locked
Windows 2016 WSUS Server not auto downloading updates RRS feed

  • Question

  • The .net Framework updates for July broke BizTalk.  It happens.

    Around July 31st Microsoft released updates to resolve this issue.  When I try to import KBs 4346877 and 4346406 into a Windows 2016 WSUS Server, I get the Error "This Update cannot be imported into Windows Server Update Services because it is not compatible with your version of WSUS." for the Windows 10, Windows Server 2016, and Windows Server 2012 R2 versions of the KBs. 

    In other messages in this forum, there is a workaround by changing your protocol to 1.80 instead of the default 1.20.  If I had used the Sync function of the WSUS Server instead of manually trying to import the updates I would never had know these updates were released.

    My question is "How do we determine what updates needs to be imported in the Windows 2016 Server using the alternate protocol instead of the normal sync process?"

    I would like to use the WSUS Server that ships with Windows Server 2016 because it handles Windows 2016 and Windows 10 Clients better than the WSUS Server that ships with Windows Server 2012 R2.  However, if the Windows 2016 WSUS Server does not Sync all the updates and I can't even determine which updates need to be "Imported", then my server environment is missing critical security updates which I can't have. 

    Tuesday, August 7, 2018 10:07 PM

All replies

  • Hello Bruce,

     

    I am glad to provide some of my thoughts and hope them could help you.

     

    For importing issue, that's a known issue documented by Microsoft, and i am afraid that it has not been solved yet.

    https://techcommunity.microsoft.com/t5/Windows-10-servicing/Known-issue-with-importing-updates-from-the-Microsoft-Update/m-p/163830#M195

     

    "How do we determine what updates needs to be imported in the Windows 2016 Server using the alternate protocol instead of the normal sync process?"

      

    According to my research, there is not any clue about it. However, this issue happens only on few updates. So My suggestion is to sync as usual and periodically review Update history to see if there are any missing important updates.

     

    Best Regards,

    Ray Jia


    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 8, 2018 3:16 AM
  • After the August Updates were released I synced the Windows 2016 WSUS with Windows Updates.  The .net Framework updates that were released on July 30th to address the issues with the July .net Framework updates were not downloaded into the Windows 2016 WSUS server.  

    The Windows 2016 WSUS Server is not automatically syncying all the updates that the Windows 2012 R2 WSUS Server does and I know of no way to determine what updates are not being downloading into the Windows 2016 WSUS Server to know what updates you need to download manually.  I suggest you use the Windows 2012 R2 WSUS server to make sure you are getting all the Windows Updates that Microsoft is releasing. 

    If you are using the WSUS Server with Windows 2016, you are not downloading all the Updates that the Windows Server 2012 R2 server is and you may not be as protected. {It is possible that the updates in the July 30th updates are included in other updates released on August 14th but how do you know if the Windows 2016 server is downloading those updates. }

    Tuesday, August 14, 2018 8:25 PM
  • After the August Updates were released I synced the Windows 2016 WSUS with Windows Updates.  The .net Framework updates that were released on July 30th to address the issues with the July .net Framework updates were not downloaded into the Windows 2016 WSUS server.  

    The Windows 2016 WSUS Server is not automatically syncying all the updates that the Windows 2012 R2 WSUS Server does and I know of no way to determine what updates are not being downloading into the Windows 2016 WSUS Server to know what updates you need to download manually.  I suggest you use the Windows 2012 R2 WSUS server to make sure you are getting all the Windows Updates that Microsoft is releasing. 

    If you are using the WSUS Server with Windows 2016, you are not downloading all the Updates that the Windows Server 2012 R2 server is and you may not be as protected. {It is possible that the updates in the July 30th updates are included in other updates released on August 14th but how do you know if the Windows 2016 server is downloading those updates. }

    After 7 months of comparing updates from the Windows 2012 R2 WSUS Server and the Windows 2016 WSUS server I finanly figured out the problem.  During this time there were probably 20 updates that were synched by the Windows 2012 R2 WSUS server that were not Synched with the Windows 2016 WSUS I had to manually download into the Windows 2016 WSUS server.  The Windows 2012 R2 WSUS Server and the Windows 2016 WSUS Server have different source servers at Microsoft.  Since the synches to the Windows 2012 R2 contained updates that were not in the Windows 2016 WSUS, I changed the source for the Windows 2016 WSUS servers.  Listed below are the powershell commands to do so:

    $server=Get-WsusServer
    $config=$server.GetConfiguration()
    $config.MUUrl
    # https://fe2.update.microsoft.com/v6 Old Server - Replace
    # https://sws.update.microsoft.com    New Server
    $config.MUUrl = "https://sws.update.microsoft.com"
    $config.RedirectorChangeNumber = 4002
    $config.Save()
    Restart the WSUS Server.

    I don't have any expreince with WSUS Server released with Windows 2019 server but I recommend you change Microsoft source server if it is not the x.sws.x server


    Bruce Singer

    Tuesday, May 19, 2020 3:39 PM