How to Trigger Windows Update on Server Core via PowerShell Remoting: Registry Workaround and Alternative Methods


4 views

When managing Windows Server Core installations via PowerShell remoting (Enter-PSSession), attempting to launch the standard sconfig.cmd utility for Windows Update results in registry-related errors. The VBScript-based tool fails with:

sconfig : FEHLER: Der angegebene Registrierungsschl?ssel bzw. Wert wurde nicht gefunden.
[Error: The specified registry key or value was not found]

Instead of relying on sconfig, use these PowerShell-native approaches:

# Method 1: Using Windows Update module (requires PS 5.1+)
Install-Module PSWindowsUpdate -Force
Get-WindowsUpdate -Install -AcceptAll -AutoReboot

# Method 2: Using COM objects
$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Result = $Searcher.Search("IsInstalled=0")
$Result.Updates | ForEach-Object { $_.AcceptEula() }
$Downloader = $Session.CreateUpdateDownloader()
$Downloader.Updates = $Result.Updates
$Downloader.Download()
$Installer = $Session.CreateUpdateInstaller()
$Installer.Updates = $Result.Updates
$InstallationResult = $Installer.Install()

If you must use sconfig, create the missing registry structure first:

Invoke-Command -ComputerName server2 -ScriptBlock {
    if (-not (Test-Path "HKLM:\SOFTWARE\Microsoft\ServerManager")) {
        New-Item -Path "HKLM:\SOFTWARE\Microsoft\ServerManager" -Force
    }
    Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\ServerManager" -Name "CurrentVersion" -Value "1.0" -Type String
}

For production environments, configure automatic updates via policy:

# Set auto-update configuration
$AutoUpdateSettings = @{
    Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
    Name = "NoAutoUpdate"
    Value = 0
    Type = "DWord"
}
Set-ItemProperty @AutoUpdateSettings

Always verify update status and maintain logs:

Get-WindowsUpdateLog -Online | Out-File C:\UpdateLog.txt
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 10

While the sconfig.cmd utility works fine when logged in via RDP to a Server Core installation, it fails spectacularly when invoked through PowerShell remoting. The error message about missing registry values followed by a VBScript runtime error reveals the fundamental limitation - this tool wasn't designed for remoting scenarios.

Since we're already in a PowerShell session, we should use PowerShell-native approaches:

# Option 1: Using the Windows Update PowerShell module
Install-Module -Name PSWindowsUpdate -Force
Get-WindowsUpdate -Install -AcceptAll -AutoReboot

# Option 2: Via COM object (no module required)
$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$SearchResult = $Searcher.Search("IsInstalled=0")
$SearchResult.Updates | ForEach-Object { $_.AcceptEula() }
$Downloader = $Session.CreateUpdateDownloader()
$Downloader.Updates = $SearchResult.Updates
$Downloader.Download()
$Installer = $Session.CreateUpdateInstaller()
$Installer.Updates = $SearchResult.Updates
$InstallationResult = $Installer.Install()

For environments where PowerShell modules aren't allowed, consider these approaches:

Using wuauclt:

wuauclt /detectnow
wuauclt /updatenow

Scheduled Task Approach:

# Create a scheduled task that runs Windows Update
$Action = New-ScheduledTaskAction -Execute "usoclient.exe" -Argument "StartScan"
$Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date)
Register-ScheduledTask -TaskName "ManualWindowsUpdate" -Action $Action -Trigger $Trigger -RunLevel Highest
Start-ScheduledTask -TaskName "ManualWindowsUpdate"

A critical consideration when updating remote servers:

# Check pending reboot status
Get-ItemProperty -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\RebootRequired" -ErrorAction SilentlyContinue

# Graceful reboot command
Restart-Computer -Force -Wait -For PowerShell -Timeout 300 -Delay 2

In managed environments, you might need to sync with WSUS first:

# Force WSUS synchronization
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateServiceManager = New-Object -ComObject Microsoft.Update.ServiceManager
$UpdateService = $UpdateServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$UpdateSearcher.ServerSelection = 2 # Use WSUS server
$UpdateSearcher.Search("IsInstalled=0")