[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hey fellow experts!

With WSUS, I need to deploy a ton of patches to computers in a test OU. If the updates run fine, how do I 'Re-deploy' the same set of updates to my users? I don't know of a way to go back in and approve them again, or how to find the EXACT updates? Any help is appreciated. Thanks in advance, guys.
Amazon Web Services
LVL 12
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Dear all,

i am getting below error code from windows 7 system.


Server OS:- windows server 2012R2

I have build the SQL Server 2016 and installed the SQL instance SUSDB,  I have WSUS server  already in production, which is broken due ti SQL express  2017. I am unable to attach the database due number of error and service pack etc.

i have question how i can direct to  attach my wsus server to newly install SQL instance SUSDB on SQL server 2016, so WSUS server can bring into  working condition again.


I have a Windows Server 2012 R2 when I try to do an update I get the error on the screen saying:

Windows could not search for new updates.

Error found: Code 800B0001 Windows Update ran into a problem.

Our system is set to get downloads from WSUS which comes from a server running.

Windows SBS 2011 Standard.

Here is the error I get from the WindowsUpdate.log

2018-10-04      11:56:32:384      1000      17e4      Agent      *************
2018-10-04      11:56:32:384      1000      17e4      Agent      ** START **  Agent: Finding updates [CallerId = AutomaticUpdatesWuApp  Id = 50]
2018-10-04      11:56:32:384      1000      17e4      Agent      *********
2018-10-04      11:56:32:384      1000      17e4      Agent        * Online = Yes; Ignore download priority = No
2018-10-04      11:56:32:384      1000      17e4      Agent        * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2018-10-04      11:56:32:384      1000      17e4      Agent        * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2018-10-04      11:56:32:384      1000      17e4      Agent        * Search Scope = {Machine & All Users}
2018-10-04      11:56:32:384      1000      17e4      Agent        * Caller SID for Applicability: S-1-5-21-352409598-822902541-617630493-500
2018-10-04      11:56:32:384      1000      17e4      Agent        * RegisterService is set
2018-10-04      11:56:32:384      1000      17e4      EP      Got WSUS Client/Server URL: "http://Server1:8530/ClientWebService/client.asmx"

I want to run a report on my Windows Update Server to show list of computers that have contact the WSUS server.  

Is it possible to export the result to a CSV file?

Please advise how to do it.

2.jpg1.jpgI have an upstream server and 16 downstream servers configured in replica mode. I see every day that downstream servers are syncing with properly but still server status report is not syncing. I have attached the screenshot.
I'm deploying WSUS via GPO.
- WSUS is working well including ccorrespondig download packages.
- GPO for Automatic Update on Domain controler setting as following :
  1) Configure automatic updating: 4- Auto download and schedule the install
  2) Schedule install day: 0- Every day, Schedule time: 10:00
  RESULT: ALL clients was affected/managed by GPO, but the TIME check update incorrect. They always showed last checked update at 7:50 AM everyday. (See attached file)
What am i missing ?
Anyone can help me ? Thanks.

DC and WSUS: Windows Server 2012 Std
Clients: Windows 10, 7 and Server 2012 Std.
How to auto uninstall and install exe problem.  By GPO, WSUS/ SCCM?

Windows Server 2016 Version 1607 does not update through WSUS and/or internet. Tried stopping bits and update service, deleting the SoftwareDistribution folder and also searched for updates with firewall on and off. The wsus server is correctly set through group policies. The updating process is stuck at 0% downloading. On some servers it helped deleting the softwaredistribution folder, on some it does nothing. I do not know what to do next.

Please help me!

We are running WSUS on a Windows 2016 server to deliver Windows Updates to our Windows 10 workstations.

There is a workstation which is not searchable in All Computer in the WSUS console.  Does anyone know why?  Checking the Windows Update history on the workstation, the last Windows updates being successfully installed was few months ago.  For some reason, the workstation has no issue receiving the Windows Malicious Software Updates.  

From the WSUS itself, is it possible to run a report to know which computer(s) are not able to successfully communicate to the WSUS server?

Many thanks.
Angular Fundamentals
LVL 12
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

SBS2008 WSUS 3 sp 2 broken again, reinstall won't work. I had a full working WSUS 3 sp2  on my SBS 2008 server. Fully patched. Somehow it did not synchronize anymore. Tried full reinstalling after everything else failed as described in many articles, like here; but at configuring database it fails. Please see attached log files for Setup WSUS. I'm clueless.
Only 7 workstations (win7) in the domain and they  are also fully patched. Installing from a terminal session with the server.

Error logs:
Windows Server Update Services 3.0 SP2 could not be installed. For more information, see the Setup logs "C:\Users\Sbsadmin\AppData\Local\Temp\WSUSSetupmsi_180909_1026.log" and "C:\Users\Sbsadmin\AppData\Local\Temp\WSUSSetup.log" .

Both are attached, any right diretion would be appreciated.
WSUS sync issue Event ID 10022, log error:

2018-09-04 09:42:41.059 UTC      Error      WsusService.60      SoapUtilities.LogException      USS ThrowException: Actor = , Method = "http://www.microsoft.com/SoftwareDistribution/GetUpdateData", ID=349eb315-f9da-4550-82c5-f31a8b977c0d, ErrorCode=InvalidCookie, Message=Cookie decryption failed. Error: Deserialization failed after decryption. Error: invalid header
Parameter name: buffer.
   at Microsoft.UpdateServices.Internal.SoapUtilities.LogException(SoapException e)
   at Microsoft.UpdateServices.Internal.WebServiceCommunicationHelper.ProcessWebServiceProxyException(SoapHttpClientProtocol& webServiceObject, Exception exceptionInfo)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetUpdateDataInChunksAndImport(List`1 neededUpdates, List`1 allMetadata, List`1 allFileUrls, Boolean isConfigData)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetAndSaveUpdateMetadata(List`1 updates)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.CatalogSyncThreadProcess()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, …
in our company we want to install WSUS for multiple branches.
from main office we want to approve the updates.
I need to create  WSUS proposal drawing and PPT if someone can provide me a sample for the same it will be very helpful.

Thanks & Regards,
Mohammed Afroz
Hi Experts,

We have recently had some updates go through our company and they are crashing and/or blue screening many systems.

We have security and critical patches deployed automatically to workstations.

I haven't been able to pin point exactly which update it is and need to to stop it on the other systems and deny it in WSUS.  The only clue is update 434885.  

When I google, there are several.

Is there more than one of these that is known to crash systems?  What else can I do?  Has Microsoft addressed this?

I can't find anything concrete and didn't know if anyone knew exactly which updates these are.

Thank you,

I have a server (domain controller) that has a group policy that defines the location of the WSUS server.  For some reason this setting is not being applied to the server and it can not find the wsus server to get updates, rather goes online to microsoft.  This worked until approx 3 weeks ago when I noticed it was not reporting to the wsus server.  I have tried to force the policy using gpupdate /force but it still does not update.  I also tried manually adding the wuserver location to the registry for a quick fix but it will not allow it.
We presently have 1 WSUS server 2008r2 and we have it provide updates to another site that is 50 miles away.  There is a 3mg connection between the sites, but we constantly have users complaining that their machine runs slow at both locations.  What could be the issue or possible solutions to this?  Also best practices would be great.  We only have 1 WSUS device across the whole network with 30 or so users at another site and about 100 locally.
Hello, I have a task that involves SCCM 2012 R2 re install off wsus and iis as i can no longer access wsus through the console and the MP is no longer processing http requests.

Servers SCCM 2012 R2
Server SCCM01 Pri: 2008 R2 : SQL Database: SUP wsus day
Server SCCM02 MP: OS 2008 R2 : WSUS 3.0 failed:IIS Failed
Server SCCM03 MP: OS 2008 R2 : WSUS 3.0:

In what order do I uninstall WSUS will i have to uninstall the SUP and delete the SUP instance from the sql server then remove WSUS ver 3 with the hot fixes and uninstall IIS then reboot the server and re install.

I have trolled the internet and to no avail have i managed to find a good comprehensive guide I am really not sure in what order to do all this and if i really need to uninstall the sup instance.

Any Help would be really greatly received.
I do not have access to the SCCM server ... only the Windows 7 clients. How to fix software center "Waiting to install"? This is a common problem on many clients, but not all.
I have tried:
foreach($i in gwmi -Namespace root/ccm/policy/machine/actualconfig -Class ccm_softwaredistribution -Filter "ADV_AdvertisementID='CS123456'"){$i.delete()}

Open in new window

This only seems to address the applications that were waiting, not the updates.
Hello ,

I have some queries  regrading NEW WSUS server setup , Please provide your suggestion on below mentioned points.

1.  Which DB should use WID or SQL Express ?
2. Is it recommended to push Services pack to  WSUS client machine like (win8/10 ),As services pack comes with hefty file size &  it may impact network perform if same time all machine try to get update from WSUS?
3. In case of downstream wsus server , Do we need to have DB for respective downstream server ?

Please help me out with these queries .

Become a Microsoft Certified Solutions Expert
LVL 12
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Can anyone tell me how to interpret the following WER file:
Sig[0].Name=Stack Version
Sig[6].Name=Failure Source
Sig[7].Name=Start State
Sig[8].Name=Target State
Sig[9].Name=Client Id
DynamicSig[1].Name=OS Version
DynamicSig[2].Name=Locale ID
AppName=Windows Modules Installer

Open in new window

I am getting lots of Critical WER logs for several office users, especially for one in particular who has 6 such new logs just today. In addition to the "Sig[1].Value=Package_for_RollupFix", I have Sig[1].Values for KB3035132, KB3110329, KB3156016, KB3078601, KB3156019, KB3035126. These all appear to be related to Windows Update, but when I go into Windows update I see no failures listed.

What are these WER logs telling me?
How are people managing the huge Windows 10 updates with WSUS and Group Policy?  The Fall/Spring updates have been rather large and once installed take a while to configure.  We are using Windows 10 Pro and WSUS.  I have WSUS configured to install the update and not force a reboot but once the users reboot it takes a while.  Id like to schedule this to happen outside of working hours so the users aren't waiting ages whilst it reboots and configures.
Windows 2012R2 - Windows Update failed - Error code 8024200D.  No matter what patch I select, same result. This server is a Domain Controller (Hyper-V VM) and is not part of our WSUS patching process. I have tried all the recommended procedures:

DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess
sfc /scannow
ren c:\Windows\SoftwareDistribution SoftwareDistribution.old

Event Viewer:
Installation Failure: Windows failed to install the following update with error 0x8024200D: Update for Windows Server 2012 R2 (KB3012702).

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
  <TimeCreated SystemTime="2018-06-20T20:20:42.043966100Z" />
  <Correlation />
  <Execution ProcessID="820" ThreadID="3052" />
  <Security UserID="S-1-5-18" />
- <EventData>
  <Data Name="errorCode">0x8024200d</Data>
  <Data Name="updateTitle">Update for Windows Server 2012 R2 (KB3012702)</Data>
  <Data Name="updateGuid">{9F2B73BF-67B5-4803-AC0A-1108B5750220}</Data>
  <Data …
Hi Everyone,

How to setup software upgrade group (SUGs)? Can you show me how to configure in SCCM console or GPO push down the windows updates & security to the clients.

How to retrieve full software report for SCCM


Windows patch overnight has stripped my server 2016 build! Removed Hyper-v, removed all (domain) user folders and left a raw Administrator folder to sign in with. It left no windowsold folder. Had to install LSI software to shut up the alarm! Theres no recent server backup. Oh and its spits a general network error when trying to change the computer name or join my domain.
From what I'm reading on the internet- this is normal for Microsoft to do this???? But it usually leaves a Windows.old folder so that we can rollback to previous build?
How is this acceptable practice?!! It appears that I've lost all my work and have to start from scratch. I mean the machine's primary roll is to server Hyper-v  and I have all my guest VHDS(X) in another location but it will take me countless hours to get back to working on my current project.

Is there anything I can do?
Patch also broke my windows 10 machine. It left a windows.old folder to boot into install media and rollback but its broken too!
 Contantly cycling theough "Hold on while we get your computer ready". Whwn I try to rollback and login to the domain I get an error that the system32 desktop folder is missing or something.
Windows update is sweeping through my office like a terrible virus!
I'd like to patch an old 2003 server with several Windows updates.  Does anyone know of a relatively easy way of doing this without using WSUS.  Failing that, can anyone tell me how to install WSUS and how to use it?


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In