locked
Requirements for Server 2016 clients to get updates from WSUS? RRS feed

  • Question

  • We have a Server 2012 R2 WSUS server that successfully deploys updates to other Server 2012 R2 servers and to Windows 10, but fails to deploy Server 2016 updates to Server 2016 clients.

    The Server 2016 clients show in the console as fully up to date.  When the Server 2016 clients check online, they find CUs available.  I check the WSUS for the same KB# and it shows approved, but not applicable.

    If I block access to Microsoft Windows Update online and check for updates, I get this error:

    There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x8024500c).

    If I unblock Microsoft Windows Updates, it tries to download from Microsoft instead of WSUS even though it is configured for WSUS and is communicating enough to update the last contact and last status report time.  

    The status reports are WRONG because it sees the KB# updates it's getting from Microsoft don't apply when coming from WSUS.

    Are there additional special requirements to get WSUS updates working for Server 2016 vs 2012 R2 and Windows 10?



    • Edited by Kalimanne Wednesday, May 30, 2018 10:17 PM
    Wednesday, May 30, 2018 10:11 PM

All replies

  • is this WS2016-1607 or WS2016-1709 ??

    Just as there are multiple 'Products" of Win10 in WSUS, there are also same for WS.

    Are you looking in the correct place?

    It's possible, based on your description, that the status reports are completely correct, but, the client isn't scanning for the applicable updates because you haven't enabled the correct product within WSUS?

    'Not Applicable" isn't always obvious, for WSUS. It can mean "you didn't ask the correct question"...

    If a particular product or classification is not enabled in WSUS, the client will not scan for those products/classifications, this doesn't mean that the updates are not needed it just means "you didn't tell me to scan for them"..

    WSUS is an odd creature, in some ways :S


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Wednesday, May 30, 2018 10:38 PM
  • WS2016-1607 
    Wednesday, May 30, 2018 10:47 PM
  • I don't see different WSUS Server 2016 products for 1607 vs 1709.

    Wednesday, May 30, 2018 10:52 PM
  • Any suggestions on how to find the cause of the issue of why Windows 2010 and Windows 10 clients get updates, but Server 2016 does not??

    Do Server 2016 clients work with port 8530 or is there an SSL requirement unique to 2016?


    • Edited by Kalimanne Thursday, May 31, 2018 8:09 PM
    Thursday, May 31, 2018 8:08 PM
  • maybe check here https://www.catalog.update.microsoft.com/Search.aspx?q=4103720

    Drill-down into the update:

    https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=a711f6a5-5bf3-4392-95d0-686f748789dd

    check/compare that updateid (a711etcetc) with your WSUS. Does your WSUS have the equivalent/corresponding updateid for KB4103720 ?

    That seems to me, to be the updateid for your WS2016-1607 (LTSB) ?

    If you don't find that updateid, then something would seem to be wrong with the products or classifications on your WSUS?


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Thursday, May 31, 2018 9:32 PM
  • Any suggestions on how to find the cause of the issue of why Windows 2010 and Windows 10 clients get updates, but Server 2016 does not??

    Do Server 2016 clients work with port 8530 or is there an SSL requirement unique to 2016?



    can you check the event logs on the WS2016 to see if detection is initiated/occurring/successfully-completing?

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Thursday, May 31, 2018 9:33 PM