WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts,

I have an issue with SCCM and the 3rd party tool PatchMyPC.
There is an issue with the certificate.

See the log:

There was an error when attempting to save WSUS signing certificate configuration. Will retry on next sync. Exception: System.ComponentModel.Win32Exception (0x80004005): %1 is not a valid Win32 application~~   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)~~   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSetSelfSigningCertificate()~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Save(Boolean detectConfigChange)~~   at Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.TriggerWsusNewSigningCertificateCreation()

Open in new window


On the WSUS the cert is self-signed and valid until 2023.

Do you have any ideas ?
0
Rowby Goren Makes an Impact on Screen and Online
LVL 19
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Hello,
I have wsus on my windows2016 server, every time it's crash and I cant synchronize
I try steps in this post:
https://www.saotn.org/wsuspool-keeps-crashing-stops/ 
but its not work , any idea?
0
Looking for suggestions/advice on how other MSP's for managing Windows 10 feature (build) updates.  This includes deferment and deployment.  Due to the number of clients (and smaller clients) WSUS does not seem like a logical cost effective option unless it is the only option.

We currently utilize Kaseya Software Management utility to deploy updates but this does not include the ability to control feature updates.
All clients are using Windows 10 Pro not Enterprise.
1
We have numerous instances of MS SQL Standard 2012 in our environment. MS's product lifecycle page shows SQL 2012 Service Pack 4 as supported until July 2022.

I'm seeing different information regarding MS support for Critical and Security WSUS updates. Am i reading it right that if we install SP4 on those we will continue to get WSUS critical and security updates but may have to pay a fee if we call MS as they are in extended support and no longer mainstream?

Do i have that correct?
0
Hi,

If I have 2 WSUS servers, one is the main server and the second is the downstream server (replicate) then how client knows which one it should talk to?

Thanks
0
I understand that all environments are different. However, I was wondering what most of you use to patch windows, third-party, VMware, etc.

My company evaluated a few applications: Ivanti Security Controls( formerly Patching for Windows), Solarwinds, Connectwise.

So far Ivanti is our top contender because it can patch esx hosts, VM templates, CVE lists, generates decent reports. Yet, it has a few shortcomings we didn't like. One was that there is no web-based console. We would need to leverage terminal services on a server for multiple admins to connect. Also, it doesn't have role-based administration groups.

I understand that all solutions will come with caveats. Any input will be appreciated.
0
SCCM Windows Updates Relevant to Specific Computers.

I have installed and configured WSUS in SCCM.
Now I can see Windows Updates on SCCM console.  I would like to know which Updates are needed for each computer. For instance , when I select a specific Computer in the Collection, I should see which Updates are needed for that computer  then deploy them to that computer.

I used different Patch Management Software.   Where You can select a specific computer, it will show you all relevant Updates for that computer, then you can select the updates you want to push to that computer and proceed...

I know SCCM will push only to Collection of Devices instead of a single computer. I found a work around that , as I can create an Empty collection then go to a Device and add it to that Empty Collection. Now for Windows Updates relevant to a specific computer. there is not an option.. the only option I found, you can add Criteria , for instance  Product: Windows 2012, Severity: Critical , then you can deploy to a collection whatever updates you have filtered.  There might be Computers in the Collection that do not need the updates you are deploying to them.

Any Clean way in SCCM to visualize Updates Needed by a computer then deploy the Updates to that computer ?

Thank you
0
Setting up a new WSUS 2016 Server and can't seem to figure out the correct items to select for autodownload/auto approve.

I'm quickly exceeding the 500 GB drive that I've assigned to the device.

Can someone please guide me as to the best practice here?
0
Got a hit on our vulnerability scan this month, MS15-058, it's referring to WID used by our WSUS.  It's saying the current version (2014.120.2000.8) should be (2014.120.2269.0) is there anyway to update this, or does WSUS itself need to be updated?
0
I have a problem with Windows Server 2019 to be able to open some network ports.
Does no matter if firewall is enabled or not, incoming rules are setup some ports does not works.
Only some of the ports works installed with features.
If I want to run something else like Sage 50 port 13531 , WSUS 8530, SpiceWorks 9676 i can see only sync packet coming in and that's all.
There is no any other firewall installed.
I can connect to local host on those ports, but even if I use external IP address of the server it does not work.
It does not work from clients computers as well.
It looks like process is listening only on localhost (127.0.0.1).
System is setup as a virtual machine in Hyper-V.
All other virtual machines do not have this problem, so I know that this is not related with physical hardware or virtual switch.
Did anybody experienced similar problem  ?
0
OWASP Proactive Controls
LVL 19
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Windows 10 users do not get notification saying that the computer need a reboot, or the forced reboot "will restart in xxx min" after certain days set in the GPO.
0
hello IT people

I'm facing this issue in my main wsus server. the main and only server for now.

Screenshot--3-.png

so, what could be wrong?
0
Hi,


Is there way to auto-approve Windows update from WSUS?

Thanks
0
Is it possible to configure the WSUS policy if it can't find some window features on WSUS, it can redirect clients to Microsoft website to install some WIndow features ?

Thx
0
What would be the best way of making sure that Microsoft Office clients do not update themselves? I am running a Windows 10/Server 2016 environment, Office is a combination of 2016 and 2019 Click to Run. I do not use WSUS or anything similar.

Is there a registry key that can be applied to all machines via a logon script for example?

Many thanks :)
0
I have a Server 2016 - it's actually a terminal server with a lot of apps on it.  I can not get an updates on it. I think the last time it updated was sometime early July, maybe even June.  I've tried deleting the software distribution folder and re-registering it with my wsus server but still not luck.  I've tried Sconfig and that doesn't work either.  I even tried downloading the updates manually and installing them and that isn't working either.  There is no information in the event logs and the update history isn't any help either.  I've tried dism too and that hasn't given me any information either.  This is a VM and it's heavily used.  I'm out of ideas.. Any suggestions?
0
Hello IT people

I've post last month a question about configuring WSUS server  and problems I've been facing. but now after I configure everything and the WSUS server has been able to contact Microsoft for update and the client could contact the WSUS server, I have another problem.

The problem is the clients don't seem to take any updates. whenever I try to update any computer or server, it gives me this message: "Your device is up to date. Last checked: Today, ‏‎9:34 AM". But it's really not up to date. and in WSUS server, there is yellow exclamation mark besides every client, like in this photo:

Screenshot--1-.png
So, I wish you guys could help.
0
WSUS is only showing updates needed for the desktop PCs once a month. They're all Windows 7 and I used to see patches more often. WSUS server and services have been restarted. WSUS says synchronization was successful with a recent date.

How can I verify I'm getting all released patches from MS?

Windows 2012 R2 Server
Windows 7 Workstations
65 Users
0
It seems that window 10 update deployed from WSUS to client's workstation required user to confirm the installation.

Is it possible for these patches to install automatically ? Alternatively, can we have the remote powershell to trigger the update on each workstations ?

Thx
0
Introduction to R
LVL 19
Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.

Hello IT gurus

I've configured WSUS server 2016. And to test it if it's working or not, I've pointed another server to it so it gets its updates from wsus. the server is offline. but wsus server is online.
when I try to force update, it gives me error from the client side "we couldn't connect to the update service"
but I see it in the wsus server, but with an error:"This computer has not yet contacted"

Capture.PNG
notice in the photo, dhcp3 was working fine but I've stopped it. the I tried with another servers and the problem appears
0
Using SCCM to patch windows servers.  We are way behind in patching.  My apps teams wants to know how many times a server will need a reboot.  Is there an easy way to check to see which windows update will cause a server to reboot.  In control panel > windows update it always says 'You may need to restart your computer for this update to take effect'.  Is there a website that can tell me for certain if an update will require a reboot?
0
Hey IT people

I'm setting up a WSUS server, but when I reach the point to test the connection, it gives me this message :"HTTP error occurred"

Screenshot--3-.png
I contact the network team before I start to make sure they allow the connection on http and https, 80 & 443, 8350 & 8351 ports.

and to allow the connection to these urls:
http://windowsupdate.microsoft.com

http://*.windowsupdate.microsoft.com

https://*.windowsupdate.microsoft.com

http://*.update.microsoft.com

https://*.update.microsoft.com

http://*.windowsupdate.com

http://download.windowsupdate.com

https://download.microsoft.com

http://*.download.windowsupdate.com

http://wustat.windows.com

http://ntservicepack.microsoft.com

http://go.microsoft.com

http://dl.delivery.mp.microsoft.com

https://dl.delivery.mp.microsoft.com

but still facing this error.
0
Hello Everyone and as always a big thanks to everyone for their time and expert insights.
Kind of a silly question as it has never come up before until Windows 10 and the need for WSUS.
We did not traditionally sysprep desktops since unique identifiers changed enough when joining domain and we did not use WSUS so SID issue was not really applicable.
Never had nay problems with W7, but now need to use WSUS (2016) for W10 and aware of SID problems with it.
I ran a few queries ( ) out of curiosity against W7 computer SIDS and some DC (both 2016 install from ground up, i.e. not a template or clone image) and the SIDS are al different, but only the last two digits and that makes me wonder and worry a bit. Is that normal?
Ran
Get-WmiObject -class Win32_UserAccount | Select AccountType, Caption, Domain, SID, FullName, Name | Export-CSV C:\exports\Computerlist.csv -NoTypeInformation
and
dsquery computer -name "is004109" | dsget computer -SID

Examples in image include 4 x W7 desktops from same image, 4 x W10 desktops from same image and a variety of physical and virtual servers with various roles. Note last 4 digits are different
So does that mean that we do not have a SID duplication issue?
The SID I am displaying was queued from domain bound machines that are in AD!
We do generally not promote machines into a domain before we make an image of them. Servers tend to have the sysprep run with OOBE or are one off servers built from ground up without image.
SID.jpg
0
I need to upgrade all my Win10 Pro business systems (600ea) to version 1809 by November to ensure they all continue to receive security updates (that version required by Nov according to MS release notes).

WSUS fails the download to my systems (corrupt/missing files) just like many people experience online - i'm at about 50% success rate. Which of course is terrible without having to remediate (remove softwaredistribution folder, try again) - and with almost 300 remote employees, this is not a scenario i want to try and remediate every single dang failure. There has to be a better way.

Can i download the 1809 feature update as a .msi so i can push it with another 3rd party tool that has a MUCH better success rate than what i'm experiencing with WSUS?  What is everyone else doing with this kind of problem?  This can't be the only way to deal with this.  Something else must be a better approach.

Help!
0
I do know that Microsoft changed update servers on July 8th to
$server = Get-WsusServer
$config = $server.GetConfiguration()
# Check current settings before you change them 
$config.MUUrl
$config.RedirectorChangeNumber

Open in new window

returns
PS C:\Windows\system32> $server = Get-WsusServer
$config = $server.GetConfiguration()
# Check current settings before you change them 
$config.MUUrl
$config.RedirectorChangeNumber
https://sws.update.microsoft.com
4002

Open in new window


WSUS Error details
WebException: The remote name could not be resolved: 'sws.update.microsoft.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

Open in new window


nslookup

Name:    sws.update.microsoft.com.nsatc.net
Address:  40.77.228.227
Aliases:  sws.update.microsoft.com



Already used this as reference https://andys-tech.blog/2019/07/wsus-synchronization-fails-with-soapexception-after-july-8th-2019/
softwaredistribution.log
0

WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In
WSUS
<
Monthly
>