To all:
My environment is made of Windows 2012 R2 and 2008 R2, Windows 8.1, Windows 10. WSUS is installed on Windows 2012 R2. We have a new server 2016 and rolling more serves with windows 2016.
We already have a group policy for WSUS to install updates automatically on "Servers OU" and "Worstations OU"
My question is that Windows 2016 is not taking the WSUS policy; as Windows Update is not longer in control panel. How do i ensure that Windows 2016 check for updates on my WSUS? Do i need to configure a new Group Policy and new OU for this server ?
Please guide to steps to configure windows 2016 to check updates with WSUS?
Thanks a lot.

We have one WSUS at a datacenter.  We have one remote site, with about 10 machines that are pointed to that WSUS servers.  For some goofy reason, the Server 2012 R2 servers are fine connecting to the WSUS, but the Windows 8.1 laptops can't connect and I don't understand why.  On WSUS, it just says Last Status Report: Not yet reported.

Here is my logs from the client

2017-10-15      19:51:22:345       888      1640      Misc      ===========  Logging initialized (build: 7.9.9600.18696, tz: -0400)  ===========
2017-10-15      19:51:22:345       888      1640      Misc        = Process: C:\Windows\system32\svchost.exe
2017-10-15      19:51:22:345       888      1640      Misc        = Module: c:\windows\system32\wuaueng.dll
2017-10-15      19:51:22:345       888      1640      Service      *************
2017-10-15      19:51:22:345       888      1640      Service      ** START **  Service: Service startup
2017-10-15      19:51:22:345       888      1640      Service      *********
2017-10-15      19:51:22:345       888      1640      IdleTmr      Non-AoAc machine.  Aoac operations will be ignored.
2017-10-15      19:51:22:345       888      1640      Agent        * WU client version 7.9.9600.18696
2017-10-15      19:51:22:345       888      1640      Agent      WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2017-10-15      19:51:22:345       888      1640      Agent        * Base directory: C:\Windows\SoftwareDistribution
2017-10-15      19:51:22:345       888      1640      Agent        * Access type: No proxy
2017-10-15      19:51:22:345       888      1640      Service      UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
2017-10-15      19:51:22:345       888      1640      Service      UpdateNetworkState Ipv4, cNetworkInterfaces = 1.

…

Hello,

We group our users and computers objects in Active Directory base on the city of their office in different OUs.  We have group policies which instruct computers to go to their local WSUS server to get Windows Updates based on the computer physical location.  

Some wireless LAN users bring their laptops away from their office to another regional office.  This causes a network issue when their laptop connect to a regional office that has a slow network connection.  This is because the traveled laptop is still in its original OU in AD and pulls Windows Updates across the WAN.

If someone knows a work around, please advise.

Thank you in advance ; )

Server 2012r2 is searching updates from wsus2012r2 for ever.
Other servers are updating from the Same wsus  with no problem.
Checking connection by telnet two directions and it is ok.
Any idea how to solve this problem?
Thank you

One audit finding was raised to us:

a) it's a risk if SCCM (which we use to manage PCs, workstations, including critical payment workstations),
    WSUS (which we used to patch servers in Prod DMZ, Prod internal zones as well as Development/UAT),
    Desktop Central (to manage PCs, laptops), AD & NTP contain authenticators (eg: login id & password) of
    the endpoints they manage.  Do these managemt tools truly contain the authenticators?
    They may use AD credentials or even local credentials (eg: local administrator) to login to control
     the endpoints but do they actually contain the authenticators ?

b) if the answer is "yes", we were told to place all these mgmt tools (SCCM, DCentral, AD server, NTP etc)
     in an isolated secure zone rather than in DMZ so that the authenticators are not easily "stolen" : is
     this a valid mitigation/recommendation?    
    If it's too much to overhaul this, can we create Windows Firewall on these devices to block all traffic
     except the required traffic to mitigate ?

One more tool that we use to lodge privileged accounts credentials : the vendor actually recommend
we put it in DMZ when we 1st set it up, so quite confused if the vendor or the auditor is right

I am trying to reinstall WSUS 3.0 SP2 on a 2008 R2 server.  This server originally had WSUS 3.0 on in and had been uninstalled including logs, database, etc  If fails when I try to install it either from Add Roles in Server Manager or from a Downloaded WSUS 3.0 SP2 .exe (WSUS30-KB972455-x64.exe).  Following the progress of the install, is gets to the Configuring the Database step and fails with "There is a problem with this Windows Installer Package.  A program run as part the the setup did not finish as expected.

Any help will be greatly appreciated.  I am out of ideas and don't understand the setup logs (attached).

Thanks in advance
ajw
WSUSSetup.log
WSUSSetupmsi_170921_0906.log

KB2463332 simply fails to install.  What am I missing here?

Windows 2012 R2 server running WSUS for ages, out of the blue has stopped working. Checks from clients show 8024401F. Server shows a few errors:

13042
Self-update is not working.

12072
The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

1001
Fault bucket , type 0
Event Name: WindowsUpdateFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 7.9.9600.18756
P2: 8024401f
P3: D67661EB-2423-451D-BF5D-13199E37DF28
P4: Scan
P5: 1
P6: 0
P7: 0
P8: SelfUpdate
P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
P10: 0

Attached files:
C:\Windows\WindowsUpdate.log
C:\Windows\SoftwareDistribution\ReportingEvents.log

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: 88bfccdd-9cf4-11e7-80d6-00155d00230f
Report Status: 262144
Hashed bucket:
-----------------------
From windowsupdate.log
2017-09-18      21:39:29:807       920      146c      EP      Got WSUS SelfUpdate URL: "http://dc01.domain.com:8530/selfupdate"
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x801901f4
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x801901f4
2017-09-18      …

i have a windows 2008 r2 server i am no longer able to install any updates. the server does not want to het installed with any updates. all updates it says not applicable for this computer message. even the standalone installer has also the same problem. with dism commands the result. i am not sure what the problem is. i tried all the tools like windows update trouble shooter , readiness tools, sfc, reset windows updates components etc. nothing seemed to work. please help.

Hi All,

I've got primary WSUS in the Head Office which downloads the updates and then distributes it into the Site Office 1, 2 and 3.
now, the Site Office 3 WSUS has broken, I need to know how to break the replication so I can just set it as the normal stand alone WSUS server directly downloading from the internet.

Can anyone here please let me know how to break the WSUS structure so that the site office which is now Synchronizing to the head office WSUS server can now be standing on its own?

I'm using WSUS 4.0 on Windows Server 2012 R2.

how to delete WSUS Database Manually?