WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Recently someone suggested to me to manage Windows Updates in my organization using a WSUS server, SCCM and powershell patch audit utility.   Before the person suggested this this to me I thought I would manage updates using 1 of the 3 above, not all three.  I am familiar with WSUS, and powershell patch audit utility.  

 Could someone provide me with a top-level breakdown of how these components work together?  
Or... can you suggest your preferred method?
0
CompTIA Network+
LVL 13
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

SBS 2008, WSUS/SUSDB folder has grown to over 100 GB. The server cleanup wizard aborts. Tried cleaning up one item at a time - still aborts. Deleted all files from the WSUS Content folder - SUSDB still over 100 GB.
(Obviously, system has not been maintained - I was asked to help resolve this issue)
Any suggestions?
0
Is it possible to configure the WSUS policy if it can't find some window features on WSUS, it can redirect clients to Microsoft website to install some WIndow features ?

Thx
0
2019-09-07      09:04:54:640      1196      3130      Misc      ===========  Logging initialized (build: 7.8.9200.17185, tz: +0530)  ===========
2019-09-07      09:04:54:640      1196      3130      Misc        = Process: C:\Windows\system32\svchost.exe
2019-09-07      09:04:54:640      1196      3130      Misc        = Module: c:\windows\system32\wuaueng.dll
2019-09-07      09:04:54:640      1196      3130      Service      *************
2019-09-07      09:04:54:640      1196      3130      Service      ** START **  Service: Service startup
2019-09-07      09:04:54:640      1196      3130      Service      *********
2019-09-07      09:04:54:718      1196      3130      Agent        * WU client version 7.8.9200.17185
2019-09-07      09:04:54:718      1196      3130      Agent        * Base directory: C:\Windows\SoftwareDistribution
2019-09-07      09:04:54:718      1196      3130      Agent        * Access type: No proxy
2019-09-07      09:04:54:718      1196      3130      Service      UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
2019-09-07      09:04:54:718      1196      3130      Service      UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2019-09-07      09:04:54:718      1196      3130      Agent        * Network state: Connected
2019-09-07      09:04:54:734      1196      3130      Setup      WARNING: SelfUpdate is in an error state
2019-09-07      09:04:54:749      1196      3130      Service      UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
2019-09-07      09:04:54:749      1196      3130      Service      UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2019-09-07      09:04:55:015      1196      3130      Agent      ***********  Agent: Initializing global settings cache  ***********
2019-09-07      09:04:55:015      1196      3130      Agent        * Endpoint Provider: 00000000-0000-0000-0000-000000000000
2019-09-07      09:04:55:015      1196      3130      Agent        * WSUS …
0
Hello All,

I am having an issue with WSUS on a 2019 Server.  The updates for Windows 10 are downloading to the client systems but they are never told to install them.  I have set the GP to download and install but they don't seem to be doing that.  This is not just one Windows 10 computer but all of them.  I have attached a picture showing the policies that are managed by the domain and it shows that they are to download and notify the user.  Very odd - any suggestions?

Regards,

Rob
Windows-Update-GP.PNG
0
Hello IT people

I've post last month a question about configuring WSUS server  and problems I've been facing. but now after I configure everything and the WSUS server has been able to contact Microsoft for update and the client could contact the WSUS server, I have another problem.

The problem is the clients don't seem to take any updates. whenever I try to update any computer or server, it gives me this message: "Your device is up to date. Last checked: Today, ‏‎9:34 AM". But it's really not up to date. and in WSUS server, there is yellow exclamation mark besides every client, like in this photo:

Screenshot--1-.png
So, I wish you guys could help.
0
Hi Expert

How to apply windows patches in an offline environment, due to the restrict environment.

Please note the host are running using the "Hyper V management".

According to my research, i am aware that by using another option is WSUS offline, but it was not improve
by the management.

Are there other option by using Powershell, to reduce the manual intervention?

Appreciate your prompt response.
0
I need to get 9 workstations to be able to be seen by WSUS in the server 2016. No luck seeing them at this point?
0
We are not running a wsus server and need to disable several windows updates from running.  This needs to be done on both win10 and win7 …  

Can this be done using powershell ?

Thanks …

Joel
0
Hello,

We use an internal WSUS server to deploy MS Updates to our servers and workstations.

I am looking at this link and trying to identify the KB number and make sure our WSUS server has downloaded that KB to deliver.

Does anyone know the KB this link is referring to?

https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

Many thanks.
0
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

With Windows Server 2019 is there a definitive way to regain control of updates and reboots?  Please tell me with WSUS or otherwise you still have the ability to delay (indefinitely any updates from being installed as well as complete control of IF and WHEN they should be installed as well as WHEN we can manually do an update.  Microsoft has been doing an absolute PATHETIC job with their updates, blowing up the world with Windows 10.  They no longer test the way the used to, I guess it is less costly to test on the general public.

It "was" supposed to take the place of an Enterprise operating system such as NetWare, it's not a phone and that is how they are treating it if you no longer have control.  Anyone?

Thanks guys!!!
0
Is ABC-Deploy's ABC-Update freeware a stable and/or secure tool for an enterprise environment?

I've used it on a few client systems that were having trouble connecting to the WSUS. It gets the job done but I don't have any previous experience or knowledge of the vendor/product...
0
Hi, our current infrastructure has Server 2008 and Server 2008 R2. All the Windows servers are updated with WSUS and servers are supposed to receive Windows updates only via WSUS. We are in the process of upgrading the system to Server 2016 and Server 2012 R2. Below are my questions

1. I'm going to use a newly installed Server 2016 Domain controller as WSUS. Is that a problem?
2. Should I migrate from Old server 2008 WSUS to Server 2016 WSUS? or Deploy a new WSUS only for new servers?
3. Can I have some supporting documents for this?

Thanks a lot,
Ruwantha
0
Dear All

 
              I would like to reinstall WSUS on server 2012 r2 with version 6.3.9600.18694, just wonder if all the clients computer will automatically connect back to the WSUS itself if the GPO is remain unchanged ? the reason I plan to reinstall it because I have many client computer not yet report to the wsus console, and also some computer stop reporting to wsus since in year 2018, I been finding many method from internet, it doesn't work, any help would be appreciated, thanks


keith
0
I had this question after viewing Windows 8 Updates Failing.

We have WSUS 3.0 over Windows 2008 server R2.  None of the servers at the enviroment reports the status of their updates but all the workstations (Windows 10) does.
The servers are Windows 2008 server R2 and Windows 2012, all the servers shows at the WSUS console.
When we try to update at server with Windows 2012 the error code is 80096002 and in Windows 2008 server the error code is 800B0001
The group policy about updates is the same for Workstations and Server (looking for the WSUS server)
I don't understand why at the server enviroment there is not updates
0
I am attempting to upgrade clients to Windows 10, version 1903.  In WSUS console, I am asked to approve the "business edition" or the "consumer edition"  Question: which do I pick?  Most of the machines involved come with Windows 10 Pro, OEM from HP.  I'm afraid if I choose the wrong one, I'll get a company wide licensing issue.  Thanks much.
0
I am running WSUS 2012 R2, and my 2TB drive is almost full of the wsus content.  The WSUS folder is at almost 1.5TB and I didn't even select all the options, only that I need for my organization.

Is there a way to delete old updates from my drive via WSUS?  When I go to C:\wsus_database\WsusContent, I see different folders with .cab files, and  it's probably not wise to delete files directly that way, right?

Any suggestions?
0
I am currently installing wsus on windows server 2016 standard. I am getting errors while trying to sync it. please see attached fileerrorerror
appropriate rule has been created in firewall for this server
0
Writing a script to determine which windows servers have available updates
0
Angular Fundamentals
LVL 13
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Dear All

 
           I have a question regarding to WSUS on server 2012, having checked the console in WSUS, i see there are some computers last status report showing "Not Yet Reported", i have tried to delete the problem computer from WSUS console, and run below command in the problem computer, and i dont see the computer appear back from WSUS console, any help would be appreciated,

net stop bits
net stop wuauserv
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIDValidation /f
rd /s /q "C:\WINDOWS\SoftwareDistribution"
net start bits
net start wuauserv
wuauclt /resetauthorization /detectnow
PowerShell.exe (New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()


Keith
0
Dear All

           i have a WSUS server and found that from the WSUS report there are some computer not able to contact WSUS for more than 100 days, and having check for the problem computer, see that there is windows update error 80072EE2, having followed below website method to do, but i still can not fix it, any help will be appreicated

https://www.4winkey.com/windows-tips/top-3-to-fix-windows-update-error-80072ee2.html


keith
0
When I approve the "Windows Malicious Software Removal Tool - KB890830" update for Windows 7 on the WSUS server, I get an error message saying:  "Unable to display the Microsoft license terms for this update; the update will not be approved".

It does work for other operating systems though (Windows 2008, 8, 10, 2016)
0
Hi,

I have the domain controllers configured on windows 2012 R2 with 2 machines in Head Office whereas every branch as one too which is replicating data from the HO machines whereas we make sure all the records are created in the primary (which contains the roles) and similarly the records are replicated to the branches DCs and in total there are 25 additional DCs in the branches.

Now the problem is with the windows update services where the computers or the client machines are not getting listed considering the deployed policy. For the servers farm, we can see all the servers are listed in the Servers group however the client machines which are given branches code or name in the policy where each branch machines should be under the specific group are yet not getting appeared.

Its worth to mention that each branch DC also contains the windows update servers which are getting its updates from the primary windows update server.

Requesting support.

Regards
0
Hi Expert Team,

May i know how much data we should keep in WSUS? The disk space keep increasing even after done the server cleanup. Shall we delete the old updates? Please advise.
0
Hello All,

I am having an issue with a new install of WSUS 2016.  For some reason a lot of the client systems show that updates are approved for install but when I look at updates on the machines it shows those updates but they have not yet been downloaded so they never install.  Some machines have been sitting for over a week without installing the patch Tuesday stuff from last week.  I can force the install but usually the system will tell the user that there are updates that need to be installed.  I have looked at the updates in WSUS and it shows that they have been approved for install.  Any thoughts?

Regards,

Rob
0

WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.