[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Share tech news, updates, or what's on your mind.

Sign up to Post


I have recently configured the Wsus server 2012 and applied the GPO to get all updates on servers on  our MS estate which consist over 200 Servers mostly Server 2012 but  few still on Server 2003 which I need to exclude  from this.  
I have created the custom update view for server 2012 and choose  only for  critical, security, and roll-up updates. But unfortunately non of the server is appearing in costume view. all server 2012 and 2003 are apearing under All computer--->Servers.
 Please  how I can  force only mention updates only on Server 2012 and exclude the Server 2003 to disappear from Servers under the All computers.
secondly how I can force to get Custom view updated and can apply in more refine way to push the updates.  

Please help.

I'm puzzled how to handle WSUS Feature updates for Windows 10 that won't install.  I found the thread https://www.experts-exchange.com/questions/29062227/Understanding-Windows-Update-change-in-Windows-10-Feature-Quality-CB-CBB.html which explains that its risky to install these major upgrade via WSUS, but the problem is, if I can't install the Feature upgrade, then no further updates will install, the PCs just stay stuck at that level.  The only way I've found around this is to to take each device off the network, install the Feature Update & then rejoin it to the network, but that's really disruptive to the users.  How are other people getting their domain based Windows 10 devices updated?
Having difficulty getting WSUS to deliver the following Anniversary update to our Win10 Pro 1607 laptops - WSUS works normally for all other updates to these laptops:

Feature update to windows 10 pro version 1703 en-us

I have a new Server 2012 R2 WSUS server pushing updates via GPO - with the update approved and showing Install on status. Once the install begins, the Win10 Pro laptop shows "Downloading 0%...." for the update, then fails shortly after with Error 0x80244007.

i've looked online and added the MIME type .esx (application/octet-stream) at the WSUS IIS server level and it shows inherited at the WSUS administration website level as well. Tried removing/replacing SoftwareDistribution folder, ran MS Update troubleshooter, it still fails.

I've attached my GPO settings also in a WordPad file, and the resultant Windowsupdate.log is below for the laptop as well.

Please let me know what might help. Thanks!


2018/05/04 09:46:47.1291913 1236  7720  Misc            Got WSUS Client/Server URL: http://ds-wsus:8530/ClientWebService/client.asmx""
2018/05/04 09:46:47.1292977 1236  7720  ProtocolTalker  OK to reuse existing configuration
2018/05/04 09:46:47.1293030 1236  7720  ProtocolTalker  Existing cookie is valid, just use it
2018/05/04 09:46:47.1293045 1236  7720  ProtocolTalker  PTInfo: Server requested registration
2018/05/04 09:46:47.1723160 1236  7720  Misc            Got WSUS Reporting URL: …
Three servers in WSUS are acting strange.  I have three servers, each named server1, server2, and server3.  I can get one of them to check in with WSUS, but not the other two, and they are trading places.  I can get 1 to check in, and then when I get 2 to check in, 1 disappears.  It seems I can only get one of the three to check in.  I have had each of them, at one time or another showing in WSUS, but the other two not.  I can restart services and force a checkin, but I can only get one server of the three to check in at a time.  

I have verified the GP, verified DNS, made sure the IPs are all different.  I just can't get more than one of the three to check in.  

Anyone seen this?

Would like to replace my 2012R2 WSUS server with a 2016 standard WSUS only role.  My question is there any value in making this a downstream server to get all of the metadata?
I am having so many issues with the 2012 WSUS  that i just want to deploy a new 2016 WSUS and decommission the old 2012 WSUS.  My enviroment is 95% windows 10 Pro with some Windows 7 Pro  that are currently being replace.

any thoughts or best practices are welcome and thanks in advance

Thanks  Alain
after installing Office 2016 there are still loads of updates from WSUS, can I download a single cumulative update patch and slipstream it or similar into the Office install?
Hello ,

Please tell me WSUS version compatible with windows 2016 servers

WSUS Version: 3.2.7600.226
 Windows 2008 R2

We need to upgrade the version to make it compatible with windows 2016 servers ( Members servers ) as well. Kinldy let us know the version to which we need to upgrade and provide the upgrade steps.
Hello ,

This is regarding WSUS upgrade , We need to know upgrade the version to make it compatible with windows 2016 servers as well. Kindly let us know the version to which we need to upgrade.

We are currently running the following:

WSUS Version: 3.2.7600.226
Windows 2008 R2

Hi all :)

I have had to rebuild the server 2012 r2 (a DC) that WSUS lives on.

I reinstalled server 2012 and WSUS with the same configuration as it was previously.

The problem is that even after 2 days no computers have reported in to WSUS.

I use a GPO pointing all Windows PCs to the WSUS server.

What might be causing this lack of computers showing up in WSUS??

thanks in advance
Hi Experts,

Hoping you can provide your experience here
As part of our continued improvements to our system we are reviewing our WSUS patching policy

What i am curious about is how to best handle remote user where they are out of the office most of the time

I noticed, in GPO, under specify an intranet Microsoft update service location, you can specify an alternative download server
Is it possible to reference the default public Microsoft update URL here, so that laptop users, not in the office can still obtain updates?

If not, how have people overcome this issue?

Kind Regards
Need to move Windows Server 2012R2 WSUS content files (Windows Internal Database) from C:\ to a new location -> iSCSI connected drive on the same server.

Looking for step by step instruction (if it's possible at all).
Thank U.
The server thats is also running WSUS failed to install its updates and was stuck in Win Logo screen.
The only way i could get it to boot is to manually remove all pending updates using DISM cmd.
From this guide.

Now my server boots but WSUS is not working. I think some other updates may have been removed which made the WSUS install older than the WID database
I cant load the mmc, i tried deleting the mmc file. But it wont connect its complaining about the DB.
And also running the post install steps failed saying the DB is not same version as WSUS and I need to patch WSUS
C:\Windows\system32>"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
Log file is located at C:\Users\administrator\AppData\Local\Temp\2\tmpF11.tmp
Post install is starting
Fatal Error: Changes to the state or options of database 'SUSDB' cannot be made at this time. The database is in single-user mode, and a user is currently connected to it.
ALTER DATABASE statement failed.

Since the issue is on WSUS server it cant update it self
Right now im trying to point it to MS Updates and get the latest updates from Internet instead if it self.

Here are some errors I see in event log.

Error      4/14/2018 5:04:07 PM      MSSQL$MICROSOFT##WID      18056      Server
Error      4/14/2018 5:01:59 PM      Windows Server Update …
I just installed a fresh copy of Win server16.  I only enabled the WSUS, and within the first day, it's already crashed on me.
I went to Options -> server cleanup wizard and selected next, having every checkbox checked.  Then the below screen comes up as it crashed.

wsus error
Any idea's how to fix this or what is even happening?

The other problem is, Even though I thought it's configured to approve evertything that is a security or critical update, I have a lot of updates that are not approved.
I don't want to have to manually approve update, how do I get it to actually work and actually approve every update that is part of my classifications?

We have a customer with a Windows SBS2011 Server and they are down to 7GB of free space on their main C:\ drive - the WSUS file is over 42GB - is there a quick method to reduce the size of that?
I am preparing to patch multiple 2012R2 servers in mulitple offline networks that haven't been patched in over 2 years, so trying to get an understanding of the expected behavior during the installation process. If I use the settings I have defined below, will the servers just keep downloading and installing updates until they are fully patched or is there an interval that starts when you schedule the maintenance and stops after a certain period of time? Let's say there are 200 patches needed on Server A, they have all been approved in WSUS, and I schedule the installation as defined below... will Server A keep downloading and installing even if it takes until Sunday?

Use option #4 – Auto download and schedule the install
Deselect “Install during automatic maintenance”
Set “6 – Every Friday” for the scheduled install day
Set “17:00” for the scheduled install time
I've tried to install WSUS on the VM server at least 7 times.   Each time it fails, stating the server needs a reboot.   As a test I installed SNMP and it installed just fine.  

Any ideas what is causing this?
I want to shut down our existing WSUS VM server (2008 R2) and install WSUS on a new 2016 VM.  I also could install it on a physical 2016 server if that is preferred.

Which is better?
As part of the March 13, patch-Tuesday package, Windows Update installed KB4088875 on my W7 systems (all physical machines...no VMs):

Apparently, it is flawed, because MS issued KB4099950 on Thursday, April 5, an out-of-band patch to fix issues caused by KB4088875:

Problem is, KB4099950 has this note (copied here under "Fair Use"):
Important This update must be installed before you install KB4088875 or KB4088878.
Of course, KB4088875 (or KB4088878) has already been installed. So, two questions:

(1) Should KB4088875 be uninstalled before installing KB4099950?

(2) If the answer to (1) is yes, should KB4088875 be reinstalled after installing KB4099950?

I've done a fair amount of web searching on this (found info such as the AskWoody thread), but I'm mostly interested in EE members who have actually addressed this issue on their W7 systems. I found this EE thread on KB4088875:

But that was closed before KB4099950 was released, and a search at EE for KB4099950 comes up empty.

Thanks much, Joe
I have WSUS installed on Server 2016.  Its always crashing and gives me the option to restart node, but that doesn't even work.  If I reboot the server, it works for a little while then does this again.  Its an endless loop.  I've checked all of my logs, and I've tried to fix everything but its not working.  Can anyone shed some light?

Windows 2012 R2 VM on ESXI Host VMWARE
SQL 2014

Was getting this error all of a sudden  so I chose to uninstall WSUS doing this I deleted the content folder o my E: Drive . Also deleted the SQL databases

I then restarted the server and installed afresh copy of WSUS point to a different folder name  checked the registry and the content folder appears correctly.

A sync with Microsoft updates worked fine.  The computers all reconnected.

I did a wsus health check and got the event below.  as well as an event 13042  Self-update is not working  

The event that is stopping my updates

Log Name:      Application
Source:        Windows Server Update Services
Date:          4/4/2018 4:16:09 AM
Event ID:      12072
Task Category: 9
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      tgcs016.our.network.tgcsnet.com
The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Windows Server Update Services" />
    <EventID Qualifiers="0">12072</EventID>
A few super basic Win2016 Standard questions.

We would be using this only for central user/pc management.  Maybe a little file sharing, but probably not.  

About 50 users and 50-100 devices.

I would be running this in a vmware vm.

1. I was told I might be able to get away with as little as 2GB of RAM... does that sound practical?  \

2. What is the easiest way to run a script (bat, ps1, etc) on all remote PC's?  (Say I want to push out a script that will grab an install file for something and run a silent install)

3. Can this server enforce strict patch management?  (i.e. force updates to be installed and force reboot if needed)....
3a. does that include MS Office updates?

4. Can i get a patch management report?  (i.e. for clients who ask to see the patching status of our network?

5. I am upgraded from SBS 2008... It has a LOT of stale users/computers... is there an easy way to tell it to only migrate users/computers seen in the last 90 days?
Group Policy with Windows Updates on Windows 10 clients

I am having trouble getting my Windows 10 machine to install updates automatically and then prompt me to reboot (my objective of a test with WSUS).  I am testing a GPO on a network, so it may be used with the rest of the network users.  My machine is currently the only client applying a new GPO that is set to "Download updates automatically and install at scheduled time" (12pm) every day.  When I run RSOP.MSC I can see the settings are present on the machine.  When I check the Windows Update Settings screen, I can see that "some settings are being controlled by another computer" (the WSUS server) and that "some updates are available" - but it never installs them.  I instead have to click the INSTALL button manually.  Is this something to do with the Windows 10 OS?  or maybe my GPO is not configured properly?  The WSUS server is windows 2012, on a 2008R2 AD network.

thanks for your help
2016 WSUS server pushing Windows 10 Updates.   Can I keep it from rebooting the PC and just warn the user that Updates are pending?

I'm looking for a way to prevent Windows 10 from downloading updates over a VPN connection, what is the most efficient way to configure the VPN connection as metered? Is it possible to configure a block on an IP range in WSUS?

Kind regards



Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a computer program developed by Microsoft that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers.

Top Experts In