I was recently working on an issue where a monitoring system that runs on top of Server 2012 R2 was not able to establish a TLS handshake with web servers to check their availability. Since my goal is to watch Windows Update progress to ensure something is happening, I wrote a quick PowerShell one liner: I filtered these out and it seems that what’s left is mostly operational logging to do with the update engine. When reviewing the log, I identified that the lines containing the strings Appl and FOD make up the majority of the hundreds, or thousands of entries, when running a tail. CBS stands for Component based servicing and it provides output on update installation…. Since I don’t care really about the log contents and I just want to see some verbosity in the update process while its happening, I went through the other logs listed and came across the CBS log. This is no good in my situation, as that generated log file would be for the point in time it was generated, not a dynamically updated log file being written to during updates. If you want a concise log that is the same as what you got in Server 2012, then you have to run Get-WindowsUpdateLog which will spit out that familiar log file. The link provided takes you to an article on Windows Update log files which lists out the various log files and what they do. Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.Īs we can see, Microsoft have ditched text based logging in favour of ETW based logging. Nowadays if you open that file, you get the following message: Windows Update logs are now generated using ETW (Event Tracing for Windows). In the Windows 7 / Server 2012 days I used to just tail C:\Windows\WindowsUpdate.log and watch the update process, especially when troubleshooting, or when updates were hanging on install. The modern windows update dialogue provides little verbosity, especially when compared to apt or yum in the Linux world. Sometimes you have to patch mission critical Windows servers and you want to see what’s going on in the background.