Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Does anyone know the state of patching Hyper-V Server 2016 (just the hypervisor)?  A Microsoft engineer told me that Hyper-V Server is not applicable to the new Windows patches that were just released but I'd like to get a second opinion on that.  Currently, my Hyper-V Server never reported to WSUS that it needed the January Meltdown/Spectre update that was applied to Windows Server 2016.
Get expert help—faster!
LVL 11
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Ive got a couple of DCs which are not seeing any SCCM Windows patches, they both have a GPO pointing them to a WSUS server, Ive checked the Windows update logs and it states something about a proxy issue but I doubt servers need a proxy to be set for WSUS/SCCM updates. Any ideas on where I should start?
Hello SCCM Experts,

I have inherited an SCCM 2012 server where the WSUSContent is growing out of control.  I first ran into problems with drive space last week.  I added more space (100GB) but synchronization was still not working.  I had to do a wsusutil reset to get synchronization to work.  I didn't empty the contents of the WSUSContent folder before I did the wsusutil reset.  Here are my questions/thoughts:

1.  If I follow the delete the contents of WSUSContent per this article: https://blogs.technet.microsoft.com/gborger/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large/, will this work with my version of SCCM?
2.  Can I uninstall and reinstall the WSUS portion of SCCM.  I found an the following article explaining the procedure to do this if the Windows Internal Database is used in SCCM.  https://blogs.technet.microsoft.com/sus/2016/10/18/recreating-the-susdb-and-wsus-content-folder-for-a-windows-server-2012-based-wsus-computer/

The article states:  Note that if you see ##SSEE (in HKLM\Software\Microsoft\Update Services\Server\Setup\SQLServerName), this blog post is not applicable to you.   Of coarse this is what we have.  Does anyone know the steps for recreating the SUSDB and WSUSContent folder on a build using SQL Server?

Any help would be greatly appreciated.

I have configured WSUS server on Windows server 2008 R2. I have more than 500 hundred clients but only a few clients are reporting in WSUS server. I have checked

1. wuauclt.exe /resetauthorization /detectnow

2. wuauclt.exe /detectnow

GPO seems fine.
When WSUS is configured in SCCM, Windows 7 and 10 act differently.
For example Windows 7 downloads/installs only udpates from SCCM/WSUS, but Windows 10 downloads/installs other updates.
Is this because 'Update from more than one place' is on and set to PCs on my local network in Windows 10?
I am getting the following errors when I try installing the WSUS 3 SP2 on a window server 2008 R2.

2018-01-09 23:33:29  Error     MWUSSetup          InstallWsus: MWUS Installation Failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:29  Error     MWUSSetup          CInstallDriver::PerformSetup: WSUS installation failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:29  Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:44  Error     MWUSSetup          DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)

Any thoughts?


What will happen when I delete all superseded updates in WSUS? Is it safe to decline them all?

Why doesn't WSUS Cleanup Tool find and clean all these superseded updates if they aren't needed? Why is there shown a warning that indicates the superseded update might still be needed?

The WSUS built-in cleanup-wizard seems to leave a lot of unnecessary updates on a WSUS server. When the number of updates available exceeds a certain amount, WSUS clients stop being able to update and start generating time out errors.

   If this is the case, and I'm not saying it isn't, then why does WSUS recommend verifying a superseded update is no longer needed by any computers?  If superseded updates are never needed after their superseding successors are released, we shouldn't be shown a warning that indicates the superseded update might still be needed.

Why is that?

When answering, consider this (I did some research):

   "WSUS does not automatically decline superseded updates, and it is recommended that you do not assume that superseded updates should be declined in favor of the new, superseding update. Before declining a superseded update, make sure that it is no longer needed by any of your client computers.
    The following are examples of scenarios in which you might need to install a superseded update:

    "      If a superseding update supports only newer versions of an operating system, and some of your client
For some strange reason the patch will not install on any w10 v1607 in my entire domain. If I take that same machine and bring it up to v1709 and applied the appropriate Meltdown patch... It installs.
There is a know issue with Bloomberg and v1709 which why I must remain on 1607.

See screenshot below.
We just setup a new WSUS server version 6.3 running on server 2012 R2.
It seems to be brining in the pc fine during the day, but each morning when I go into the WSUS console, I get the error message that says: An error occurred when trying to connect to the WSUS server.
When I check the event view there are errors in there complaining about all of the SUS components not running.
If I reboot the server, which I have to do every morning, then the WSUS works fine and then over night it stops working once again.
Any ideas on what I can do here would be appreciated.
Hi All
we are looking for a power shell script which would do a health check on remote servers after our patching exercise on each.

we need a script which would check Server uptime, automatic services that were in stopped status, IP address, C drive disk space. the result could be in HTML or csv format.

please help.
Free Tool: ZipGrep
LVL 11
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

We have several servers that are pulling the GPO set for getting updates from our WSUS server. Though, they are not registering. I cannot see them in the Servers target list. This is also specified in the GPO. I ran a GPRESULT, and the GPO successfully applied. This also reflects in the registry of each server.
Hello! :)

In our environment we have a SCCM Current Branch Primary Site Server integrated with a WSUS Server in our Data Center to retrieve Microsoft Security patches.

We have several geographically distributed locations where we have a lot of computers not being administered by SCCM due to business needs.

Recently we were given the task of providing some power users with the capability to update the computers that are not SCCM clients with Microsoft Security patches at their convenience.

I want to re-use the existing central WSUS "SCCM-integrated" server so that in addition of being used by SCCM it also is capable of acting as an upstream server - for this manual patching process - and then configure additional WSUS downstream servers connected to it at each large site to relieve traffic from the WAN links.

Is this solution possible (have an existing WSUS "SCCM-integrated" server to both be used by SCCM and also be capable of act as an upstream server for a manual patching process)... or should a separate server be setup and configured to be the upstream WSUS server for the manual patching process?

I was noticing that my windows updates are failing, so when I checked WSUS, I get an error message.
I have restarted the server and same error message.  Then I tried later and it worked for a few hours, but now it keeps on coming up with the same error message.  What gives?

I checked the event viewer and this is one of the errors.  Does't really give me much.

The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
About 6 months ago, I signed a new client who has 3 Xenserver hosts with a number of Windows VMs running on them.  There are 2 Xenapp servers (Windows 2008 R2) with web access set up on one of the firm's domain controllers.  Shortly after I took over this network, I also added a WSUS server to the same DC (DC2) that runs the Citrix web server; the WSUS website is separate while the Citrix Xenserver app runs on the default web site.  I ran across a problem with WSUS and Citrix Web Server co-existence at the time I set it up but I was able to find a resolution and the two have been happily coexisting since then. That is until about a month ago.

I don't know the cause of the breakdown, but it may be related to the fact that I upgraded one of the Xenserver hosts. This host happens to house the other DC (DC3) on the network but it doesn't have anything to do with the Xenapp setup, other than being a DC.

Anyway, all of a sudden, I started getting the following error in the DC2 application log twice about every 10 minutes:

Log Name:      Application
Source:        Citrix Web Interface
Date:          1/3/2018 3:52:18 PM
Event ID:      11004
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DC2.domain.com
Site path: C:\inetpub\wwwroot\Citrix\XenApp.

The request from the browser running on the user device cannot be processed because the User-Agent HTTP header, which provides platform …
Have three physical servers out of 6 getting the 80072ee2 error when trying to run Windows updates.  Do not have a WSUS  server, pulling from the web.  

Has been this way for days.  I have attached the latest attempt from the Windows Update log.
Can windows server 2003 WSUS version 3.2  deploy patch to windows 2018 and win2012?
I am running WSUS version 3.2.7600.226 on a Windows 2003 SP2 server. Recently, I have been getting an error everytime I try to generate a status report for any computer. The error is "an error occurred while generating the report. Try running the report again or contact your network admin for help" Also, Windows 10 machines are having a hard time getting updates from the same server. This server is pretty old and it only has 1GB RAM, running Pentium 4 2,6GHz processor. Any ideas?


Just patched our WSUS box (may or may not be a coincidence) and its not reporting the clients status.

Whats the fix for this?

Any ideas on how can I get the below #1 to work

 1. do "check for windows updates" when
     Windows Server 2012 R2 server is on "DOMAIN"
 2. get 8024402c ERROR
 3. change sever to "WORKGROUP", reboot
 4. do "check for windows updates" again
 5. works, using the same DNS as when it was on the "DOMAIN"
 6. change back to "DOMAIN", reboot
 7. do "check for windows updates" again
 8. fails again
[Webinar On Demand] Database Backup and Recovery
LVL 11
[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

I would like to have all windows 10 machines within a small network set to update via Microsoft whenever security/critical updates are released. I want to achieve this without the use of an WSUS server. Is it possible to push out a registry change via GPO to force the install of any/all windows updates
Hello Everybody,

We're testing the Offline Servicing way of working on Configuration Manager 1702.

I succeeded to add the cumulative update of November inside the WIM. I can see it in the 'Update Statuts' tab, but not in 'Installed Updates' tab in Properties of this image. I don't know why ?..

I also wanted to know how to remove this update from the image ? When I will add the December CU, I want to remove the oldest.

Does somebody know how to do it ?

Thanks in advance
 I am deploying Windows updates to a group of servers and the maintenance window is 0245-0300 to download the updates . Then the updates are scheduled to be installed and the server to be rebooted at 0300-0400  this is configured via SCCM 2012 using WSUS. However for some of the servers in the group there  install and reboot between those times. However other servers install the updates during 0900-1700 and reboot which is outside the maintenance window configured in SCCM 2012. When l look at one of the servers that reboot outside the maintenance window there show error below in the log file. I need assistance with finding out how to stop the reboot of the servers. I would greatly appreciate your assistance
All our clients are laptops in different states and they frequently get online and offline on different occasions .
Lots of clients when they are not connected to internet or they just turned off  they disappeared form WSUS.
As soon as  you put them online they appeared back on .
In order keep inventory we have t keep all clients visible and in to the right group. Any idea whey clients have to be online in order stay on WSUS

Got a clients laptop in and she can't get Windows updates installed... when trying to search for new updates just keeps searching for days.  In the end I stopped it from searching.

The last time this Windows 7 laptop received and installed updates since 2014.
I have run a fully updated WSUS on this laptop and when it tries to install the Service Pack 1 it comes up with the message attached.
When clicking on the Go online for more info..... URL link as per attached screenshot it doesn't load a webpage up!

This laptop is fully licensed with the Windows COA under the laptop so don't know why this is occurring.

I have run SFC /scannow and DISM health checking...
WSUS server is console is getting hang. Error is as below. This comes  when I click on Computer group. Till now I have a single computer group

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

System.IO.IOException -- The handshake failed due to an unexpected packet format.


Stack Trace:
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, …


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.