Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a server (domain controller) that has a group policy that defines the location of the WSUS server.  For some reason this setting is not being applied to the server and it can not find the wsus server to get updates, rather goes online to microsoft.  This worked until approx 3 weeks ago when I noticed it was not reporting to the wsus server.  I have tried to force the policy using gpupdate /force but it still does not update.  I also tried manually adding the wuserver location to the registry for a quick fix but it will not allow it.
Cloud Class® Course: Certified Penetration Testing
LVL 12
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I have a freshly installed Server running Windows Server 2016. However when I try installing the Windows Server Update Services (WSUS) role, I get the following error message at the end when it is in the process of installing the features and roles. "The request to add or remove features on the specified server failed. The operation cannot be completed, because the server that you specified requires a restart."
I have a Server running 2012 R2 that has a very large WSUS Content folder taking up a majority of the disk space. I need to reduce the size of this folder and also need to disable it. WsusContent Folder
how to disable Server 2016 update Notify

I got a wsus with Update Settings 3 " download updates and notify to install" , but i dont want this big blue window  "updates aviable".

how to hide this complete i just want do manual updates by admin checking. the point is  the are monitors on the server and normal user dont have to see any notifications.

I am facing an issue with WSUS

Wsus detects client PCs  but not download updates for new detected windows 10 clients, there is no issue with old PCs
We presently have 1 WSUS server 2008r2 and we have it provide updates to another site that is 50 miles away.  There is a 3mg connection between the sites, but we constantly have users complaining that their machine runs slow at both locations.  What could be the issue or possible solutions to this?  Also best practices would be great.  We only have 1 WSUS device across the whole network with 30 or so users at another site and about 100 locally.
Hello, I have a task that involves SCCM 2012 R2 re install off wsus and iis as i can no longer access wsus through the console and the MP is no longer processing http requests.

Servers SCCM 2012 R2
Server SCCM01 Pri: 2008 R2 : SQL Database: SUP wsus day
Server SCCM02 MP: OS 2008 R2 : WSUS 3.0 failed:IIS Failed
Server SCCM03 MP: OS 2008 R2 : WSUS 3.0:

In what order do I uninstall WSUS will i have to uninstall the SUP and delete the SUP instance from the sql server then remove WSUS ver 3 with the hot fixes and uninstall IIS then reboot the server and re install.

I have trolled the internet and to no avail have i managed to find a good comprehensive guide I am really not sure in what order to do all this and if i really need to uninstall the sup instance.

Any Help would be really greatly received.
I do not have access to the SCCM server ... only the Windows 7 clients. How to fix software center "Waiting to install"? This is a common problem on many clients, but not all.
I have tried:
foreach($i in gwmi -Namespace root/ccm/policy/machine/actualconfig -Class ccm_softwaredistribution -Filter "ADV_AdvertisementID='CS123456'"){$i.delete()}

Open in new window

This only seems to address the applications that were waiting, not the updates.
Hello ,

I have some queries  regrading NEW WSUS server setup , Please provide your suggestion on below mentioned points.

1.  Which DB should use WID or SQL Express ?
2. Is it recommended to push Services pack to  WSUS client machine like (win8/10 ),As services pack comes with hefty file size &  it may impact network perform if same time all machine try to get update from WSUS?
3. In case of downstream wsus server , Do we need to have DB for respective downstream server ?

Please help me out with these queries .

In the WSUS 2012 console, if I go to Updates > All Updates and filter by 'Any Except Declined, Status = Failed' I see that an update (2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4284835)) installed for 91% of the computers but for some, there were errors. Double-clicking on this line item generates the report, which shows:

For 4 computers the Status = Installed
For 48 computers the Status = Not Applicable
For 6 computers the Status = No Status
For 6 computers the Status = Failed.

Over the last week, I tried a few times right-clicking on the failed update and selecting 'Approve' again, hoping that something would kick in and WSUS would attempt to trigger these updates again. But that doesn't seem to work.

I found some articles online that describe how to run the Windows Update Troubleshooter tool or stop the Service, delete the contents of the update folder, restart the Service and try again, but I imagine there's no automated way to do this. (I'd have to do this manually on each workstation?)

Are there any tricks or tips for getting updates to install?

One more thing: In that WSUS report, I can click on the 'Failed' link under the Status column (next to each of the 6 computers that failed) and a pop-up window shows the error. Almost all of them simply say "Error: Download failed."    Does this mean WSUS is not downloading this update? Or it is not able to push the update to the workstation? Or is the workstation trying to …
Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

How are people managing the huge Windows 10 updates with WSUS and Group Policy?  The Fall/Spring updates have been rather large and once installed take a while to configure.  We are using Windows 10 Pro and WSUS.  I have WSUS configured to install the update and not force a reboot but once the users reboot it takes a while.  Id like to schedule this to happen outside of working hours so the users aren't waiting ages whilst it reboots and configures.
I'm having a problem on a Windows 7 workstation installing "2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826)". The update repeatedly fails with error code 8024200D. I've tried every step in, to no avail. The final step in this link suggests reinstalling Windows. I just did that not long ago with a scratch install. I really don't want to do that again.

Maybe related, maybe not: On Monday this computer was showing a black screen with a movable cursor. That's it. I ended up restoring the computer to close-of-day Friday (Acronis) and it was then back in action, but since then unable to install this update. I have been able to install one or two optional updates.

Dear All

            in recent day my server 2012 r2 WSUS getting below problem, everytime i need to restart to get it fix, but after a while the problem will occur again, any idea how i can get the problem fixed ?


12052 - the dss authentication web service is not working

12042 - the simpleauth web service is not working

12022 - the client web service is not working

12032 - the server synchronization web service is not working

12012 - the API Remoting web service is not owrking

12002 the reporting web service is not working

13042 - seif-update is not working
Windows 2012R2 - Windows Update failed - Error code 8024200D.  No matter what patch I select, same result. This server is a Domain Controller (Hyper-V VM) and is not part of our WSUS patching process. I have tried all the recommended procedures:

DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess
sfc /scannow
ren c:\Windows\SoftwareDistribution SoftwareDistribution.old

Event Viewer:
Installation Failure: Windows failed to install the following update with error 0x8024200D: Update for Windows Server 2012 R2 (KB3012702).

- <Event xmlns="">
- <System>
  <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
  <TimeCreated SystemTime="2018-06-20T20:20:42.043966100Z" />
  <Correlation />
  <Execution ProcessID="820" ThreadID="3052" />
  <Security UserID="S-1-5-18" />
- <EventData>
  <Data Name="errorCode">0x8024200d</Data>
  <Data Name="updateTitle">Update for Windows Server 2012 R2 (KB3012702)</Data>
  <Data Name="updateGuid">{9F2B73BF-67B5-4803-AC0A-1108B5750220}</Data>
  <Data …
Hi Everyone,

How to setup software upgrade group (SUGs)? Can you show me how to configure in SCCM console or GPO push down the windows updates & security to the clients.

How to retrieve full software report for SCCM


Windows patch overnight has stripped my server 2016 build! Removed Hyper-v, removed all (domain) user folders and left a raw Administrator folder to sign in with. It left no windowsold folder. Had to install LSI software to shut up the alarm! Theres no recent server backup. Oh and its spits a general network error when trying to change the computer name or join my domain.
From what I'm reading on the internet- this is normal for Microsoft to do this???? But it usually leaves a Windows.old folder so that we can rollback to previous build?
How is this acceptable practice?!! It appears that I've lost all my work and have to start from scratch. I mean the machine's primary roll is to server Hyper-v  and I have all my guest VHDS(X) in another location but it will take me countless hours to get back to working on my current project.

Is there anything I can do?
Patch also broke my windows 10 machine. It left a windows.old folder to boot into install media and rollback but its broken too!
 Contantly cycling theough "Hold on while we get your computer ready". Whwn I try to rollback and login to the domain I get an error that the system32 desktop folder is missing or something.
Windows update is sweeping through my office like a terrible virus!
I'd like to patch an old 2003 server with several Windows updates.  Does anyone know of a relatively easy way of doing this without using WSUS.  Failing that, can anyone tell me how to install WSUS and how to use it?
I have vm with win server 2012 R2, I keep getting an error when the windows update tries to install the
2017-09 security and quality rollup for .NET framework 3.5 ..... 4.7 and,
2018-05 security and quality rollup for .NET framework 3.5 ..... 4.7
Windows 7 workstations.    50 computers have not reported status for more than 30 days.  The check in status are random across workstations. Some 30 days some more.

I performed the following on a single workstation.

      1. netsh winhttp reset proxy

After executing the command I  restarted the  workstation

      2. Executed the following commands on workstation
wuauclt /detectnow /resetauthorization
wuauclt /reportnow

The workstation was not checking in.
After carrying out these commands the Windows Update utility can be started to search for updates. At this point the client should register with WSUS after 15 minutes.   Nope did not ever check in....

I then ran the diagnostics report attached using the utility here.
            a. (Report Attached)
      1. Reset WSUS repository on workstation   ( This did not help)

Final Error IS 80244018 as seen in attachment

WindowsUpdate Log File Data
    06-01	10:59:31:440	 836	1750	Agent	*************
2018-06-01	10:59:31:440	 836	1750	Agent	** START **  Agent: Finding updates [CallerId = <<PROCESS>>: sftservice.exe]
2018-06-01	10:59:31:440	 836	1750	Agent	*********
2018-06-01	10:59:31:440	 836	1750	Agent	  * Online = Yes; Ignore download priority = No
2018-06-01	10:59:31:440	 836	1750	Agent	  * Criteria = "( IsInstalled = 0 and IsHidden = 0 and 

Open in new window

Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

I'm running a new install of WSUS, on windows server 2016, fresh install, and the server is not used for anything else, but WSUS.
All my servers and computers show "needed count" for updates with large numbers.  Even after I install updates on the clients or servers, the number never goes to 0, how do I install all the needed updates on my servers/workstations?

The 2nd problem is, for a few computers, it looks like the computers have contacted the WSUS server, a few weeks ago, but there's no status report, and there's no info about the computers.  Any idea's how to resolve?

WSUS on Server 2016 not showing any Windows updates available for Windows 10 systems: I've read the EE thread with this title.  The OP abandoned the question (and abandoned WSUS) without a resolution.  I'm having the exact same problem. I've searched and searched for several weeks without finding a solution.  I found a long series of posts on the exact same issue on another tech community site which has no resolution either.  Here's the deal:

I have WSUS installed on a Windows 2016 server.  This is a 2016 Standard domain that was migrated from an old SBS2008 domain.  It's been up and running successfully for nearly a year.  The domain consists of two 2016 servers (one DC and one RDS, both v1607), one Windows 2008 R2 server running SQL 2008, five Win7 workstations and eight Win10 workstations (6 are v1703 and 2 were upgraded to v1709).  The original WSUS database was on the Win2008R2 server.  At the end of the migration I moved it to the 2016 RDS server.  It was working fine for about 7 or 8 months. All of a sudden (I assume it was probably some update that caused it), WSUS stopped working for all of the servers (including the 2008R2 server) and all of the Windows 10 workstations.  It would download the required updates but all updates (except for Office and Win7) showed as not needed ("Needed" column = 0).

After a number of tries to repair WSUS, I decided to move it to the Win2016 DC.  This was a fresh install, not a migration, and is where it's now installed.  …
I am unable to view WSUS reports on Windows Server 2016. When I try it gives me the error: The Microsoft Report Viewer 2012 Redistributable is required for this feature. Please close the console before installing this package.

So, I do that, and try to install the report viewer. Then I get the error: Setup is missing an installation prerequisite - Microsoft System CLR Types for SQL Server 2012.

So, I install those but even though they install I still can't get the Report Viewer to install.

I've seen many articles showing me where to go but they always make it seem like once I install the CLR package (As this one does:  I should be able to run the Report Viewer. And yet, it keeps saying it needs those CLR files.

I've tried the x64 and the x86 packages with no luck. I can't seem to get the system to recognize that I've downloaded what I'm looking for. Any suggestions would be most appreciated.
We’ve two identical 2012R2 networks updated from one WSUS.
Need to setup WU GPO’s, and just discovered that the WU are different,  see attachments - #2 has sub-folder "Defer WU":

Please help to understand what the problem is.
Thank U.
My company implemented WSUS on server 2012R2 , we have 1 upstream server and 7 downstream servers in several sites. We are using Server side targeting . We have a GPO using item level targeting to assign clients to their WSUS server base on IP address.   All this is working fine.

Management requested a ways to automatically assign new servers to a specific group  if they fall out of the IP range specified in the GPO.

Is there a way to do this, while maintaining Server Side Targeting.
Block Windows update from Internet, but only to SCCM for Windows 7 and 10

We're moving our windows update scheme form directly from Microsoft Update to internal SCCM/WSUS.

So I need to block Windows updates through GPO.
Ones that I found is this item, "Remove access to use all windows update features" which are under two hives, the one in Computer Policy can be applied to only Windows 10 above and the one under User Policy can be applied to both Windows 7 and 10 as I read the description. I am not sure if this is correct, but as I read the description through GPMC, it looks as true. Then 'Turn off access to all Windows Update Features' which has exactly the same description as "Remove access to use all windows update features" under Computer Policy. So I guess 'Turn off access to all Windows Update Features' is the one to go with? GPO items look complicate, don't know why two items with different name having the same description.

Also, the description says it "Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update". Does it imply that if I enable this, it will block Windows update from SCCM/WSUS as well?

1. Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update->Remove access to use all windows update features

"This setting allows you to remove access to scan Windows Update.

If you enable this …


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.