Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

So far

enabled "built in Admin account" and tried all items below (not necessarily in the order shown) in that context:

Troubleshooter, said it had found and fixed problems. The only one identified was getting BITS up and running again

ran DISM with "restorehealth" etc
ran SFC /scannow

attempted setting services
UsoSvc already running, no problem

Wuauserve disabled. Set to automatic. Started.
WaaSMedicSvc - disabled. Tried to set to automatic. Access denied.

Found refs to that happening when you try to DISABLE the service and that you can only do it with a 3rd party tool like Windows Update Blocker.

I do use a 3rd party tool - Winaerotweaker - which effectively disables windows updates whereever I want it to. But re-enabling them is as trivial as disabling them (remove 2 ticks) and that works across my client estate with Win 10 versions from 1511 to 1909 so I don't believe that it's the guilty party on this occasion.

Went to regedit

Waasmedic and Wuauserv both Start values set to 4, Reset to 2

on reboot or any attempt to restart services, those values reverted to 4 (disabled)

Changed ownwership on both keys from SYSTEM to Administrator, Reset start key.   Same behaviour (reverts on reboot or attempt to run services

Downloaded windows10.0-kb4524569-x64
(latest service settings for 1903)

attempted to run multiple times before during and after the above fixes.

consistently failed to run with error 0x80070422

Am about to …
Hi experts.

We use Sharepoint 2016 and 2019.
Both are patched  by WSUS. Starting in December '19, the updates for these products where no longer downloaded by WSUS, nor can they be imported manually.

Can you please confirm this?
In WSUS (version does not matter), right click the updates section and search for update ID 4484215 (january 2020 update for sharepoint 2016) - does your WSUS find it?
To be detected, the office 2016 product needs to be enabled, of course (Sharepoint is part of office in WSUS)

For those of you, who have office 2019 enabled in WSUS, please try to search for update ID 4484224

I suspect that MS has screwed up something, since it stopped to detect these updates in december already.
We have a the following topology:

A. (5) Regions. WSUS at the Region with a SQL Database
B. 100 Branch Offices. WSUS as a VM at each office. No SQL.

We are having issues at the Branch Offices with the WSUS DB filling up with the native SQL Lite at 10GB.

A couple of questions:

1.  Can the WSUS at the Remote offices access the Regions WSUS SQL to prevent this? If so, how?
2. Can the Branch Offices WSUS utilize WID to alleviate the 10GB limit on SQL Lite?

Any recommendations or suggestions are welcomed.
Hi, We have a scheduled task that downloads Office 365 updates to our Wsus Server > WsusContent\Office365\Office\Data
This has versions running back to 2017 and is taking up a lot of space.
A normal Server Clean Up wizard within the WSUS console doesn't touch this folder.
Is it safe for me to manually delete the older folders and corresponding .cab files?
i guess i need to leave the file
RickWSUS folder
I need some help here to understand why our WSUS implementation is not updating Win 10 1809 to 1903 or 1909. You can see in the attached screenshots that the updates are approved for install but they simply will not install. I have gone through all I can find about this so finally thought I's throw up a hail-mary here to see if someone can shed some light.

In the attached screenshots, you will see that the required updates are approved for installation, but their status is "downloaded". I am not sure what that means and I have been unable to find out too :/

Thanks in advance and please let me know if there is any info you need.

WSUS - on a Win2019 Server
Hi expert

I was having problem to do a manual windows update for the following KB;

KB4525236 updates Windows 10 1607 to Build 14393.3326 – 12 Nov 2019 and showing an errors "is not supported"

And current version is running on windows server version 1607 (OS build
14393.3274)  windows server 2016 64 bit.

For your information, it need to run manually for the monthly windows update instead using the WSUS solution.
Our company is under a change freeze, which includes stopping ALL windows updates on Win10 laptops until the change freeze is over. This is non-negotiable for my department. I noticed on some laptops MS Quality updates are still installing, even though we never approved them in WSUS.

I see where you can defer Quality updates for Win10 for 35 days in group policy, but we need to stop ALL updates until our change freeze time is over. As in, i need to disable this behavior for the moment.  Please don't debate the necessity of this, again, it's a company decision above my department.

How can i go about disabling these updates from occurring? There has to be a solution for this.

Hi Experts,

I have an issue with SCCM and the 3rd party tool PatchMyPC.
There is an issue with the certificate.

See the log:

There was an error when attempting to save WSUS signing certificate configuration. Will retry on next sync. Exception: System.ComponentModel.Win32Exception (0x80004005): %1 is not a valid Win32 application~~   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)~~   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSetSelfSigningCertificate()~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Save(Boolean detectConfigChange)~~   at Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.TriggerWsusNewSigningCertificateCreation()

Open in new window

On the WSUS the cert is self-signed and valid until 2023.

Do you have any ideas ?
I have wsus on my windows2016 server, every time it's crash and I cant synchronize
I try steps in this post: 
but its not work , any idea?
Looking for suggestions/advice on how other MSP's for managing Windows 10 feature (build) updates.  This includes deferment and deployment.  Due to the number of clients (and smaller clients) WSUS does not seem like a logical cost effective option unless it is the only option.

We currently utilize Kaseya Software Management utility to deploy updates but this does not include the ability to control feature updates.
All clients are using Windows 10 Pro not Enterprise.
We have numerous instances of MS SQL Standard 2012 in our environment. MS's product lifecycle page shows SQL 2012 Service Pack 4 as supported until July 2022.

I'm seeing different information regarding MS support for Critical and Security WSUS updates. Am i reading it right that if we install SP4 on those we will continue to get WSUS critical and security updates but may have to pay a fee if we call MS as they are in extended support and no longer mainstream?

Do i have that correct?
Feature Update to Windows 10 (consumer editions), version 1903 is showing up in WSUS as non-applicable to have of the workstations in the domain.  All workstations come from the same 1803 image.

Any ideas as to why?

If I have 2 WSUS servers, one is the main server and the second is the downstream server (replicate) then how client knows which one it should talk to?

I understand that all environments are different. However, I was wondering what most of you use to patch windows, third-party, VMware, etc.

My company evaluated a few applications: Ivanti Security Controls( formerly Patching for Windows), Solarwinds, Connectwise.

So far Ivanti is our top contender because it can patch esx hosts, VM templates, CVE lists, generates decent reports. Yet, it has a few shortcomings we didn't like. One was that there is no web-based console. We would need to leverage terminal services on a server for multiple admins to connect. Also, it doesn't have role-based administration groups.

I understand that all solutions will come with caveats. Any input will be appreciated.
SCCM Windows Updates Relevant to Specific Computers.

I have installed and configured WSUS in SCCM.
Now I can see Windows Updates on SCCM console.  I would like to know which Updates are needed for each computer. For instance , when I select a specific Computer in the Collection, I should see which Updates are needed for that computer  then deploy them to that computer.

I used different Patch Management Software.   Where You can select a specific computer, it will show you all relevant Updates for that computer, then you can select the updates you want to push to that computer and proceed...

I know SCCM will push only to Collection of Devices instead of a single computer. I found a work around that , as I can create an Empty collection then go to a Device and add it to that Empty Collection. Now for Windows Updates relevant to a specific computer. there is not an option.. the only option I found, you can add Criteria , for instance  Product: Windows 2012, Severity: Critical , then you can deploy to a collection whatever updates you have filtered.  There might be Computers in the Collection that do not need the updates you are deploying to them.

Any Clean way in SCCM to visualize Updates Needed by a computer then deploy the Updates to that computer ?

Thank you
Setting up a new WSUS 2016 Server and can't seem to figure out the correct items to select for autodownload/auto approve.

I'm quickly exceeding the 500 GB drive that I've assigned to the device.

Can someone please guide me as to the best practice here?
Got a hit on our vulnerability scan this month, MS15-058, it's referring to WID used by our WSUS.  It's saying the current version (2014.120.2000.8) should be (2014.120.2269.0) is there anyway to update this, or does WSUS itself need to be updated?
I have a problem with Windows Server 2019 to be able to open some network ports.
Does no matter if firewall is enabled or not, incoming rules are setup some ports does not works.
Only some of the ports works installed with features.
If I want to run something else like Sage 50 port 13531 , WSUS 8530, SpiceWorks 9676 i can see only sync packet coming in and that's all.
There is no any other firewall installed.
I can connect to local host on those ports, but even if I use external IP address of the server it does not work.
It does not work from clients computers as well.
It looks like process is listening only on localhost (
System is setup as a virtual machine in Hyper-V.
All other virtual machines do not have this problem, so I know that this is not related with physical hardware or virtual switch.
Did anybody experienced similar problem  ?
Windows 10 users do not get notification saying that the computer need a reboot, or the forced reboot "will restart in xxx min" after certain days set in the GPO.
hello IT people

I'm facing this issue in my main wsus server. the main and only server for now.


so, what could be wrong?
Recently someone suggested to me to manage Windows Updates in my organization using a WSUS server, SCCM and powershell patch audit utility.   Before the person suggested this this to me I thought I would manage updates using 1 of the 3 above, not all three.  I am familiar with WSUS, and powershell patch audit utility.  

 Could someone provide me with a top-level breakdown of how these components work together?  
Or... can you suggest your preferred method?

Is there way to auto-approve Windows update from WSUS?

Is it possible to configure the WSUS policy if it can't find some window features on WSUS, it can redirect clients to Microsoft website to install some WIndow features ?

What would be the best way of making sure that Microsoft Office clients do not update themselves? I am running a Windows 10/Server 2016 environment, Office is a combination of 2016 and 2019 Click to Run. I do not use WSUS or anything similar.

Is there a registry key that can be applied to all machines via a logon script for example?

Many thanks :)
I have a Server 2016 - it's actually a terminal server with a lot of apps on it.  I can not get an updates on it. I think the last time it updated was sometime early July, maybe even June.  I've tried deleting the software distribution folder and re-registering it with my wsus server but still not luck.  I've tried Sconfig and that doesn't work either.  I even tried downloading the updates manually and installing them and that isn't working either.  There is no information in the event logs and the update history isn't any help either.  I've tried dism too and that hasn't given me any information either.  This is a VM and it's heavily used.  I'm out of ideas.. Any suggestions?


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In