Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

IE releases a cumulative patch every month so seeing that we are missing a cumulative IE patch from 2015

how do we start a standard baseline.

we have altiris , so if we never check for updates on windows server , will it contact altiris

so which comes first WSUS or altris?
Hello Experts,

I need some help integrating a WSUS server to an Active Directory organization.

The WSUS server needs to know the systems it needs to update.

How do I do that?
WSUS sync issue Event ID 10022, log error:

2018-09-04 09:42:41.059 UTC      Error      WsusService.60      SoapUtilities.LogException      USS ThrowException: Actor = , Method = "", ID=349eb315-f9da-4550-82c5-f31a8b977c0d, ErrorCode=InvalidCookie, Message=Cookie decryption failed. Error: Deserialization failed after decryption. Error: invalid header
Parameter name: buffer.
   at Microsoft.UpdateServices.Internal.SoapUtilities.LogException(SoapException e)
   at Microsoft.UpdateServices.Internal.WebServiceCommunicationHelper.ProcessWebServiceProxyException(SoapHttpClientProtocol& webServiceObject, Exception exceptionInfo)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetUpdateDataInChunksAndImport(List`1 neededUpdates, List`1 allMetadata, List`1 allFileUrls, Boolean isConfigData)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetAndSaveUpdateMetadata(List`1 updates)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.CatalogSyncThreadProcess()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, …
Some Windows 10 workstations on my network are still running early versions of Windows 10 (1507,  1607, 1703, etc).

All workstations are on the active directory domain, and WSUS 2012 is managing all of the updates. If you log into one of these workstations it says updates are being managed by your organization, and it appears that updates are getting installed. But why don't these workstations get upgraded to the latest version of Windows 10 through WSUS? Is this by design? Is there an option you need to set in WSUS to tell it to install feature/version updates, not just minor/security updates?

As a test, on a few of these workstations I went to the Windows Update control panel and clicked the link to check for updates from Microsoft. This apparently allows you to override the WSUS management. When I click on that link, Windows checks for updates and sure enough it finds (and starts downloading) 'Cumulative update for Windows 10 Version 1607', 'Feature update to Windows 10 version 1803', etc. In other words, this manual process seems to be the only way they can get upgraded to the latest release of Windows 10.

I'm trying to get all Windows 10 workstations on the latest build but I want to do it through WSUS.

In WSUS I created a view called 'Windows 10 Upgrade' and selected the classifications and products in the screen shots below:

Updates are in a specific classification

Updates are for a specific product
Laptops with windows 10-1607 will download pathces from microsfot but not from WSUS.
 There is no issue communicating with WSUS server and they are reporting fine.
I'm running WSUS version 10.0.14393.2007 where I have read that you can no longer browse to the wsus page via an internet page on the server or via a client machine. Is this correct
I have a freshly installed Server running Windows Server 2016. However when I try installing the Windows Server Update Services (WSUS) role, I get the following error message at the end when it is in the process of installing the features and roles. "The request to add or remove features on the specified server failed. The operation cannot be completed, because the server that you specified requires a restart."
I have 4 Windows 7 laptops with SP1 that need to be updated to the latest versions of Windows 7 is there a service pack that will bring them right up to date or do I have to suffer  the huge list of updates that always seem to end up "restore back to previous version"
How may I use WSUS server to install 'meltdown and spectre' related patches on my Windows 2012-R2 servers? I have enabled Critical, Security and Definition updates, but don't find  'meltdown and spectre' related patches in installed updates. Thanks.
I have a Server running 2012 R2 that has a very large WSUS Content folder taking up a majority of the disk space. I need to reduce the size of this folder and also need to disable it. WsusContent Folder
We have purchased an RMM tool that also does windows updates. How can i turn off WSUS on those environments? Some run WIndows Server 2008 and 2012
how to disable Server 2016 update Notify

I got a wsus with Update Settings 3 " download updates and notify to install" , but i dont want this big blue window  "updates aviable".

how to hide this complete i just want do manual updates by admin checking. the point is  the are monitors on the server and normal user dont have to see any notifications.


I'm trying to find out if you can push feature updates for win 10 via WSUS on Server 2008 R2.
Everything I've seen so far suggests you need at least Server 2012.

We can push normal updates currently even if the machines report as Vista machines instead of Win10.

Is my research to date correct or has anyone any info I've missed.
i have WSUS set up on my network. All network computers are set to receive the updates thru it. It appears that 2 laptops have started to download the win 1803 update which i had not approved for WSUS. what could be a cause for downloading the 1803 update? WSUS is working so can these laptops "sneak by" the WSUS?
Hi Expert,

I have question regarding the WSUS server.  I am looking to use wsus server for updates nearly 4k clients mixed windows 7 and windows 10 to download and install updates in  complex AD structure and nested computer OU like , Computer ------Site 1  ---Apple ---Orange  etc.
Is there any way or power shell script or any vb script which can populate Computer and nested OU with WSUS under Computer tab? I am sure someone may have done same specially working in large organization.
Please assist any script that can bring AD Computer OU hierarchy into WSUS and Then I can create my GPO to deploy or force clients to get all the updates using wsus.

Please advise.

I reinstalled Wsus and it works fine for a few hours and then it can't open the server in console and I get all these wsus errors 12032, 12022, 12002, 12012, 13042, 12072, 12052 in the event viewer.

I do not have access to the SCCM server ... only the Windows 7 clients. How to fix software center "Waiting to install"? This is a common problem on many clients, but not all.
I have tried:
foreach($i in gwmi -Namespace root/ccm/policy/machine/actualconfig -Class ccm_softwaredistribution -Filter "ADV_AdvertisementID='CS123456'"){$i.delete()}

Open in new window

This only seems to address the applications that were waiting, not the updates.
We built a new WSUS server and 13 of the 33 computers still have the old server name in their registry.  

How can I fix this?
Hello ,

I have some queries  regrading NEW WSUS server setup , Please provide your suggestion on below mentioned points.

1.  Which DB should use WID or SQL Express ?
2. Is it recommended to push Services pack to  WSUS client machine like (win8/10 ),As services pack comes with hefty file size &  it may impact network perform if same time all machine try to get update from WSUS?
3. In case of downstream wsus server , Do we need to have DB for respective downstream server ?

Please help me out with these queries .

I am in the process of configuring System Center 2016 (SCCM) to synchronize and distribute Windows updates on a Server 2016 server.

I noticed that within the "Products" section of the "Add Site System Roles Wizard" there is no selection for Server 2016 and Windows 10.

Server 2016 and Windows 10 are the only updates that I need to synchronize and distribute.

How can I select Server 2016 and Windows 10 (when they don't appear within this list)?

SCCM products to sync
I installed the WSUS role on a SErver 2016 server but have received a messaged that the WSUS Post-deployment configuration failed.

I have attached the log file for this error.

What do I need to do to fix this issue?

Here are the contents of this file:

2018-07-13 07:10:31  Postinstall started
2018-07-13 07:10:31  Detected role services: Api, Database, UI, Services
2018-07-13 07:10:31  Start: LoadSettingsFromXml
2018-07-13 07:10:31  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentLocal
2018-07-13 07:10:31  Value is true
2018-07-13 07:10:31  End: GetConfigValue
2018-07-13 07:10:31  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentDirectory
2018-07-13 07:10:31  Value is \\bitcaad01\wsus$\
2018-07-13 07:10:31  End: GetConfigValue
2018-07-13 07:10:31  Content directory is \\bitcaad01\wsus$\
2018-07-13 07:10:31  Start: GetConfigValue with filename=UpdateServices-DB.xml item=InstanceName
2018-07-13 07:10:31  Value is
2018-07-13 07:10:31  End: GetConfigValue
2018-07-13 07:10:31  SQL instance name is
2018-07-13 07:10:31  End: LoadSettingsFromXml
Post install is starting
2018-07-13 07:10:31  Start: Run
2018-07-13 07:10:31  Fetching WsusAdministratorsSid from registry store
2018-07-13 07:10:31  Value is (null)
2018-07-13 07:10:31  Configuring content directory...
2018-07-13 07:10:31  System.UnauthorizedAccessException: Access to the path …
In the WSUS 2012 console, if I go to Updates > All Updates and filter by 'Any Except Declined, Status = Failed' I see that an update (2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4284835)) installed for 91% of the computers but for some, there were errors. Double-clicking on this line item generates the report, which shows:

For 4 computers the Status = Installed
For 48 computers the Status = Not Applicable
For 6 computers the Status = No Status
For 6 computers the Status = Failed.

Over the last week, I tried a few times right-clicking on the failed update and selecting 'Approve' again, hoping that something would kick in and WSUS would attempt to trigger these updates again. But that doesn't seem to work.

I found some articles online that describe how to run the Windows Update Troubleshooter tool or stop the Service, delete the contents of the update folder, restart the Service and try again, but I imagine there's no automated way to do this. (I'd have to do this manually on each workstation?)

Are there any tricks or tips for getting updates to install?

One more thing: In that WSUS report, I can click on the 'Failed' link under the Status column (next to each of the 6 computers that failed) and a pop-up window shows the error. Almost all of them simply say "Error: Download failed."    Does this mean WSUS is not downloading this update? Or it is not able to push the update to the workstation? Or is the workstation trying to …
Dear All

           I have a WSUS server and already made approval for "feature update to window 10, version 1709, en-us , and when i look at the status report, i see that the client has not yet sent the events have been purged from the server, it been a fews days already, and the status report still remain like this, just wonder is that normal ? how do i get the update install on the window 10 computers ?


What is the KB number of the most recent Server 2016 update?

I have some Server 2016 servers that need to have their updates manually installed and would like to download and install the most recent full update so that way I will only have to install one update and won't have to download and install several updates.
What are the differences between the full and delta Windows update files?

For example, the Windows update KB428488 has two files available on the update catalog website (see below).

When would I use the full installation file as opposed to the delta installation file?

windows10.0-kb4284880-x64_34d88e02608fa8c7db3dda395434d93ba109169c.msu (1.3 GB)

windows10.0-kb4284880-x64_delta_ddc8a4e151a275c051e35329abe2fdc6cac13eb8.msu (727 MB)


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In