WSUS

854

Solutions

997

Contributors

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi

we have mulitple machines running Windows 8.1 , those machines are their respective OUs in AD and there was a policy created for them to point towards our WSUS server onsite to get their updates, up until this month the machines were receiving them correctly, this month however multiple machines are stuck on 99% in WSUS,  once we check the details of the updates we see that the same 3 updates for the windows 8.1 machines will not install, we have marked them for removal and set a specific deadline but the deadline passed and still the machines status do not change and remain at 99%, can anyone please advise?

the three updates -

KB4025336
KB4025333
KB4025252
0
Enroll in July's Course of the Month
LVL 9
Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Just setup a WSUS server on Server 2016.  Group policies are set and our test systems are checking in to WSUS just fine.  However, they're not showing any Windows 10 updates as needed by the machines.  If we interactively run Windows Update, they need (For example) June and July's monthly security patches.  WSUS says they're not needed or applicable.

We ARE seeing all Office updates that are needed by the machines.

I've read about the various hotfixes and patches needed to make Windows 10 work properly under WSUS, but those are only for 2012 or 2012R2.  No known hotfixes or patches I can find for WSUS under Server 2016.

Any ideas?
0
WSUS error: connection error
i can get the console open, but after using it a while i get this error.

2017-07-18_7-21-28.jpgthis is what it shows in the event log.
The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The operation has timed out

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, Int32 publicationState)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, ExtendedPublicationState publicationState)
   at Microsoft.UpdateServices.Internal.BaseApi.Update.SearchUpdates(UpdateScope searchScope, ExtendedPublicationState publicationState, UpdateServer updateServer)
   at Microsoft.UpdateServices.UI.AdminApiAccess.UpdateManager.GetUpdates(ExtendedUpdateScope filter)
   at …
0
Hi all,

We have a setup, where all computers are connected to the Head Office WSUS server so that we have a better visibility of all computers and we control which updates need to be downloaded.

Some of the computers are at our remote sites (connected via VPN) and we would like to reduce the bandwidth. Thus, we were thinking of having a physical server at our remote site which downloads the updates that we at the Head Office authorise and the clients download from the local WSUS site server.

The administrator still needs to control everything from the Head Office and authorise updates from 1 location (HO).

Thanks.
0
We are a corporate environment with a single WSUS server. We have our main headquarters where the majority of our devices reside, but we also have a few remote offices with slower internet connections. Our issue is that ever since we started deploying Windows 10 to PCs at our remote locations, we started having big bandwidth issues at those remote locations when deploying Windows Updates with WSUS. I see in previous operating systems you could throttle the BITS service with a GPO. That doesn't appear to be an option for Windows 10 devices. Does anyone have any recommendations? Thanks!
0
Hi

I have recently installed and started running WSUS on Windows Server Std 2012 R2.
I have got all the computers on our network connecting to it.
It keep crashing and giving the following error information:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The request failed with HTTP status 503: Service Unavailable.

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()
   at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)
   at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type type, Object[] args)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetConfiguration()
   at
0
.
bgbisapi.msi could not install
0
I am starting to roll out new Windows 10 laptops in my network.  I have installed a new WSUS server on Windows 2012 R2.  In the past with Windows 7 and WSUS on 2008 server I was able to use registry keys instead of a group policy to get my machines to report in with WSUS.  I prefer this method as I can give different machines different days of week and time of day to check for updates.  Is this possible with my new WSUS and Windows 10?
0
I have setup a new server and am running WSUS 10.0.14393.0 on Windows Server 2016. Updates will download but will stop after a while.
Current WSUS status is
- Updates needing files : 5928
- Downloaded 45,683.32MB of 258,732.17MB.
It has been stuck at this for more than a week. I can see network activity occasionally which could range to a couple of gigs every 6-8 hours but the WSUS status does not change

On checking the Application event logs, i can see. Event id 364  Errors
 " Content file download failed.
Reason: The connection was closed prematurely.
 Source File: /msdownload/update/software/crup/2013/03/powerpoint-x-none_4334ff5b7aaec52b4bda630dba2aa91a89057782.cab
Destination File: D:\WSUS\WsusContent\82\4334FF5B7AAEC52B4BDA630DBA2AA91A89057782.cab"

Event id 10032 Errors
The server is failing to download some updates.

I have updated BITs to run in the foreground.
the server has been excluded from the internal Firewall, https inspection and Caching.
I have also tried removing and adding the WSUS role and WID database.
Has anyone come across something similar?
cheers
0
How can you find out when wsusoffline.net has updated its site to the latest published patches. For instance it is Patch Tuesday tomorrow so there is little point spending time updating offline computers until the newest patches releases have been incorporated in the wsusoffline site.
0
[Webinar] Learn How Hackers Steal Your Credentials
LVL 9
[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

So, we run WSUS on Server 2012 R2 for our environment.

In June, the 15th to be exact, I approved a rollup that contained a two specific patches.  When I search on those two specific patches, I can see the date I approved them since I use deadlines when I approve.  So, I know I approved the rollup and I have confirmed that the two specific KBs are in the rollup.

So, after I have run thru all of my patching, I run Computer Tabular Status for Approved Updates and it looks like all but one or two of my servers are all compliant.

Then I go back and I search on the two specific KBs and I do a detailed report and I find that over 100 servers do not have the patch in question.  

The patch was approved in the rollup.  The rollup was installed.  The Computer Tabular Status for Approved Updates report does not show any servers missing approved updates, yet my detailed report shows that the two specific KBs are needed on over 100 computers.  

This discrepancy in reporting is killing me!

So, if the KB is in the rollup, will it not show up in a report looking for the specific KB?  Or, another way to put it, will the specific KB only show in a report looking for that specific KB if the KB was installed standalone and not in a rollup?

I logged into some of the servers and I do not see the KB and that is matching up pretty well with the detailed report.

I'm just confused on why the reporting discrepancies.

Thanks

Cliff
0
Except for one client computer that recently joined the domain,  none of the 65+ clients are showing up in the WSUS 'all computers' list.   Tried  wuaclt.exe /detectnow and gpupdate /force.   No Joy.   Wsus has collected updates, 130gb worth, and seems ready to serve.   What do I do?
0
We are using wsus on our pc's.  However, we have one pc that must not be allowed to update, as we use it to connect to some archaic systems, and the newer security settings play havoc with the systems we connect to.  Asking the outfits at the other end to update their systems has been fruitless, and we can't us another outfit for this.  WSUS is managed via group policy, and I need this one pc to NEVER get windows updates or java updates, while keeping it as a member of our domain.

Any ideas?
0
Hi there,

I´ve been trying to add computers to my wsus and only one was recently added, my scenario is windows servers with ISA server and ESET antivirus that has the firewall inactive just for connection purpose and it seems that the only one who actually connected to WSUS is the one who does not have ISA client installed, any suggestion on how to get the computers connected? ( already found something related to GPEDIT.msc that work only for one computer),

regards,
0
I start a SYNC NOW on my WSUS server, and I am getting the below failed error.  Please advise.  Thanks.

InvalidOperationException: There is an error in XML document (7, 12599). ---> System.Net.WebException: The operation has timed out.
at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)
   at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetUpdateData(Cookie cookie, UpdateIdentity[] updateIds)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, Boolean isForConfig)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetUpdateDataInChunksAndImport(List`1 neededUpdates, List`1 allMetadata, List`1 allFileUrls, Boolean isConfigData)
0
Installation of SP1 was not successful then I installed System Update Readiness tool too. But still windows update is not working and Service pack installation failed.
0
I installed WSUS on my new Win 2012 R2 server a few weeks ago, as far as I can see I've followed the instructions in Seth Simmons guide https://www.experts-exchange.com/articles/18543/Installing-Configuring-and-Managing-WSUS.html very closely, apart from using SSL to secure the folders.  WSUS has been synced, & downloaded 23Gb of updates, all my Win 7 & Win10 computers have been seen & I've grouped them manually, putting a couple of each into test groups for which I have approved updates.  

I used my own Win10 1607 PC to test the process & everything ran smoothly.  So I tried one Win7 computer, it sat for ages 'checking for updates', so eventually I killed that process off, stopped & started BITS & Updates servers & deleted the files/folders in Windows\SoftwareDistribution.  Started the update again & almost immediately it found updates & they installed.  But since then I can't get a single other computer to find any updates, either 7 or 10.  

Most of my Win10 computers are version 1511, which I believe has problems but I thought Win7 had no such issues.  I left one computer that WSUS says has 60 updates needed running for more than 12 hours last night, but it never stops searching.  The Windowsupdate.log
on the laptop I'm trying now says "AutomaticUpdates      Failure      Software Synchronization      Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue…
0
Hi,

I have Windows 7, 10, and Windows Server 2008, 2012, 2012R2, Datacenter 2016 servers. I need to install a new WSUS server. I need to know the version I should install to cover these OS's?

Thanks
0
i have a windows update failing to install on a pc windows 7  (kb3039720) update for microsoft office 2013 32 bit.

i am not sure why this is failing but we use office 2010 and not 13 but still choose to install these updates through wsus

need to pin point why its failing. am i missing something on the pc, i have managed to run on other pcs with no issues ?
0
Free Tool: Site Down Detector
LVL 9
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

In Windows 10 Pro there used to be an option to 'Check online for updates from Microsoft update'. This was always very helpful because it allowed a user to check for updates above and beyond what may or may not have been approved and rolled out from my WSUS server.

That option appears to have disappeared recently. My question is this ... can they still check online for updates?

For instance, I do not want to select SQL Server under 'Products and Classifications' on my WSUS server. It is our company policy to not force those updates out via the WSUS server but to allow the SQL Administrator to check and install updates on their own.

If I don't select SQL server on my WSUS server, will they still be able to go online and check for updates for all of their Microsoft products installed on that computer?

I have read that a GPO setting can remove the 'check online' option but I don't think that is the case here because we have not changed our GPO settings for windows updates.

Even on my home non domain personal computer the 'check online' option is no longer there.
0
I have a domain with two DC's both running Server 2008 R2.
DC1 have following roles: ADDS, ADCS, DFS, DHCP Server, DNS Server, NPS
DC2 have following roles: ADDS, DFS, IIS, DNS Server, WSUS

Now I'm planning on replacing these two DC's with new ones but I'm hesitant to have all these roles on the new DC's, specially ADCS, NPS and WSUS.

How would you guys tackle this?

Worth noticing is that I have more than enough resources in my cluster to have one server for each role, but I think that's a bit over the top, and also kind of expensive :)
0
Hello, I 'm testing WSUS and want to remove an update to test this function. I have a deadline set and everything looks good per the console but my test client still has the update even though I setup a deadline. Just how long does it take for an update to be removed?
Thanks!!
0
As per subject, I find more and more hosts with significant differences in proposed updates. WSUS has been set up with automatic approval of critical and security updates, and the hosts reports no updates are needed. But  checking online Windows Update, the result is a 66 updates needed. Could it be the problematic hosts stopped reporting status on WSUS and as such I went ahed and declined updates which did not show up as needed  - i got about 400 hosts and i don't check their reporting status regularly.

I would like to understand wether my hosts need further updating or not, and I'm trying to avoid checking every single update proposed by Windows Update against its WSUS counterpart.
Client OS is Windows 2012 R2, Wsus OS is Windows 2012 R2 and  up and running since march 2014.
I perform maintenance on WSUS about 2 times/year (declining superseded updates and the such).
Thank you for any help
Ciao
0
We have Windows 10 build 1607 with RSAT installed. We are trying to use it to connect to an internal WSUS server running Windows 2008 R2 on port 80. Each time we try to connect it says it can't connect to the server on that port. We have verified that WSUS is running on port 80 and the computer is in the proper group on the domain. Is there something else we can do to troubleshoot or fix the problem?
0
Hi, I have following simple questions as our SCCM admin is off and needs some things to sort out as I am new to SCCM 2012.

1. I want to know what/when is the latest update check was done and if those updates are installed on all computers or not. Basically I also want to see list of all latest patches deployed by date installed.

2. Also how do I see how often the updates are checked and deployed ?

3. There was a recent critical update issued by Microsoft MS16-037, how I make sure it has been downloaded and installed.

Thanks
0

WSUS

854

Solutions

997

Contributors

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.