[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have 600 machines where windows 7 standard is installed. All machines are getting updates from wsus. All of sudden 30 machines are skipping to detect monthly roll up, security only update and IE11 updates. But these machines successfully detected.net updates and installing it successfully.

I am not sure if this strange behaviour. How comes these machines not willing to take the monthly roll up and ie patches. Wsus report says not applicable. Mabel install days not applicable as well. Preview patch is not installed
Microsoft Azure 2017
LVL 12
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Hello all,

I have multiple computers in a workgroup environment (50 PCs) all not connected to the internet. I have downloaded the updates and I have the execution files, the question is can I use WSUS to push the updates to all PCs? How do I add the downloaded updates to WSUS.
Hello ,

I am looking help on WSUS issue ,Where my WSUS client (windows server 2016 ) not able to report on my WSUS server running Windows 2012 R2  (WSUS 6.3.9600.18228).
On WSUS client name showing windows 10 and status showing NOT reported.

I have performed some basic troubleshooting as mentioned below but it didn't help me.

1. Stop the Automatic Updates service and BITS service.                        
net stop wuauserv                        
net stop bits                        
2. Delete “%windir%\softwaredistribution” directory.                        
3. Start the Automatic Updates service and BITS service. When these two services                         
have been started, they will auto-create “softwaredistribution” and its subfolder                         
at system directory.                        
net start wuauserv                        
net start bits                        
4. Stop the Cryptographic Services                        
5. Rename the C:\windows\System32\catroot2 folder                        
6. After the “%windir%\softwaredistribution” directory has been generated, please                         
let the client contact the WSUS server immediately.                        
wuauclt.exe /resetauthorization /detectnow       

I have a fresh install of WSUS on a fresh install of Windows Server 2012R2.  I have edited group policy to have our desktops use our internal WSUS server for updates.  The only client showing in the WSUS console is the WSUS server itself.  I tried reinstalling WSUS on Windows Server 2016 and I get identical behavior.  I ran the Solarwinds Diagnostic Tool for the WSUS and the first two sections are fine. The last section, WSUS Server Connectivity, fails with "Cannot Connect - caused by a network infrastructure fault making the Windows Update unavailable ..."

Any assistance would be appreciated.
MSExchageFrontEndTransport Event 1020

¿where should I give permission to the administrator?

Nombre de registro:Application
Origen:        MSExchangeFrontEndTransport
Fecha:         20/11/2018 12:18:07
Id. del evento:1020
Categoría de la tarea:SmtpReceive
Nivel:         Advertencia
Palabras clave:Clásico
Usuario:       No disponible
Equipo:        SRV.contoso.lan
The account 'Contoso\Administrador' provided valid credentials, but is not authorized to use the server; failing authentication.
XML de evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="MSExchangeFrontEndTransport" />
    <EventID Qualifiers="32772">1020</EventID>
    <TimeCreated SystemTime="2018-11-20T11:18:07.682983400Z" />
    <Security />
    <Data>Default Frontend SRV</Data>
I have an issue with only some updates trying to download to E:\WSUS\WsusContent\WsusContent. The SoftwareDistribution.log says that there is an error creating sub-directories in this path.

The actual path to the content directory is E:\WSUS\WsusContent   *NOT*  E:\WSUS\WsusContent\WsusContent.  All other updates are writing to the correct path.

It's not clear to me where I can "tell" WSUS that it needs to write the updates in question to the correct path or why it's even doing this in the first place.

For grins, I thought I'd run wsusutil.exe and point to E:\WSUS\WsusContent, however, the log file generated indicates that "The new content file location is the same as the old location: E:\WSUS\WsusContent.

Any suggestions?
I am very new to scripting. I need a fair wsus powershell report script. The default wsus does not have the option to see installed updates alone for group of machines. It always shows installed / not applicable result.

Can you pls post a working script which produces a decent output ?
I have WSUS running on a ConfigMgr server, and ConfigMgr is currently patching clients and servers through ADR's. We're in the process of removing our servers from ConfigMgr management due to costs, clients will remain within ConfigMgr.

My question is, can I use the existing WSUS feature to patch the servers via GPO's? I ask because with ConfigMgr, you basically install WSUS and then don't touch it again. All patch management is done within ConfigMgr. I'm concerned that approving updates within WSUS might start to break things for ConfigMgr.
Hello all,
I have a client that has several Windows 7 Pro computers (around 50) that get their updates from WSUS.  
One of the computers refuses to install any updates and give me a 0x80073712 error every time.
Here is what I did to rectify this:
1)   Ran the SUR (System Update Readiness) program.  At first it stated that there were 484 errors (8 from the CSI Manifest Missing and 476 from the CSI payload file Missing).
I went to another computer and copied the c:\windows\winsxs directory to this computer.  Then I ran the SUR and it said that everything was fine.
2)   Rebooted the computer and tried to do the updates and still get the error above.
3)   Ran a Windows fix and it stated that it fixed the 0x80073712 error.  Rebooted the computer and tried to do the updates and still get the same error above.
4)   I went into the CBS log and I get a lot of Failed to internally open package [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] errors
I have no idea what to do next to fix this error.
Any help would be greatly appreciated.
Kelly W.
Hello Experts,

I am having trouble implementing a Group Policy for a WSUS Server.

C:\Users\mzadmin>gpresult /H GPReport.html
INFO: The user does not have RSoP data.

I need to know how to fix that?  Where to and what to check.

Thank you
Introduction to Web Design
LVL 12
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.


I have approved all the available updates in wsus. But still my client machines showing needed updates count.

The installed % is always 99. I want to show each client machine is 100%.

What could be wrong .
I'm experiencing several issue with computer in my environment receiving updates from WSUS. The updates download but remain at 0%. When rebooting, the computer attempts to install updates taking a while longer than expected and shows windows is updating. I have to manually shut this down as the it is sometimes hours and no updates are installed. I've completed the following:

1. Run Windows Troubleshooter for Windows Updates
2. Checked the BITS, which continuously switched from automatic to manual and stops servers. Windows Updates remains at manual and services are started for this worked.
3. Settings for Updates have been verified on the workstation for how updates are selected with other pc on the network.
4. Should Windows defender remain enabled although we use a third party anti virus program (Trend Micro Worry Free Business security)?

What other information I can offer is this workstation was upgraded from Windows 7 to 10. I appreciate any feedback with this inquiry as it will help with future install of Windows 10 in our environment.
when can I expect to see an update appear as available on windows update and WSUS? MS released cumulative update KB4458469 on September 20, I check for updates from a computer and it finds nothing , my WSUS syncs everyday but it's not there but the update is available in the windows update catalogue and installs manually just fine.

Do they delay the release to windows update and wsus?

I'm deploying WSUS via GPO.
- WSUS is working well including ccorrespondig download packages.
- GPO for Automatic Update on Domain controler setting as following :
  1) Configure automatic updating: 4- Auto download and schedule the install
  2) Schedule install day: 0- Every day, Schedule time: 10:00
  RESULT: ALL clients was affected/managed by GPO, but the TIME check update incorrect. They always showed last checked update at 7:50 AM everyday. (See attached file)
What am i missing ?
Anyone can help me ? Thanks.

DC and WSUS: Windows Server 2012 Std
Clients: Windows 10, 7 and Server 2012 Std.
How to auto uninstall and install exe problem.  By GPO, WSUS/ SCCM?

Windows Server 2016 Version 1607 does not update through WSUS and/or internet. Tried stopping bits and update service, deleting the SoftwareDistribution folder and also searched for updates with firewall on and off. The wsus server is correctly set through group policies. The updating process is stuck at 0% downloading. On some servers it helped deleting the softwaredistribution folder, on some it does nothing. I do not know what to do next.

Please help me!
Please, I have window server 2008R2 X86 and I installed WSUS on it and I did the GPO to update all computers. I got no errors when I did the installation. However, when I tried to update the clients using wuauclt / detectnow I got an error 800B0001.

Any help will be appreciated.

I have a WSUS server that has grown exponentially, even when i run the WSUS server clean up wizard, there is no difference. this server is set up on a virtual machine. is there a way i can retire old updates?  to create more space on my server ? i can see 2015 updates. can i delete these  updates?  Please i need assistance>
IE releases a cumulative patch every month so seeing that we are missing a cumulative IE patch from 2015

how do we start a standard baseline.

we have altiris , so if we never check for updates on windows server , will it contact altiris

so which comes first WSUS or altris?
Amazon Web Services
LVL 12
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Hello Experts,

I need some help integrating a WSUS server to an Active Directory organization.

The WSUS server needs to know the systems it needs to update.

How do I do that?
WSUS sync issue Event ID 10022, log error:

2018-09-04 09:42:41.059 UTC      Error      WsusService.60      SoapUtilities.LogException      USS ThrowException: Actor = , Method = "http://www.microsoft.com/SoftwareDistribution/GetUpdateData", ID=349eb315-f9da-4550-82c5-f31a8b977c0d, ErrorCode=InvalidCookie, Message=Cookie decryption failed. Error: Deserialization failed after decryption. Error: invalid header
Parameter name: buffer.
   at Microsoft.UpdateServices.Internal.SoapUtilities.LogException(SoapException e)
   at Microsoft.UpdateServices.Internal.WebServiceCommunicationHelper.ProcessWebServiceProxyException(SoapHttpClientProtocol& webServiceObject, Exception exceptionInfo)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetUpdateDataInChunksAndImport(List`1 neededUpdates, List`1 allMetadata, List`1 allFileUrls, Boolean isConfigData)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetAndSaveUpdateMetadata(List`1 updates)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.CatalogSyncThreadProcess()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, …
Some Windows 10 workstations on my network are still running early versions of Windows 10 (1507,  1607, 1703, etc).

All workstations are on the active directory domain, and WSUS 2012 is managing all of the updates. If you log into one of these workstations it says updates are being managed by your organization, and it appears that updates are getting installed. But why don't these workstations get upgraded to the latest version of Windows 10 through WSUS? Is this by design? Is there an option you need to set in WSUS to tell it to install feature/version updates, not just minor/security updates?

As a test, on a few of these workstations I went to the Windows Update control panel and clicked the link to check for updates from Microsoft. This apparently allows you to override the WSUS management. When I click on that link, Windows checks for updates and sure enough it finds (and starts downloading) 'Cumulative update for Windows 10 Version 1607', 'Feature update to Windows 10 version 1803', etc. In other words, this manual process seems to be the only way they can get upgraded to the latest release of Windows 10.

I'm trying to get all Windows 10 workstations on the latest build but I want to do it through WSUS.

In WSUS I created a view called 'Windows 10 Upgrade' and selected the classifications and products in the screen shots below:

Updates are in a specific classification

Updates are for a specific product
Laptops with windows 10-1607 will download pathces from microsfot but not from WSUS.
 There is no issue communicating with WSUS server and they are reporting fine.
I'm running WSUS version 10.0.14393.2007 where I have read that you can no longer browse to the wsus page via an internet page on the server or via a client machine. Is this correct
I have a freshly installed Server running Windows Server 2016. However when I try installing the Windows Server Update Services (WSUS) role, I get the following error message at the end when it is in the process of installing the features and roles. "The request to add or remove features on the specified server failed. The operation cannot be completed, because the server that you specified requires a restart."


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In