WSUS

854

Solutions

997

Contributors

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi

we have mulitple machines running Windows 8.1 , those machines are their respective OUs in AD and there was a policy created for them to point towards our WSUS server onsite to get their updates, up until this month the machines were receiving them correctly, this month however multiple machines are stuck on 99% in WSUS,  once we check the details of the updates we see that the same 3 updates for the windows 8.1 machines will not install, we have marked them for removal and set a specific deadline but the deadline passed and still the machines status do not change and remain at 99%, can anyone please advise?

the three updates -

KB4025336
KB4025333
KB4025252
0
Announcing the Most Valuable Experts of 2016
LVL 6
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Just setup a WSUS server on Server 2016.  Group policies are set and our test systems are checking in to WSUS just fine.  However, they're not showing any Windows 10 updates as needed by the machines.  If we interactively run Windows Update, they need (For example) June and July's monthly security patches.  WSUS says they're not needed or applicable.

We ARE seeing all Office updates that are needed by the machines.

I've read about the various hotfixes and patches needed to make Windows 10 work properly under WSUS, but those are only for 2012 or 2012R2.  No known hotfixes or patches I can find for WSUS under Server 2016.

Any ideas?
0
Just the last couple of days our 500+ WSUS clients go straight to

Error 8024401f

The WSUS server 2012r2  has been rebooted, and appears to be OK, syncs updates from MS etc. It will not even update itself from itself.

Can anyone please advise?
Thanks
0
WSUS error: connection error
i can get the console open, but after using it a while i get this error.

2017-07-18_7-21-28.jpgthis is what it shows in the event log.
The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The operation has timed out

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, Int32 publicationState)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, ExtendedPublicationState publicationState)
   at Microsoft.UpdateServices.Internal.BaseApi.Update.SearchUpdates(UpdateScope searchScope, ExtendedPublicationState publicationState, UpdateServer updateServer)
   at Microsoft.UpdateServices.UI.AdminApiAccess.UpdateManager.GetUpdates(ExtendedUpdateScope filter)
   at …
0
Hi all,

We have a setup, where all computers are connected to the Head Office WSUS server so that we have a better visibility of all computers and we control which updates need to be downloaded.

Some of the computers are at our remote sites (connected via VPN) and we would like to reduce the bandwidth. Thus, we were thinking of having a physical server at our remote site which downloads the updates that we at the Head Office authorise and the clients download from the local WSUS site server.

The administrator still needs to control everything from the Head Office and authorise updates from 1 location (HO).

Thanks.
0
We are a corporate environment with a single WSUS server. We have our main headquarters where the majority of our devices reside, but we also have a few remote offices with slower internet connections. Our issue is that ever since we started deploying Windows 10 to PCs at our remote locations, we started having big bandwidth issues at those remote locations when deploying Windows Updates with WSUS. I see in previous operating systems you could throttle the BITS service with a GPO. That doesn't appear to be an option for Windows 10 devices. Does anyone have any recommendations? Thanks!
0
Hi

I have recently installed and started running WSUS on Windows Server Std 2012 R2.
I have got all the computers on our network connecting to it.
It keep crashing and giving the following error information:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The request failed with HTTP status 503: Service Unavailable.

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()
   at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)
   at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type type, Object[] args)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetConfiguration()
   at
0
.
bgbisapi.msi could not install
0
I need a powershell to show me all of my computers by group please and I need it in a CSV.

I'm using server 2012 R2 and I have about 20 groups.  I need to produce a list so I can post it on our sharepoint but I'm not sure how to do it.

What I'd like is a list of computers in WSUS, by group.

Thank you

Cliff
0
We would like to set up a WSUS server in our DMZ (Internet Facing) for our external users to get MS updates.  I believe for licensing (EULA) requirements the users would have to vpn into the network to get the approved updates.
This would be managed separately from our internal WSUS server, so we don't need to 'downstream' updates from the DMZ  WSUS server to our internal WSUS server.
Server:  Windows 2016 Std, WSUS v 10.
Any suggested links, information, certificate requirements, etc., would be greatly appreciated.

Thank you,
0
Free Tool: Site Down Detector
LVL 9
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I have in the past used registry settings on my Windows 7 clients to get them to report to WSUS on 2008 server and all worked fine.  With my new 2012 r2 WSUS server (with same name and ip) they are not listing themselves in the console.  I had to rebuild the 2008 WSUS server once in the past and the clients just showed up after reporting day and time had passed.  I did a detectnow from one machine and it still didn't show in the console.  Any direction for this.
0
I am starting to roll out new Windows 10 laptops in my network.  I have installed a new WSUS server on Windows 2012 R2.  In the past with Windows 7 and WSUS on 2008 server I was able to use registry keys instead of a group policy to get my machines to report in with WSUS.  I prefer this method as I can give different machines different days of week and time of day to check for updates.  Is this possible with my new WSUS and Windows 10?
0
I have setup a new server and am running WSUS 10.0.14393.0 on Windows Server 2016. Updates will download but will stop after a while.
Current WSUS status is
- Updates needing files : 5928
- Downloaded 45,683.32MB of 258,732.17MB.
It has been stuck at this for more than a week. I can see network activity occasionally which could range to a couple of gigs every 6-8 hours but the WSUS status does not change

On checking the Application event logs, i can see. Event id 364  Errors
 " Content file download failed.
Reason: The connection was closed prematurely.
 Source File: /msdownload/update/software/crup/2013/03/powerpoint-x-none_4334ff5b7aaec52b4bda630dba2aa91a89057782.cab
Destination File: D:\WSUS\WsusContent\82\4334FF5B7AAEC52B4BDA630DBA2AA91A89057782.cab"

Event id 10032 Errors
The server is failing to download some updates.

I have updated BITs to run in the foreground.
the server has been excluded from the internal Firewall, https inspection and Caching.
I have also tried removing and adding the WSUS role and WID database.
Has anyone come across something similar?
cheers
0
How can you find out when wsusoffline.net has updated its site to the latest published patches. For instance it is Patch Tuesday tomorrow so there is little point spending time updating offline computers until the newest patches releases have been incorporated in the wsusoffline site.
0
So, we run WSUS on Server 2012 R2 for our environment.

In June, the 15th to be exact, I approved a rollup that contained a two specific patches.  When I search on those two specific patches, I can see the date I approved them since I use deadlines when I approve.  So, I know I approved the rollup and I have confirmed that the two specific KBs are in the rollup.

So, after I have run thru all of my patching, I run Computer Tabular Status for Approved Updates and it looks like all but one or two of my servers are all compliant.

Then I go back and I search on the two specific KBs and I do a detailed report and I find that over 100 servers do not have the patch in question.  

The patch was approved in the rollup.  The rollup was installed.  The Computer Tabular Status for Approved Updates report does not show any servers missing approved updates, yet my detailed report shows that the two specific KBs are needed on over 100 computers.  

This discrepancy in reporting is killing me!

So, if the KB is in the rollup, will it not show up in a report looking for the specific KB?  Or, another way to put it, will the specific KB only show in a report looking for that specific KB if the KB was installed standalone and not in a rollup?

I logged into some of the servers and I do not see the KB and that is matching up pretty well with the detailed report.

I'm just confused on why the reporting discrepancies.

Thanks

Cliff
0
Hi
Our WAN consists of three sites, each of which has its own WSUS server running completely separately of each other.
The updates that get automatically approved are Critical, Definition & Security.
We get a report after each synchronise from each server with the updates that we manually have to approve.

If I reconfigure two of the servers to be in Replica Mode and downstream Servers, will any updates I manually approve on the Primary server automatically get approved on the two Replicas?
regards
Rick
0
So, I have this rollup I pushed on 6/15 to all of my servers.  Inside that rollup is a KB - 4021903.  For reasons too long to explain, I need to know if that specific KB is installed on my servers.  I have figured out how to tell that.

My question is, if the KB is installed as part of a rollup, will it still show if I do a separate search for the KB?

Here's what's going on...I pushed out the rollup to ALL of my computers.  I know I did...I can look for the rollup in the approved patch list and it's there.  However, I ran a powershell, and a detailed report in WSUS and it looks like the KB is NOT installed on a large number of my servers.

When I run a report on all approved and installed updates, ALL of my servers except two are compliant.  BUT, when I run the detailed reports, and the powershell scripts, I see a large number of servers that do not have the KB in question.

So, I was thinking that since the KB is in the rollup, it might not show up as in a search for the standalone KB.

Am I right or wrong?

Thanks

Cliff
0
I have a list of KBs and I need to know if they are installed on my servers.  I have over 400 servers.

Can WSUS report like that?

I can't find it if it can.  I AM able to powershell it, but it takes hours to run all the different OSes and of course, that's cumbersome.  I can tell that coming soon, I am going to need to report on whether or not a particular KB is installed on our servers and produce lists of servers that do not have a specific KB and I don't see WSUS reporting doing that.

Am I missing something?

Thanks

Cliff
0
Except for one client computer that recently joined the domain,  none of the 65+ clients are showing up in the WSUS 'all computers' list.   Tried  wuaclt.exe /detectnow and gpupdate /force.   No Joy.   Wsus has collected updates, 130gb worth, and seems ready to serve.   What do I do?
0
[Webinar] Learn How Hackers Steal Your Credentials
LVL 9
[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

I've just installed and activated Server 2016, and learned that I need to use the sconfig utility to set my Windows Update preferences, as download only mode and manual mode aren't exposed in the new GUI.

When I launch sconfig, the "Windows Update Settings" setting is set to custom.  However, whenever I try to switch to manual mode (option 5, then the letter M), the console displays "Setting updates to Manual...", and a separate alert appears, "Windows Update set to Custom.  System has custom configuration for updates."  After I dismiss the alert, the sconfig main menu reappears, and the setting is still "custom".  Here's a screenshot of what I'm referring to:

Sconfig issue
Why won't sconfig accept the manual setting?  This server doesn't participate in WSUS, and all of the WU settings in local policy (Computer Config-->Admin Templates-->Windows Components-->Windows Update) show as "Not Configured".
0
We are using wsus on our pc's.  However, we have one pc that must not be allowed to update, as we use it to connect to some archaic systems, and the newer security settings play havoc with the systems we connect to.  Asking the outfits at the other end to update their systems has been fruitless, and we can't us another outfit for this.  WSUS is managed via group policy, and I need this one pc to NEVER get windows updates or java updates, while keeping it as a member of our domain.

Any ideas?
0
Can WSUS be located on a separate server and still be integrated with SCCM in pushing out updates?
0
I've just installed the WSUS role to my Windows Server 2016 on in my domain.
I chose WID instead of SQL and i use GPO's to set the update location to my WSUS server.

Problem is that i can not get any clients (mostly servers) to connect to my WSUS server.
I used the SolarWinds Diagnostic tool on one of the servers and it gave me the following log:

# Solarwinds® Diagnostic Tool for the WSUS Agent
# 2017-07-04
Machine state
  User rights:                                       User has administrator rights
  Update service status:                             Running
  Background Intelligent Transfer service status:    Running
  OS Version:                                        Windows Server 2008 R2 Standard  Service Pack 1
  Windows update agent version:                      Error (Input string was not in a correct format.)
Windows Update Agent configuration settings
  Automatic Update:                                  Enabled
  Options:                                           Scheduled (Every day at  3:00 )
  Use WSUS Server:                                   Enabled
  Windows Update Server:                             http://mywsusserver 
  Windows Update Status Server:                      http://mywsusserver
  WSUS URLs are identical:                           Identical
  WSUS URL is valid:                                 Valid URL
WSUS Server Connectivity
  clientwebservice/client.asmx:                      OK
  …
0
We have a server running SERVER 2012 R2 with 40GB RAM and lots of disc space. We use Yosemite Server Backup.

We recently replaced our QNAP NAS with more storage space. Previously on the older 12TB QNAP unit we backed up nightly via an iScsi connection to the NAS and this worked very well for a number of years.

With the new NAS I switched to using a UNC path (\\qnap\backup) for the nightly backup process, it works well and the throughput, at its highest, is around 3gb/min. I choose this method so that I didn't have a permanent connection to the NAS backup folder as a precaution against encryption viruses hitting the backup device.

However once the backup has finished, a number of services start to fail on the server and it becomes sluggish. When trying to restart the services results in Not Enough Storage available to complete the process. WSUS, DHCP, etc. Rebooting the server is the only option.

I have disabled tonights backup to see if this is what is causing the issue as it is the only thing I have changed in the last few weeks.

Does anyone else have knowledge of this. I have also not yet tweaked the irpstacksize registry value which doesn't exist on Server 2012 R2. I have read mixed messages as to whether this is necessary.

All network connections run at a 1000mbps. Server is domain controller and file server with Office 365 for Exchange email. The QNAP is connected to the domain.
0
Hi There

I am new to this community and noob on windows servers, could someone guide me that how to configure WSUS to do the updates only once in a month using GPO?

Many Thanks

Gohar Dar
0

WSUS

854

Solutions

997

Contributors

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.