Issues with patching servers remotely using winrm and Microsoft.Update.Session
You just cannot do it mate, be cause MS doesn't allow you to do it via WUApi.
Details can be found here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa387288(v=vs.85).aspx
You can try to use Scheduled task to get this done.
Related videos on Youtube
13 : 57
04 : 50
13 : 13
04 : 10
02 : 56
Comments
-
reconbot over 1 year
I have a network with windows 2003, 2008 and 2008r2 servers. I have a powershell script that I wrote to patch a local machine using the "Microsoft.Update" com objects. (Similar to Windows Update PowerShell Remoting.) My script works wonderfully locally but I'd like to use it's functions remotely as I have a fair number of servers to manage. In that case it falls down (similarly to that other post, which wasn't solved).
I was however able to narrow the failure down to two methods on a particular class.
(New-Object -ComObject "Microsoft.Update.Session").CreateUpdateDownloader() (New-Object -ComObject "Microsoft.Update.Session").CreateUpdateInstaller()If you run these in a powershell locally as an admin, you'll have no issues. If you try to use invoke-command (or enter-session, or winrs) you'll get the following error. (This is testing with localhost, but any host will do. I've also tried with different authentication methods such as credssp and kerberos.);
PS C:\> Invoke-Command -ComputerName localhost -ScriptBlock { (New-Object -ComObject "microsoft.update.session").createUpdateDownloader()} Exception calling "CreateUpdateDownloader" with "0" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : ComMethodTargetInvocationI've seen this mentioned on blogs as a bug, but with no backup to that claim. Two workarounds exist and both don't make me happy.
- Use psexec to run commands as the system user. PSExec is what I'm trying not to use as it has proven unreliable. I'd also like a pure powershell solution.
- Create a scheduled task and tell that to run your script as the system user. (via this post) This is not only messy but then I wont have the update results. I'll have to log to a file or update a database or something.
I'm open to other ways to run updates on a host remotely as this seems to be an issue a lot of people are hitting.
I found some docs that explains the message but not the reason or workaround.
Return Value Returns S_OK if successful. Otherwise, returns a COM or Windows error code.
This method can also return the following error codes. Return code Description E_INVALIDARGA parameter value is invalid. E_ACCESSDENIED This method cannot be called from a remote computer.How does it know I'm on a remote computer?
-
reconbot over 12 yearsI am running with the credentials of an admin account, the error specifies "This method cannot be called from a remote computer."