We help IT Professionals succeed at work.


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

I'm running a new install of WSUS, on windows server 2016, fresh install, and the server is not used for anything else, but WSUS.
All my servers and computers show "needed count" for updates with large numbers.  Even after I install updates on the clients or servers, the number never goes to 0, how do I install all the needed updates on my servers/workstations?

The 2nd problem is, for a few computers, it looks like the computers have contacted the WSUS server, a few weeks ago, but there's no status report, and there's no info about the computers.  Any idea's how to resolve?

Win10 1803 systems are not offered the 2018-05 Cumulative updates (KB4103721) when connected to WSUS (here: wsus on 2012 R2, but it should not even matter)

As https://social.technet.microsoft.com/Forums/en-US/44fc841c-3e39-49c1-b1a0-a633c76e2796/win10-build-1803-clients-monthly-cumulative-update-not-offered-may-2018-kb4103721?forum=winserverwsus outlines, the new windows build refuses to work with WSUS (like it has happened before with server 2016 and Win10 1607).

Please reproduce and upvote the technet thread, so Microsoft becomes aware.
Points to anyone who takes the time to reproduce.

PS: 1709 Build 16299.402 (if you have it) is unable as well.
We are running WSUS server and the latest Win 10 update to come out, version 1803 is failing on just about every computer.
Not sure why this is occurring. Is there anyone else experiencing this and if so, how can we get this
I have been tasked with coming up with a solution to upgrade roughly 150 computers with the new Windows 10 Feature Update 1709.
I have downloaded the .ISO file, and have extracted it to launch the setup.exe file. Is there a switch(s) to use to push this out silently and without reboot? We are using ZENworks to push this out, but I'm stumped on the switches.
We do not want to use WSUS to push this out, as it would clog up our network due to the size of the update.

Any help would greatly be appreciated.


I'd like to automate WSUS deploy. That can be done using an xml: https://www.petri.com/automating-wsus-2016-installation-with-powershell
So now I'd like to change the xml with the servername.

In other words, I need to replace the computername (Servernamexyz in my example, can change overtime) in this xml.

So I'd get the xml in $XML = get-content c:\myxml.xml
tags to replace are
<S N="ServerName">Servernamexyz</S>
and  <S N="PSComputerName">Servernamexyz</S>

How do I replace <S N="ServerName"> whatever </s> and  <S N="PSComputerName">Whatever</S> ?
I can then write result back to xml.

Thanks for your input.

I have recently configured the Wsus server 2012 and applied the GPO to get all updates on servers on  our MS estate which consist over 200 Servers mostly Server 2012 but  few still on Server 2003 which I need to exclude  from this.  
I have created the custom update view for server 2012 and choose  only for  critical, security, and roll-up updates. But unfortunately non of the server is appearing in costume view. all server 2012 and 2003 are apearing under All computer--->Servers.
 Please  how I can  force only mention updates only on Server 2012 and exclude the Server 2003 to disappear from Servers under the All computers.
secondly how I can force to get Custom view updated and can apply in more refine way to push the updates.  

Please help.

I'm puzzled how to handle WSUS Feature updates for Windows 10 that won't install.  I found the thread https://www.experts-exchange.com/questions/29062227/Understanding-Windows-Update-change-in-Windows-10-Feature-Quality-CB-CBB.html which explains that its risky to install these major upgrade via WSUS, but the problem is, if I can't install the Feature upgrade, then no further updates will install, the PCs just stay stuck at that level.  The only way I've found around this is to to take each device off the network, install the Feature Update & then rejoin it to the network, but that's really disruptive to the users.  How are other people getting their domain based Windows 10 devices updated?
Having difficulty getting WSUS to deliver the following Anniversary update to our Win10 Pro 1607 laptops - WSUS works normally for all other updates to these laptops:

Feature update to windows 10 pro version 1703 en-us

I have a new Server 2012 R2 WSUS server pushing updates via GPO - with the update approved and showing Install on status. Once the install begins, the Win10 Pro laptop shows "Downloading 0%...." for the update, then fails shortly after with Error 0x80244007.

i've looked online and added the MIME type .esx (application/octet-stream) at the WSUS IIS server level and it shows inherited at the WSUS administration website level as well. Tried removing/replacing SoftwareDistribution folder, ran MS Update troubleshooter, it still fails.

I've attached my GPO settings also in a WordPad file, and the resultant Windowsupdate.log is below for the laptop as well.

Please let me know what might help. Thanks!


2018/05/04 09:46:47.1291913 1236  7720  Misc            Got WSUS Client/Server URL: http://ds-wsus:8530/ClientWebService/client.asmx""
2018/05/04 09:46:47.1292977 1236  7720  ProtocolTalker  OK to reuse existing configuration
2018/05/04 09:46:47.1293030 1236  7720  ProtocolTalker  Existing cookie is valid, just use it
2018/05/04 09:46:47.1293045 1236  7720  ProtocolTalker  PTInfo: Server requested registration
2018/05/04 09:46:47.1723160 1236  7720  Misc            Got WSUS Reporting URL: …
Three servers in WSUS are acting strange.  I have three servers, each named server1, server2, and server3.  I can get one of them to check in with WSUS, but not the other two, and they are trading places.  I can get 1 to check in, and then when I get 2 to check in, 1 disappears.  It seems I can only get one of the three to check in.  I have had each of them, at one time or another showing in WSUS, but the other two not.  I can restart services and force a checkin, but I can only get one server of the three to check in at a time.  

I have verified the GP, verified DNS, made sure the IPs are all different.  I just can't get more than one of the three to check in.  

Anyone seen this?

Would like to replace my 2012R2 WSUS server with a 2016 standard WSUS only role.  My question is there any value in making this a downstream server to get all of the metadata?
I am having so many issues with the 2012 WSUS  that i just want to deploy a new 2016 WSUS and decommission the old 2012 WSUS.  My enviroment is 95% windows 10 Pro with some Windows 7 Pro  that are currently being replace.

any thoughts or best practices are welcome and thanks in advance

Thanks  Alain
WSUS on Server 2016 not showing any Windows updates available for Windows 10 systems: I've read the EE thread with this title.  The OP abandoned the question (and abandoned WSUS) without a resolution.  I'm having the exact same problem. I've searched and searched for several weeks without finding a solution.  I found a long series of posts on the exact same issue on another tech community site which has no resolution either.  Here's the deal:

I have WSUS installed on a Windows 2016 server.  This is a 2016 Standard domain that was migrated from an old SBS2008 domain.  It's been up and running successfully for nearly a year.  The domain consists of two 2016 servers (one DC and one RDS, both v1607), one Windows 2008 R2 server running SQL 2008, five Win7 workstations and eight Win10 workstations (6 are v1703 and 2 were upgraded to v1709).  The original WSUS database was on the Win2008R2 server.  At the end of the migration I moved it to the 2016 RDS server.  It was working fine for about 7 or 8 months. All of a sudden (I assume it was probably some update that caused it), WSUS stopped working for all of the servers (including the 2008R2 server) and all of the Windows 10 workstations.  It would download the required updates but all updates (except for Office and Win7) showed as not needed ("Needed" column = 0).

After a number of tries to repair WSUS, I decided to move it to the Win2016 DC.  This was a fresh install, not a migration, and is where it's now installed.  …
after installing Office 2016 there are still loads of updates from WSUS, can I download a single cumulative update patch and slipstream it or similar into the Office install?
Hello ,

Please tell me WSUS version compatible with windows 2016 servers

WSUS Version: 3.2.7600.226
 Windows 2008 R2

We need to upgrade the version to make it compatible with windows 2016 servers ( Members servers ) as well. Kinldy let us know the version to which we need to upgrade and provide the upgrade steps.
Hello ,

This is regarding WSUS upgrade , We need to know upgrade the version to make it compatible with windows 2016 servers as well. Kindly let us know the version to which we need to upgrade.

We are currently running the following:

WSUS Version: 3.2.7600.226
Windows 2008 R2

Hi all :)

I have had to rebuild the server 2012 r2 (a DC) that WSUS lives on.

I reinstalled server 2012 and WSUS with the same configuration as it was previously.

The problem is that even after 2 days no computers have reported in to WSUS.

I use a GPO pointing all Windows PCs to the WSUS server.

What might be causing this lack of computers showing up in WSUS??

thanks in advance
Hi Experts,

Hoping you can provide your experience here
As part of our continued improvements to our system we are reviewing our WSUS patching policy

What i am curious about is how to best handle remote user where they are out of the office most of the time

I noticed, in GPO, under specify an intranet Microsoft update service location, you can specify an alternative download server
Is it possible to reference the default public Microsoft update URL here, so that laptop users, not in the office can still obtain updates?

If not, how have people overcome this issue?

Kind Regards
Need to move Windows Server 2012R2 WSUS content files (Windows Internal Database) from C:\ to a new location -> iSCSI connected drive on the same server.

Looking for step by step instruction (if it's possible at all).
Thank U.
The server thats is also running WSUS failed to install its updates and was stuck in Win Logo screen.
The only way i could get it to boot is to manually remove all pending updates using DISM cmd.
From this guide.

Now my server boots but WSUS is not working. I think some other updates may have been removed which made the WSUS install older than the WID database
I cant load the mmc, i tried deleting the mmc file. But it wont connect its complaining about the DB.
And also running the post install steps failed saying the DB is not same version as WSUS and I need to patch WSUS
C:\Windows\system32>"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
Log file is located at C:\Users\administrator\AppData\Local\Temp\2\tmpF11.tmp
Post install is starting
Fatal Error: Changes to the state or options of database 'SUSDB' cannot be made at this time. The database is in single-user mode, and a user is currently connected to it.
ALTER DATABASE statement failed.

Since the issue is on WSUS server it cant update it self
Right now im trying to point it to MS Updates and get the latest updates from Internet instead if it self.

Here are some errors I see in event log.

Error      4/14/2018 5:04:07 PM      MSSQL$MICROSOFT##WID      18056      Server
Error      4/14/2018 5:01:59 PM      Windows Server Update …
I just installed a fresh copy of Win server16.  I only enabled the WSUS, and within the first day, it's already crashed on me.
I went to Options -> server cleanup wizard and selected next, having every checkbox checked.  Then the below screen comes up as it crashed.

wsus error
Any idea's how to fix this or what is even happening?

The other problem is, Even though I thought it's configured to approve evertything that is a security or critical update, I have a lot of updates that are not approved.
I don't want to have to manually approve update, how do I get it to actually work and actually approve every update that is part of my classifications?

We have a customer with a Windows SBS2011 Server and they are down to 7GB of free space on their main C:\ drive - the WSUS file is over 42GB - is there a quick method to reduce the size of that?
I am preparing to patch multiple 2012R2 servers in mulitple offline networks that haven't been patched in over 2 years, so trying to get an understanding of the expected behavior during the installation process. If I use the settings I have defined below, will the servers just keep downloading and installing updates until they are fully patched or is there an interval that starts when you schedule the maintenance and stops after a certain period of time? Let's say there are 200 patches needed on Server A, they have all been approved in WSUS, and I schedule the installation as defined below... will Server A keep downloading and installing even if it takes until Sunday?

Use option #4 – Auto download and schedule the install
Deselect “Install during automatic maintenance”
Set “6 – Every Friday” for the scheduled install day
Set “17:00” for the scheduled install time
I've tried to install WSUS on the VM server at least 7 times.   Each time it fails, stating the server needs a reboot.   As a test I installed SNMP and it installed just fine.  

Any ideas what is causing this?
I want to shut down our existing WSUS VM server (2008 R2) and install WSUS on a new 2016 VM.  I also could install it on a physical 2016 server if that is preferred.

Which is better?
As part of the March 13, patch-Tuesday package, Windows Update installed KB4088875 on my W7 systems (all physical machines...no VMs):

Apparently, it is flawed, because MS issued KB4099950 on Thursday, April 5, an out-of-band patch to fix issues caused by KB4088875:

Problem is, KB4099950 has this note (copied here under "Fair Use"):
Important This update must be installed before you install KB4088875 or KB4088878.
Of course, KB4088875 (or KB4088878) has already been installed. So, two questions:

(1) Should KB4088875 be uninstalled before installing KB4099950?

(2) If the answer to (1) is yes, should KB4088875 be reinstalled after installing KB4099950?

I've done a fair amount of web searching on this (found info such as the AskWoody thread), but I'm mostly interested in EE members who have actually addressed this issue on their W7 systems. I found this EE thread on KB4088875:

But that was closed before KB4099950 was released, and a search at EE for KB4099950 comes up empty.

Thanks much, Joe
I have WSUS installed on Server 2016.  Its always crashing and gives me the option to restart node, but that doesn't even work.  If I reboot the server, it works for a little while then does this again.  Its an endless loop.  I've checked all of my logs, and I've tried to fix everything but its not working.  Can anyone shed some light?



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In