Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello all,

Range = 1|0

- 1 = Enabled. All Windows Update features are removed. This includes blocking access to the Windows Update website at, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.
- 0 = Disabled or not configured. Users will be able to access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update.

what is the ideal value to set this setting. Everytime when we do update on windows machine it throw error "problem installing updates 0x8024002e"
when we change that to 0 it takes updates.
we get the updates from wsus. wsus shows PC is  up to date. but there are no cumulative updates installed

Any suggestions

Hire Technology Freelancers with Gigs
LVL 10
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

I have 1 machine that was affected by this issue.  I followed the steps in:

and am uninstalling the packages (step 10).  Once I connect to the internet, what's to stop the machine from getting those same patches again?

It's on a workgroup and we're using solarwinds RMM tool to push patches.  I don't see the delta patches in the RMM tool. So it got the patches some other way?  this machine is in a workgroup of 4 machines so there's no WSUS server on the network.

To all:
My environment is made of Windows 2012 R2 and 2008 R2, Windows 8.1, Windows 10. WSUS is installed on Windows 2012 R2. We have a new server 2016 and rolling more serves with windows 2016.
We already have a group policy for WSUS to install updates automatically on "Servers OU" and "Worstations OU"
My question is that Windows 2016 is not taking the WSUS policy; as Windows Update is not longer in control panel. How do i ensure that Windows 2016 check for updates on my WSUS? Do i need to configure a new Group Policy and new OU for this server ?
Please guide to steps to configure windows 2016 to check updates with WSUS?
Thanks a lot.

I would like to know how to repair WSUS server. We had to reinstall a brand new SQLSERVER with a new instance. Restore the WSUS database. Now when I start WSUS it doesn't find the server. What is the best way to reconnect to the database?

We have one WSUS at a datacenter.  We have one remote site, with about 10 machines that are pointed to that WSUS servers.  For some goofy reason, the Server 2012 R2 servers are fine connecting to the WSUS, but the Windows 8.1 laptops can't connect and I don't understand why.  On WSUS, it just says Last Status Report: Not yet reported.

Here is my logs from the client

2017-10-15      19:51:22:345       888      1640      Misc      ===========  Logging initialized (build: 7.9.9600.18696, tz: -0400)  ===========
2017-10-15      19:51:22:345       888      1640      Misc        = Process: C:\Windows\system32\svchost.exe
2017-10-15      19:51:22:345       888      1640      Misc        = Module: c:\windows\system32\wuaueng.dll
2017-10-15      19:51:22:345       888      1640      Service      *************
2017-10-15      19:51:22:345       888      1640      Service      ** START **  Service: Service startup
2017-10-15      19:51:22:345       888      1640      Service      *********
2017-10-15      19:51:22:345       888      1640      IdleTmr      Non-AoAc machine.  Aoac operations will be ignored.
2017-10-15      19:51:22:345       888      1640      Agent        * WU client version 7.9.9600.18696
2017-10-15      19:51:22:345       888      1640      Agent      WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2017-10-15      19:51:22:345       888      1640      Agent        * Base directory: C:\Windows\SoftwareDistribution
2017-10-15      19:51:22:345       888      1640      Agent        * Access type: No proxy
2017-10-15      19:51:22:345       888      1640      Service      UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
2017-10-15      19:51:22:345       888      1640      Service      UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
Hi All,

I have a new customer that has SBS2011.  The server appears to be running well in all respects, but sometime in the past WSUS was disabled due to them running out of disk space, so they disabled WSUS and removed the WSUS files that were stored in either:




(Both folders exist - I have done a search and cannot find any other WSUS folders)

T:\ is mapped to a Virtual Disk on the Hyper-V host (not a network drive physically elsewhere)

I have increased their storage capacity (shared network files were on the server, I have moved them to a NAS).

So, I would like to now 'reinstate' WSUS, but I don't know how it will react due to the missing files that were deleted, and that makes me nervous, so looking for advice on what I should check and do in what order as I have never been here before.

SBS2011 is running as a VM on Hyper-V.  There is one other VM on Hyper-V which appears to be a print 'server' (actually Win7 Pro), but it is shutdown, and I have not touched it so far (I'll get to it later, but its way down the list).

Backups are running fine - using SBS2011 Backup three times a day to an external USB drive, and the drive is backed up to another drive through the day, and that goes offsite every day.

WSUS has been disabled by disabling the service called 'WSUSService' with a display name of 'Update Services'.  At this point, I am inclined to just re-enable that, but what will happen if I do that, and none of …

We group our users and computers objects in Active Directory base on the city of their office in different OUs.  We have group policies which instruct computers to go to their local WSUS server to get Windows Updates based on the computer physical location.  

Some wireless LAN users bring their laptops away from their office to another regional office.  This causes a network issue when their laptop connect to a regional office that has a slow network connection.  This is because the traveled laptop is still in its original OU in AD and pulls Windows Updates across the WAN.

If someone knows a work around, please advise.

Thank you in advance ; )
Server 2012r2 is searching updates from wsus2012r2 for ever.
Other servers are updating from the Same wsus  with no problem.
Checking connection by telnet two directions and it is ok.
Any idea how to solve this problem?
Thank you
I have recently created WSUS server on windows server 2008 R2. Have setup group policy and other thing properly but clients are not reflecting in WSUS console. No client reported to WSUS server.
Free Tool: Site Down Detector
LVL 10
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I hope you have good day. i've server (WIN 2012 datacenter R2)installed on it wsus role and also SCCM 2012 (with external SQL DB) i just need to configure the autmatic update that sccm will take it from wsus and deploy it on the PCs in my network, how can i make that?
One audit finding was raised to us:

a) it's a risk if SCCM (which we use to manage PCs, workstations, including critical payment workstations),
    WSUS (which we used to patch servers in Prod DMZ, Prod internal zones as well as Development/UAT),
    Desktop Central (to manage PCs, laptops), AD & NTP contain authenticators (eg: login id & password) of
    the endpoints they manage.  Do these managemt tools truly contain the authenticators?
    They may use AD credentials or even local credentials (eg: local administrator) to login to control
     the endpoints but do they actually contain the authenticators ?

b) if the answer is "yes", we were told to place all these mgmt tools (SCCM, DCentral, AD server, NTP etc)
     in an isolated secure zone rather than in DMZ so that the authenticators are not easily "stolen" : is
     this a valid mitigation/recommendation?    
    If it's too much to overhaul this, can we create Windows Firewall on these devices to block all traffic
     except the required traffic to mitigate ?

One more tool that we use to lodge privileged accounts credentials : the vendor actually recommend
we put it in DMZ when we 1st set it up, so quite confused if the vendor or the auditor is right
I just built two Windows 2016 Datacenter Cluster Servers for testing in my vCenter VM environment.
I have a Windows 2016 DataCenter VM which is the Domain Controller which works great.

On the two cluster servers I installed a program WindowsUpdateNiotifier which works similar to the old windows update icon in the system tray I use this on all my Windows 8 and up machines and works great.

The source for my updates is my Windows 2012 R2 WSUS server
Both cluster servers are registered in WSUS

When I try to apply the updates I get this message.

We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure your're connected to the internet.


I retry and retry no luck

How can I force the Windows 2016 to search MS online for updates too

The Windows 2016 Data Center Domain Controller works fine with updates from My WSUS server just these two puzzled

I am trying to reinstall WSUS 3.0 SP2 on a 2008 R2 server.  This server originally had WSUS 3.0 on in and had been uninstalled including logs, database, etc  If fails when I try to install it either from Add Roles in Server Manager or from a Downloaded WSUS 3.0 SP2 .exe (WSUS30-KB972455-x64.exe).  Following the progress of the install, is gets to the Configuring the Database step and fails with "There is a problem with this Windows Installer Package.  A program run as part the the setup did not finish as expected.

Any help will be greatly appreciated.  I am out of ideas and don't understand the setup logs (attached).

Thanks in advance

I just saw my wsus showing windows vista for windows 10 machines. I found hotfix for WIndows server 2012R2, but our wsus is 2008 R2.

Is there any work around?

KB2463332 simply fails to install.  What am I missing here?
I have WSUS Server 2012 which I am syncing with Microsoft website. It is showing that WSUS server is synced but when I verify the download folder no update is there. How to fix this? This is very urgent

Event ID:364
Error: Content file download failed. Reason: Error calling [kernel32.dll]:CreateDirectory(E:\WSUS1\WsusContent\B6) Source File:  Destination File: .
Windows 2012 R2 server running WSUS for ages, out of the blue has stopped working. Checks from clients show 8024401F. Server shows a few errors:

Self-update is not working.

The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

Fault bucket , type 0
Event Name: WindowsUpdateFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 7.9.9600.18756
P2: 8024401f
P3: D67661EB-2423-451D-BF5D-13199E37DF28
P4: Scan
P5: 1
P6: 0
P7: 0
P8: SelfUpdate
P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
P10: 0

Attached files:

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: 88bfccdd-9cf4-11e7-80d6-00155d00230f
Report Status: 262144
Hashed bucket:
From windowsupdate.log
2017-09-18      21:39:29:807       920      146c      EP      Got WSUS SelfUpdate URL: ""
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x801901f4
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x801901f4
2017-09-18      …
Hi All,

We have WSUS configured so that client machines will "automatically download but notify for install."  I would assume that this would mean that clients would need manual approval for all installation.

However, we have a bunch of client machines that seem to be installing updates anyway.  In poking around GPO, I found a setting to disallow automatic update immediate installation.  The details seem to indicate that any updates that don't require a reboot will be automatically installed, seemingly disregarding my intention to approve all updates.

Will disallowing this setting get me to my goal, which is to manually install all updates (which have previously been approved in WSUS)?
Free Tool: Port Scanner
LVL 10
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


As many users already reported, this month there are a lot of issues with WSUS.

I have an SCCM CB 1702 Site Server with WSUS on same server.

All was working fine until approx. 1 month ago.
The w3wp.exe process is constantly running at 95-100%.

I installed this Hotfix as described here.

However, the hotfix didn't solve the CPU usage but I could open the WSUS console again. (didn't start before)

After I've installed the hotfix, the WsusPool shuts down after recycling.
I've increased Private Memory to 8GB (used to be 4GB) but it still shuts down.
Only after I've set Rapid-Fail Protection to False the WsusPool is not shutting down.
But this doesn't seem to be a very smart setting.

Errors that keep coming back...
Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync
STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SITE=CM2 PID=2804 TID=6100 GMTDATE=do sep 14 10:02:26.175 2017 ISTR0="CWSyncMgr::DoSync" ISTR1="WSUS server not configured. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
Sync failed. Will retry in 60 minutes

i have a windows 2008 r2 server i am no longer able to install any updates. the server does not want to het installed with any updates. all updates it says not applicable for this computer message. even the standalone installer has also the same problem. with dism commands the result. i am not sure what the problem is. i tried all the tools like windows update trouble shooter , readiness tools, sfc, reset windows updates components etc. nothing seemed to work. please help.
I have deployed Office 2016 ISO version and I am having problems with WSUS updating office to the latest version.
Currently I am running office 2016 version 16.9.4549.1000 and windows update does not show any available updates for it.
I am running WSUS on server 2016 with every product classification turned on. I have downloaded the ADMX files for office 2016 and all the update settings only apply to the CTR version.  Microsoft seems to have abandoned office 2016 ISO and moved to the CTR version i'm guessing??

Two questions, for the love of god, why does microsoft keep doing this to us and how do I fix WSUS and office 2016?
Hi All,

I've got primary WSUS in the Head Office which downloads the updates and then distributes it into the Site Office 1, 2 and 3.
now, the Site Office 3 WSUS has broken, I need to know how to break the replication so I can just set it as the normal stand alone WSUS server directly downloading from the internet.

Can anyone here please let me know how to break the WSUS structure so that the site office which is now Synchronizing to the head office WSUS server can now be standing on its own?

I'm using WSUS 4.0 on Windows Server 2012 R2.
I have windows server 2012 Wsus Server and I have windows 10 systems in the same domain. but windows 10 system Updates are failed through WSUS.kindly help on this.
how to delete WSUS Database Manually?


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.