Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Ive got a couple of DCs which are not seeing any SCCM Windows patches, they both have a GPO pointing them to a WSUS server, Ive checked the Windows update logs and it states something about a proxy issue but I doubt servers need a proxy to be set for WSUS/SCCM updates. Any ideas on where I should start?
Free Tool: Port Scanner
LVL 11
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hello SCCM Experts,

I have inherited an SCCM 2012 server where the WSUSContent is growing out of control.  I first ran into problems with drive space last week.  I added more space (100GB) but synchronization was still not working.  I had to do a wsusutil reset to get synchronization to work.  I didn't empty the contents of the WSUSContent folder before I did the wsusutil reset.  Here are my questions/thoughts:

1.  If I follow the delete the contents of WSUSContent per this article: https://blogs.technet.microsoft.com/gborger/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large/, will this work with my version of SCCM?
2.  Can I uninstall and reinstall the WSUS portion of SCCM.  I found an the following article explaining the procedure to do this if the Windows Internal Database is used in SCCM.  https://blogs.technet.microsoft.com/sus/2016/10/18/recreating-the-susdb-and-wsus-content-folder-for-a-windows-server-2012-based-wsus-computer/

The article states:  Note that if you see ##SSEE (in HKLM\Software\Microsoft\Update Services\Server\Setup\SQLServerName), this blog post is not applicable to you.   Of coarse this is what we have.  Does anyone know the steps for recreating the SUSDB and WSUSContent folder on a build using SQL Server?

Any help would be greatly appreciated.

I have configured WSUS server on Windows server 2008 R2. I have more than 500 hundred clients but only a few clients are reporting in WSUS server. I have checked

1. wuauclt.exe /resetauthorization /detectnow

2. wuauclt.exe /detectnow

GPO seems fine.
When WSUS is configured in SCCM, Windows 7 and 10 act differently.
For example Windows 7 downloads/installs only udpates from SCCM/WSUS, but Windows 10 downloads/installs other updates.
Is this because 'Update from more than one place' is on and set to PCs on my local network in Windows 10?
I am getting the following errors when I try installing the WSUS 3 SP2 on a window server 2008 R2.

2018-01-09 23:33:29  Error     MWUSSetup          InstallWsus: MWUS Installation Failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:29  Error     MWUSSetup          CInstallDriver::PerformSetup: WSUS installation failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:29  Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:44  Error     MWUSSetup          DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)

Any thoughts?


What will happen when I delete all superseded updates in WSUS? Is it safe to decline them all?

Why doesn't WSUS Cleanup Tool find and clean all these superseded updates if they aren't needed? Why is there shown a warning that indicates the superseded update might still be needed?

The WSUS built-in cleanup-wizard seems to leave a lot of unnecessary updates on a WSUS server. When the number of updates available exceeds a certain amount, WSUS clients stop being able to update and start generating time out errors.

   If this is the case, and I'm not saying it isn't, then why does WSUS recommend verifying a superseded update is no longer needed by any computers?  If superseded updates are never needed after their superseding successors are released, we shouldn't be shown a warning that indicates the superseded update might still be needed.

Why is that?

When answering, consider this (I did some research):

   "WSUS does not automatically decline superseded updates, and it is recommended that you do not assume that superseded updates should be declined in favor of the new, superseding update. Before declining a superseded update, make sure that it is no longer needed by any of your client computers.
    The following are examples of scenarios in which you might need to install a superseded update:

    "      If a superseding update supports only newer versions of an operating system, and some of your client
Hi All
we are looking for a power shell script which would do a health check on remote servers after our patching exercise on each.

we need a script which would check Server uptime, automatic services that were in stopped status, IP address, C drive disk space. the result could be in HTML or csv format.

please help.
Hello! :)

In our environment we have a SCCM Current Branch Primary Site Server integrated with a WSUS Server in our Data Center to retrieve Microsoft Security patches.

We have several geographically distributed locations where we have a lot of computers not being administered by SCCM due to business needs.

Recently we were given the task of providing some power users with the capability to update the computers that are not SCCM clients with Microsoft Security patches at their convenience.

I want to re-use the existing central WSUS "SCCM-integrated" server so that in addition of being used by SCCM it also is capable of acting as an upstream server - for this manual patching process - and then configure additional WSUS downstream servers connected to it at each large site to relieve traffic from the WAN links.

Is this solution possible (have an existing WSUS "SCCM-integrated" server to both be used by SCCM and also be capable of act as an upstream server for a manual patching process)... or should a separate server be setup and configured to be the upstream WSUS server for the manual patching process?

I was noticing that my windows updates are failing, so when I checked WSUS, I get an error message.
I have restarted the server and same error message.  Then I tried later and it worked for a few hours, but now it keeps on coming up with the same error message.  What gives?

I checked the event viewer and this is one of the errors.  Does't really give me much.

The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
About 6 months ago, I signed a new client who has 3 Xenserver hosts with a number of Windows VMs running on them.  There are 2 Xenapp servers (Windows 2008 R2) with web access set up on one of the firm's domain controllers.  Shortly after I took over this network, I also added a WSUS server to the same DC (DC2) that runs the Citrix web server; the WSUS website is separate while the Citrix Xenserver app runs on the default web site.  I ran across a problem with WSUS and Citrix Web Server co-existence at the time I set it up but I was able to find a resolution and the two have been happily coexisting since then. That is until about a month ago.

I don't know the cause of the breakdown, but it may be related to the fact that I upgraded one of the Xenserver hosts. This host happens to house the other DC (DC3) on the network but it doesn't have anything to do with the Xenapp setup, other than being a DC.

Anyway, all of a sudden, I started getting the following error in the DC2 application log twice about every 10 minutes:

Log Name:      Application
Source:        Citrix Web Interface
Date:          1/3/2018 3:52:18 PM
Event ID:      11004
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DC2.domain.com
Site path: C:\inetpub\wwwroot\Citrix\XenApp.

The request from the browser running on the user device cannot be processed because the User-Agent HTTP header, which provides platform …
[Webinar On Demand] Database Backup and Recovery
LVL 11
[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Have three physical servers out of 6 getting the 80072ee2 error when trying to run Windows updates.  Do not have a WSUS  server, pulling from the web.  

Has been this way for days.  I have attached the latest attempt from the Windows Update log.
Can windows server 2003 WSUS version 3.2  deploy patch to windows 2018 and win2012?
Hello Everybody,

We're testing the Offline Servicing way of working on Configuration Manager 1702.

I succeeded to add the cumulative update of November inside the WIM. I can see it in the 'Update Statuts' tab, but not in 'Installed Updates' tab in Properties of this image. I don't know why ?..

I also wanted to know how to remove this update from the image ? When I will add the December CU, I want to remove the oldest.

Does somebody know how to do it ?

Thanks in advance
 I am deploying Windows updates to a group of servers and the maintenance window is 0245-0300 to download the updates . Then the updates are scheduled to be installed and the server to be rebooted at 0300-0400  this is configured via SCCM 2012 using WSUS. However for some of the servers in the group there  install and reboot between those times. However other servers install the updates during 0900-1700 and reboot which is outside the maintenance window configured in SCCM 2012. When l look at one of the servers that reboot outside the maintenance window there show error below in the log file. I need assistance with finding out how to stop the reboot of the servers. I would greatly appreciate your assistance
All our clients are laptops in different states and they frequently get online and offline on different occasions .
Lots of clients when they are not connected to internet or they just turned off  they disappeared form WSUS.
As soon as  you put them online they appeared back on .
In order keep inventory we have t keep all clients visible and in to the right group. Any idea whey clients have to be online in order stay on WSUS

Hi All,

I have a new customer that has SBS2011.  The server appears to be running well in all respects, but sometime in the past WSUS was disabled due to them running out of disk space, so they disabled WSUS and removed the WSUS files that were stored in either:




(Both folders exist - I have done a search and cannot find any other WSUS folders)

T:\ is mapped to a Virtual Disk on the Hyper-V host (not a network drive physically elsewhere)

I have increased their storage capacity (shared network files were on the server, I have moved them to a NAS).

So, I would like to now 'reinstate' WSUS, but I don't know how it will react due to the missing files that were deleted, and that makes me nervous, so looking for advice on what I should check and do in what order as I have never been here before.

SBS2011 is running as a VM on Hyper-V.  There is one other VM on Hyper-V which appears to be a print 'server' (actually Win7 Pro), but it is shutdown, and I have not touched it so far (I'll get to it later, but its way down the list).

Backups are running fine - using SBS2011 Backup three times a day to an external USB drive, and the drive is backed up to another drive through the day, and that goes offsite every day.

WSUS has been disabled by disabling the service called 'WSUSService' with a display name of 'Update Services'.  At this point, I am inclined to just re-enable that, but what will happen if I do that, and none of …
I can able to find the Creation date by using the command GetUpdateApprovals.

But I approved the "Update123" to Group1 @ 01,Jan'17

and I approved the same update to Group2 @ 07, Sep'17

This command's output showing the same creation date for both groups.


Group name       Creation Date


Group1              07, Sep'17

Group2              07, Sep'17

Please guide me to view the exact approval date from Powershell.
Hi, I have following simple questions as our SCCM admin is off and needs some things to sort out as I am new to SCCM 2012.

1. I want to know what/when is the latest update check was done and if those updates are installed on all computers or not. Basically I also want to see list of all latest patches deployed by date installed.

2. Also how do I see how often the updates are checked and deployed ?

3. There was a recent critical update issued by Microsoft MS16-037, how I make sure it has been downloaded and installed.

I am running Server 2012 64-bit, and a standalone WSUS 4.0 (Version 6.2.9200.21848) that is manually updated every day via offline file transfer and meta-data import from an air-gapped online WSUS Server. SQL Server 2014 is running locally on the WSUS server to host the SUSDB. I have recently re-indexed it to try and fix this issue.

Ever since it updated from 6.2.9200.18324 to the newest version WSUS Console is crashing when I try cancel the download of a Definition Update for Windows Defender, Security Essentials, or Endpoint. It only crashes on those types of updates. I need to cancel the download since it is offline. I am not sure why it is trying to download the update files when they already exist in the file storage location. Files are transferred long before the meta-data is exported. moved, and imported into said offline server.

The error message displayed is as follows:
Problem Event Name: CLR20r3
Problem Signature 1: mmc.exe
Problem Signature 2: 6.2.9200.16496
Problem Signature 3: 50ece2e8
Problem Signature 4: Microsoft.UpdateServices.BaseApi
Problem Signature 5: 6.2.9200.21848
Problem Signature 6: 571cc7c5
Problem Signature 7: 61e
Problem Signature 8: 1b
Problem Signature 9: System.Data.SqlClient.Sql
OS Version: 6.2.9200.
Locale ID: 1033
Additional Information 1: 9950
Additional Information 2: 99504e5b16d00ac2776c5771c670163c
Additional Information 3: cd67
Additional Information 4: cd67b1856d9540b8bc614699ba4bb3cf

I have run the …
Free Tool: Path Explorer
LVL 11
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I have Windows Server 2012 R2 Datacenter and installed WSUS Server in it.

I am keep getting attached error. while checking updates.

I tried to reinstall WSUS and tried some fix it solution but with no luck.

also client pc not getting any update from a 3 weeks.

Any one can help.

We have a small problem where SCEP Local Definitions Update grow over time.

This is not making problem with workstation because they restart the computer and thus remove the old definition but for server this can take over 4GB and then the system can have no more space available. We would like then find a definitve solution to this problem.

We are using SCCM and the definition update source is UNC file share.

What's the best solution with this? setup ADR with ConfigMgr?
We recently built a CAS server and extended our primary site sever to it based on SCCM 2012 R2 SP1 CU4.  Our primary site consists of 6 servers W1 to W6.  Two of the servers have the SUP role installed with WSUS, W2(intranet) and W3(internet).  Everything is working great with WSUS syncing from the primary site up to the CAS and the CAS syncing with Microsoft directly.  Application/package deployment is working fine as well.  We noticed a couple weeks after installing the CAS that devices were hanging when trying to install software updates.  After some troubleshooting I determined it seems to only happen with older software updates from 2016 and previous affecting all devices/OS's.  I have 2 deployments for January and February patches from this year in place that install perfectly on devices.  I placed a few updates from 2016 in a test deployment group and send them to a device that I know requires these updates and the following is what I get in the relevant client logs.  The last 2 lines in the UpdatesDeployment.log will repeat indefinitely.  I've checked every other log I can find related to software updates and can find no trace of an error even with verbose logging enabled on the client.  I deleted all of our old software updates from our distribution points and downloaded all new again from Microsoft as well thinking maybe something got corrupted from the CAS build but no luck.  I really don't know what else to try from here if anyone has any ideas or suggestions it …
After several months of not using two of my WUS servers. Now when I open them I get Error: Connection Error

This is the error:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists,

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

System.IO.IOException -- The handshake failed due to an unexpected packet format.


Stack Trace:
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean …


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.