Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have the following configuration:

a WSUS server and the 1803 is NOT approved with the following global WSUS GPO's

Delivery Optimization Mode is set to Bypass
Allowed Sign updates from intranet MS update service location: enabled
Do not allow update deferral policies to cause scan against WU: enabled
Specify intranet location: http;//OURWSUSServer:8530
Active Hours: 7am - 9pm
Turn off access to all WU Features: enabled
We have lower Computer OU polices to configure Auto Updates at a certain time and enabled client side targeting
We noticed that computers were getting the v1803 update (which we do not want at this time as we just want 1709). After doing some digging around the great Google, i came across an article that suggested to change "Select when preview and feature updates are received" to use Semi-Channel and deferred it for 365 days.

Is there anything else we need to set to block to NOT receive v1803.

Free Tool: Site Down Detector
LVL 12
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I have laptop users on Win10 Pro ver1607 and would like to upgrade them not to ver1703, then ver1709, etc - I'd like to upgrade them from Win10 ver1607 straight to ver1803 (or whatever is the latest supported, you understand my intent).

1. Is it possible to upgrade to the last version, or do I have to incrementally upgrade to each version in turn?
2. Can I use Powershell to upgrade to the version(s) instead of WSUS or Group Policy? WSUS has been problematic at best for this, and I don't care to keep using WSUS unless I absolutely have to. (Group Policy is problematic for remote users, and I don't care to discuss GPOs for this, please do not recommend/spend time discussing)
I have run the following script on a server under the assumption this was going to force the Server (2012) to report into WSUS as WSUS was not detecting this server and others, but instead it has removed the 'Windows Update service' completely and I can't get it back.

Any ideas guys?

net stop "Automatic Updates"
net stop wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%\SoftwareDistribution\*.*
del /f /s /q %windir%\windowsupdate.log
del /s %windir%\SoftwareDistribution
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
regsvr32 wuaueng.dll /s
net start "Automatic Updates"
wuauclt /detectnow /resetauthorization
WSUS not working properly. Lots of wsus pool errors in the event log (5011, 5012, 5013, 5017 and 5038). Cant get the console to load. w3wp.exe and sqlservr.exe using all of the CPU. Is there anything I can try before I reinstall?

99% of all our computers are stating "not reported yet".  We built the new WSUS server and configured the GPO on Thursday.   The WSUS server is listing all the computers but most of them have not reported.

What would cause this?
A Windows 10 computer failed to successfully load Windows while installing Windows updates so I booted off of a Windows 10 installation USB drive, chose the "Repair" feature and then was able to perform a successful system restore to a previous point in time.

This Windows 10 computer now boots into Windows and works fine except that it is unable to install the latest Windows update (see the screenshot).

If I manually download then install this update then the update appears to install but after rebooting when I log back into Windows I either receive a message that the update didn't install of when I go back into the Windows updates I see that the same update still needs to be installed.

I have also performed the following steps attempting to resolve this issue but haven't yet been able to fix this issue:

1. Have run the Windows update troubleshooter (which always says that it has found and fixed issues but ultimately doesn't fix this issue).

2. Have run the SFC /scannow commands and then the DISM.exe /Online /Cleanup-Image /Scanhealth and then the DISM.exe /Online /Cleanup-Image /Restorehealth commands

3. Have emptied the temporary and temporary internet files

4. Have run full scans for malware and viruses and no problems have been detected.

I have also rebooted several times and have tried installing the updates using different administrator accounts but this Windows update still won't install.

What else can be done to fix this issue so that I will…
I'm running a new install of WSUS, on windows server 2016, fresh install, and the server is not used for anything else, but WSUS.
All my servers and computers show "needed count" for updates with large numbers.  Even after I install updates on the clients or servers, the number never goes to 0, how do I install all the needed updates on my servers/workstations?

The 2nd problem is, for a few computers, it looks like the computers have contacted the WSUS server, a few weeks ago, but there's no status report, and there's no info about the computers.  Any idea's how to resolve?

Win10 1803 systems are not offered the 2018-05 Cumulative updates (KB4103721) when connected to WSUS (here: wsus on 2012 R2, but it should not even matter)

As outlines, the new windows build refuses to work with WSUS (like it has happened before with server 2016 and Win10 1607).

Please reproduce and upvote the technet thread, so Microsoft becomes aware.
Points to anyone who takes the time to reproduce.

PS: 1709 Build 16299.402 (if you have it) is unable as well.
"Oops, they did it again..." Microsoft proves once more that they don't care about WSUS - it can be safely assumed that they don't test with it.

Incredible. PLEASE UPVOTE THE TECHNET THREAD, so Microsoft becomes aware.
We are running WSUS server and the latest Win 10 update to come out, version 1803 is failing on just about every computer.
Not sure why this is occurring. Is there anyone else experiencing this and if so, how can we get this
Cloud Class® Course: Microsoft Azure 2017
LVL 12
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

I have been tasked with coming up with a solution to upgrade roughly 150 computers with the new Windows 10 Feature Update 1709.
I have downloaded the .ISO file, and have extracted it to launch the setup.exe file. Is there a switch(s) to use to push this out silently and without reboot? We are using ZENworks to push this out, but I'm stumped on the switches.
We do not want to use WSUS to push this out, as it would clog up our network due to the size of the update.

Any help would greatly be appreciated.


I'd like to automate WSUS deploy. That can be done using an xml:
So now I'd like to change the xml with the servername.

In other words, I need to replace the computername (Servernamexyz in my example, can change overtime) in this xml.

So I'd get the xml in $XML = get-content c:\myxml.xml
tags to replace are
<S N="ServerName">Servernamexyz</S>
and  <S N="PSComputerName">Servernamexyz</S>

How do I replace <S N="ServerName"> whatever </s> and  <S N="PSComputerName">Whatever</S> ?
I can then write result back to xml.

Thanks for your input.

I have recently configured the Wsus server 2012 and applied the GPO to get all updates on servers on  our MS estate which consist over 200 Servers mostly Server 2012 but  few still on Server 2003 which I need to exclude  from this.  
I have created the custom update view for server 2012 and choose  only for  critical, security, and roll-up updates. But unfortunately non of the server is appearing in costume view. all server 2012 and 2003 are apearing under All computer--->Servers.
 Please  how I can  force only mention updates only on Server 2012 and exclude the Server 2003 to disappear from Servers under the All computers.
secondly how I can force to get Custom view updated and can apply in more refine way to push the updates.  

Please help.

I'm puzzled how to handle WSUS Feature updates for Windows 10 that won't install.  I found the thread which explains that its risky to install these major upgrade via WSUS, but the problem is, if I can't install the Feature upgrade, then no further updates will install, the PCs just stay stuck at that level.  The only way I've found around this is to to take each device off the network, install the Feature Update & then rejoin it to the network, but that's really disruptive to the users.  How are other people getting their domain based Windows 10 devices updated?
Having difficulty getting WSUS to deliver the following Anniversary update to our Win10 Pro 1607 laptops - WSUS works normally for all other updates to these laptops:

Feature update to windows 10 pro version 1703 en-us

I have a new Server 2012 R2 WSUS server pushing updates via GPO - with the update approved and showing Install on status. Once the install begins, the Win10 Pro laptop shows "Downloading 0%...." for the update, then fails shortly after with Error 0x80244007.

i've looked online and added the MIME type .esx (application/octet-stream) at the WSUS IIS server level and it shows inherited at the WSUS administration website level as well. Tried removing/replacing SoftwareDistribution folder, ran MS Update troubleshooter, it still fails.

I've attached my GPO settings also in a WordPad file, and the resultant Windowsupdate.log is below for the laptop as well.

Please let me know what might help. Thanks!


2018/05/04 09:46:47.1291913 1236  7720  Misc            Got WSUS Client/Server URL: http://ds-wsus:8530/ClientWebService/client.asmx""
2018/05/04 09:46:47.1292977 1236  7720  ProtocolTalker  OK to reuse existing configuration
2018/05/04 09:46:47.1293030 1236  7720  ProtocolTalker  Existing cookie is valid, just use it
2018/05/04 09:46:47.1293045 1236  7720  ProtocolTalker  PTInfo: Server requested registration
2018/05/04 09:46:47.1723160 1236  7720  Misc            Got WSUS Reporting URL: …
Three servers in WSUS are acting strange.  I have three servers, each named server1, server2, and server3.  I can get one of them to check in with WSUS, but not the other two, and they are trading places.  I can get 1 to check in, and then when I get 2 to check in, 1 disappears.  It seems I can only get one of the three to check in.  I have had each of them, at one time or another showing in WSUS, but the other two not.  I can restart services and force a checkin, but I can only get one server of the three to check in at a time.  

I have verified the GP, verified DNS, made sure the IPs are all different.  I just can't get more than one of the three to check in.  

Anyone seen this?

Would like to replace my 2012R2 WSUS server with a 2016 standard WSUS only role.  My question is there any value in making this a downstream server to get all of the metadata?
I am having so many issues with the 2012 WSUS  that i just want to deploy a new 2016 WSUS and decommission the old 2012 WSUS.  My enviroment is 95% windows 10 Pro with some Windows 7 Pro  that are currently being replace.

any thoughts or best practices are welcome and thanks in advance

Thanks  Alain
WSUS on Server 2016 not showing any Windows updates available for Windows 10 systems: I've read the EE thread with this title.  The OP abandoned the question (and abandoned WSUS) without a resolution.  I'm having the exact same problem. I've searched and searched for several weeks without finding a solution.  I found a long series of posts on the exact same issue on another tech community site which has no resolution either.  Here's the deal:

I have WSUS installed on a Windows 2016 server.  This is a 2016 Standard domain that was migrated from an old SBS2008 domain.  It's been up and running successfully for nearly a year.  The domain consists of two 2016 servers (one DC and one RDS, both v1607), one Windows 2008 R2 server running SQL 2008, five Win7 workstations and eight Win10 workstations (6 are v1703 and 2 were upgraded to v1709).  The original WSUS database was on the Win2008R2 server.  At the end of the migration I moved it to the 2016 RDS server.  It was working fine for about 7 or 8 months. All of a sudden (I assume it was probably some update that caused it), WSUS stopped working for all of the servers (including the 2008R2 server) and all of the Windows 10 workstations.  It would download the required updates but all updates (except for Office and Win7) showed as not needed ("Needed" column = 0).

After a number of tries to repair WSUS, I decided to move it to the Win2016 DC.  This was a fresh install, not a migration, and is where it's now installed.  …
I am unable to view WSUS reports on Windows Server 2016. When I try it gives me the error: The Microsoft Report Viewer 2012 Redistributable is required for this feature. Please close the console before installing this package.

So, I do that, and try to install the report viewer. Then I get the error: Setup is missing an installation prerequisite - Microsoft System CLR Types for SQL Server 2012.

So, I install those but even though they install I still can't get the Report Viewer to install.

I've seen many articles showing me where to go but they always make it seem like once I install the CLR package (As this one does:  I should be able to run the Report Viewer. And yet, it keeps saying it needs those CLR files.

I've tried the x64 and the x86 packages with no luck. I can't seem to get the system to recognize that I've downloaded what I'm looking for. Any suggestions would be most appreciated.
Cloud Class® Course: CompTIA Healthcare IT Tech
LVL 12
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

after installing Office 2016 there are still loads of updates from WSUS, can I download a single cumulative update patch and slipstream it or similar into the Office install?
Hello ,

Please tell me WSUS version compatible with windows 2016 servers

WSUS Version: 3.2.7600.226
 Windows 2008 R2

We need to upgrade the version to make it compatible with windows 2016 servers ( Members servers ) as well. Kinldy let us know the version to which we need to upgrade and provide the upgrade steps.
We’ve two identical 2012R2 networks updated from one WSUS.
Need to setup WU GPO’s, and just discovered that the WU are different,  see attachments - #2 has sub-folder "Defer WU":

Please help to understand what the problem is.
Thank U.
Hello ,

This is regarding WSUS upgrade , We need to know upgrade the version to make it compatible with windows 2016 servers as well. Kindly let us know the version to which we need to upgrade.

We are currently running the following:

WSUS Version: 3.2.7600.226
Windows 2008 R2

Great news! Microsoft has taken another step in fighting the spectre 2 vulnerability and has issued more microcode updates, this time including the CPU types Haswell and Broadwell.
These updates need to be downloaded and installed manually, they will not come automatically!
WSUS admins need to import these manually, too.
Hi all :)

I have had to rebuild the server 2012 r2 (a DC) that WSUS lives on.

I reinstalled server 2012 and WSUS with the same configuration as it was previously.

The problem is that even after 2 days no computers have reported in to WSUS.

I use a GPO pointing all Windows PCs to the WSUS server.

What might be causing this lack of computers showing up in WSUS??

thanks in advance


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.