Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Windows Update WSUS on Windows 2012 R2 Server

I just changed the Configure automatic updating from a 3 Auto download and notify for install  to 4 Auto download and schedule the install   schedule install day 0  every day and scheduled install time 03:00

The Install during automatic maintenance option is not checked

This is all configured using a GPO

The process installed the updates on most of my computers and servers some took the second day and that is ok.

My issue is that on some of the computer and servers they automatically rebooted and for the servers I wish this not to happen the desktops it is ok.

On the windows 2016 Servers this happens

On the 2012 R2 servers when I logged on I saw Installed updates have been applied and will restart in 1 day

Any way that I can stop the automatic reboot ?

Thank you


I’m attempting to setup and configure BranchCache (Distributed mode) to assist with updating our clients.  
Some background info:
Windows Firewall disabled on WSUS server
WSUS to update clients - Single WSUS server running 2012 R2.
2 clients in
BranchCache installed and configured on WSUS Server.
BranchCache enabled on clients for testing.

Monitoring client IEBQ01337POS02T via Perfmon and wireshark shows that all content is being received from the WSUS server, with no caching and nothing coming from cache or peer. Client GBBQ0137POS02T is thus I assume not utilizing BranchCache at all and the second client IEBQ01337POS02T  is using BranchCache and caching content locally. So first download on second client is from wsus server and when you uninstall and delete updates from SoftwareDistribution folder it is then taken from local cache. I only have these two clients to play with and I can't force the first one to use BranchCache and I don't know why.

Have I missed anything?  It seems I have configured everything but updates are fully downloaded over the WAN link from the WSUS server.
Please for more details see document attached.
Thanks a lot for support in advance,
Hi, I'm working on updating / upgrading our WSUS infrastructure from Windows Server 2012 R2 to Windows Server 2019.  ANd since I am building from scratch, I figured I would reevaluate some settings.

The one in particular is whether to implement SSL (8351) or stick to the default (8350) as I've done in the past.

So, I figured why not ask the experts (gurus) in the community to see how they run their WSUS environment.

The other items is what do you typically run for downstream servers, autonomous or replica?

Thanks in advance.
We recently updated SCCM 2012 R2 to build 1910 and resolved an issue the WSUS services (see which has kept the system from getting updates since July 2019.

Now we are completely unable to synchronize software updates. Whenever this is attempted, we are seeing the following in monitoring:

- component status: SMS_PORTALWEB_CONTROL_MANAGER and SMS_WSUS_SYNC_MANAGER have critical status
- PORTALWEB showing error:

Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests.  The http status code and text is 404, Not Found.

Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which PORTALWEB is configured to communicate.
Solution: Verify that the designated Web Site is configured to use the same ports which PORTALWEB is configured to use.

Possible cause: The designated Web Site is disabled in IIS.
Solution: Verify that the designated Web Site is enabled, and functioning properly.

- WSUS_SYNC_MANAGER giving error:

 WSUS Synchronization failed.
 Message: The operation has timed out.
 Source: Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse.
 Any ideas?
Hi Team, We have few windows 2012 servers which are newly added to WSUS server and we observed that there are few updated which got downloaded and it is throwing a pop with the close and install button. Is there an option to disabled this pop up from all uses so that no one accidentally click on the install button.
Hi Team, I have few windows servers which are not getting displayed on my WSUS server. I ran the rsop.msc to verify if the correct patch group policy has been applied. I am alos able to see the patches are getting downloaded and successfully installed but the server is not visible in the WSUS server. Let me if any details are required from my end.
I have installed WSUS on server 2008 R2 and all these days it was working perfectly fine and all of a sudden WSUS stops synchronizing with Microsoft update server. When trying to sync manually, I get the attached error message.

Can someone guide me through this or advise me on what best I could do to get this issue fixed.

Thank you in advance.

WSUS sync Error
need windows 10 stations both 1903 to search online for updates. I by mistake told it to search basses on wsus and now the search online option
is gone.
Dear All,

        I have a WSUS server running on server 2012 R2 and I found that some of the computer never reported to WSUS in the console, just wonder is below bat script workable to run in the problem computer that does not show reported in Wsus ? I would like to create a GPO target to those computer that not reporting, any help would be appreciated, Thanks

====BEGIN AU_Clean_SID.cmd====
@echo off
Echo Save the batch file "AU_Clean_SID.cmd". This batch file will do the following:
Echo 1. Stop the wuauserv service
Echo 2. Delete the AccountDomainSid registry key (if it exists)
Echo 3. Delete the PingID registry key (if it exists)
Echo 4. Delete the SusClientId registry key (if it exists)
Echo 5. Restart the wuauserv service
Echo 6. Resets the Authorization Cookie
@echo on
net stop wuauserv
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow

Dear All,

             I have a WSUS, and having checked in the Wsus console, I see some computer having below logs, and when I open the window.log I see below, any idea how to open the log to check ? any help would be appreciated

Windows Update logs are now generated using ETW (Event Tracing for Windows).
Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.

For more information, please visit


I observed during this month patch window, 1 out of 21 sites I have is not patching. The status remain unknown eventhough the systems has been validated.

See the attached.

Kindly advise.
Hi Experts, I got these question regarding WSUS management

For 1 - yellow warnings at the left: I noticed that some updates have them and some do not have. Should I approve the updates which do not have yellow warnings? Most of them said about the not applicable PCs

For 2 - Percentage of Installed/Not applicable: it is better to have it small or high? And can you suggest for better operation of WSUS?

And 3 - How can I check the update results of all PCs on WSUS server?

Many thanks!
Dear All,

                would like to seek for assist that while upgrading to Windows 10 1909 Enterprise via WSUS your clients may report the following error:

(Unable to find resource):ReportingEvent.Client.167; Parameters: Feature update to Windows 10 (business editions), version 1909, en-us, any help would be appreicated, Thanks

Dear All,

             I have a Wsus running on server 2012 R2, and i found some computer name and IP addresses are not matched in the wsus console, then i deleted the company in the console, just wonder is there any chance the computer will auto appear back in the wsus console ? any help will be appreciated, Thanks

We are using WSUS configured on Windows 2012 R2 to patch our Server in domain

It has been observed most of the times 60 % Boxes are not reporting /communicating  with WSUS

Need to diagnose if that is because if  Group Policy or something else ?

How can we diagnose /validate the same if policy is applied in right wy to get server communication with WSUS?

Please help  with your best practice  if any tool /steps /diagnostic utility we can follow to get this fixed
Dear Experts, we are deploying a WSUS in our domain environment and have some questions. Please suggest?

- As you can see here, we have about 350 GB of updates to download to local drive at WSUS server. But will they stay there forever? If so, they will quickly fill up our storage?
- Should we add new group of PC? If so, What is the purpose of creating a new group?
- When the PCs are updated, will they automatically choose their suitable updates (for example: win7 will choose win7's updates, not win8 or win10)?
Just asking because I approved all updates to All Computer group.

- Can you suggest some "best pratices" of managing WSUS?

Many thanks!
How to deploy softwares (such as browser and other softwares upgrade) easily to around 250 windows PCs? Can I use WSUS to do this?
Hi expert,

Not sure why but few of our window 7 pc are unable to download window update from the wsus server.

Previously it is working fine, however up until recently it is not.

my PC - window 7 sp 1 64bits
Wsus server - window 2012 R2 server

Troubleshot step i have taken:-
net stop wuauserv
clear all folder in C:\Windows\SoftwareDistribution
net start wuauserv
re-download the wsus, error code 80244019 appeared.

# 4 updates detected
2019-12-10      20:20:48:136       472      14a4      AU      #########
2019-12-10      20:20:48:136       472      14a4      AU      ##  END  ##  AU: Search for updates [CallId = {D6467E40-661C-4390-BFA8-3918A60BACDE}]
2019-12-10      20:20:48:136       472      14a4      AU      #############
2019-12-10      20:20:48:136       472      14a4      AU      Featured notifications is disabled.
2019-12-10      20:20:48:137       472      14a4      AU      Successfully wrote event for AU health state:0
2019-12-10      20:20:48:139       472      14a4      AU      Successfully wrote event for AU health state:0
2019-12-10      20:20:48:141       472      d38      AU      Getting featured update notifications.  fIncludeDismissed = true
2019-12-10      20:20:48:141       472      d38      AU      No featured updates available.
2019-12-10      20:20:48:144       472      2d1c      Report      WARNING: CWERReporter finishing event handling with error = 800700a1
2019-12-10      20:20:48:144       472      2d1c      Report      REPORT EVENT: {321D5719-1563-48BD-9DCE-2B1779A1B525}      2019-12-10 20:20:29:793+0800      1      161      101      {9B99BB72-BD79-4C43-8056-6C4B97C1C079}      200      80244019      AutomaticUpdatesWuApp      Failure      Content Download      Error: Download failed.

any idea?…
I'm having a strange issue with running the WSUS management console on a Windows 10 1809 workstation.  WSUS is installed on a Windows 2012R2 server and works fine on the server. I installed the console app on my Windows 10 1809 workstation and it works fine.  However, of course I can't do any reporting without SQL CLR types and the SQL 2012 Report Viewer Redistributable installed.  I've tried multiple different downloads of the CLR types for SQL 2012. I've uninstalled and reinstalled them, tried doing a repair, etc., etc. But each time I try to install the report viewer I get the dreaded error message saying that the SQL 2012 CLR types need to be installed.  This is regardless of the fact that they show as installed in Control Panel. I also noticed that the system requirements on the SQL CLR types download shows it as "requiring" platform versions only up to Window 7.  That being said, it does work on a Windows 8.1 workstation.

There must be something I'm missing.   Has anyone succeeded in getting WSUS to do reporting on a Windows 10 workstation from a Windows 2012 R2 server?
Dear All,

       I have a WSUS servrer, and just wonder how to force update 1909 install on client computer, and i see many computer getting install failed also, is it because of they did not restart their computer ? any help would be appreicated, Thanks

In our environment we have about 60+ windows servers. that range from Server 2008 to Server 2019.  We are an AD domain at 2012 Forest with an internal WSUS.  At present we manually patch the servers because we don't want the servers rebooting during the day when people are working.  How can we patch the servers and get the systems to only reboot during a specific time window on a regular schedule?
I need to install :
".NET Framework 3.5 (includes .NET 2.0 and 3.0)"

on multiple Windows 10 as its required by older software.

When I try to install it I get :

Windows features Screenshot
Error message

Windows couldn't complete the requested changes.

The changes couldn't be completed.  Please reboot your computer and try again.

Error Code: 0x800F0954

The customer has WSUS and Windows 10 appears to be trying ot get this install from WSUS.

Why can't it find it / get it from WSUS ?  And why can't it download from Microsoft directly if that fails ?
Hi guys,

I have some trouble installing a specific SQL Server update: Security Update for SQL Server 2017 RTM GDR (KB4505224)

The server is downloading this KB from WSUS.

What i have tried:

- Deleting software distribution folder
- Download and install the KB from Microsoft update catalog

When i install the KB from WSUS, it show installation successful. But when i search again for updates, the KB show again as available for install. Also when i check installed updates, the KB does not show.
KB_Fail.pngI have also downloaded the KB from Microsoft Update Catalog. After starting the setup, the setup screen shows and then goes away, nothing else happens. Also the extracted files deletes itself.

Thanks in advance.
We are a large educational institute and since moving to windows 10 I am having nothing but problems with the language support install via WSUS. The naming of the categories in WSUS is confusing enough at the best of times for windows 10 but I have at least got updates flowing ok across the editions we are running but no matter what I do I cant get the language support to work

So we use WSUS to deploy updates and we reimage our fleet of devices regularly. During sysprep we deploy the required languages the same as we used to with windows 7 and they are shown in the language bar when users logon but when the languages try to download on demand they fail via wsus. As a temporary workaround in the local group policy ive had to set the bypass and to download from windows update online directly but this is not feasible for some 300+ devices everytime we reimage or rebuild devices and seemingly for each user who logs on. We have upwards of 800 users who rarely use the same device twice and are always moving

Most notably the Japanese language keyboard support is main issue as the other language to a point work ok. So my question is primarily what categories need to be enabled in WSUS to support the languages effectively and which updates have to be approved ? We cant support downloading every language on the WSUS box due to the amount of space required so im hoping others have been through this and know the minimum that has to be approved (We deploy Arabic, Greek, French, …
need a date for last time updates we’re imported to an offline wsus  (for use in a report script)
ideally powershell. but can’t find a log either (change.log doesn’t show.   and wsusconfig.lastchangedate isn’t showing the date updates were imported
windows 2012 r2

written a report for the people that care about that sort of thing. but would like it to know that the latest months patches are on.


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In