Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

Group Policy with Windows Updates on Windows 10 clients

I am having trouble getting my Windows 10 machine to install updates automatically and then prompt me to reboot (my objective of a test with WSUS).  I am testing a GPO on a network, so it may be used with the rest of the network users.  My machine is currently the only client applying a new GPO that is set to "Download updates automatically and install at scheduled time" (12pm) every day.  When I run RSOP.MSC I can see the settings are present on the machine.  When I check the Windows Update Settings screen, I can see that "some settings are being controlled by another computer" (the WSUS server) and that "some updates are available" - but it never installs them.  I instead have to click the INSTALL button manually.  Is this something to do with the Windows 10 OS?  or maybe my GPO is not configured properly?  The WSUS server is windows 2012, on a 2008R2 AD network.

thanks for your help
2016 WSUS server pushing Windows 10 Updates.   Can I keep it from rebooting the PC and just warn the user that Updates are pending?

I'm looking for a way to prevent Windows 10 from downloading updates over a VPN connection, what is the most efficient way to configure the VPN connection as metered? Is it possible to configure a block on an IP range in WSUS?

Kind regards

Hi All,
I have given a task to implement WSUS only for the servers(Windows server 2012 r2) to get update. Scope is to all servers to receive updates from wsus server and install automatically (I have enabled auto update and scheduled install). But i have instructed not to enable auto restart after update. Please recommend me the best practice GPO settings to fulfill following requirements -
Auto install
scheduled update
no auto restart (i have instructed to perform manual restart on monthly basis) - doesn't matter user logged in or not
Group policy is applied to Win 10 computer, but the Win 10 computers settings do not change.  Specifically, we are testing a new WSUS server on the network.  We're using a Windows 10 machine for testing.  We've verified by using the Group Policy Wizard that the machine had the correct GPO applied, which has all the new WSUS server settings in it.  After confirming the GPO was "applied" to the test machine, when we pull up the GPEDIT on the Win 10 machine, we see that NONE of the GPO settings were actually applied - everything was default and not enabled.  What causes a machine to "ignore" GPO settings, when that GPO was successfully applied??  The AD server is 2008R2.

Thanks for your help
I am successfully using WSUS to update our fleet.
I have an issue with the timing of the installation and reboots, particularly of Servers.

At 4am (scheduled install time) all servers download, install and reboot.
Which is what its meant to do.
The issue i have is that often the reboots happens within minutes of each other, and worse, may have all Active Directory Servers rebooting at exactly the same time, so for a few minutes there is no AD servers on the network.

I want to be able to randomise the reboots by 1 hour so that they dont all occur at exactly the same time.

I looked at the Maintenance Scheduler GPO settings which should allow randomisation, so that the Automatic Maintenance runs at 3am (plus or minus 1 hour), which should install Updates and reboot if needed. But this doesnt seem to work.

My GPO settings are as below:

Computer Configuration (Enabled)
Administrative Templates

Windows Components/Maintenance Scheduler

Automatic Maintenance Activation Boundary Enabled  
Regular maintenance activation boundary 2000-01-01T03:00:00

Automatic Maintenance Random Delay Enabled  
Regular maintenance random delay PT1H

Windows Components/Windows Update

Allow Automatic Updates immediate installation Enabled  
Automatic Updates detection frequency Enabled  
Check for updates at the following
interval (hours):  6

Configure Automatic Updates Enabled  
Configure automatic updating: 4 - Auto …
Whether  Downloading different OS updates sequentially using WSUS is possible?

Query: Set WSUS for “Win 7” updates, Approve and download. Move the download updates to another folder. Change the setting to “Win 10” updates, approve and download  
While performing Image Testing, If Images created using different version (Build) ,  To test two Image (2013/ 2017 with different build), is there any difference in the updates that get downloaded using WSUS. If yes, Then how to manage using WSUS ?
I need to present the computer status tabular reports in form of pie charts and then have the report sent automatically.  Please help me with how I can go about it. I am quite new to this so would appreciate answers in the most basic form if possible.
Thank you.
I need to present the computer status tabular reports in form of pie charts and then have the report sent automatically.  Please help me with how I can go about it.
Thank you.
Windows server 2003 get synchronization failure with following error. What's wrong? How to fix it?

WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()

We recently set up a new WSUS server with Server 2012 R2 OS.
GPO's are working fine, all updates are downloaded on the WSUS server.

The problem is that the update on the client side is not downloading.
When running WSUS diagnostic tool, on the client, it says that the content is not found.

How do we fix this issue?
Permissions on the content folders are configured correctly.

Please see below:

# Solarwinds® Diagnostic Tool for the WSUS Agent
# 2018/03/12
Machine state
  User rights:                                       User has administrator rights
  Update service status:                             Stopped
  Background Intelligent Transfer service status:    Running
  OS Version:                                        Windows 10 Pro
  Windows update agent version:                      6.2.15063.674 (WU Agent update is required)
Windows Update Agent configuration settings
  Automatic Update:                                  Enabled
  Options:                                           Automatically download and notify of installation
  Use WSUS Server:                                   Enabled
  Windows Update Server:                             HTTP://WSUS-Server:8530 
  Windows Update Status Server:                      HTTP://WSUS-Server:8530
  WSUS URLs are identical:                           Identical
  WSUS URL is valid:                                 Valid URL
WSUS Server Connectivity
  clientwebservice/client.asmx:   …
Windows 2008 R2 Server Failing to install updates
Windows 2012 R2 Server running WSUS 4.0
Other servers updating fine.

One update fails to apply this is after we lost power to the data center all machines came backup up with now errors
This is a physical box running Exchange Server 2010

The update is KB915597  Defender update

The server continues to report to the WSUS server every 6 hours per GPO policy in place

I ran this process on the server

Please try the following steps on your client:

1. Stop the Automatic Updates service and BITS service.

net stop wuauserv

net stop bits

2. Delete “%windir%\softwaredistribution” directory.

3. Start the Automatic Updates service and BITS service. When these two services
have been started, they will auto-create “softwaredistribution” and its subfolder
at system directory.

net start wuauserv

net start bits

4. After the “%windir%\softwaredistribution” directory has been generated, please
let the client contact the WSUS server immediately.

wuauclt.exe /resetauthorization /detectnow

If the problem still exists, please check %windir%\windowsupdate.log
and post the error message in this thread

In the Windowsupdate.log I see this

2018-03-09      21:46:29:060      2040      40e8      Handler      :::::::::::::
2018-03-09      21:46:29:060      2040      40e8      Handler      :: START ::  Handler: Command Line Install
2018-03-09      21:46:29:060      2040      40e8      Handler      :::::::::
2018-03-09      21:46:29:060      2040      40e8      Handler        : Updates …
i have wsus installed on windows srv 2016 when i try to make the client gate the update from wsus the wsus pool on iis stopping
so where is the problem ?
i have windows 2016 and i install wsus role.
first time evertging is working fine.
after i start sync  when i reload the wsus consol and when i click on sync it's give me after 2min that it's can connect to wsus server.
Two Hyper-V Server 2016 virtual servers are having problems downloading and installing the Server 2016 KB4074590 update.

Please provide me with instructions on how to manually download and install this update within Server 2016.

My organization currently isn't using Windows Server Update Services (WSUS).
We recently upgraded our WSUS to a windows 2012 server following the process outlined in one of the articles on the web The upgrade process went to plan, I deleted the original wsus server after taking a complete backup and the new machine was added to the domain with the original name and IP address. For some reason none of the clients are reporting back to the server. I have attached a  log from my workstation where you can see that it is complaining that it cannot contact the web-server

[webserviceinfra]WS error: There was an error communicating with the endpoint at 'http://mpau-wsus/SimpleAuthWebService/SimpleAuth.asmx'.

I am stuck with how to proceed from here. Any help would be appreciated
Can I have the powershell script for .exe files multiple patch installation
Hello all,

Some of our machines are in WSUS, but they are not taking updates. I looked up the computer in Wsus and it shows updates have unknown status. We have 20 WIN10 test machines 16 are good but 4 machines are showing no status.
Any suggestions?

We have a group policy where the pc's report to WSUS. I would like the servers to report to it also

We have a group policy for the computers but I do not see anything for the servers. At the moment each server gets  its updates from the internet

Do you have any idea where I would find the group policy for the severs?

The update control panel is locked down for the computers but its not for the servers
After spending much time and with the precious assist of experts exchange I finally managed to install a WSUS in windows server 2008. Everything now works ok except one thing. In my site I have 2 windows servers standard edition 2012 r2 that do not receive updates from WSUS. When manually try to check for updates i get error 800B0001. Could you please help me on this?
I have about 35 computers out of 325 that show they have failed updates on them from the WSUS server.
They have been on their now for about 3 days. Is there something I can do from the SUS server to get theses updates on these computers to be successful?
Hi Experts

I have set up an working WSUS schedule and got my updates downloading to my WSUS server and my clients connecting, downloading and installing the updates as expected.

However, when I check the computer group they are showing that there are 5 updates still to be installed, therefore I am seeing the yellow exclamation mark icon.

I have checked the clients, which are mainly Windows 10 machines, with a few Windows 8.1 as well, and they all say they are up to date.  

The updates are:
KB4016509 - English and Portuguese Laguage packs
KB3061064 - Update rollup for Skype for Business Server 2015 SmartSetup

I have only approved English Language packs to be downloaded.  Although I think the US language pack feature may be configured on the clients.

Is there any way of telling WSUS to ignore these particular updates.  Really need to get my Green Ticks in place !!!

I'm trying to connect MDT to WSUS to download Windows updates during the deployment of the Windows 10 image. First, I have configured WSUS to download and approve Windows updates automatically, and then in the Rules list in MDT I have add it the "WSUSServer=" of WSUS to download the updates from. Also in the task sequence I have enabled (Windows Update Pre-Application Installation) and ( Windows Update Post-Application Installation) but still does not work for me. The task sequence it does show that is trying to connect to WSUS but it cannot download any update. I'm attaching two screen shots regarding this problem. Thank you, and your help will be very much appreciated.


Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.