Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello all,

Range = 1|0

- 1 = Enabled. All Windows Update features are removed. This includes blocking access to the Windows Update website at http://windowsupdate.microsoft.com, from the Windows Update hyperlink on the Start menu, and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive critical updates from Windows Update. This setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.
- 0 = Disabled or not configured. Users will be able to access the Windows Update website and enable automatic updating to receive notifications and critical updates from Windows Update.

what is the ideal value to set this setting. Everytime when we do update on windows machine it throw error "problem installing updates 0x8024002e"
when we change that to 0 it takes updates.
we get the updates from wsus. wsus shows PC is  up to date. but there are no cumulative updates installed

Any suggestions

Thanks
0
[Webinar] Lessons on Recovering from Petya
LVL 10
[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

I have 1 machine that was affected by this issue.  I followed the steps in:

https://support.microsoft.com/en-us/help/4049094/windows-devices-may-fail-to-boot-after-installing-october-10-version-o

and am uninstalling the packages (step 10).  Once I connect to the internet, what's to stop the machine from getting those same patches again?

It's on a workgroup and we're using solarwinds RMM tool to push patches.  I don't see the delta patches in the RMM tool. So it got the patches some other way?  this machine is in a workgroup of 4 machines so there's no WSUS server on the network.

thanks!
0
Hello,

We group our users and computers objects in Active Directory base on the city of their office in different OUs.  We have group policies which instruct computers to go to their local WSUS server to get Windows Updates based on the computer physical location.  

Some wireless LAN users bring their laptops away from their office to another regional office.  This causes a network issue when their laptop connect to a regional office that has a slow network connection.  This is because the traveled laptop is still in its original OU in AD and pulls Windows Updates across the WAN.

If someone knows a work around, please advise.

Thank you in advance ; )
0
I have recently created WSUS server on windows server 2008 R2. Have setup group policy and other thing properly but clients are not reflecting in WSUS console. No client reported to WSUS server.
0
One audit finding was raised to us:

a) it's a risk if SCCM (which we use to manage PCs, workstations, including critical payment workstations),
    WSUS (which we used to patch servers in Prod DMZ, Prod internal zones as well as Development/UAT),
    Desktop Central (to manage PCs, laptops), AD & NTP contain authenticators (eg: login id & password) of
    the endpoints they manage.  Do these managemt tools truly contain the authenticators?
    They may use AD credentials or even local credentials (eg: local administrator) to login to control
     the endpoints but do they actually contain the authenticators ?

b) if the answer is "yes", we were told to place all these mgmt tools (SCCM, DCentral, AD server, NTP etc)
     in an isolated secure zone rather than in DMZ so that the authenticators are not easily "stolen" : is
     this a valid mitigation/recommendation?    
    If it's too much to overhaul this, can we create Windows Firewall on these devices to block all traffic
     except the required traffic to mitigate ?

One more tool that we use to lodge privileged accounts credentials : the vendor actually recommend
we put it in DMZ when we 1st set it up, so quite confused if the vendor or the auditor is right
0
I just built two Windows 2016 Datacenter Cluster Servers for testing in my vCenter VM environment.
I have a Windows 2016 DataCenter VM which is the Domain Controller which works great.

On the two cluster servers I installed a program WindowsUpdateNiotifier which works similar to the old windows update icon in the system tray I use this on all my Windows 8 and up machines and works great.

The source for my updates is my Windows 2012 R2 WSUS server
Both cluster servers are registered in WSUS

When I try to apply the updates I get this message.

We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure your're connected to the internet.

Retry

I retry and retry no luck

How can I force the Windows 2016 to search MS online for updates too

The Windows 2016 Data Center Domain Controller works fine with updates from My WSUS server just these two puzzled

Thanks
0
Hello,

I just saw my wsus showing windows vista for windows 10 machines. I found hotfix for WIndows server 2012R2, but our wsus is 2008 R2.

Is there any work around?

Regards
0
KB2463332 simply fails to install.  What am I missing here?
0
I have WSUS Server 2012 which I am syncing with Microsoft website. It is showing that WSUS server is synced but when I verify the download folder no update is there. How to fix this? This is very urgent

Event ID:364
Error: Content file download failed. Reason: Error calling [kernel32.dll]:CreateDirectory(E:\WSUS1\WsusContent\B6) Source File:  Destination File: .
WSUS.jpg
0
Hi All,

We have WSUS configured so that client machines will "automatically download but notify for install."  I would assume that this would mean that clients would need manual approval for all installation.

However, we have a bunch of client machines that seem to be installing updates anyway.  In poking around GPO, I found a setting to disallow automatic update immediate installation.  The details seem to indicate that any updates that don't require a reboot will be automatically installed, seemingly disregarding my intention to approve all updates.

Will disallowing this setting get me to my goal, which is to manually install all updates (which have previously been approved in WSUS)?
0
Free Tool: Path Explorer
LVL 10
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hi,

As many users already reported, this month there are a lot of issues with WSUS.

I have an SCCM CB 1702 Site Server with WSUS on same server.

All was working fine until approx. 1 month ago.
The w3wp.exe process is constantly running at 95-100%.

I installed this Hotfix as described here.

However, the hotfix didn't solve the CPU usage but I could open the WSUS console again. (didn't start before)

After I've installed the hotfix, the WsusPool shuts down after recycling.
I've increased Private Memory to 8GB (used to be 4GB) but it still shuts down.
Only after I've set Rapid-Fail Protection to False the WsusPool is not shutting down.
But this doesn't seem to be a very smart setting.

Errors that keep coming back...
wsyncmgr.log
Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync
STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=CMServer.domain.com SITE=CM2 PID=2804 TID=6100 GMTDATE=do sep 14 10:02:26.175 2017 ISTR0="CWSyncMgr::DoSync" ISTR1="WSUS server not configured. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
Sync failed. Will retry in 60 minutes

WCM.log
0
i have a windows 2008 r2 server i am no longer able to install any updates. the server does not want to het installed with any updates. all updates it says not applicable for this computer message. even the standalone installer has also the same problem. with dism commands the result. i am not sure what the problem is. i tried all the tools like windows update trouble shooter , readiness tools, sfc, reset windows updates components etc. nothing seemed to work. please help.
0
I have deployed Office 2016 ISO version and I am having problems with WSUS updating office to the latest version.
Currently I am running office 2016 version 16.9.4549.1000 and windows update does not show any available updates for it.
I am running WSUS on server 2016 with every product classification turned on. I have downloaded the ADMX files for office 2016 and all the update settings only apply to the CTR version.  Microsoft seems to have abandoned office 2016 ISO and moved to the CTR version i'm guessing??

Two questions, for the love of god, why does microsoft keep doing this to us and how do I fix WSUS and office 2016?
0
Hi All,

I've got primary WSUS in the Head Office which downloads the updates and then distributes it into the Site Office 1, 2 and 3.
now, the Site Office 3 WSUS has broken, I need to know how to break the replication so I can just set it as the normal stand alone WSUS server directly downloading from the internet.

Can anyone here please let me know how to break the WSUS structure so that the site office which is now Synchronizing to the head office WSUS server can now be standing on its own?

I'm using WSUS 4.0 on Windows Server 2012 R2.
0
I'm running a WSUS on Server 2012 R2. Just about everyday, I get the following result when I access the MMC (See screen shot below-name of the server has been changed for this issue)
I can usually reset it by a simple batch file that stops and restarts ISS, and have even created a task that does this, but that din't work. I smartened up and copied the error statement to the clipboard. Here's the content of that error:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.WebException -- The request failed with HTTP status 503: Service Unavailable.

Source
System.Web.Services

Stack Trace:
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.Internal.ApiRemoting.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()
   at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)
   at …
0
Should my computers appear in the WSUS console even if I have them connecting directly to windows updates via GPO?
0
Hello,

We have a legacy internal WSUS server running on Windows 2008 which we use to deploy updates to our Windows 7 workstations using a GPO.  

We have observed that our Windows 10 workstations might not be pulling updates from this server but from the internet or not pulling any updates at all.  

Would somone please advise if Windows 2008 WSUS supports Windows 10 workstation updates?  

We operate 24x7, and we just do not want update to happen or reboot while users are working.  

Someone please advise how this should be properly configured.  

Thanks.
0
I would like to create an update server that would update clients Widows OS / Office security patches as well as update 3rd party apps like Symantec endpoint virus updates, adobe acrobat reader, java, flash, chrome.  Is there anything like this available?  I am thinking of something executed on the client side that would kick off the update.
0
Hi,

I have been following the instructions on this link and I have ran both the script to change the identity:

$updateServer = get-wsusserver

$config = $updateServer.GetConfiguration()

$config.ServerId = [System.Guid]::NewGuid()

$config.Save()

and also the command to generate encryption key:

%ProgramFiles%\Update Services\Tools\wsusutil.exe postinstall

This link then states to verify the configuration by checking to see if the computers that existed on the source server now appear - but they do not appear! I migrated the binaries previously but I put them into a folder I crated on the c: drive and I'm not sure if WSUS on the new server knows where to look to find these. I'm in a bit of a mess with this one, are there any experts on here with working knowledge of migrating WSUS servers?
0
Free Tool: ZipGrep
LVL 10
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

We want to move to a Server 2016 environment, but we have too many disparate (and disconnected) networks to do it all at once. Our WSUS infrastructure relies on WSUS meta-data being pushed up to these networks daily (along with all the install files). We are thinking of starting the OS migration with our Internet facing network. Has anyone seen issues with importing meta-data from a WSUS 2016 server into a "lower" OS version like 2012 R2 or 2012, or can it even be done?
0
Just setup WSUS on my 2012r2 server.  Created my GPO and I've pushed it out to one client Win10 Pro

The client is not being listed in the WSUS control panel.

Not sure what else to look for.

Thoughts?

Thanks!
0
I have already a wsus server but I recently created a SCCM server and now wants to link wsus server with SCCM.
0
I have a Windows 2008 R2 Enterprise Server that was Running WSUS using a SQL 2008 server database.

I moved this process to a Windows 2012 R2 using WSUS 4.

Now I get the errors every six hours.

Log Name:      Application
 Source:        Windows Server Update Services
 Date:          8/25/2017 8:10:27 PM
 Event ID:      12002
 Task Category: (9)
 Level:         Error
 Keywords:      Classic
 User:          N/A
 Computer:      S010.net.com
 Description:
 The Reporting Web Service is not working.
 Event Xml:
 <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
   <System>
     <Provider Name="Windows Server Update Services" />
     <EventID Qualifiers="0">12002</EventID>
     <Level>2</Level>
     <Task>9</Task>
     <Keywords>0x80000000000000</Keywords>
     <TimeCreated SystemTime="2017-08-26T00:10:27.000000000Z" />
     <EventRecordID>349568</EventRecordID>
     <Channel>Application</Channel>
     <Computer>S010.net.com</Computer>
     <Security />
   </System>
   <EventData>
     <Data>The Reporting Web Service is not working.</Data>
   </EventData>
 </Event>

Log Name:      Application
 Source:        Windows Server Update Services
 Date:          8/25/2017 8:10:27 PM
 Event ID:      12052
 Task Category: (9)
 Level:         Error
 Keywords:      Classic
 User:          N/A
 Computer:      S010.net.com
 Description:
 The DSS Authentication Web Service is not working.
 Event Xml:
 <Event …
0
Hello,

I have an important basic question about the WSUS process.  

When a Windows admin clicks the “install updates” to start the installation of the downloaded Windows Updates, the production server and whatever services running on the server should still be available to the end-users until the point that the installation is finished, and reboot, right?

Thanks.
0
Issue: When attempting to deploy “Windows 7 and 8.1 upgrade to Windows 10 Enterprise, version 1703 en-us, the update fails. The clients are showing the Windows Update error 80244019.

Setup: WSUS on Server 2012R2. Deploying updates through WSUS generally working correctly.  

When I researched the error I found articles indicating that in order to push out “Branch updates to Windows 10” the patch KB3159706 is needed.

So I tried installing that patch, but it would not install because I received the message: Windows Update Standalone Installer “The update is not applicable to your computer”. Further research revealed that the April 2014 update rollup for Windows Server 2012R2 (KB2919355) was a prerequisite.

 I checked our server, and found that rollup was in fact, installed. In looking further into the rollup, however, Microsoft says that a prerequisite to that April 2014 update rollup is KB2919442. I checked our server for that update and found that it is not present. So I tried to install it, but I also get the message that “the update is not applicable to your computer”.  At that point, I tried uninstalling KB2919355, reasoning that if 2919442 was a prerequisite, uninstalling the rollup would allow me to install the other patch. It seemed like it was uninstalling, but after restarting the server, Windows reinstalled it. At this point I’m at a dead end.

The bottom line to all this, is I cannot deploy the Windows 10 upgrade through WSUS. Help!
0

WSUS

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.