Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Setting up a new WSUS 2016 Server and can't seem to figure out the correct items to select for autodownload/auto approve.

I'm quickly exceeding the 500 GB drive that I've assigned to the device.

Can someone please guide me as to the best practice here?
Learn SQL Server Core 2016
LVL 13
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Got a hit on our vulnerability scan this month, MS15-058, it's referring to WID used by our WSUS.  It's saying the current version (2014.120.2000.8) should be (2014.120.2269.0) is there anyway to update this, or does WSUS itself need to be updated?
hello IT people

I'm facing this issue in my main wsus server. the main and only server for now.


so, what could be wrong?

Is there way to auto-approve Windows update from WSUS?

What would be the best way of making sure that Microsoft Office clients do not update themselves? I am running a Windows 10/Server 2016 environment, Office is a combination of 2016 and 2019 Click to Run. I do not use WSUS or anything similar.

Is there a registry key that can be applied to all machines via a logon script for example?

Many thanks :)
I have a Server 2016 - it's actually a terminal server with a lot of apps on it.  I can not get an updates on it. I think the last time it updated was sometime early July, maybe even June.  I've tried deleting the software distribution folder and re-registering it with my wsus server but still not luck.  I've tried Sconfig and that doesn't work either.  I even tried downloading the updates manually and installing them and that isn't working either.  There is no information in the event logs and the update history isn't any help either.  I've tried dism too and that hasn't given me any information either.  This is a VM and it's heavily used.  I'm out of ideas.. Any suggestions?
Hello IT people

I've post last month a question about configuring WSUS server  and problems I've been facing. but now after I configure everything and the WSUS server has been able to contact Microsoft for update and the client could contact the WSUS server, I have another problem.

The problem is the clients don't seem to take any updates. whenever I try to update any computer or server, it gives me this message: "Your device is up to date. Last checked: Today, ‏‎9:34 AM". But it's really not up to date. and in WSUS server, there is yellow exclamation mark besides every client, like in this photo:

So, I wish you guys could help.
WSUS is only showing updates needed for the desktop PCs once a month. They're all Windows 7 and I used to see patches more often. WSUS server and services have been restarted. WSUS says synchronization was successful with a recent date.

How can I verify I'm getting all released patches from MS?

Windows 2012 R2 Server
Windows 7 Workstations
65 Users
It seems that window 10 update deployed from WSUS to client's workstation required user to confirm the installation.

Is it possible for these patches to install automatically ? Alternatively, can we have the remote powershell to trigger the update on each workstations ?

Hello IT gurus

I've configured WSUS server 2016. And to test it if it's working or not, I've pointed another server to it so it gets its updates from wsus. the server is offline. but wsus server is online.
when I try to force update, it gives me error from the client side "we couldn't connect to the update service"
but I see it in the wsus server, but with an error:"This computer has not yet contacted"

notice in the photo, dhcp3 was working fine but I've stopped it. the I tried with another servers and the problem appears
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Using SCCM to patch windows servers.  We are way behind in patching.  My apps teams wants to know how many times a server will need a reboot.  Is there an easy way to check to see which windows update will cause a server to reboot.  In control panel > windows update it always says 'You may need to restart your computer for this update to take effect'.  Is there a website that can tell me for certain if an update will require a reboot?
Hey IT people

I'm setting up a WSUS server, but when I reach the point to test the connection, it gives me this message :"HTTP error occurred"

I contact the network team before I start to make sure they allow the connection on http and https, 80 & 443, 8350 & 8351 ports.

and to allow the connection to these urls:







but still facing this error.
Hello Everyone and as always a big thanks to everyone for their time and expert insights.
Kind of a silly question as it has never come up before until Windows 10 and the need for WSUS.
We did not traditionally sysprep desktops since unique identifiers changed enough when joining domain and we did not use WSUS so SID issue was not really applicable.
Never had nay problems with W7, but now need to use WSUS (2016) for W10 and aware of SID problems with it.
I ran a few queries ( ) out of curiosity against W7 computer SIDS and some DC (both 2016 install from ground up, i.e. not a template or clone image) and the SIDS are al different, but only the last two digits and that makes me wonder and worry a bit. Is that normal?
Get-WmiObject -class Win32_UserAccount | Select AccountType, Caption, Domain, SID, FullName, Name | Export-CSV C:\exports\Computerlist.csv -NoTypeInformation
dsquery computer -name "is004109" | dsget computer -SID

Examples in image include 4 x W7 desktops from same image, 4 x W10 desktops from same image and a variety of physical and virtual servers with various roles. Note last 4 digits are different
So does that mean that we do not have a SID duplication issue?
The SID I am displaying was queued from domain bound machines that are in AD!
We do generally not promote machines into a domain before we make an image of them. Servers tend to have the sysprep run with OOBE or are one off servers built from ground up without image.
I need to upgrade all my Win10 Pro business systems (600ea) to version 1809 by November to ensure they all continue to receive security updates (that version required by Nov according to MS release notes).

WSUS fails the download to my systems (corrupt/missing files) just like many people experience online - i'm at about 50% success rate. Which of course is terrible without having to remediate (remove softwaredistribution folder, try again) - and with almost 300 remote employees, this is not a scenario i want to try and remediate every single dang failure. There has to be a better way.

Can i download the 1809 feature update as a .msi so i can push it with another 3rd party tool that has a MUCH better success rate than what i'm experiencing with WSUS?  What is everyone else doing with this kind of problem?  This can't be the only way to deal with this.  Something else must be a better approach.

I do know that Microsoft changed update servers on July 8th to
$server = Get-WsusServer
$config = $server.GetConfiguration()
# Check current settings before you change them 

Open in new window

PS C:\Windows\system32> $server = Get-WsusServer
$config = $server.GetConfiguration()
# Check current settings before you change them 

Open in new window

WSUS Error details
WebException: The remote name could not be resolved: ''
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

Open in new window



Already used this as reference
Windows 2012R2 WSUS Server
Windows 2012R2
Windows 2016 Data Center
Windows 2019
Windows 10
Windows 8.1
Windows 7
VMware ESXI 6.5

My Windows Update Server has updates ready for all the computers listed above.
All computers are checking in every 6 hours and that is working I see all them checked in with current time stamp.
I use Windows Update Notifier version 1.5.0

None of my machines show any pending updates to apply.

The GPO has not changed in a long time all WSUS settings are the same Download updates and manually install.

All updates are approved ready to install.

Any thoughts on why the updates are not downloading?
WSUS - on DC?

I could be wrong because I have had a bit of experience with thirdparty enterprise level patch remediation solutions, but I originally thought it was recommended to install WSUS on a DC.  I was just about to do it, and now everything I read suggests strongly against it.  It is a secondary DC, and really was the only  available VM with the lowest utilization so thought it would be a safe bet, otherwise would have to purchase an additional Server license.  What do you guys think regarding WSUS with 2012/16. Keep it off the DC?  It is a small environment about 25 nodes, just wanted to gain more control with the mess Microsoft consistently bestows on everyone with their under-tested Win10 updates and also regain the control as to when computers can be rebooted!  No software company should decide when computers get rebooted!  Monst businesses are 24x7 (Sorry venting ;-))
WSUS Update Repository Export from connected machine and Import to new server.

We are getting ready to deploy a large number of servers to remote field offices. Most of these field offices have limited bandwidth. In our server group, we will have a WSUS. Right now, the update repository from Microsoft is 800+ GB. We currently have a WSUS that contains all of the updates. Ideally, we would like to export the updates from our current WSUS that has all of the current updates and import them into our new servers before we ship them out.

There seems to be some conflicting information out there regarding how to do this or the ability to do this.

Any guidance on this situation.
Dear Experts,

I have found some website that with a domain controller, a WSUS can be setup for a non domain PCs to get updates from a WSUS server by editing the end user PCs.

Is there anyway to control the security or permissions for this setup?

So that even PCs that do not belong to the network don't get the updates?
HTML5 and CSS3 Fundamentals
LVL 13
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

I’m looking for something along the lines of WSUS but maybe not so sophisticated where I can keep an eye on what versions all the PC’s are on in my network.

For example I’ve done a quick check and seen some are awaiting the May Windows 10 update so manually kicked it off, but would be nice to have all the info in front of me.

looking for someone maybe cloud based or lightweight not a full solution like solar winds as only interested in the OS versions (and maybe updates pending)

Dear All

               i'm planning to create a GPO for running the bat login screen with below command, just wonder do i need to input anything in the "script parameters" field ? and by looking at the GPO setting, it shows no settings defined, is that normal ? the aim of creating this GPO is to let the client report back to WSUS server, any help would be appreicated


wuauclt.exe /detectnow /reportnow
wuauclt /resetauthorization /detectnow
net stop wuauser
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /f /v SusClientId
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /f /v SusClientIdValidation
net start wuauserv
wuauclt /resetauthorization /detectnow

net stop wuauserv  
net stop cryptSvc
net stop bits  
net stop msiserver  
#Rename SoftwareDistribution and Catroot2 folder. Type these command and press Enter after each command:  
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old  
ren C:\Windows\System32\catroot2 Catroot2.old  

net start wuauserv  
net start cryptSvc  
net start bits  
net start msiserver  

wuauclt.exe /resetauthorization
wuauclt.exe /r /detectnow
wuauclt.exe /reportnow
Exit /B
Hello IT fellows :)

what is the best practice to configure WSUS windows server?
my plan is to setup two clusters for WSUS

some people said WSUS doesn't works as cluster, but I really don't know. I've never configured one
I have numerous versions of Win10 on our domain that are ver1709 and previous - that are no longer receiving newer windows updates as detailed by MS website. My question is this:

I see WSUS has these version updates available. Can i use (for instance) a ver1607 laptop and assign the ver1803 update to bring it up to that version, or do i have to do EACH incremental update/version upgrade to move older Win10 versions up to the latest version? That would not be preferred. :)  Please let me know.


I'm not too familiar with WSUS. How computer is added in WSUS console list? Is is manually or by GPO or both way exist?

Dear Experts,

My customer is unable to console into the WSUS server.

My customer restarted the server.

In the services.msc, I saw that the Windows Internal Database set to Automatic but did not start, I went ahead to start it.

Error: Connection Error

I have restarted the server's Update Services, IIS Admin.

I have gone into IIS manage to check the framework is using framework64.

Restarted IIS service from IIS manager

I have used WsusUtil.exe postinstall /servicing

After that I see the Server's Windows Application Log:

1. Self-update is not working
2. Some client computers have not reported back to the server in the
last 30 days. 25 have been detected so far.
3. The catalog was last synchronized successfully 1 or more days ago.
4. The Reporting Web Service is not working.
5. The API Remoting Web Service is not working.
6. The Server Synchronization Web Service is not working.
7. The Client Web Service is not working.
8. The SimpleAuth Web Service is not working.
9. The DSS Authentication Web Service is not working.
10. The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.