Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

My WSUS (Windows update server 2016) does not download any OS build updates for Windows 2016 and Windows 10 (example: KB4489889) . On the servers, I would have to click on "Check Online for updates from Microsoft". Any ideas why?wsus1.JPG wsus2.JPG
PMI ACP® Project Management
LVL 13
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Dear All

           i have an issue with WSUS server, i checked that some client computers showing with "no status", and i try to go to the problem client computer and click "check for update" but i received the error code, any way i can get the problem client computer receive windows update by wusu ?


I am running WSUS on server 2012 R2, and have about 200 Windows 10 PCs which are consistently failing to install any Windows 10 Version 1803 updates.

Any thoughts as to the reason and possible resolution?

I am running WSUS on server 2012 R2 using the windows internal Database.
the database is using up a huge chunk of my Physical Memory on the server.
Is there a way I can limit how much memory the database uses?

I do not have SQL Enterprise installed on the server and will not be able to install it there.
Whenever I push out WSUS updates to client machines in our organization, the clients recieve the updates and download them, but is requiring user intervention to install them.

In our GPO, we have specifically selected option 4 - "Auto Download and schedule the install"

I have attached a screenshot of our "configure windows update" setting.

If anyone can shine some light upon our issue, I would be eternally greatful.

GPO Screenshot
I am replacing an old WSUS server with a new one. I went in to the GPO- We use the GPO to define the update server and to implement client-side targeting. None of the computers in the OU are reporting to the new WSUS server- the only ones that seem to use the new one are computers where the policy is being applied for the first time. This is not just me being impatient- I changed the GPO, which impacts 40 computers, on Friday, and it is Monday morning. I disabled the GPO (The whole policy in the console- right-click and uncheck the "Link Enabled" menu item- not any specific settings)  on Friday night, then changed the setting to the new server on Saturday morning, to give about 10 hours for the change to go through. I know it's not a problem with the GPO because there are machines that use the GPO to report to the WSUS server... it seems to be just the ones that changed are having the issue. Any ideas? The older server was 2008r2 and the new one is 2012r2.

I have few client PC which are still showing not yet reported status even after a week. I have checked options like turning off firewall, disabling AV etc. the client PC is able to ping the Wsus server as well and I can telnet Wsus server in port 8530.

Tried options like resetting wu components, deleted sw distribution folders etc. bit still no go. Unable to find wu agent not been able to get the required updates from Wsus server . Any suggestions please .
Have a 2012 server that is one  of our 2013 exchange servers. Trying to patch the server and it is stuck at the "checking for updates" screen with the scroll bar scrolling for 14 hours now. any ideas how to fix this?

I have restarted the server, restarted the windows update service, made sure the firewall is off.

Thank you for any input
WSUS server was setup on my Microsoft Small Business Server 2011 (serverA), the downloads are stored onto another Microsoft Server 2008 R2 (serverB)
this serverB is off-line now, corrupted O.S.
1. Where is the setting that tells serverA where to download the updates?
2. I would like to now download the updates locally on serverA (I add more space)

Most importantly: I want to know where I tell WSUS where to store the downloads, they used to go to a second server but that is not corrupted, so I want to know how to change where WSUS store the updates from serverB to serverA.

We have a WSUS server running on a Windows 2016 server.  When I run the "Server Cleanup Wizard", I am seeing the attached error.  

I found the attached script from the internet for Windows 2012 WSUS.  I am not sure if I can run it on a Windows Server 2016 WSUS server.  

Someone who know how to fix this please advise.

Many thanks!!!
CompTIA Cloud+
LVL 13
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Hello All,

I have been having a problem getting WSUS installed on Server 2016.  It keeps telling that it fails because of a reboot that is neeed.  The reboot goes through, it looks like it is reconfiguring something then doe the same thing again and again.  This is a migration away from an SBS 2011 box and I really don't need WSUS since there are not that many users and I can have them download updates directly.  But I am not sure how to turn off the GPOs linked to updates.  Do I just change all of the settings to disable in the Updates Services Common Settings GPO or is there somewhere else I need to change some things.  The SBS box is going away.

I have already tried running RSOP to see what GPO is controlling the login as service - it was the default domain controllers policy.  So I went into that GPO and added NT SERVICES\ALL SERVICES to it.  i had just migrated another SBS 2011 to Server 2016 and had not problems installing WSUS.  Not sure why this box is giving me problems since I am logged in as an admin.

So, how can either point directly to MS for updates and forget about WSUS or get it installed?


WSUS 2016 is running very slow I have done Clean ups VIA a PS script and there is no throttle,  but still patch delivery to servers is very slow any ideas?
Hello All,

Just migrated from SBS 2011 to Server 2016 on a new server.  The new server is now the DC and I want to make sure that it is getting its updates since none came through this past patch Tuesday.  The SBS Server was using WSUS and I assume that there was a GP that was created with it for updates since it sent them to all machines including the SBS Server.  Now that I am on Server 2016 do I have to turn something off to allow all machines to get updates directly from MS?  I did notice that this past patch Tuesday did not show any Server 2016 updates which is very odd since I have never seen a month go by without security updates for servers.  Any suggestions?
We have the standard set up of an internet facing wsus server.  Which we export. And then import to the internal wsus server.   Running fine. For years.  

I ran a script which declines all the supersede and no longer required patches.   Dropped from 250gn to 40gb

Next export worked fine

But I had to rebuild the internal one recently.  And it stalled on downloading. As files were missing.

I re approved all the declines on the external one.  And copied those files back in and it started working.

Why ?    I mean. They were deleted by wsus own server clean up.  Why would the meta data still be there ?
the WSUS folder is enormous. How can I shrink it?
I am using WSUS in my environment to deploy Microsoft security and critical patches. As I am somewhat new to using this product I am looking for a way to report on whether the clients have actually received and installed the patches.
Hi Guys,

I have around 100 servers in a test environment which i need to update on specific days. An GPO is not an option. Is there any script which i can use? What i would like to have are the following:

1. Search for windows updates on WSUS
2. Install all available updates
3. Restart
4. Detect again

Something like "wuauclt /detectnow /reportnow" with an restart option would be perfect -shutdown /r does not work.

It would be even better if i can enter computernames.

Thanks in adcance.
WE have moved WSUS from 2008 to 2012 R2 server, I gave same name and IP address to new server, have installed the roles of WSUS and IIS, migrated the DB, for which it keeps showing its restoring (Screenshot attached) because DB size is 15 GB and free version of WSUS is 10 GB.
On the console of WSUS it doesn't show any updates (Screenshot attached).
So moving forward, should I install a full version of SQL Standard?
anything else I have to do to start see computers under WSUS Console?

How to use WSUS for Win10 computers using reg. file instead GPO  for update rings.

Any idea?

Microsoft Azure 2017
LVL 13
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

SBS 2011 standard, tried to reinstall WSUS 3.0 sp2 as it wasn't working.
Had to remove .NET 4.1 as WSUS wouldn't install with it.
WSUS still won't complete, but want to just leave it off, but remote web not working now.
Tried to reinstall .NET 4.0 but no dice.
I believe .NET 4.1 was installed but can't find the installer for Windows Server 2008 R2.
Can anyone point to it?
I just downloaded PSwindowsupdate and WUInstall modules.  I want to be able to install windowsupdates on remote machines without rebooting them.  The updates are already on the machine from WSUS or they can be downloaded from there.  I'm looking for commands to accomplish this so I can install updates on machines that have failed updates.

I've started with this but I don't think it's doing anything: Invoke-WUInstall -ComputerName xxx -Script {ipmo PSWindowsUpdate; Get-WUInstall -AcceptAll but the Invoke command is failing?
I have a few Win 2016 server vms that are having issues connecting to WSUS 6.3 which runs on Win 2012R2
The errors I get are

Logs show this

2018/06/05 07:45:14.5767492 680   4164  WebServices     WS error: There was an error communicating with the endpoint at ''.
2018/06/05 07:45:14.5767518 680   4164  WebServices     WS error: The server returned HTTP status code '500 (0x1F4)' with text 'System.ServiceModel.ServiceActivationException'.
2018/06/05 07:45:14.5767533 680   4164  WebServices     WS error: The server was unable to process the request.
2018/06/05 07:45:14.5767656 680   4164  WebServices     Web service call failed with hr = 8024401f.

Open in new window

I am able to load this page
with this result.

Client Service

You have created a service.

To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:


You can also access the service description as a single file:

Open in new window

Ive read so many articles about fixes in IIS< but none have worked, nor have there been and changes on WSUS server.
I have another WSUS on another domain and I'm having the same issue there.

On client side ive done the usual but no luck.

net stop wuauserv 
net stop cryptSvc 
net stop bits 
net stop msiserver 
Ren C:\Windows\SoftwareDistribution SoftwareDistribution.old 
Ren C:\Windows\System32\catroot2 Catroot2.old 

Open in new window

The client gets added to WSUS but shows not yet reported.

Ive deployed the new 2016 VM from few different templates with same result.

I have some other 2016 vms, from same templates from a while ago, and those are not showing this error. So I'm not sure why these new ones are.

I assigned domain computer to group for update packages from WSUS server by GPO, and they are running well.
For the other computer dis-join domain, How to apply them ? I type “wuauclt /resetauthorization /detectnow” on each one, but they have still not connected to WSUS yet.
Anyone can guide me how to solve the issue ?
Environment: WSUS Server 2012 R2; Clients: Windows 7,10, 2012 R2.

Windows update not working on server 2012 r2 standard.

Tried the general Microsoft Site for the Update Readiness Tool 

Tried the following Microsoft Site for general update failure. 

Finally looked through the Windows Update Troubleshooting site. The manual approach requires registry settings so take great care. 

2018-11-27      11:15:01:377      1976      224      AU      #########
2018-11-27      11:15:01:377      1976      224      IdleTmr      WU operation (CSearchCall::Init ID 6) started; operation # 4478; does not use network; is at background priority
2018-11-27      11:15:01:377      1976      224      Agent      *** START ***  Queueing Finding updates [CallerId = AutomaticUpdates  Id = 6]
2018-11-27      11:15:01:377      1976      224      AU      <<## SUBMITTED ## AU: Search for updates  [CallId = {BC718562-0D95-4F90-91B2-D3BD75D2FEE2} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2018-11-27      11:15:01:377      1976      224      Agent      SkipSelfUpdateCheck search flag set for serverId: 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782
2018-11-27      11:15:01:377      1976      224      IdleTmr      WU operation (CSearchCall::Init ID 7) started; operation # 4480; does not use network; is at background priority
2018-11-27      11:15:01:377      1976      224      Agent      *** START ***  Queueing Finding updates [CallerId = AutomaticUpdates  Id = 7]
2018-11-27      11:15:01:377      1976      224      AU      <<## SUBMITTED ## AU: Search for updates  [CallId = …
Hi I have a test rig. The wsus server is online and we export the files and database to three separate. But identical rigs
Two work.
The other one remains at downloading updates for many days.

The permissions are the same. It’s the same database etc

Also if I rebuild the box it works fine with that export just won’t update next time

Any ideas ?

Windows 2012 r2


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.