Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

WSUS server was setup on my Microsoft Small Business Server 2011 (serverA), the downloads are stored onto another Microsoft Server 2008 R2 (serverB)
this serverB is off-line now, corrupted O.S.
1. Where is the setting that tells serverA where to download the updates?
2. I would like to now download the updates locally on serverA (I add more space)

Most importantly: I want to know where I tell WSUS where to store the downloads, they used to go to a second server but that is not corrupted, so I want to know how to change where WSUS store the updates from serverB to serverA.
Experts - an SQL devotee I'm not, but need assistance with a WSUS SUSDB file that is in a "Recovery Pending" status.

I was attempting to do a full uninstall of WSUS and the associated database files off a Server 2012R2 system. The WSUS database was using the WID repository.

Steps taken:

1- Uninstalled the WSUS role

2 - As I was getting ready to post this step taken, I just noticed in my infinite wisdom - I failed to do step #2 of this following article link, but did the remaining steps which did not give the expected results noted in Step #5 ( article link is safe)


3 - Installed the SQL Management Studio after the above step - and see "SUSDB (Recovery Pending)" -

4 - Attempting to expand the SUSDB gives this error:

At this point I'm not interested in attempting to fix this error - but rather get this WSUS fully removed off the server.  Can I detach and drop and then delete the WID\Data\SUSDB.mdf and SUSDB_log.ldf files - and then delete the WSUS contents as suggest in step 2 of the above article link?

If not recommended, what do I need to do to get this removed off the server. The mdf/ldf files are on the root drive and getting rather large in size (40GB+) - thanks much -

We have a WSUS server running on a Windows 2016 server.  When I run the "Server Cleanup Wizard", I am seeing the attached error.  

I found the attached script from the internet for Windows 2012 WSUS.  I am not sure if I can run it on a Windows Server 2016 WSUS server.  

Someone who know how to fix this please advise.

Many thanks!!!
Hello All,

I have been having a problem getting WSUS installed on Server 2016.  It keeps telling that it fails because of a reboot that is neeed.  The reboot goes through, it looks like it is reconfiguring something then doe the same thing again and again.  This is a migration away from an SBS 2011 box and I really don't need WSUS since there are not that many users and I can have them download updates directly.  But I am not sure how to turn off the GPOs linked to updates.  Do I just change all of the settings to disable in the Updates Services Common Settings GPO or is there somewhere else I need to change some things.  The SBS box is going away.

I have already tried running RSOP to see what GPO is controlling the login as service - it was the default domain controllers policy.  So I went into that GPO and added NT SERVICES\ALL SERVICES to it.  i had just migrated another SBS 2011 to Server 2016 and had not problems installing WSUS.  Not sure why this box is giving me problems since I am logged in as an admin.

So, how can either point directly to MS for updates and forget about WSUS or get it installed?


WSUS 2016 is running very slow I have done Clean ups VIA a PS script and there is no throttle,  but still patch delivery to servers is very slow any ideas?
After upgrading Windows 10 to 1809 we can no longer obtain updates from our WSUS server.  We operate in a closed loop environment, the error is attached.  I've ran the Windows update troubleshooter no joy.
We have the standard set up of an internet facing wsus server.  Which we export. And then import to the internal wsus server.   Running fine. For years.  

I ran a script which declines all the supersede and no longer required patches.   Dropped from 250gn to 40gb

Next export worked fine

But I had to rebuild the internal one recently.  And it stalled on downloading. As files were missing.

I re approved all the declines on the external one.  And copied those files back in and it started working.

Why ?    I mean. They were deleted by wsus own server clean up.  Why would the meta data still be there ?
We operate a remote installation on a satellite link. Our WSUS downloads can take from 4 days  to up to 30 days! While the download is in progress, this information is displayed on the WSUS snap-in summary screen, but disappears when the download completes.

I'm trying to get specific information out of the Windows Update log (C:\Windows\Windows Update.log) running on my WS2012 R2 VM.
Specifically, I need to know:
  • When download from Microsoft started
  • When it completed
  • The size of the download

Attached is the log from our "Update Tuesday through the date that the WSUS server began pushing out updates to workstations. I'm sure what I'm looking for is in there, I'm just not recognizing it due to the density of information.

Also attached are images of the WSUS summary screen, befoer and after completion. During downloads, the circled area contains start date, size of download, and amount currently downloaded. After completion, all that info is gone.

Thank you.
We are running WSUS on a WindowsServer 2012 R2 VM, on a very limited satellite link. While our updates are downloading (every first Tuesday). I can view the download start date, file size and the amount of data downloaded on the Summary screen. Once the download is complete, I don't have this information on that screen. Where can I find a log that shows when downloads from Microsoft started and finished, and the file size downloaded?
Need help with WSUS server 6.3.9600 18838 not downloading updates. It is synchronizing with status "Succeeded" but no updates are downloaded. Message in log;
EventLogEventReporter.ReportEvent                EventId=364,Type=Error,Category=Synchronization,Message=Content file download failed.
Reason: Value does not fall within the expected range.
Server is behind proxy.
WSUS events:10032,12072,364
After a nasty Trojan virus, we have implemented windows firewall SMB block rules on our client computers to block incoming SMB.   This allows us to protect computers on the same network from a lot of malware file dropping.

We are also implementing a new Patch Manager that uses WSUS as an intermediary.   This mechanism requires SMB and WMI.   So, with Group Policy I tried to put in an exception in the rules using an allow if secure, then putting in the computers that need access.  I found out that if there are local rules that allow SMB and they are merged, it will allow anything through.   I also went the route of setting up a machine (windows 10) firewall manually, then exporting all the firewall rules with an exception (defined in remote computer scope), then denying local firewall rules and local security connections through the GPO.   This, initially, I thought worked.   However, when testing the same GPO on a windows 7 machine, it did not clear out the local firewall rules.

Is there something different I need to do for windows 7 firewall, or is there another route we should take?   Right now our LAN to LAN segments are protected with firewall, but clients on the same segment are vulnerable to each other unless I do a block rule (which takes precedent over any allow rule).
Automatic Update Software I use
  ** WSUS = Windows Updates
  ** Ninite = Firefox, etc
  ** PDQ Deploy = other Software
  ** SolarWinds = currently only using Alerts

How can I automatically do the below #1 and #2 on my 10 different models of HP Network Switches, then after confirming the backup is good, manually click a BUTTON to DEPLOY #3 ?
   1. firmware download
   2. backup
   3. upgrade
Hello all,

Wondering if I can get some thoughts on a WSUS scenario I'm working through.

The scenario:

Non-Internet connected network is going to have a WSUS server to manage updates for a small network of computers. I do not have access to an internet connected WSUS to export updates/update data from in order to import into the air gapped network.

The only way I'm aware of to do this (as I've done it in the past) and the only way I've been able to find online so far is to have an internet connected WSUS server to export the information from and import it to the air gapped WSUS server.

So my question is: Does anyone here have any other ideas how this can be accomplished? Or am I stuck with having to come up with another WSUS server to export from.

Thanks for sharing your thoughts!
we have two separate active directory forests with no trust relationships. SCCM 2012 r2 is deployed in one of the AD forests and sccm site systems are installed in our domain that we used for deploying apps and updates. Our SCCM is a multiple forest deployment with no trusts.

we have very limited control on the SCCM servers deployed in the other domain. there seems to be an issue with the SCCM for a long time and we are unable to deploy apps or updates in our domain.

Now there is an urgent requirement to deploy some updates and also upgrade the internet explorer.

I am thinking of temporarily deploying a wsus server, importing the updates and Internet Explorer updates, redirecting clients in domain by using GPO to point to the temporary WSUS server. Deploy the updates and later remove the GPO so that it goes back to the original configuration  of reporting to a SUP installed on the SCCM site system.

My worry is if the clients won't revert back to the existing SUP once the GPO is unlinked.

Are there are other means of deploying some updates and internet explorer on Windows 7 SP1 both x86 and x64?
Windows Server 2016 is having problems communicating with WSUS which btw is also Windows Server 2016. There is a list of updates showing up but at the end of it the Install now button is greyed out. We've got servers running Windows Server 2008 R2, 2012, 2012R2 and 2016 but this is happening only to the server running 2016.
I just noticed on our WSUS under Products & Classifications we're missing newer versions of software.  The software I'm currently trying to get updated is Visual Studio it has 2005 - 2015 need to get 2017 added.  We're having a hard time getting updates for 2017 in our standalone, the only method that seems to work in our offline environment is following this article

is there no other way to get updates for Visual Studio?

Whenever I try to download updates from WSUS Server on my PC, It always ends up giving error "We coudn't connect to the update service, We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to internet."

I looked for Windows update error in event log and also checked for possible solutions on internet regarding the details from event log. But getting no success on how to solve this error.

Can someone please help me as soon as possible.

Thank You
In order to capture all computers in the domain on the new WSUS server, should I place a WSUS GPO just under the domain (like with the default domain policy)? Would that be a bad idea?

To note, I found 145 servers in AD using powershell with only 8 of them being disabled. Since yesterday, 45 have shown up on WSUS but they are in specific OUs where I linked the WSUS GPO. The other servers are in the Computers container and Domain Controllers OU (12 DCs). So, I am about 90 off between AD and WSUS (after I link the WSUS GPO to the Domain Controllers OU).

Hello Support,

We have a server that has Windows Server 2012 and it has WSUS 3.0 SP2 on it. We are having an issue with the server's storage getting full so fast. Is there a way for us to move JUST the WSUS content that contains all of the updates to a different server and keep the WSUS 3.0 SP2 database on the original server so that we will have enough space for all of the updates. Does the WSUScontent folder have to stay on the local server with the database on it?
We have a 1000 windows 7 SP1 clients, some of them X86 and some of them X64. IE9 is currently installed on the clients. We want to update the IE to IE11 because of incompatibility with a new application.
It’s a secure environment with no internet and WSUS is not allowed.  We do not have SCCM also in the environment. Now I need to update IE9 to IE7 on all computers using AD GPO.
I realize that IE for X64 has prerequisites that need ot be installed before IE11. On X86 it can be installed directly.
What could be the most efficient way of installing IE11 in my situation.
Hi Guys,

I have around 100 servers in a test environment which i need to update on specific days. An GPO is not an option. Is there any script which i can use? What i would like to have are the following:

1. Search for windows updates on WSUS
2. Install all available updates
3. Restart
4. Detect again

Something like "wuauclt /detectnow /reportnow" with an restart option would be perfect -shutdown /r does not work.

It would be even better if i can enter computernames.

Thanks in adcance.

How to use WSUS for Win10 computers using reg. file instead GPO  for update rings.

Any idea?

SBS 2011 standard, tried to reinstall WSUS 3.0 sp2 as it wasn't working.
Had to remove .NET 4.1 as WSUS wouldn't install with it.
WSUS still won't complete, but want to just leave it off, but remote web not working now.
Tried to reinstall .NET 4.0 but no dice.
I believe .NET 4.1 was installed but can't find the installer for Windows Server 2008 R2.
Can anyone point to it?
Receiving an error trying to install the WSUS role on Server 2008.  I am trying to install it using the add roles and get an error.  I have also tried downloading WSUS 3.0 SP1  and installing that but also get an error.
I have attached the WSUS setup logs.  I can't make sense of them.
Any help or suggestions would be greatly appreciated.
I am running wsus in 2012 r2 server. My wsus server is in 10.1.1.x subnet. I have 3 subnet running on client machines . While PC group in 101.1.x reporting successfully in wsus other two sinners 10.2.1.x and 10.3.1.x not reporting in wsus. Wsus picking up this machine how ever last report dates showing as “not yet reported”. I have tried the troubleshooting like restarting windows update service , stopping firewall, windows updates readiness tool, reset windows update component, Sfax scan.

What could be the reason ?


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In