : {}
ResourceModuleManagers : {}

xWindowsUpdateAgent 'Windows Updates'
    {
        IsSingleInstance = 'Yes'
        UpdateNow = $true
        Category = @('Security','Important')
        Source = 'WindowsUpdate'
        Notifications = 'ScheduledInstallation'
    }

yields the following results

VERBOSE: [ENETT-NB086]: LCM:  [ Start  Set      ]
VERBOSE: [ENETT-NB086]: LCM:  [ Start  Resource ]  [[xWindowsUpdateAgent]Windows Updates]
VERBOSE: [ENETT-NB086]: LCM:  [ Start  Test     ]  [[xWindowsUpdateAgent]Windows Updates]
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] TryGet RebootRequired...
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Got rebootRequired: False
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Searching for updating using: IsAssigned=1 and IsHidden=0 and IsInstalled=0
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Get default search service: 3da21691-e39d-4da6-8a4b-b43877bcb1b7
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] updateNow compliant: True
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] notifications compliant: False
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] service compliant: False
VERBOSE: [ENETT-NB086]: LCM:  [ End    Test     ]  [[xWindowsUpdateAgent]Windows Updates]  in 5.4950 seconds.
VERBOSE: [ENETT-NB086]: LCM:  [ Start  Set      ]  [[xWindowsUpdateAgent]Windows Updates]
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] TryGet RebootRequired...
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Got rebootRequired: False
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Searching for updating using: IsAssigned=1 and IsHidden=0 and IsInstalled=0
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Get default search service: 3da21691-e39d-4da6-8a4b-b43877bcb1b7
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] updateNow compliant: True
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] notifications compliant: False
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] service compliant: False
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Performing the operation "Set-TargetResource" on target "Set notifications to: ScheduledInstallation".
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Cannot validate argument on parameter 'notificationLevel'. The argument "ScheduledInstallation" does not belong to the set "Not
Configured,Disabled,Notify before download,Notify before installation,Scheduled installation" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Performing the operation "Set-TargetResource" on target "Disable Microsoft Update Service".
VERBOSE: [ENETT-NB086]:                            [[xWindowsUpdateAgent]Windows Updates] Disable the Microsoft Update setting

Note the

The argument "ScheduledInstallation" does not belong to the set "Not
Configured,Disabled,Notify before download,Notify before installation,Scheduled installation" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.

Allow the DSC module to install .msp office patches with the msiexec /update option. As well as check registry keys for office updates since get-hotfix doesn't display those patches.

Hello,

I am trying below config file to push windows udpate and getting access denied error.
Anyone has idea about what's wrong with this?

Configuration Update_test_config
{
    param(
            

        [Parameter(Mandatory = $true)]
        [ValidateNotNullorEmpty()]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $MyCredential

    )
    
    Import-DscResource -Module xWindowsUpdate

    Node $Node1
    {
        xMicrosoftUpdate "EnableMSUpdate"
        {
            Ensure = "Present"
        }
    }
}

$cd = @{
    AllNodes = @(
        @{
            NodeName             = 'WSFC1'
            PSDscAllowDomainUser = $true
            PSDscAllowPlainTextPassword = $true

        }
    )
}

$crendentials = Get-Credential -Message "Enter credentials"
Update_test_config -MyCredential @credentials


$Node1 = "WSFC1"
Update_test_config -OutputPath E:\Automation\DSC_Scripts\Learning_Script

Start-DscConfiguration -Path C:\Windows\system32\Update_test_config -ComputerName WSFC1 -Verbose -Wait

Error Details :

Access is denied.

• CategoryInfo : PermissionDenied: (root/Microsoft/...gurationManager:String) [], CimException
• FullyQualifiedErrorId : HRESULT 0x80070005
• PSComputerName : WSFC1

Details of the scenario you tried and the problem that is occurring

When using the source 'WindowsUpdate" with xWindowsUpdateAgent resource, the xWindowsUpdate module attempts to disable Microsoft Update setting without first checking to see if that service is registered which throws an exception if that service is not registered. See below dsc output:

Verbose logs showing the problem

VERBOSE: [LOCALHOST]: [[xWindowsUpdateAgent]DirectResourceAccess] Performing the operation "Set-TargetResource" on 
VERBOSE: target "Disable Microsoft Update Service". 
VERBOSE: [LOCALHOST]: [[xWindowsUpdateAgent]DirectResourceAccess] Disable the Microsoft Update setting 
Exception from HRESULT: 0x80248014
+ CategoryInfo : OperationStopped: (:) [], CimException 
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException 
+ PSComputerName : localhost 

Per https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-error-reference, this exception indicates:

 0x80248014 WU_E_DS_UNKNOWNSERVICE  An operation did not complete because the service is not in the data store. 

And when checking the store I can confirm the Microsoft Update service is not registered on this system.

Suggested solution to the issue

It seems like a simply solution might just be to update the Remove-WuaService function to first check if the service being removed is actually registered. Example:

https://github.com/PowerShell/xWindowsUpdate/blob/b10426e212827ab7a182b6b45f31fb46c9dfa6ae/DscResources/MSFT_xWindowsUpdateAgent/MSFT_xWindowsUpdateAgent.psm1#L27

function Remove-WuaService {
    param(
        [Parameter(Mandatory = $true)]
        [string]
        $ServiceId
    )
    $wuaServiceManager = Get-WuaServiceManager
    $ServiceIDs = $wuaServiceManager.Services | Select-Object -ExpandProperty Serviceid
    if ( $ServiceIDs -notcontains $ServiceId ) {
        Write-Verbose "Service id: $ServiceId is not registered."
        return $null
    }
    $wuaServiceManager.RemoveService($ServiceId)
}

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# on a system where Microsoft Update is not registered. 
Invoke-DscResource -Name xWindowsUpdateAgent -ModuleName xWindowsUpdate -Method Set -Property @{
    IsSingleInstance = 'Yes'
    UpdateNow        = $true
    Category         = @('Security', 'Important')
    Source           = 'WindowsUpdate'
    Notifications    = 'ScheduledInstallation'
}

The operating system the target node is running

OsName : Microsoft Windows Server 2012 R2 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsBuildLabEx : 9600.19478.amd64fre.winblue_ltsb.190831-0600
OsLanguage : en-US
OsMuiLanguages : {en-US}

Version and build of PowerShell the target node is running

PSVersion 5.1.14409.1018
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14409.1018
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Version of the DSC module that was used ('dev' if using current dev branch)

v2.8.0.0 - master branch

Thanks!

I am trying to install update "KB2919442" on some machines with xHotfix. On some machines it succeeds, on other machines it fails with the following message:

Could not install the windows update. Details are stored in the log C:\windows\TEMP\tmpFAC3.tmp.etl . Error message is Windows update could not be installed because of error 2149842967 "" (Command line: ""C:\windows\system32\wusa.exe"

That error code maps to 0x80240017 on https://technet.microsoft.com/en-us/library/dd939837%28WS.10%29.aspx?f=255&MSPPError=-2147217396

This is a problem because the installation fails, making an error message. The error is unresolvable, and the Test-TargetResource always returns false, I suspect because of:
https://github.com/PowerShell/xWindowsUpdate/blob/57e019abe279f362affe866d67632d4fc6d4e0b9/DscResources/MSFT_xWindowsUpdate/MSFT_xWindowsUpdate.psm1#L215

Details of the scenario you tried and the problem that is occurring

Incorrect variable returned in verbose statements on lines 447 and 553

Verbose logs showing the problem

N/A

Suggested solution to the issue

Return $sourceCompliant instead of $notificationCompliant on lines 447 and 553

The DSC configuration that is used to reproduce the issue (as detailed as possible)

N/A

The operating system the target node is running

N/A

Version and build of PowerShell the target node is running

N/A

Version of the DSC module that was used ('dev' if using current dev branch)

dev