How to Remove WSUS Completely and Reinstall it

The steps to remove WSUS and reinstall WSUS are pretty standard but they do have some variances on how WSUS was installed in the first place.

To remove WSUS completely, you need to:

  1. Remove WSUS Role
  2. Remove the Database WSUS was using (SUSDB.mdf and SUSDB_log.ldf).
    1. If you were using the Windows Internal Database (WID), specifically delete the SUSDB.mdf and SUSDB_log.ldf in C:\Windows\WID\Data (or C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Data for Server 2008/2008 R2)
        1. If the WID was only used for WSUS, you should remove the WID feature in Server Manager to fully clean up the installation. When you do remove the WID Feature, make sure to remove the entire C:\Windows\WID folder too. Not sure if the WSUS
        2. If you’re using Server 2008 / Server 2008 R2, use the following PowerShell command from an Administrative PowerShell prompt to remove the WID if it was used ONLY for WSUS:
      if ($env:PROCESSOR_ARCHITECTURE -eq 'x86') { msiexec.exe /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB } callerid=ocsetup.exe }
      elseif ($env:PROCESSOR_ARCHITECTURE -eq 'AMD64') { msiexec.exe /x {BDD79957-5801-4A2D-B09E-852E7FA64D01} callerid=ocsetup.exe }
    2. If you were using a remote SQL Server instance, detach the database from the remote server and physically delete the SUSDB.mdf and SUSDB_log.ldf.
    3. If you were using a local SQL Server instance (Standard or Express [See why you should not use Express edition for WSUS]) detach the database from the local server instance and physically delete the SUSDB.mdf and SUSDB_log.ldf.
  3. In IIS, remove the ‘WSUS Administration’ website and the ‘WsusPool’ Application Pool if they still exist.
  4. Remove the WSUS Content folder wherever you had it previously installed (eg. C:\WSUS, or D:\WSUS)
  5. Restart the server.

WSUS should now be completely gone from your system. Now you should be able to re-install the WSUS role, and if necessary, the Windows Internal Database (WID) role too.

To Install WSUS:

  1. Re-add the WSUS Role
    1. Re-add the WID feature if applicable
  2. Restart the server again.
  3. MAKE SURE .NET 4.7 IS NOT INSTALLED (it comes as a KB number for your server OS, not an add/remove programs installation.) The WSUS post-installer is not compatible with .NET 4.7 and will always error out. Once WSUS is installed and working, .NET 4.7 can be reapplied and WSUS should still work.
  4. Run the post-installation configuration.

If you have issues running the post-installation configuration, disjoin the server from the domain, and restart. Try the post-installation steps again. If it works, the issue is a policy on your domain that is causing the issues. You can then rejoin the server to the domain.

How to Tell if the WID Instance Carries More Than Just the SUSDB Database

To tell if the WID carries more than the SUSDB database, you’ll need to install SQL Server Management Studio (SSMS) and connect to the WID instance to browse the databases. To do this, open SSMS by using right click, “Run as administrator” and in the database server copy/paste

WID2008 = ‘np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query’
WID2012+ = ‘np:\\.\pipe\MICROSOFT##WID\tsql\query’

Keep the setting for use Windows Authentication and click connect. It should connect successfully to the WID SQL instance. Then expand Databases and you should see SUSDB and any other databases on this instance.

Share the Post

About the Author