Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post

After spending much time and with the precious assist of experts exchange I finally managed to install a WSUS in windows server 2008. Everything now works ok except one thing. In my site I have 2 windows servers standard edition 2012 r2 that do not receive updates from WSUS. When manually try to check for updates i get error 800B0001. Could you please help me on this?
I have about 35 computers out of 325 that show they have failed updates on them from the WSUS server.
They have been on their now for about 3 days. Is there something I can do from the SUS server to get theses updates on these computers to be successful?
Hi Experts

I have set up an working WSUS schedule and got my updates downloading to my WSUS server and my clients connecting, downloading and installing the updates as expected.

However, when I check the computer group they are showing that there are 5 updates still to be installed, therefore I am seeing the yellow exclamation mark icon.

I have checked the clients, which are mainly Windows 10 machines, with a few Windows 8.1 as well, and they all say they are up to date.  

The updates are:
KB4016509 - English and Portuguese Laguage packs
KB3061064 - Update rollup for Skype for Business Server 2015 SmartSetup

I have only approved English Language packs to be downloaded.  Although I think the US language pack feature may be configured on the clients.

Is there any way of telling WSUS to ignore these particular updates.  Really need to get my Green Ticks in place !!!

I'm trying to connect MDT to WSUS to download Windows updates during the deployment of the Windows 10 image. First, I have configured WSUS to download and approve Windows updates automatically, and then in the Rules list in MDT I have add it the "WSUSServer=" of WSUS to download the updates from. Also in the task sequence I have enabled (Windows Update Pre-Application Installation) and ( Windows Update Post-Application Installation) but still does not work for me. The task sequence it does show that is trying to connect to WSUS but it cannot download any update. I'm attaching two screen shots regarding this problem. Thank you, and your help will be very much appreciated.
Why does WSUS on server 2016 have so few products and classifications?  I just installed a new WSUS and all I see are just a few products and classifications.  Do I need to roll back to 2012 R2 or did I miss something?

Hi Experts,

I have installed WSUS application in one of the  server and is working fine. But due to issue of disk space I am needed to move WSUSContent to other location. I have used wsusutil movecontent command to move the everything to other location and it is completed without any error.

Now, the catch is that, I have moved all data to workgroup computer from the domain computer. Now when I am trying to download the updates, I am getting the following error

event ID 364:  content file download failed. reason error calling kernel32.dll createdirectory.

I have shared the folder in workgroup computer with full permission to Everyone and also have created one user with same user name and password in workgroup computer as user in the domain to avoid authentication issue. I have the registry setting as well and provide the path of WSUSContent to shared folder of workgroup content

But still got no luck.. Any help please..
Hi Everyone

I have finally got WSUS configured and updating my clients as I want.  I have set critical and security updates to Auto Approval and everything else to install automatically once specifically approved.

Assuming everything is OK with the Test OU I will push out to the rest of the domain.  I havent yet got round to the servers as I wanted to make certain I wasn't rebooting them unexpectedly.

I just have a couple of things that I wanted to clear up.  

1.  Am I right in thinking the Microsoft Updates are released monthly (every 2nd Tuesday) ?

2. Is there any websites or similar that list known problematic updates so I'm not blindly approving things that could cause a problem.  I have had a look at the Microsoft Update website and it appears to show Known Issues that the updates will fix.  We had a problem some time back with an Office update and it took a lot of googling to identify the specific update.

Thanks for reading :)
Hello - I am running SCCM 2012 R2 and when attempting to pull a list of Adobe updates (product) from filtering, I do not have Adobe listed as a product. Another tech that has been here longer mentioned that we needed some sort of plugin. Can you advise as to what I need to do to allow Adobe updates as a product list within SCCM?

Thank you so much.

Hi, will try briefly explain the problem: hundreds of Windows 10 pc’s, versions: 1511, 1607, 1703, 1709 in WSUS environment (Win2012R2).
Is it any way to have them divided in groups? Can this be done in WSUS?
Is it any scanning software that can help to identify: IP, OS/ver of pc’s in “delegated” OU of an enterprise?
Thank U.
Need to configure new WSUS server to support Windows 2010 Enterprise workstations.

My current environment.
DC1 = Windows 2008 R2
DC2 = Windows 2008 R2
Forest and Domain Levels are at 2003

Need to implement WSUS for my environment which is now all Windows 10 Enterprise.  I installed WSUS in the past but I'm hearing that it is a feature in Windows 2012 R2 server which I'm currently running.  When I install the WSUS on my Windows 2012 R2 server I believe it is the 3.0 version and not the 4.0 version.  I also heard that I need to install some patches before synchronizing all the updates.  Any assistance or recommendations will be much appreciated.
WSUS reports

At the moment we use WSUS for our Microsoft updates. The servers  are set just  to download updates and notify. The servers are not listed in the WSUS console . I gave an auditor a report of all computers in the WSUS console and she asked me why the servers were not listed. I told her they do not report to WSUS and she told me there is still a way to get a report for them out of WSUS

Any ideas?

Is there a way that we can add a secondary update source when local WSUS is not available?

We have a selection of users who do not come into the office very often and cannot talk to the local WSUS externally.

Is there a way that in group policy we can say use Windows update if they cannot talk to WSUS?

We are having problems windows 10 clients reporting to WSUS.A very high percentage of clients are not reporting. Some of them are reporting fine with no problem. All clients are with same configuration and connecting to the same network. I have attached logs of both clients one was connected and one wasn't .I really need help of some WSUS experts who can look in to the log and give me some suggestions please  . I have made some changes in logs and changed server name but they are obviouslyWindowsUpdate-B25122-Failed---Copy.txt exactly the same.
Hi, I just stepped into a new role after a colleague retired and as part of my duties and responsible for MS patching of all servers (several dozen) in the environment. The previous task owner used WSUS to approve and download Critical and Security patches, and manually updated servers in daily groups with nightly scheduled reboots, a process that spanned a few weeks each month. I'm looking for suggestions on more fully automating the process (approve, download, install, and reboot) on a budget, ideally a $0 budget, to be precise.
TIA for feedback.
Hi, we have a mixture of Windows 7, 8.1 and various build versions of Windows 10 on our network.
I want to upgrade the Windows 10 1703 builds up to 1709
The products and categories options are set correctly, but I understand I need to add the mime type .esd within IIS on the WSUS server.
Just before I do this, I just wanted to check that this will only target Windows 10 Machines, and not try and update windows 7 etc to Windows 10?

I recently configured my WSUS upstream server to use SSL on port 8531.My downstream servers are connecting and synchronizing fine no  errors, but unable to download Security and Critical updates from my upstream server.

When I check the URL for the content store, it is pointing  to  http://myserver01:8530/content/02/72ea.....
 I believe this is why my downstream servers not getting updates.

Is there a way to change the content port to point to http://myserver01:8531
Does anyone know the state of patching Hyper-V Server 2016 (just the hypervisor)?  A Microsoft engineer told me that Hyper-V Server is not applicable to the new Windows patches that were just released but I'd like to get a second opinion on that.  Currently, my Hyper-V Server never reported to WSUS that it needed the January Meltdown/Spectre update that was applied to Windows Server 2016.
Ive got a couple of DCs which are not seeing any SCCM Windows patches, they both have a GPO pointing them to a WSUS server, Ive checked the Windows update logs and it states something about a proxy issue but I doubt servers need a proxy to be set for WSUS/SCCM updates. Any ideas on where I should start?
Hello SCCM Experts,

I have inherited an SCCM 2012 server where the WSUSContent is growing out of control.  I first ran into problems with drive space last week.  I added more space (100GB) but synchronization was still not working.  I had to do a wsusutil reset to get synchronization to work.  I didn't empty the contents of the WSUSContent folder before I did the wsusutil reset.  Here are my questions/thoughts:

1.  If I follow the delete the contents of WSUSContent per this article:, will this work with my version of SCCM?
2.  Can I uninstall and reinstall the WSUS portion of SCCM.  I found an the following article explaining the procedure to do this if the Windows Internal Database is used in SCCM.

The article states:  Note that if you see ##SSEE (in HKLM\Software\Microsoft\Update Services\Server\Setup\SQLServerName), this blog post is not applicable to you.   Of coarse this is what we have.  Does anyone know the steps for recreating the SUSDB and WSUSContent folder on a build using SQL Server?

Any help would be greatly appreciated.

I have configured WSUS server on Windows server 2008 R2. I have more than 500 hundred clients but only a few clients are reporting in WSUS server. I have checked

1. wuauclt.exe /resetauthorization /detectnow

2. wuauclt.exe /detectnow

GPO seems fine.
I am getting the following errors when I try installing the WSUS 3 SP2 on a window server 2008 R2.

2018-01-09 23:33:29  Error     MWUSSetup          InstallWsus: MWUS Installation Failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:29  Error     MWUSSetup          CInstallDriver::PerformSetup: WSUS installation failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:29  Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
2018-01-09 23:33:44  Error     MWUSSetup          DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)

Any thoughts?

For some strange reason the patch will not install on any w10 v1607 in my entire domain. If I take that same machine and bring it up to v1709 and applied the appropriate Meltdown patch... It installs.
There is a know issue with Bloomberg and v1709 which why I must remain on 1607.

See screenshot below.
We just setup a new WSUS server version 6.3 running on server 2012 R2.
It seems to be brining in the pc fine during the day, but each morning when I go into the WSUS console, I get the error message that says: An error occurred when trying to connect to the WSUS server.
When I check the event view there are errors in there complaining about all of the SUS components not running.
If I reboot the server, which I have to do every morning, then the WSUS works fine and then over night it stops working once again.
Any ideas on what I can do here would be appreciated.
We have several servers that are pulling the GPO set for getting updates from our WSUS server. Though, they are not registering. I cannot see them in the Servers target list. This is also specified in the GPO. I ran a GPRESULT, and the GPO successfully applied. This also reflects in the registry of each server.
Hello! :)

In our environment we have a SCCM Current Branch Primary Site Server integrated with a WSUS Server in our Data Center to retrieve Microsoft Security patches.

We have several geographically distributed locations where we have a lot of computers not being administered by SCCM due to business needs.

Recently we were given the task of providing some power users with the capability to update the computers that are not SCCM clients with Microsoft Security patches at their convenience.

I want to re-use the existing central WSUS "SCCM-integrated" server so that in addition of being used by SCCM it also is capable of acting as an upstream server - for this manual patching process - and then configure additional WSUS downstream servers connected to it at each large site to relieve traffic from the WAN links.

Is this solution possible (have an existing WSUS "SCCM-integrated" server to both be used by SCCM and also be capable of act as an upstream server for a manual patching process)... or should a separate server be setup and configured to be the upstream WSUS server for the manual patching process?



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.