Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Group policy is applied to Win 10 computer, but the Win 10 computers settings do not change.  Specifically, we are testing a new WSUS server on the network.  We're using a Windows 10 machine for testing.  We've verified by using the Group Policy Wizard that the machine had the correct GPO applied, which has all the new WSUS server settings in it.  After confirming the GPO was "applied" to the test machine, when we pull up the GPEDIT on the Win 10 machine, we see that NONE of the GPO settings were actually applied - everything was default and not enabled.  What causes a machine to "ignore" GPO settings, when that GPO was successfully applied??  The AD server is 2008R2.

Thanks for your help
Free Tool: Site Down Detector
LVL 12
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


We recently set up a new WSUS server with Server 2012 R2 OS.
GPO's are working fine, all updates are downloaded on the WSUS server.

The problem is that the update on the client side is not downloading.
When running WSUS diagnostic tool, on the client, it says that the content is not found.

How do we fix this issue?
Permissions on the content folders are configured correctly.

Please see below:

# Solarwinds® Diagnostic Tool for the WSUS Agent
# 2018/03/12
Machine state
  User rights:                                       User has administrator rights
  Update service status:                             Stopped
  Background Intelligent Transfer service status:    Running
  OS Version:                                        Windows 10 Pro
  Windows update agent version:                      6.2.15063.674 (WU Agent update is required)
Windows Update Agent configuration settings
  Automatic Update:                                  Enabled
  Options:                                           Automatically download and notify of installation
  Use WSUS Server:                                   Enabled
  Windows Update Server:                             HTTP://WSUS-Server:8530 
  Windows Update Status Server:                      HTTP://WSUS-Server:8530
  WSUS URLs are identical:                           Identical
  WSUS URL is valid:                                 Valid URL
WSUS Server Connectivity
  clientwebservice/client.asmx:   …
i have wsus installed on windows srv 2016 when i try to make the client gate the update from wsus the wsus pool on iis stopping
so where is the problem ?
Two Hyper-V Server 2016 virtual servers are having problems downloading and installing the Server 2016 KB4074590 update.

Please provide me with instructions on how to manually download and install this update within Server 2016.

My organization currently isn't using Windows Server Update Services (WSUS).
Can I have the powershell script for .exe files multiple patch installation
We have a group policy where the pc's report to WSUS. I would like the servers to report to it also

We have a group policy for the computers but I do not see anything for the servers. At the moment each server gets  its updates from the internet

Do you have any idea where I would find the group policy for the severs?

The update control panel is locked down for the computers but its not for the servers
After spending much time and with the precious assist of experts exchange I finally managed to install a WSUS in windows server 2008. Everything now works ok except one thing. In my site I have 2 windows servers standard edition 2012 r2 that do not receive updates from WSUS. When manually try to check for updates i get error 800B0001. Could you please help me on this?
I have about 35 computers out of 325 that show they have failed updates on them from the WSUS server.
They have been on their now for about 3 days. Is there something I can do from the SUS server to get theses updates on these computers to be successful?
Hi Experts

I have set up an working WSUS schedule and got my updates downloading to my WSUS server and my clients connecting, downloading and installing the updates as expected.

However, when I check the computer group they are showing that there are 5 updates still to be installed, therefore I am seeing the yellow exclamation mark icon.

I have checked the clients, which are mainly Windows 10 machines, with a few Windows 8.1 as well, and they all say they are up to date.  

The updates are:
KB4016509 - English and Portuguese Laguage packs
KB3061064 - Update rollup for Skype for Business Server 2015 SmartSetup

I have only approved English Language packs to be downloaded.  Although I think the US language pack feature may be configured on the clients.

Is there any way of telling WSUS to ignore these particular updates.  Really need to get my Green Ticks in place !!!

I'm trying to connect MDT to WSUS to download Windows updates during the deployment of the Windows 10 image. First, I have configured WSUS to download and approve Windows updates automatically, and then in the Rules list in MDT I have add it the "WSUSServer=" of WSUS to download the updates from. Also in the task sequence I have enabled (Windows Update Pre-Application Installation) and ( Windows Update Post-Application Installation) but still does not work for me. The task sequence it does show that is trying to connect to WSUS but it cannot download any update. I'm attaching two screen shots regarding this problem. Thank you, and your help will be very much appreciated.
The 14th Annual Expert Award Winners
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Why does WSUS on server 2016 have so few products and classifications?  I just installed a new WSUS and all I see are just a few products and classifications.  Do I need to roll back to 2012 R2 or did I miss something?

Hi Experts,

I have installed WSUS application in one of the  server and is working fine. But due to issue of disk space I am needed to move WSUSContent to other location. I have used wsusutil movecontent command to move the everything to other location and it is completed without any error.

Now, the catch is that, I have moved all data to workgroup computer from the domain computer. Now when I am trying to download the updates, I am getting the following error

event ID 364:  content file download failed. reason error calling kernel32.dll createdirectory.

I have shared the folder in workgroup computer with full permission to Everyone and also have created one user with same user name and password in workgroup computer as user in the domain to avoid authentication issue. I have the registry setting as well and provide the path of WSUSContent to shared folder of workgroup content

But still got no luck.. Any help please..
Hi Everyone

I have finally got WSUS configured and updating my clients as I want.  I have set critical and security updates to Auto Approval and everything else to install automatically once specifically approved.

Assuming everything is OK with the Test OU I will push out to the rest of the domain.  I havent yet got round to the servers as I wanted to make certain I wasn't rebooting them unexpectedly.

I just have a couple of things that I wanted to clear up.  

1.  Am I right in thinking the Microsoft Updates are released monthly (every 2nd Tuesday) ?

2. Is there any websites or similar that list known problematic updates so I'm not blindly approving things that could cause a problem.  I have had a look at the Microsoft Update website and it appears to show Known Issues that the updates will fix.  We had a problem some time back with an Office update and it took a lot of googling to identify the specific update.

Thanks for reading :)
Hello - I am running SCCM 2012 R2 and when attempting to pull a list of Adobe updates (product) from filtering, I do not have Adobe listed as a product. Another tech that has been here longer mentioned that we needed some sort of plugin. Can you advise as to what I need to do to allow Adobe updates as a product list within SCCM?

Thank you so much.

Hi, will try briefly explain the problem: hundreds of Windows 10 pc’s, versions: 1511, 1607, 1703, 1709 in WSUS environment (Win2012R2).
Is it any way to have them divided in groups? Can this be done in WSUS?
Is it any scanning software that can help to identify: IP, OS/ver of pc’s in “delegated” OU of an enterprise?
Thank U.
Need to configure new WSUS server to support Windows 2010 Enterprise workstations.

My current environment.
DC1 = Windows 2008 R2
DC2 = Windows 2008 R2
Forest and Domain Levels are at 2003

Need to implement WSUS for my environment which is now all Windows 10 Enterprise.  I installed WSUS in the past but I'm hearing that it is a feature in Windows 2012 R2 server which I'm currently running.  When I install the WSUS on my Windows 2012 R2 server I believe it is the 3.0 version and not the 4.0 version.  I also heard that I need to install some patches before synchronizing all the updates.  Any assistance or recommendations will be much appreciated.
WSUS reports

At the moment we use WSUS for our Microsoft updates. The servers  are set just  to download updates and notify. The servers are not listed in the WSUS console . I gave an auditor a report of all computers in the WSUS console and she asked me why the servers were not listed. I told her they do not report to WSUS and she told me there is still a way to get a report for them out of WSUS

Any ideas?

Is there a way that we can add a secondary update source when local WSUS is not available?

We have a selection of users who do not come into the office very often and cannot talk to the local WSUS externally.

Is there a way that in group policy we can say use Windows update if they cannot talk to WSUS?

We are having problems windows 10 clients reporting to WSUS.A very high percentage of clients are not reporting. Some of them are reporting fine with no problem. All clients are with same configuration and connecting to the same network. I have attached logs of both clients one was connected and one wasn't .I really need help of some WSUS experts who can look in to the log and give me some suggestions please  . I have made some changes in logs and changed server name but they are obviouslyWindowsUpdate-B25122-Failed---Copy.txt exactly the same.
Free Tool: Subnet Calculator
LVL 12
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hi, I just stepped into a new role after a colleague retired and as part of my duties and responsible for MS patching of all servers (several dozen) in the environment. The previous task owner used WSUS to approve and download Critical and Security patches, and manually updated servers in daily groups with nightly scheduled reboots, a process that spanned a few weeks each month. I'm looking for suggestions on more fully automating the process (approve, download, install, and reboot) on a budget, ideally a $0 budget, to be precise.
TIA for feedback.
Hi, we have a mixture of Windows 7, 8.1 and various build versions of Windows 10 on our network.
I want to upgrade the Windows 10 1703 builds up to 1709
The products and categories options are set correctly, but I understand I need to add the mime type .esd within IIS on the WSUS server.
Just before I do this, I just wanted to check that this will only target Windows 10 Machines, and not try and update windows 7 etc to Windows 10?

I recently configured my WSUS upstream server to use SSL on port 8531.My downstream servers are connecting and synchronizing fine no  errors, but unable to download Security and Critical updates from my upstream server.

When I check the URL for the content store, it is pointing  to  http://myserver01:8530/content/02/72ea.....
 I believe this is why my downstream servers not getting updates.

Is there a way to change the content port to point to http://myserver01:8531
Does anyone know the state of patching Hyper-V Server 2016 (just the hypervisor)?  A Microsoft engineer told me that Hyper-V Server is not applicable to the new Windows patches that were just released but I'd like to get a second opinion on that.  Currently, my Hyper-V Server never reported to WSUS that it needed the January Meltdown/Spectre update that was applied to Windows Server 2016.
Ive got a couple of DCs which are not seeing any SCCM Windows patches, they both have a GPO pointing them to a WSUS server, Ive checked the Windows update logs and it states something about a proxy issue but I doubt servers need a proxy to be set for WSUS/SCCM updates. Any ideas on where I should start?
Hello SCCM Experts,

I have inherited an SCCM 2012 server where the WSUSContent is growing out of control.  I first ran into problems with drive space last week.  I added more space (100GB) but synchronization was still not working.  I had to do a wsusutil reset to get synchronization to work.  I didn't empty the contents of the WSUSContent folder before I did the wsusutil reset.  Here are my questions/thoughts:

1.  If I follow the delete the contents of WSUSContent per this article:, will this work with my version of SCCM?
2.  Can I uninstall and reinstall the WSUS portion of SCCM.  I found an the following article explaining the procedure to do this if the Windows Internal Database is used in SCCM.

The article states:  Note that if you see ##SSEE (in HKLM\Software\Microsoft\Update Services\Server\Setup\SQLServerName), this blog post is not applicable to you.   Of coarse this is what we have.  Does anyone know the steps for recreating the SUSDB and WSUSContent folder on a build using SQL Server?

Any help would be greatly appreciated.



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.