Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello All,

Very odd - WSUS on Server 2016 does not show any computers.  I usually use the "use the update services console" instead of "use group policy" but neither will work .  If I search for a specific system nothing shows up.  I have set this up many times on other networks with no problems.  Any suggestions?


Rob Battaglia
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

Hello IT people 😁
I need to build a data center. from servers point of view, how to do or what is the best practice for the followings:
1- for the DHCP I Need the setup to be HA or Cluster.
2-for WSUS I Need the setup to be Cluster.
3-for  SMTP I Need the setup to be HA.
4- for MYSQL DB I Need the setup to HA with Sync.
5-For NTP I Need the setup to be HA or Cluster.
6-For AD please note that's required to moving FSMO, maybe TLS needed, trust configuration between Server Farm and DMZ domains if used and GPO for all Systems.

feel free to ask any questions to help me 😅
I had asked a previous question about patch management and the solution seemed to be to implement WSUS.  However, there are other products such as Adobe that also need to be updated regularly.  Does WSUS assist with updating Adobe also somehow?  

Additionally, when there is about 25 computers on the network, is it better to somehow just enable the products like Adobe to automatically update themselves if possible?  Or is there another software that incorporates Microsoft and other products?
we have an urgent requirement of deploying some updates and internet explorer 11 on the windows 7 clients.

we have a lot of agents without sccm agent as we have some pki issues.

I want to temporarily install a wsus server and want to install a few updates and internet explorer 11

is it ok to redirect the clients to a temporary wsus server for updates and then unlink the GPO so that the clients go back to the SUP installed on SCCM.

any help on installing and configuring the wsus server for my situation
My WSUS 2016 server is full with WSUS content using around 900GB of space. I am surprised it needs to much. I have run the server cleanup and it only cleared around 10GB

I am downloading:
Language - English
Products - Windows 10, Server 2012, Server 2016, Office 2016
Classifications - Critical, Definition, Security, Feature Packs, Updates, Service Packs and Upgrades

When I look at 'All updates' there are 1000's classed as Windows XP, Server 2003 etc that surely should go with the cleanup?
I am running wsus in win2k12 r2 server. All of sudden starting today when I select All computers and filter “Installed/Not applicable@ it is showing count as 0. However when drill down to the groups I can see clients with 100% updates installed.

Not sure why it is happening . However other filters like failed / Needed and No status populated the machine list. Any idea please
Hello All - I have a new 2016 Server that was a migration from an old SBS 2011 server.  All the roles have been moved and the old server is turned off.  I want to get rid of the WSUS roles since I am not installing it on the new server.  In GP I see the Update Services Common Settings and Client Computer Settings is still there from the migration.  I would like this all turned off so I modified the common settings gp and disabled the intranet option in Windows Updates so that the systems would go directly to the MS site for updates.  But the server will not download updates.  It starts and gets to about 9% and then stops with the error that I have attached.  Any thoughts as to why this might be happening?


dear all

         I got a server 2012 r2 got stuck in checking update, and we have a WSUS server manage all the update, and when I look at wsus console, I see this server 2012 has no status, and I see below error in event log, also I tried to by pass wsus for this server 2012 in GPO, when I ran gpupdate/force I see the same error at below, any idea how to get this fix ?

DB2 10.5 on Windows Server 2019 Standard

I am trying to set up a DB2 cluster using Windows Clustering.  I have been using a few different resources from the web to set this up.  One is ..
and another is ...

Both are excellent resources but I am be missing something.

Here is an overview of what I have.

Windows Cluster with 3 drives (data, log, and Quorum) named KGSLTWICDB01 with IP address by running the db2mscs -f c:\download\db2mscs.cfg. I have tested the failover and it seems to work fine.
Under the cluster manager I see a db2Group role and both nodes show in the Nodes section.

My main question is how the heck do I set up the second node?  The documents seem to assume I know how to do that or that setting up node1 takes care of node2, but I don't see that.

When I run DB2iList on node1 I get
DB3          c : KGSLTWICDB01

When 1 run same on node2 I get

So what am I missing?  What do I need to do to get node2 set up the way it needs to be?

Thank you!

I have received the error code 0x80244019 from the client side when i check the update,
I have a WSUS server and approved the needed updates, it is downloaded in the server.
the client doesn't have an internet jut connected directly to the server,
ping between the server and client both side is reply,
telnet from the client to the server is listened,
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!


I am running WSUS on server 2012 R2 using the windows internal Database.
the database is using up a huge chunk of my Physical Memory on the server.
Is there a way I can limit how much memory the database uses?

I do not have SQL Enterprise installed on the server and will not be able to install it there.

I am having trouble to install .net framework 3.5 or 4.o  in Window 10 enterprise due to WSUS server we have.

Any suggestions are appreciated!

Thank you very much in advance!
Dear all can any one let me know how to use windows package publisher to update adobe flash player.
Experts - an SQL devotee I'm not, but need assistance with a WSUS SUSDB file that is in a "Recovery Pending" status.

I was attempting to do a full uninstall of WSUS and the associated database files off a Server 2012R2 system. The WSUS database was using the WID repository.

Steps taken:

1- Uninstalled the WSUS role

2 - As I was getting ready to post this step taken, I just noticed in my infinite wisdom - I failed to do step #2 of this following article link, but did the remaining steps which did not give the expected results noted in Step #5 ( article link is safe)


3 - Installed the SQL Management Studio after the above step - and see "SUSDB (Recovery Pending)" -

4 - Attempting to expand the SUSDB gives this error:

At this point I'm not interested in attempting to fix this error - but rather get this WSUS fully removed off the server.  Can I detach and drop and then delete the WID\Data\SUSDB.mdf and SUSDB_log.ldf files - and then delete the WSUS contents as suggest in step 2 of the above article link?

If not recommended, what do I need to do to get this removed off the server. The mdf/ldf files are on the root drive and getting rather large in size (40GB+) - thanks much -
Hello All,

I have been having a problem getting WSUS installed on Server 2016.  It keeps telling that it fails because of a reboot that is neeed.  The reboot goes through, it looks like it is reconfiguring something then doe the same thing again and again.  This is a migration away from an SBS 2011 box and I really don't need WSUS since there are not that many users and I can have them download updates directly.  But I am not sure how to turn off the GPOs linked to updates.  Do I just change all of the settings to disable in the Updates Services Common Settings GPO or is there somewhere else I need to change some things.  The SBS box is going away.

I have already tried running RSOP to see what GPO is controlling the login as service - it was the default domain controllers policy.  So I went into that GPO and added NT SERVICES\ALL SERVICES to it.  i had just migrated another SBS 2011 to Server 2016 and had not problems installing WSUS.  Not sure why this box is giving me problems since I am logged in as an admin.

So, how can either point directly to MS for updates and forget about WSUS or get it installed?


After upgrading Windows 10 to 1809 we can no longer obtain updates from our WSUS server.  We operate in a closed loop environment, the error is attached.  I've ran the Windows update troubleshooter no joy.
We have the standard set up of an internet facing wsus server.  Which we export. And then import to the internal wsus server.   Running fine. For years.  

I ran a script which declines all the supersede and no longer required patches.   Dropped from 250gn to 40gb

Next export worked fine

But I had to rebuild the internal one recently.  And it stalled on downloading. As files were missing.

I re approved all the declines on the external one.  And copied those files back in and it started working.

Why ?    I mean. They were deleted by wsus own server clean up.  Why would the meta data still be there ?
We operate a remote installation on a satellite link. Our WSUS downloads can take from 4 days  to up to 30 days! While the download is in progress, this information is displayed on the WSUS snap-in summary screen, but disappears when the download completes.

I'm trying to get specific information out of the Windows Update log (C:\Windows\Windows Update.log) running on my WS2012 R2 VM.
Specifically, I need to know:
  • When download from Microsoft started
  • When it completed
  • The size of the download

Attached is the log from our "Update Tuesday through the date that the WSUS server began pushing out updates to workstations. I'm sure what I'm looking for is in there, I'm just not recognizing it due to the density of information.

Also attached are images of the WSUS summary screen, befoer and after completion. During downloads, the circled area contains start date, size of download, and amount currently downloaded. After completion, all that info is gone.

Thank you.
We are running WSUS on a WindowsServer 2012 R2 VM, on a very limited satellite link. While our updates are downloading (every first Tuesday). I can view the download start date, file size and the amount of data downloaded on the Summary screen. Once the download is complete, I don't have this information on that screen. Where can I find a log that shows when downloads from Microsoft started and finished, and the file size downloaded?
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Need help with WSUS server 6.3.9600 18838 not downloading updates. It is synchronizing with status "Succeeded" but no updates are downloaded. Message in log;
EventLogEventReporter.ReportEvent                EventId=364,Type=Error,Category=Synchronization,Message=Content file download failed.
Reason: Value does not fall within the expected range.
Server is behind proxy.
WSUS events:10032,12072,364
After a nasty Trojan virus, we have implemented windows firewall SMB block rules on our client computers to block incoming SMB.   This allows us to protect computers on the same network from a lot of malware file dropping.

We are also implementing a new Patch Manager that uses WSUS as an intermediary.   This mechanism requires SMB and WMI.   So, with Group Policy I tried to put in an exception in the rules using an allow if secure, then putting in the computers that need access.  I found out that if there are local rules that allow SMB and they are merged, it will allow anything through.   I also went the route of setting up a machine (windows 10) firewall manually, then exporting all the firewall rules with an exception (defined in remote computer scope), then denying local firewall rules and local security connections through the GPO.   This, initially, I thought worked.   However, when testing the same GPO on a windows 7 machine, it did not clear out the local firewall rules.

Is there something different I need to do for windows 7 firewall, or is there another route we should take?   Right now our LAN to LAN segments are protected with firewall, but clients on the same segment are vulnerable to each other unless I do a block rule (which takes precedent over any allow rule).
Automatic Update Software I use
  ** WSUS = Windows Updates
  ** Ninite = Firefox, etc
  ** PDQ Deploy = other Software
  ** SolarWinds = currently only using Alerts

How can I automatically do the below #1 and #2 on my 10 different models of HP Network Switches, then after confirming the backup is good, manually click a BUTTON to DEPLOY #3 ?
   1. firmware download
   2. backup
   3. upgrade
Hello all,

Wondering if I can get some thoughts on a WSUS scenario I'm working through.

The scenario:

Non-Internet connected network is going to have a WSUS server to manage updates for a small network of computers. I do not have access to an internet connected WSUS to export updates/update data from in order to import into the air gapped network.

The only way I'm aware of to do this (as I've done it in the past) and the only way I've been able to find online so far is to have an internet connected WSUS server to export the information from and import it to the air gapped WSUS server.

So my question is: Does anyone here have any other ideas how this can be accomplished? Or am I stuck with having to come up with another WSUS server to export from.

Thanks for sharing your thoughts!
we have two separate active directory forests with no trust relationships. SCCM 2012 r2 is deployed in one of the AD forests and sccm site systems are installed in our domain that we used for deploying apps and updates. Our SCCM is a multiple forest deployment with no trusts.

we have very limited control on the SCCM servers deployed in the other domain. there seems to be an issue with the SCCM for a long time and we are unable to deploy apps or updates in our domain.

Now there is an urgent requirement to deploy some updates and also upgrade the internet explorer.

I am thinking of temporarily deploying a wsus server, importing the updates and Internet Explorer updates, redirecting clients in domain by using GPO to point to the temporary WSUS server. Deploy the updates and later remove the GPO so that it goes back to the original configuration  of reporting to a SUP installed on the SCCM site system.

My worry is if the clients won't revert back to the existing SUP once the GPO is unlinked.

Are there are other means of deploying some updates and internet explorer on Windows 7 SP1 both x86 and x64?
Windows Server 2016 is having problems communicating with WSUS which btw is also Windows Server 2016. There is a list of updates showing up but at the end of it the Install now button is greyed out. We've got servers running Windows Server 2008 R2, 2012, 2012R2 and 2016 but this is happening only to the server running 2016.


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.