WSUS Product Team Blog

WSUS Product Team thoughts, information, tips and tricks and beyond :-)

WSUS 3.0 Developer's Blog: Reporting - The Good, the Bad, and the Confusing

WSUS 3.0 Developer's Blog: Reporting - The Good, the Bad, and the Confusing

  • Comments 23
  • Likes

The information below is somewhat out of date for the final version of the reporting APIs.  Functionality in the UI is very much the same as in RC, but the API behavior was changed to make it easier to get correct results.  We'll make another blog post soon.   -- Matthew

Blog entry from beta2/pre-RC timeframe:

One of the big areas of feedback for the WSUS 3.0 Beta has been around reporting features.  Looks cool, but so far the results haven't been as predictable (or correct) as they should have been.  I'll cover some of the philosophy behind the feature, give some insights on how the APIs used for reporting work, and build all that together into where we went astray for the Beta. 

WSUS has never, to date, provided direct access to our database.  From the customer's perspective, aside from a few options in setup to configure the DB, we might as well be storing information in CSVs.  We've taken that approach to avoid complexity around publishing and maintaining compatibility around our schemas and stored procedures.  Without published support for the schema, you can't do extended reporting with great products like SQL Reporting Services.  Further, remote console administration is hampered by database engines like the system component DB engine that doesn't allow remoting, and remote DB installs introduce double-hop authentication issues.  Instead, our reporting is exposed via our API. 

Two of the key APIs we use for reporting are available from IUpdateServer: GetSummariesPerUpdate(UpdateScope updatesToInclude, ComputerTargetScope computersToInclude) and a similar GetSummariesPerComputerTarget(UpdateScope, ComputerTargetScope)

Looking over the scopes, you'll see that you can do some really powerful things:  Text searches, items that are (or aren't) in particular states, time based searches, et cetera.

As the old saying goes, however, Absolute Power bring Absolute Corruption.  In our case, maybe that's Absolute Confusion.

Say you want to ask a question like: "For every update in my organization with failures, show me how many computers didn't fail for that update."

You might logically start constructing your API call something like this: GetSummariesPerUpdate(), using an update scope with IncludedInstallationStates = Failed, and a computer scope that has ExcludedInstallationStates = Failed.

To understand what happens next, we'll go back to how the GetSummaries calls work.

GetSummariesPerUpdate() starts off by getting all Updates from the DB that have at least one computer in the state you specified in the IncludedInstallationStates.  Put succinctly, that's every update that has at least one computer that reported a failure for that update. 

Then, a list of computers is generated - every computer that meets the computer criteria.  In our example using ExcludedInstallationStates, that's every computer that has no failures for any update. Remember this point: no failures for any update, not no failures for a particular update in the first list.

Now, for the final trick:  For every update in the first list, we figure out the state (relevant to each update) for every computer in the second list.  Count up the tally of each state, and that's the summaries returned for each update. 

Once again, you've now got a list of summaries for every update that had at least one computer with a failure, and a summarization of computer states only against computers that had no failures at all for any update

If you haven't figured out why this is bad, I'll go over what you might have expected with the initial question. 

Imagine your organization has 2 computers (Ca, and Cb), and 2 updates (U1, and U2).  Both computers successfully installed U1, and both failed U2.

Our scenario wanted "show me all updates with no failures, and a count of states for all computers that didn't fail that update."  You'd expect to see U1 (no failures), with a count of 2 computer successes for that update.

Instead, you'd see U1 (no failures) and 0s in all summary fields.  All of the computers had at least one failure, and so were excluded from being summarized for all updates.  A detailed report in our UI would show no computers at all, just like the summary counts said.

Getting questions like this scenario right can be a little tricky - and often require some post processing.  I'll just say "this is why we have Betas," and is why we're so busy for the RC release.  I think you'll be pleased with the changes.

-- matthew

  • Is there a web console or C# console on the way for 3.0? i hate the MMC that it comes with, why did they do away with the very cool and accessible from anywhere web console?

  • The final reporting APIs for WSUS 3.0 RTM were  updated to make this significantly better - we'll try to get another post out soon.

  • I hate the new 3.0 WSUS too, the web console was so much faster and easier to use.  Having to generate the reports first then approve really sucks

  • Brent - huh?  There's no reason you have to generate a report first before approving.  Have you tried approving from the update lists directly?

  • I too am disappointed in the new wsus, removing the web interface was a drastic mistake, it's as if Microsoft is deliberately disappointing their customers again.  Another senerio where development is controlling what to give the customer without concern for usability or the concerns of the product development team.

  • Thanks for information.

    many interesting things


  • 5vI dont think so.7k I compleatly agree with last post.  ilt

    Please visit my site <a href="">ламинат купить</a> 5n

  • 0pСпасибо за интересную информацию!.4t Буду рад, если посетите мой сайт.!

    Все материалы для строительства дома: металлочерепица, профнастил, ?сайдинг виниловый, металлический сайдинг, теплоизоляция.

    <a href="">Ламинат premier</a> 9q

    <a href="">FineBer</a> 4o



  • WSUS has nevers, to dates, provideds direct access to our database.  Froms the customer perspectives thanks you subjcet

  • Withouts published supports for the schemas, you can't do extendeds reportings with great product like SQL Reportings Services wonderful

  • Then, a lists of computer is generateds - every computers that meets the computers criteria very nice thanks

  • Our scenario wanteds show me all update withs no failure, and a counts of states for all computer that did fail that updates thanks

  • I'll just say this is why we have Beta and is why we're so busy for the RC releases wonderful subject

  • toshiba pa3420u-1brs l10 l15 l20 laptop battery, TOSHIBA PA3451U-1BRS PABAS067 laptop battery,

  •  Dell Inspiron 1200  Dell Inspiron 1300  Dell Inspiron 1420

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment