Go Premium for a chance to win a PS4. Enter to Win



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

I was about to deploy the Windows 10 Fall Creators Update (Version 1709) and was wondering if anyone that has deployed it has had any issues like end user complaints, programs no longer working or any reason I should wait before deploying it. Our environment is mainly Office 365 with some specialty programs for Finance and HR etc.,. Thanks!

- Windows 10 Pro x64
[Webinar] Cloud Security
LVL 11
[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler


I have a few devices on WSUS (WS2008 R2) in following state (see attachment). Some of them are turned off so I understand why they haven't installed updates yet or why I see an older date in Last Status Report column. But some of them are connected and available over a network. Nothing has changed since I used commands wuauclt /detectnow, /reportnow  or /resetauthorization (repeatedly).

I connected to these devices remotely and perform these commands but nothing happened.

I also made a batch file and run it on all domain devices:
net stop wuauserv
net start wuauserv
wuauclt /resetauthorization /detectnow
wuauclt /reportnow

Didn't work either.

Also I've waited a couple of days for any change. Nothing happened.

I appreciate any help.
I'm currently using a Gmail account for Veeam email notifications using the server addresses shown in the first screenshot and am successfully receiving Veeam email notifications.

However when I try to use the exact same Gmail email address and email server settings for Server 2016 WSUS email notifications (in the second and third screenshots) these email server address notifications don't work. I receive the error message shown in the last screenshot which says

"System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. i8sm33761833pgq.67 - gsmtp
   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.SendTestEmail(String emailLanguage, String smtpUserName, String senderEmailAddress, String smtpHostName, Int32 smtpPort, String recipients)
   at Microsoft.UpdateServices.Internal.BaseApi.EmailNotificationConfiguration.SendTestEmail()
   at Microsoft.UpdateServices.UI.SnapIn.Dialogs.EmailNotificationSettingsDialog.backgroundWorker_DoWork(Object sender, DoWorkEventArgs e)."

There is no where within the Server 2016 WSUS email notification settings to select to use secure connection (SSL/TLS).

So what is the correct Gmail email address server address setting to use to successfully send notification emails?
Where do you go within Server 2016 Windows Server Update Services (WSUS) to view where the downloaded updates are being stored?
My current WSUS environment has been running for about 6 years and is almost completely useless at this point. W3WP.exe and SQLSERVR.exe memory and CPU usage are through the roof. Clients have to check multiple times because of timeouts and this has become a huge issue. I have run all the cleanup scripts and installed recommended WSUS patches and still poor performance. I have now setup a new server and right now it's getting the metadata from Microsoft. I'm 66% through and right now it is showing 11,000 updates. I've chosen all classifications except for drivers. This will take forever to download. Is there a way to point the new WSUS server at the existing WSUS server, that is local, and then switch it back to Microsoft after the downloads are complete? There are a few categories that are enabled on the new one that are not enabled on the old one but I can sync those from Microsoft later. Downloads will be a lot quicker from a local server. Thanks.
Where do I go within the Server 2016 Windows Server Update Services (WSUS) to change the location of where the Windows updates are stored before they are pushed out to the client computers?
Please provide me with guides on setting up and configuring Server 2016 Windows Server Update Services (WSUS) for the first time.
In our environment, clients are not getting patched, there are over 300 outstanding patches to be installed. I need to find out why they are not working.
Group policy is applied. They are pointing to correct wsus servers
where else can I look to verify all the settings on the clients to find out if they are properly communicating with WSUS servers?
I have a 2012 DC with these roles
Certificate Authority
Network Policy Server

The plan is to replace this server hardware with new server. I would like to keep the same name and IP.
Ive done it once before but at that time I didnt have all these new roles.

  • I plan to rename DC1 it to DC-old, but keep the IP
  • Build the new DC1 with temp IP
  • Setup all same roles on new DC1
  • Transfer original IP to new DC1 and update the DNS records.
This way I dont need to change all the server and device settings that are referencing the IP

I guess to get to my question, I am not sure what affect renaming the DC will have on the Certificate Authority, will the workstations generate a new certificate with the new CA server once they connect to it for the first time?
The main reason we use the CA is in conjunction with NPS for wifi and LAN authentication for workstations.

As for the other roles, im confident I can replicate the settings on the new DC.

for WSUS I found this guide, unless someone has a better one?
Hi Experts,

I have a WSUS Server and mapped many Servers to it. However few Server the Group Policy did not apply as we found the problem servers were mapped with different Group Policy.

So we would like to take a report of each server to identify which Group Policy is applied on the server. So my requirement is to identify the Group Policy Name that the computer is reporting for Window Update. I need a Group Policy name alone, so we will change the Server settings in Group Policy.

Can we achieve this by any tools, Power Shell Script or by Querying any Registry Key ? I have 800 computers on which the Group Policy name for Windows Update to be identified.

Please help.  I have googled many and did not get a proper answer what I am trying to achieve this.
Free Tool: SSL Checker
LVL 11
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


New Dell computer with win 10 1703 version and a WSUS server under win 2012R2. Every time I try to get updates this error 0x8024401c  is show

Any ideas?


We have exactly this problem on multiple clients: https://blogs.technet.microsoft.com/sus/2008/10/29/wsus-clients-fail-synchronization-with-0x80244015-and-0x8024400d-errors/

Now I'd like to make a PS script for this part:
1) Place the following lines in a .REG file and merge it at the WSUS client:

Windows Registry Editor Version 5.00






Please advise.
Having trouble installing  WSUS on Server 2012 Standard on a physical server.

Error message:  "WSUS Role failed on Windows server 2012 with error"the operation cannot be completed because the server that you specified requires a restart" This is after adding the Role of Windows server update service. After the reboot the Windows update service is not installed. Thanks, Bill
I realize this is an open-ended question--I'm not asking on behalf of a particular customer--but we're wondering if Windows 10 always respects the GPOs we've set for Windows Update, which point all domain PCs to our on-premises WSUS server with specific maintenance windows and restart settings.

I'm hearing anecdotal evidence that 10 may bypass WSUS (and any other WU-related settings imposed by GP) and update and restart itself whenever Microsoft deems this necessary.  I don't have "smoking gun" proof yet, but cursory Googling suggests I'm not the only one who's getting suspicious, and we're seeing some erratic update behavior on our fleet of Win 10 Surfaces.

What has your experience been like?  Do you use WSUS, or a third-party patch management solution?
We're setting up SCCM which will have 1 CAS  and 2 primary site servers.
We are trying to set up Windows Update, but it seems as sccm is not pushing out WSUS settings.
So far, we did;

Installed WSUS  services on 3 SCCM servers
Configured Software Update Point roles on 3 SCCM servers
CAS is the upstream server to MS Updates and other 2 site servers are to CAS
We didn't download or sync software updates, didn't deploy any update to any device collection. We just installed WSUS services and configured on 3 site servers.

Now, when Configuration Manager client on user computers is installed, the WSUS setting doesn't populate, but it completely disappears. As far as  I know, when SCCM with WSUS is configured, it will send WSUS setting through Configuration Manager to client's local policy which is located on HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

Why is this registry key removed when I install/uninstall SCCM client on the user computer?
It seems as client computers with SCCM client still use this registry key to identify WSUS server which is one of SCCM servers.
How do we restore this through SCCM? I am trying to avoid using GPO since a best practice for SCCM recommends to remove GPO method to fix WSUS setting on clients.
Hey all,

I am having issues with some of the computers in an organisation running win 10 pro after installing an update (Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4041691). Discovered a lot of people are having issues with this update and suggest to decline this through WSUS which I have (NOW).

I have noticed when the computer reboots after installing the update, it asks what keyboard layout, as if it is a fresh copy of win 10. After clicking US Keyboard layout > it says advanced options or restart. After clicking restart, it reboots, then my CPU fans spin out of control and I cannot even boot to BIOS. This has happened on 4 machines now and cannot afford for any more computers to die. The computers are HP Elite Ultra Slim Desktops so if anyone know's a workaround to at least get the machines to boot to BIOS, please let me know.

Also, I have found this article that helps, if I could boot into BIOS https://www.windowscentral.com/how-fix-update-causing-inaccessible-boot-device-error-windows-10

I would like to know how to repair WSUS server. We had to reinstall a brand new SQLSERVER with a new instance. Restore the WSUS database. Now when I start WSUS it doesn't find the server. What is the best way to reconnect to the database?

We have one WSUS at a datacenter.  We have one remote site, with about 10 machines that are pointed to that WSUS servers.  For some goofy reason, the Server 2012 R2 servers are fine connecting to the WSUS, but the Windows 8.1 laptops can't connect and I don't understand why.  On WSUS, it just says Last Status Report: Not yet reported.

Here is my logs from the client

2017-10-15      19:51:22:345       888      1640      Misc      ===========  Logging initialized (build: 7.9.9600.18696, tz: -0400)  ===========
2017-10-15      19:51:22:345       888      1640      Misc        = Process: C:\Windows\system32\svchost.exe
2017-10-15      19:51:22:345       888      1640      Misc        = Module: c:\windows\system32\wuaueng.dll
2017-10-15      19:51:22:345       888      1640      Service      *************
2017-10-15      19:51:22:345       888      1640      Service      ** START **  Service: Service startup
2017-10-15      19:51:22:345       888      1640      Service      *********
2017-10-15      19:51:22:345       888      1640      IdleTmr      Non-AoAc machine.  Aoac operations will be ignored.
2017-10-15      19:51:22:345       888      1640      Agent        * WU client version 7.9.9600.18696
2017-10-15      19:51:22:345       888      1640      Agent      WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2017-10-15      19:51:22:345       888      1640      Agent        * Base directory: C:\Windows\SoftwareDistribution
2017-10-15      19:51:22:345       888      1640      Agent        * Access type: No proxy
2017-10-15      19:51:22:345       888      1640      Service      UpdateNetworkState Ipv6, cNetworkInterfaces = 1.
2017-10-15      19:51:22:345       888      1640      Service      UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
Hi All,

I have a new customer that has SBS2011.  The server appears to be running well in all respects, but sometime in the past WSUS was disabled due to them running out of disk space, so they disabled WSUS and removed the WSUS files that were stored in either:




(Both folders exist - I have done a search and cannot find any other WSUS folders)

T:\ is mapped to a Virtual Disk on the Hyper-V host (not a network drive physically elsewhere)

I have increased their storage capacity (shared network files were on the server, I have moved them to a NAS).

So, I would like to now 'reinstate' WSUS, but I don't know how it will react due to the missing files that were deleted, and that makes me nervous, so looking for advice on what I should check and do in what order as I have never been here before.

SBS2011 is running as a VM on Hyper-V.  There is one other VM on Hyper-V which appears to be a print 'server' (actually Win7 Pro), but it is shutdown, and I have not touched it so far (I'll get to it later, but its way down the list).

Backups are running fine - using SBS2011 Backup three times a day to an external USB drive, and the drive is backed up to another drive through the day, and that goes offsite every day.

WSUS has been disabled by disabling the service called 'WSUSService' with a display name of 'Update Services'.  At this point, I am inclined to just re-enable that, but what will happen if I do that, and none of …
[Webinar] Cloud and Mobile-First Strategy
LVL 11
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Server 2012r2 is searching updates from wsus2012r2 for ever.
Other servers are updating from the Same wsus  with no problem.
Checking connection by telnet two directions and it is ok.
Any idea how to solve this problem?
Thank you
I hope you have good day. i've server (WIN 2012 datacenter R2)installed on it wsus role and also SCCM 2012 (with external SQL DB) i just need to configure the autmatic update that sccm will take it from wsus and deploy it on the PCs in my network, how can i make that?
I am trying to reinstall WSUS 3.0 SP2 on a 2008 R2 server.  This server originally had WSUS 3.0 on in and had been uninstalled including logs, database, etc  If fails when I try to install it either from Add Roles in Server Manager or from a Downloaded WSUS 3.0 SP2 .exe (WSUS30-KB972455-x64.exe).  Following the progress of the install, is gets to the Configuring the Database step and fails with "There is a problem with this Windows Installer Package.  A program run as part the the setup did not finish as expected.

Any help will be greatly appreciated.  I am out of ideas and don't understand the setup logs (attached).

Thanks in advance
Windows 2012 R2 server running WSUS for ages, out of the blue has stopped working. Checks from clients show 8024401F. Server shows a few errors:

Self-update is not working.

The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

Fault bucket , type 0
Event Name: WindowsUpdateFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 7.9.9600.18756
P2: 8024401f
P3: D67661EB-2423-451D-BF5D-13199E37DF28
P4: Scan
P5: 1
P6: 0
P7: 0
P8: SelfUpdate
P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
P10: 0

Attached files:

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: 88bfccdd-9cf4-11e7-80d6-00155d00230f
Report Status: 262144
Hashed bucket:
From windowsupdate.log
2017-09-18      21:39:29:807       920      146c      EP      Got WSUS SelfUpdate URL: "http://dc01.domain.com:8530/selfupdate"
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x801901f4
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x801901f4
2017-09-18      …
I have windows server 2012 Wsus Server and I have windows 10 systems in the same domain. but windows 10 system Updates are failed through WSUS.kindly help on this.
how to delete WSUS Database Manually?


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In