Event ID 1024 — WSHA Windows Update Assessment
Applies To: Windows Server 2008
The Windows Security Health Agent (WSHA) uses Windows Server Update Services (WSUS) to validate Windows software update status and compliance. In order to perform this validation, the client must be able to connect to the configured WSUS server.
Event Details
Product: | Windows Operating System |
ID: | 1024 |
Source: | Microsoft-Windows-SystemHealthAgent |
Version: | 6.0 |
Symbolic Name: | MSSHA_EVENT_WSC_CHANGE_DETECTION_FAIL |
Message: | Windows Security Center detected a system health state change but the Windows Security Health Agent could not enumerate the state change. Failure Code: %1 |
Resolve
Enable Windows Update Services
To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
To enable the Windows Update service for automatic startup and start the service:
- On the Network Access Protection (NAP) client computer, click Start, click Run, type services.msc, and then press ENTER.
- In the console tree, double-click Windows Update.
- In the Windows Update Properties window, next to Startup type, choose Automatic.
- Under Service status, click Start.
- If the service has been started successfully, the service status will be displayed as Started. Click OK.
Verify
To use WSUS, the Windows Update service must be running and configured to contact an available WSUS server.
To verify that the Windows Update service is running:
- On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
- In the command window, type net start, and then press ENTER.
- In the command output, under These Windows services are started, verify that Windows Update appears.
To verify the WSUS server configuration:
- On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
- In the command window, type reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /s, and then press ENTER.
- In the command output, verify that the server names displayed next to WUServer and WUStatusServer are correct.
To verify that the WSUS server is available:
- On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
- In the command window, type wuauclt /detectnow, and then press ENTER. This command will force the Windows Update service to check for software updates.
- In the command window, type findstr /I /C:"report" %WinDir%\WindowsUpdate.log. This command will filter the WindowsUpdate.log file and display success, failure, and warning events.
- In the command output, verify that the last line reads "Success Software Synchronization."