Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

I've set up a 2016 WSUS Server and have performed a successful synchronization. I've been testing with one server client (also 2016) just to make sure I can get it working correctly the way I want to before I go edit the Master GPO's on each domain and make this change permanent. The problem is I can't get this client to show in the WSUS Console

Firewalls are off on both server and each machine can ping each other. If I browse to http://WSUSservername I get hit with the IIS web page

When I open the local gpo on the client server, i've edited the correct windowsupdate policy object so that http://WSUSservername is the target WSUS server (I also see this http:// address in the registry)

What is it that i'm missing here? First time setting up WSUS in almost a decade so would appreciate some help! Thanks in advance
Free Tool: ZipGrep
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Just trying to see what I might be missing here or where to look to find the issue.

I have a standalone SCCM 1702 serving about 350 clients. I've deployed apps and update many times over the past year plus. I'm trying to deploy O365 update 1706 8229.2139 to 4 PCs that are in Current Channel via GPO. I have a GPO for enabling manage O365 from SCCM in place. I downloaded the update, created a Software Update Group and deployed it to the collection these PC are in as required with a 3 day deadline. All of the PCs show up under Monitor Deployment in the Unknown tab (1 as Client check passed/Inactive because the PC is powered down, and 3 as Client check passed/Active).

I have initiated a Software Update Evaluation from the SCCM console as well as from the Configuration Manager Client on the PCs and it just doesn't seem to initiate the download or show up as an available update, and I have no idea what to look for in which logs as I've followed some of the posts for troubleshooting and see errors of some point in most logs. Where does one start to troubleshoot this issue?
Win10 clients previously had GPO applied that made them update using a local WSUS Server, the GPO has now been removed, how do I make those clients update via windows update again? Using GPO preferably.


I'd need to deploy Outlook patch kb2878264, it is a very old one (2015):

I would like to see which patch superseded it, but can't find it in the update catalog: 

Please advise how I can find this.
We have a WSUS services running on a Windows 2008 server that uses a SQL Express database.  

Is it possible to open up the database using SQL server management studio on another server remotely?
Is there a way within WSUS to show only the updates that have not had the update downloaded or the download needs to be retried?
Just setup a WSUS server on Server 2016.  Group policies are set and our test systems are checking in to WSUS just fine.  However, they're not showing any Windows 10 updates as needed by the machines.  If we interactively run Windows Update, they need (For example) June and July's monthly security patches.  WSUS says they're not needed or applicable.

We ARE seeing all Office updates that are needed by the machines.

I've read about the various hotfixes and patches needed to make Windows 10 work properly under WSUS, but those are only for 2012 or 2012R2.  No known hotfixes or patches I can find for WSUS under Server 2016.

Any ideas?
Just the last couple of days our 500+ WSUS clients go straight to

Error 8024401f

The WSUS server 2012r2  has been rebooted, and appears to be OK, syncs updates from MS etc. It will not even update itself from itself.

Can anyone please advise?
I need a powershell to show me all of my computers by group please and I need it in a CSV.

I'm using server 2012 R2 and I have about 20 groups.  I need to produce a list so I can post it on our sharepoint but I'm not sure how to do it.

What I'd like is a list of computers in WSUS, by group.

Thank you

We would like to set up a WSUS server in our DMZ (Internet Facing) for our external users to get MS updates.  I believe for licensing (EULA) requirements the users would have to vpn into the network to get the approved updates.
This would be managed separately from our internal WSUS server, so we don't need to 'downstream' updates from the DMZ  WSUS server to our internal WSUS server.
Server:  Windows 2016 Std, WSUS v 10.
Any suggested links, information, certificate requirements, etc., would be greatly appreciated.

Thank you,
Want to be a Web Developer? Get Certified Today!
Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

I have in the past used registry settings on my Windows 7 clients to get them to report to WSUS on 2008 server and all worked fine.  With my new 2012 r2 WSUS server (with same name and ip) they are not listing themselves in the console.  I had to rebuild the 2008 WSUS server once in the past and the clients just showed up after reporting day and time had passed.  I did a detectnow from one machine and it still didn't show in the console.  Any direction for this.
I have setup a new server and am running WSUS 10.0.14393.0 on Windows Server 2016. Updates will download but will stop after a while.
Current WSUS status is
- Updates needing files : 5928
- Downloaded 45,683.32MB of 258,732.17MB.
It has been stuck at this for more than a week. I can see network activity occasionally which could range to a couple of gigs every 6-8 hours but the WSUS status does not change

On checking the Application event logs, i can see. Event id 364  Errors
 " Content file download failed.
Reason: The connection was closed prematurely.
 Source File: /msdownload/update/software/crup/2013/03/
Destination File: D:\WSUS\WsusContent\82\"

Event id 10032 Errors
The server is failing to download some updates.

I have updated BITs to run in the foreground.
the server has been excluded from the internal Firewall, https inspection and Caching.
I have also tried removing and adding the WSUS role and WID database.
Has anyone come across something similar?
Our WAN consists of three sites, each of which has its own WSUS server running completely separately of each other.
The updates that get automatically approved are Critical, Definition & Security.
We get a report after each synchronise from each server with the updates that we manually have to approve.

If I reconfigure two of the servers to be in Replica Mode and downstream Servers, will any updates I manually approve on the Primary server automatically get approved on the two Replicas?
So, I have this rollup I pushed on 6/15 to all of my servers.  Inside that rollup is a KB - 4021903.  For reasons too long to explain, I need to know if that specific KB is installed on my servers.  I have figured out how to tell that.

My question is, if the KB is installed as part of a rollup, will it still show if I do a separate search for the KB?

Here's what's going on...I pushed out the rollup to ALL of my computers.  I know I did...I can look for the rollup in the approved patch list and it's there.  However, I ran a powershell, and a detailed report in WSUS and it looks like the KB is NOT installed on a large number of my servers.

When I run a report on all approved and installed updates, ALL of my servers except two are compliant.  BUT, when I run the detailed reports, and the powershell scripts, I see a large number of servers that do not have the KB in question.

So, I was thinking that since the KB is in the rollup, it might not show up as in a search for the standalone KB.

Am I right or wrong?


I have a list of KBs and I need to know if they are installed on my servers.  I have over 400 servers.

Can WSUS report like that?

I can't find it if it can.  I AM able to powershell it, but it takes hours to run all the different OSes and of course, that's cumbersome.  I can tell that coming soon, I am going to need to report on whether or not a particular KB is installed on our servers and produce lists of servers that do not have a specific KB and I don't see WSUS reporting doing that.

Am I missing something?


I've just installed and activated Server 2016, and learned that I need to use the sconfig utility to set my Windows Update preferences, as download only mode and manual mode aren't exposed in the new GUI.

When I launch sconfig, the "Windows Update Settings" setting is set to custom.  However, whenever I try to switch to manual mode (option 5, then the letter M), the console displays "Setting updates to Manual...", and a separate alert appears, "Windows Update set to Custom.  System has custom configuration for updates."  After I dismiss the alert, the sconfig main menu reappears, and the setting is still "custom".  Here's a screenshot of what I'm referring to:

Sconfig issue
Why won't sconfig accept the manual setting?  This server doesn't participate in WSUS, and all of the WU settings in local policy (Computer Config-->Admin Templates-->Windows Components-->Windows Update) show as "Not Configured".
Can WSUS be located on a separate server and still be integrated with SCCM in pushing out updates?
I've just installed the WSUS role to my Windows Server 2016 on in my domain.
I chose WID instead of SQL and i use GPO's to set the update location to my WSUS server.

Problem is that i can not get any clients (mostly servers) to connect to my WSUS server.
I used the SolarWinds Diagnostic tool on one of the servers and it gave me the following log:

# Solarwinds® Diagnostic Tool for the WSUS Agent
# 2017-07-04
Machine state
  User rights:                                       User has administrator rights
  Update service status:                             Running
  Background Intelligent Transfer service status:    Running
  OS Version:                                        Windows Server 2008 R2 Standard  Service Pack 1
  Windows update agent version:                      Error (Input string was not in a correct format.)
Windows Update Agent configuration settings
  Automatic Update:                                  Enabled
  Options:                                           Scheduled (Every day at  3:00 )
  Use WSUS Server:                                   Enabled
  Windows Update Server:                             http://mywsusserver 
  Windows Update Status Server:                      http://mywsusserver
  WSUS URLs are identical:                           Identical
  WSUS URL is valid:                                 Valid URL
WSUS Server Connectivity
  clientwebservice/client.asmx:                      OK
We have a server running SERVER 2012 R2 with 40GB RAM and lots of disc space. We use Yosemite Server Backup.

We recently replaced our QNAP NAS with more storage space. Previously on the older 12TB QNAP unit we backed up nightly via an iScsi connection to the NAS and this worked very well for a number of years.

With the new NAS I switched to using a UNC path (\\qnap\backup) for the nightly backup process, it works well and the throughput, at its highest, is around 3gb/min. I choose this method so that I didn't have a permanent connection to the NAS backup folder as a precaution against encryption viruses hitting the backup device.

However once the backup has finished, a number of services start to fail on the server and it becomes sluggish. When trying to restart the services results in Not Enough Storage available to complete the process. WSUS, DHCP, etc. Rebooting the server is the only option.

I have disabled tonights backup to see if this is what is causing the issue as it is the only thing I have changed in the last few weeks.

Does anyone else have knowledge of this. I have also not yet tweaked the irpstacksize registry value which doesn't exist on Server 2012 R2. I have read mixed messages as to whether this is necessary.

All network connections run at a 1000mbps. Server is domain controller and file server with Office 365 for Exchange email. The QNAP is connected to the domain.
Free Tool: IP Lookup
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi There

I am new to this community and noob on windows servers, could someone guide me that how to configure WSUS to do the updates only once in a month using GPO?

Many Thanks

Gohar Dar
I need a powershell to export all computers in WSUS to a text file so I can run a script against it.  


I need a powershell that will generate a report of all servers in WSUS that DO NOT have a certain KB.

So, I have a list of KBs and I need to report on what servers do not have those KBs.

Can someone help please?


Background: Migrated domain from SBS2008 to Windows 2016 Standard. All servers are VMs: one 2016 DC, one 2016 RDS, and one 2008R2 database server (SQL2008R2) (created by P2V). I will call the 2008R2 server "SQL1" for reference.

I had some problems getting WSUS to work on the 2016 server, but it is now working and both 2016 servers are updating with no problems, as well as the workstations.  The SQL1 server was FORMERLY the WSUS server, but WSUS has been completely removed.  The WSUS database is, however, on the SQL 2008 installation on SQL1.

The SQL1 server is the problem.  I have done considerable troubleshooting, including doing a complete Windows Update reset (stopping services, renaming the SoftwareDistribution and catroot2 folders, reregistering all the dlls, etc., etc.).  This did not solve the problem.  As it stands now, WSUS shows the server as checking in on a current basis, shows that it has downloaded updates and is ready for the updates to be installed, which I do manually on all servers. However, when I look on the server itself, although it shows the prompt that "Updates are ready to be installed," in control panel there are NO updates available.

Here's a screen shot from the SQL1 server:

Windows Update on server
And here is a section of the Windows Update log from SQ1, which shows successful detection of the updates:

2017-06-27 10:49:35:068  164 26f0 AU …

 what's the best way to control windows updates on workstations?

my goal is to control the roll outs by workstation and time of roll out.

Minimize the internet usage by having the updates pull from the WSUS server instead of directly from the Internet
TL;DR: Microsoft Updates are failing with 0x8024002e using WSUS or straight from Microsoft. We run Windows 10, and it is affecting most of our 150 workstations.
We have been running (with spotty success) a WSUS server for several years, and it periodically blows up. Fine. This most recent time I set a new one up from scratch, synced and let the GPO do its thing. At some point in time, I'm not sure exactly which Patch Tuesday, people got  0x8024002e error across the board. It wouldn't even try on the workstation, if you hit "Update" it would immediately return the error.

So, I changed the GPO to let people download MS Updates from MS, and eliminated WSUS. Well, people get a list of waiting updates, but they are basically failing with the same error.

I'm familiar with Update blowouts, and all the byzantine steps you're supposed to take to rectify it, and most of the time it fails and I've wasted 45 minutes going through all the various suggestions online...which usually link back to the same two or three solutions (stop the services, rename SoftwareDistribution and catroot2, pray, reset security contexts, blah blah blah).  0x8024002e seems to be a pretty nebulous error. My feeling is WSUS corrupted the updates somehow, and now they can't get the updates from MS either.

So, not only have the solutions really not worked, but even if that were a solution, it would take roughly a week to do that on every …


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In