Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have WSUS Server 2012 which I am syncing with Microsoft website. It is showing that WSUS server is synced but when I verify the download folder no update is there. How to fix this? This is very urgent

Event ID:364
Error: Content file download failed. Reason: Error calling [kernel32.dll]:CreateDirectory(E:\WSUS1\WsusContent\B6) Source File:  Destination File: .
[Webinar] Lessons on Recovering from Petya
LVL 10
[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Windows 2012 R2 server running WSUS for ages, out of the blue has stopped working. Checks from clients show 8024401F. Server shows a few errors:

Self-update is not working.

The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)

Fault bucket , type 0
Event Name: WindowsUpdateFailure3
Response: Not available
Cab Id: 0

Problem signature:
P1: 7.9.9600.18756
P2: 8024401f
P3: D67661EB-2423-451D-BF5D-13199E37DF28
P4: Scan
P5: 1
P6: 0
P7: 0
P8: SelfUpdate
P9: {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
P10: 0

Attached files:

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: 88bfccdd-9cf4-11e7-80d6-00155d00230f
Report Status: 262144
Hashed bucket:
From windowsupdate.log
2017-09-18      21:39:29:807       920      146c      EP      Got WSUS SelfUpdate URL: "http://dc01.domain.com:8530/selfupdate"
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x801901f4
2017-09-18      21:39:29:807       920      146c      Misc      WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x801901f4
2017-09-18      …
Hi All,

I've got primary WSUS in the Head Office which downloads the updates and then distributes it into the Site Office 1, 2 and 3.
now, the Site Office 3 WSUS has broken, I need to know how to break the replication so I can just set it as the normal stand alone WSUS server directly downloading from the internet.

Can anyone here please let me know how to break the WSUS structure so that the site office which is now Synchronizing to the head office WSUS server can now be standing on its own?

I'm using WSUS 4.0 on Windows Server 2012 R2.
I have windows server 2012 Wsus Server and I have windows 10 systems in the same domain. but windows 10 system Updates are failed through WSUS.kindly help on this.
how to delete WSUS Database Manually?
We have an offsite location with a site to site tunnel setup.  For some reason, all of the devices on that side of the tunnel (opposite side of the WSUS server) can't download updates.  In the WSUS console, they show up as not reporting their status in 300+ days.  Any ideas why this is happening?  Its not the firewalls or IPS, we just switched brands and confirmed with the vendor (24/7 support with them)

I went on the servers and ran 'wuauclt /resetauthorization /detectnow'

Here is the results:

2017-09-07	13:07:31:631	 936	149c	Misc	===========  Logging initialized (build: 7.9.9600.18756, tz: -0500)  ===========
2017-09-07	13:07:31:631	 936	149c	Misc	  = Process: C:\Windows\system32\svchost.exe
2017-09-07	13:07:31:631	 936	149c	Misc	  = Module: c:\windows\system32\wuaueng.dll
2017-09-07	13:07:31:631	 936	149c	Service	*************
2017-09-07	13:07:31:631	 936	149c	Service	** START **  Service: Service startup
2017-09-07	13:07:31:631	 936	149c	Service	*********
2017-09-07	13:07:31:631	 936	149c	IdleTmr	Non-AoAc machine.  Aoac operations will be ignored.
2017-09-07	13:07:31:631	 936	149c	Agent	  * WU client version 7.9.9600.18756
2017-09-07	13:07:31:631	 936	149c	Agent	WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2017-09-07	13:07:31:631	 936	149c	Agent	  * Base directory: C:\Windows\SoftwareDistribution
2017-09-07	13:07:31:631	 936	149c	Agent	  * Access type: No proxy
2017-09-07	13:07:31:631	 936	149c	Service	UpdateNetworkState 

Open in new window

I can able to find the Creation date by using the command GetUpdateApprovals.

But I approved the "Update123" to Group1 @ 01,Jan'17

and I approved the same update to Group2 @ 07, Sep'17

This command's output showing the same creation date for both groups.


Group name       Creation Date


Group1              07, Sep'17

Group2              07, Sep'17

Please guide me to view the exact approval date from Powershell.
Should my computers appear in the WSUS console even if I have them connecting directly to windows updates via GPO?

I have been following the instructions on this link and I have ran both the script to change the identity:

$updateServer = get-wsusserver

$config = $updateServer.GetConfiguration()

$config.ServerId = [System.Guid]::NewGuid()


and also the command to generate encryption key:

%ProgramFiles%\Update Services\Tools\wsusutil.exe postinstall

This link then states to verify the configuration by checking to see if the computers that existed on the source server now appear - but they do not appear! I migrated the binaries previously but I put them into a folder I crated on the c: drive and I'm not sure if WSUS on the new server knows where to look to find these. I'm in a bit of a mess with this one, are there any experts on here with working knowledge of migrating WSUS servers?
I have already a wsus server but I recently created a SCCM server and now wants to link wsus server with SCCM.
Free Tool: Site Down Detector
LVL 10
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I am trying to use this cmdlet to stop all downloads to my WSUS to try and correct an issue that I am having where the WSUS MMC console crashes when I try to manually cancel a download via the interface. It is ONLY the windows defense/essential definition updates that cause this crash, and usually only when the version number reaches 4 digits anywhere in the version number string. Truly frustrating, especially since it doesn't happen all the time.

I am trying to use these command module functions: https://learn-powershell.net/2010/11/14/wsus-administrator-module/

I cannot connect to my WSUS using this modulke function (after importing it), and I cannot seem to use the (Get-WSUSServer).CancelAllDownlaods() function either within or outside the module function.

Anyone know anything about how to use powershell to cancel all WSUS downloads. killing bitsadmin and removing the bitsadmin files doesn't work, and you can't kill the bitsadmin processes.
I was installing updates on our WSUS server last week and got an error 0x8024401F.  I've uninstalled the installed updates but still get the same error when checking updates.  This has, obviously, affected all clients as the update server is now unavailable.

Here's the section from the log where it's failing:

2017-08-18 19:49:18:309
380 11a0
AU #############
2017-08-18 19:49:18:309
380 11a0
AU ## START ##  AU: Search for updates
2017-08-18 19:49:18:309
380 11a0
AU #########
2017-08-18 19:49:18:309
380 11a0
AU <<## SUBMITTED ## AU: Search for updates  [CallId = {34705645-C701-43D5-92BD-C5B772A8BD52} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2017-08-18 19:49:18:309
380 1388
Agent *************
2017-08-18 19:49:18:309
380 1388
Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdatesWuApp]
2017-08-18 19:49:18:309
380 1388
Agent *********
2017-08-18 19:49:18:309
380 1388
Agent  * Online = Yes; Ignore download priority = No
2017-08-18 19:49:18:309
380 1388
Agent  * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2017-08-18 19:49:18:309
380 1388
Agent  * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2017-08-18 19:49:18:309
380 1388
Agent  * Search Scope = {Machine & All Users}
2017-08-18 …
Think I broke my SCCM. Its all grayed outt. I have reinstalled WSUS and the role again still no use can someone please help
WSUS is being used to install Windows Updates on all PCs in this environment.
A recent batch of updates seems to have broken Office functionality. I want to remove them all to confirm if it is actually the updates that are causing the problem.
However when I try:

wusa /uninstall /kb:%%

Open in new window

This shows me that "KB%%% is not installed."
This is obviously not true since I see the KB in the "Installed Updates" list and can uninstall it manually.

I had a similar issue a few weeks ago and found that running msiexec works in this environment. In that case I had to remove a specific KB and used this command which I found in another forum:

psexec /accepteula \\%%a -e -w C:\ %Windir%\System32\msiexec.exe /I {90140000-0012-0000-0000-0000000FF1CE} MSIPATCHREMOVE={70DAB69D-244C-403A-9C0F-CB7748CD2991}

Open in new window

My question is how can I find these parameters in that command:
{90140000-0012-0000-0000-0000000FF1CE}  and {90140000-0012-0000-0000-0000000FF1CE}

since I think I will need to find those for each update in order to uninstall on all PCs.
Or is there another option?
Hi everyone.  We just went through our monthly pilot patching cycle last night and out of 17 servers on the list, we encountered errors with five of them.  Two (the 80244019 errors) showed patches available to download and install and also checked in with WSUS earlier in the day, prior to scheduled patching.  Three showed no patches available, but threw an error message (either 8024401f or 80244008) when I attempted to check for updates.  Two months ago (the last time I was on the hook to update servers), I did not see these errors.  I do not believe the individual who ran the patches last month saw these either.  Nothing I'm seeing in the Windows Update log leads to anything that would seem (to me, at least) to apply.

We have a script that does a number of different things to troubleshoot the issue.  Rather than listing them out, I've copied the script below.  I'll also upload the WindowsUpdate log files.

Beyond this, I found the WSUS Client Diagnostics Tool and there is a single error message that appears on every failed machine, but my Google Fu must be weak as I'm not seeing anything that makes sense.  There is no proxy server are there were not a lot of patches approved (and we've approved far more in the past, successfully).

Here is the script we run:

GetFileVersion(szEngineDir,&susVersion) failed with hr=0x80070002
The system cannot find the file specified

I've also checked that bandwidtch if perfectly fine; I can manually copy hundreds of Gb from the …
Hi All,

I get the following error when I check for updates:

There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information: (0x80244022)

I then RDP to PRODWSUS01VM which is the windows update server set in my registry.

I ran the Update Services snapin and tried to connect to PRODWSUS01VM but I get the following error:

WSUS console
Can anyone here please assist me what stepsI need to do to ensure the WSUS is working again in my AD domain ?

Hi All,

WSUS Clients are showing status "Not Reported Yet"

We have WSUS Server where clients are not receiving updates by the Server and the status is Not Yet Reported

System Support
hi team

we require a script which will copy the reg file to remote servers and add it in registry.

we are implementing wsus. we don't want to use the GP. so we would like to add the reg key in our servers. please help to provide a nice script.
Hello, on WSUS post installation, i am getting this error, and attached is the "tmp919A.tmp"

Log file is located at C:\Users\USER\AppData\Local\Temp\2\tmp919A.tmp
Post install is starting
Fatal Error: Attempted to perform an unauthorized operation.

any help ?
On Demand Webinar - Networking for the Cloud Era
LVL 10
On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Hi All,
We have SCCM 2012, Current Branch.
Been installed (by a consultant) about 6 weeks ago. We have ran into an issue with clients updating and not sure if they have ever updated since it's been installed
I think (I will double check) most of our clients are showing the following errors from the windowupdate.log

2017/08/03 22:09:18.4202729 312   3520  ProtocolTalker  SyncServerUpdatesInternal failed 0x8024401c
2017/08/03 22:09:18.4246690 312   3520  Agent           Failed to synchronize, error = 0x8024401C

I have attached logs from 3 Windows 10 machines. These include WU log and WUAHandler.log
Also attached are 2 SCCM Log files

What I have tried.
1. Can telnet onto port 8530 from any client machine
2. Checked event logs
3. Rebooted SCCM Server
4. Made the changes as per this article - all through I don't think it was relevant - https://blogs.msdn.microsoft.com/the_secure_infrastructure_guy/2015/09/02/windows-server-2012-r2-wsus-issue-clients-cause-the-wsus-app-pool-to-become-unresponsive-with-http-503/
5. Ran through this article - https://technet.microsoft.com/en-us/library/bb735874.aspx.
But still haven't been able to crack the issue.

1. Can you still use WU to check for updates that will just go to your SCCM Server and expect to find and install updates? Or do updates get installed differently using ADR's?
I was expecting to click "Check for Updates" and find available updates.

2. Under update history, would I still see updates …
Hi Experts

is there anyway get a report of last patched status of group of servers from wsus. I want to know when was the  patches installed last.
I had this question after viewing On an SBS 2011 server what do you think about turning off WSUS and how would you do that?.

The SBS Console shows that the 3 workstations are missing 10 or 11 updates that have been downloaded.  But the Updates tab of the console does not show any undeployed updates and the workstations think they are up to date.
Microsoft updates are getting too large and take too long to download. I work for a school and we have over 250 windows computers that share 100MB internet and they take a long time to update and update at bad times. i am trying to create a wsus server, but keep getting connection errors. we have a xtm525 watchguard firewall and was told there may be a way to prevent the updates at different times. is this correct? Does anyone know how?

thank you

we have mulitple machines running Windows 8.1 , those machines are their respective OUs in AD and there was a policy created for them to point towards our WSUS server onsite to get their updates, up until this month the machines were receiving them correctly, this month however multiple machines are stuck on 99% in WSUS,  once we check the details of the updates we see that the same 3 updates for the windows 8.1 machines will not install, we have marked them for removal and set a specific deadline but the deadline passed and still the machines status do not change and remain at 99%, can anyone please advise?

the three updates -

WSUS error: connection error
i can get the console open, but after using it a while i get this error.

2017-07-18_7-21-28.jpgthis is what it shows in the event log.
The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The operation has timed out


Stack Trace:
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.ApiRemotingCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, Int32 publicationState)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPSearchUpdates(String updateScopeXml, String preferredCulture, ExtendedPublicationState publicationState)
   at Microsoft.UpdateServices.Internal.BaseApi.Update.SearchUpdates(UpdateScope searchScope, ExtendedPublicationState publicationState, UpdateServer updateServer)
   at Microsoft.UpdateServices.UI.AdminApiAccess.UpdateManager.GetUpdates(ExtendedUpdateScope filter)
   at …


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.