Articles & Videos



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

In Windows 10 Pro there used to be an option to 'Check online for updates from Microsoft update'. This was always very helpful because it allowed a user to check for updates above and beyond what may or may not have been approved and rolled out from my WSUS server.

That option appears to have disappeared recently. My question is this ... can they still check online for updates?

For instance, I do not want to select SQL Server under 'Products and Classifications' on my WSUS server. It is our company policy to not force those updates out via the WSUS server but to allow the SQL Administrator to check and install updates on their own.

If I don't select SQL server on my WSUS server, will they still be able to go online and check for updates for all of their Microsoft products installed on that computer?

I have read that a GPO setting can remove the 'check online' option but I don't think that is the case here because we have not changed our GPO settings for windows updates.

Even on my home non domain personal computer the 'check online' option is no longer there.
Free Tool: Port Scanner
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I have a domain with two DC's both running Server 2008 R2.
DC1 have following roles: ADDS, ADCS, DFS, DHCP Server, DNS Server, NPS
DC2 have following roles: ADDS, DFS, IIS, DNS Server, WSUS

Now I'm planning on replacing these two DC's with new ones but I'm hesitant to have all these roles on the new DC's, specially ADCS, NPS and WSUS.

How would you guys tackle this?

Worth noticing is that I have more than enough resources in my cluster to have one server for each role, but I think that's a bit over the top, and also kind of expensive :)
We currently run WSUS for updating our client systems across all our sites.
It's a single WSUS server at head office with all clients set to receive and install updates through the night.

We have an issue were laptop users visit other sites and connect to the WIFI, because their laptop has not been on through out the night they start downloading all the updates at the remote site over our MPLS. This causes a strain on our bandwidth that we can't have.

Is there any way that I can setup laptop users to only download updates when they are connected to our head office network (VLAN)?
Hello, I 'm testing WSUS and want to remove an update to test this function. I have a deadline set and everything looks good per the console but my test client still has the update even though I setup a deadline. Just how long does it take for an update to be removed?
As per subject, I find more and more hosts with significant differences in proposed updates. WSUS has been set up with automatic approval of critical and security updates, and the hosts reports no updates are needed. But  checking online Windows Update, the result is a 66 updates needed. Could it be the problematic hosts stopped reporting status on WSUS and as such I went ahed and declined updates which did not show up as needed  - i got about 400 hosts and i don't check their reporting status regularly.

I would like to understand wether my hosts need further updating or not, and I'm trying to avoid checking every single update proposed by Windows Update against its WSUS counterpart.
Client OS is Windows 2012 R2, Wsus OS is Windows 2012 R2 and  up and running since march 2014.
I perform maintenance on WSUS about 2 times/year (declining superseded updates and the such).
Thank you for any help
We have a working WSUS server here onsite that pushes out updates to machines on the following OS's- Win 7, Win 10, Win Server 2008 R2, Win server 2012, Win server 2012 r2, win server 2008 but any machines we have here that are on Win 8.1 will not update either via WSUS or manually by going to windows update section and clicking on 'search for updates',

We have over 20 windows 8.1 machines onsite and only 7 machines have checked in with WSUS

is there any reason why this OS would have issues checking in with WSUS or downloading updates in general?
We have Windows 10 build 1607 with RSAT installed. We are trying to use it to connect to an internal WSUS server running Windows 2008 R2 on port 80. Each time we try to connect it says it can't connect to the server on that port. We have verified that WSUS is running on port 80 and the computer is in the proper group on the domain. Is there something else we can do to troubleshoot or fix the problem?
A security patch can't be applied to a Exchange server and the server is repoerted as 99% completed. On the Window update of the Exchnage server, it is reported as up-to-date.

Any idea why the patch can't be updated ? Is it possible to remove the update for this server only such that it will reported the status as 100%

Hi, I have following simple questions as our SCCM admin is off and needs some things to sort out as I am new to SCCM 2012.

1. I want to know what/when is the latest update check was done and if those updates are installed on all computers or not. Basically I also want to see list of all latest patches deployed by date installed.

2. Also how do I see how often the updates are checked and deployed ?

3. There was a recent critical update issued by Microsoft MS16-037, how I make sure it has been downloaded and installed.

I have stood up a new 2016 WSUS and was hoping to just move the database but even after closely following the procedure and mounting it in the new SQL2014, WSUS was unable to read it.  I suspect it has something to do with a restructuring of the database:  See this

I have both the old SUSDB2 and the new one mounted in SQL and can toggle WSUS via the registry,  Is there some other way to copy the approvals and declined update list to the new database?
On Demand Webinar: Networking for the Cloud Era
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.


I recently managed to setup our WSUS server and i have the majority of our corporate client computers checking in and downloading their updates. I noticed that our storage was being filled rapidly by updates, therefore i removed products from the products list and only selected Windows 10, Windows 7, Windows 8.1, Windows Server 2008 and Windows Server 2012 (including R2).
I only selecting Critical updates from the classifications list.

At the moment, there are 404GB worth of updates being downloaded. Is quantity normal for Critical Updates only?

I purged the database and removed all updates from the drive, there are still 404GB of updates downloading.

Any ideas?

WSUS server installed on Windows Server 2016.

WSUS server reports that all of the 40 servers that we have in the group are missing 100+ updates, random numbers.
We dont store WSUS downloaded content locally, we have setting in WSUS: Do not store updates files locall; computers install from Microsoft Update  (we just using WSUS for reporting piece).

I have tried deleting all servers from Computers on WSUS, they all came back with same amount of missing updates.
Ran following command on client servers:  wuauclt /detectnow /resetauthorization

Cant figure out why WSUS is reporting so many missing updates on all of the servers.

Any suggestions would be great help,
I am running Server 2012 64-bit, and a standalone WSUS 4.0 (Version 6.2.9200.21848) that is manually updated every day via offline file transfer and meta-data import from an air-gapped online WSUS Server. SQL Server 2014 is running locally on the WSUS server to host the SUSDB. I have recently re-indexed it to try and fix this issue.

Ever since it updated from 6.2.9200.18324 to the newest version WSUS Console is crashing when I try cancel the download of a Definition Update for Windows Defender, Security Essentials, or Endpoint. It only crashes on those types of updates. I need to cancel the download since it is offline. I am not sure why it is trying to download the update files when they already exist in the file storage location. Files are transferred long before the meta-data is exported. moved, and imported into said offline server.

The error message displayed is as follows:
Problem Event Name: CLR20r3
Problem Signature 1: mmc.exe
Problem Signature 2: 6.2.9200.16496
Problem Signature 3: 50ece2e8
Problem Signature 4: Microsoft.UpdateServices.BaseApi
Problem Signature 5: 6.2.9200.21848
Problem Signature 6: 571cc7c5
Problem Signature 7: 61e
Problem Signature 8: 1b
Problem Signature 9: System.Data.SqlClient.Sql
OS Version: 6.2.9200.
Locale ID: 1033
Additional Information 1: 9950
Additional Information 2: 99504e5b16d00ac2776c5771c670163c
Additional Information 3: cd67
Additional Information 4: cd67b1856d9540b8bc614699ba4bb3cf

I have run the …
Hello All,

I stuck with very odd issue .

One server running with 2k8r2 last patched on Aug 2015 not due to wannacry client asking to patch the server.
If i am checking the old patches in WSUS ,its showing declined & expire .
This server doesn't have internet , I try to installed monthly rollup for march but it got failed.

Is there any way to patch the server ???????
Please help
Hello All,

WSUS client running with win2k8 R2 unable to sync with WSUS server running windows 2k8r2.

Performed many steps as mentioned below but no luck, please help

1. Stop the Automatic Updates service and BITS service.
net stop wuauserv
net stop bits
2. Delete “%windir%\softwaredistribution” directory.
3. Start the Automatic Updates service and BITS service. When these two services
have been started, they will auto-create “softwaredistribution” and its subfolder
at system directory.
net start wuauserv
net start bits
4. Stop the Cryptographic Services
5. Rename the C:\windows\System32\catroot2 folder
6. After the “%windir%\softwaredistribution” directory has been generated, please
let the client contact the WSUS server immediately.
wuauclt.exe /resetauthorization /detectnow
7 checked the WSUS client dll version found updated.
8. run sfc scannow
9, WSUS cleanup wizad executed
10. Windows Update troubleshooter excuted but still same issue
11. windows update log didn't help.
 12. Checked registery path & found client poiting to correct wsus server.
13. able to browse the http:// wsus server IP
14. server patch level updated.
We are having issues where half the client (windows servers) fail to install the package.
We have been using this fine in the past.
Which logs should I look at to determine the issue?

Also the wsus console gives "error: connection error" message while opening.
It had done that 1 time earlier and we reinstalled wsus on the SCCM server. But the issue has come up again after a week.
I configure a WSUS server. Sync to Microsoft Update, Workstation detection & reporting everything is fine but stack patch download & event log shows error: code. 364
""Content file download failed.
Reason: HTTP status 404: The requested URL does not exist on the server.
Source File: /Content/CD/
Destination File: D:\WSUS_UPDATES\WsusContent\CD\

Code: 10032 "The server is failing to download some updates."

Can anybody help me?

I am having an issue when configuring WSUS on Windows Server. I have tried on Windows 2008 R2 and Windows 2012 Standard using Group Policy Management.

It is currently setup using a GPO that is linked to a Testing OU in AD, the policy is configured correctly and is correctly linked.
The WSUS server is synchronized to Microsoft Update Servers and I have forced the GPO on to my desktop computer.
In addition I have added a Computer Group to WSUS and added this group to the GPO.

The WSUS is not picking up my computer in any of the Computer Groups on server.

As i mentioned above, I configured it on two separate servers , Windows 2008 R2 and Windows 2012, because i thought it could be a compatibility issue between Windows 7 and Windows 10 clients. All firewalls are disabled on both server for testing.

Can anyone suggest were i might be going wrong or something i might have missed??

I have Windows Server 2012 R2 Datacenter and installed WSUS Server in it.

I am keep getting attached error. while checking updates.

I tried to reinstall WSUS and tried some fix it solution but with no luck.

also client pc not getting any update from a 3 weeks.

Any one can help.
Enroll in June's Course of the Month
Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

I want to run WSUS on my network but the only server that has plenty of space on the Dell Powervault running Storage Server 2008. I see that i can add the role. The question is does it work properly installed on this OS for an environment?
We have one WSUS server in our Head Office and we want to push Windows Updates on remote site computers with the help of Branchcache.

Is there any need to deploy WSUS Repository servers on remote locations or cities?

Step by Step procedure required.

Current Scenario:
Head Office : PDC1 and WSUS
Other Cities : Only clients, server not available.
We don't have SCCM.
Hi Experts,

I have a WSUS 2.0 SP2 environment, using Server-side trageting, but some clients are getting a registry entry for TargetGroup, as if they were managed using Client-side targeting. Interestingly the TargetGroup name is not even vaguely valid - is a seemingly random string, over 255 char long, and so fails without attempting to connect to anything.  I have never used Client-side targeting.

Have searched the GPO's applying to these targets, and manually deleted the TargetGroup entry to see if the GPO would re-populate it, but it remains blank.  Sometime in the next 30 days or so (when i go to test patches again), the clients stop responding, and the registry entries have changed again.  

Note is only some clients, but seems to be the same ones each time.

Any clues would be appreciated,
We are running WSUS and clients are currently scheduled to download and install patches once a week. In the GPO, you can only choose daily or a single day of the week. We would prefer to schedule the installs on Tuesdays and Wednesdays. Is this possible? Maybe create two GPOs under the same OU with different schedules?
Hello 3 WSUS related Q's for Win 7 clients:

1. MS have released a Convenience rollup 3125574, does that ever change month to month?  Will it need periodically downloading to keep current for new machine installs?
2. I am already periodically downloading the latest Monthly update roll-ups and assuming the May roll-up contains all previous months updates. Correct?
3. I want to auto approve the Malicious Software Removal Tool but it lives in the update Roll-up part of WSUS, I don't want to auto approve all Update Rollups how can I just specify the Malicious Software Removal Tool?

Hi All,

I want to appove a Windows Update on a down stream server, but get the following message

the files for this update have not yet been downloaded.  the update can be approved but will not be available to computers until the download is complete

WSUS issue
I dont see the same message on the upstream server.

The server is Windows 2012 R2

Any ideas?





Articles & Videos



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.