WSUS not getting any updates

Topic

New Reply

I believe support for WSUS 3.2 because of old TLS has ended. I use Win 2012 R2, which is WSUS 5.1, yes?

Since May patch Tuesday I have not seen any patches. One patch a few days ago for Office 2016 but that’s all. Last patch was 2021-05 SSU for 1809 (but no CU)

All of our client devices are 1809 LTSC.

I was going to reinstall Windows et al but it’s a full days work then I came across this site and thought I’d just ask.

Did I Miss something else?

Thanks

Reply | Quote

Replies

WSUS 3.0 SP2: No longer usable after October 31, 2021 | Born’s Tech and Windows World (borncity.com)  It’s getting close to not working but still should be operational at this time.  Anything in the sync logs?

Susan Bradley Patch Lady

Reply | Quote

Isn’t Win 2012 R2 WSUS 5.1? So the end of support for 3.2 is not applicable?

No, syncing is fine, just 0 updates detected since May’s Patch Tuesday.

I usually only install the Security Only updates for the server, but as there was an issue in May with the updates, the fix being listed as KB5003209, I installed that patch.

Nothing unusual in the event logs.

I noted that in Sept 2020 that Microsoft made changes to the group policy re proxies, and I’ve tried each of the different values for that but no luck

Reply | Quote

True that, it’s Server 2008 R2 that’s going out in October.  I’ve not seen anything reported on the patchmanagement.org list. What products are selected?

Susan Bradley Patch Lady

Reply | Quote

Windows 10, Windows 10 1809 and later servcing drivers, Windows 10 LTSB, Windows 10S 1809, and of course, Windows 2012 R2.

I’ve tried several different W10 products thinking I may have had something missing, but it hasn’t made any difference.

I better start planning for a long weekend of rebuilding next weekend 🙁

Reply | Quote

have you tried the What is WSUS Automated Maintenance? | AJ Tek Corporation That software (worth every penny) keeps WSUS happy.

Susan Bradley Patch Lady

Reply | Quote

That’s $100 per year in Au. IIRC, I used at my old job it when it was free. That would be 3 or 4 years ago now. When he made it a subscription service I did ask the boss. In the interest of keeping things clean, I’ll not repeat her response here 🙂

I’ll have a look around.. Maybe I still have the old script here somewhere

Reply | Quote

I think spiceworks may still have the script. Welcome to the world of computing – everything is subscription.

Susan Bradley Patch Lady

Reply | Quote

$100 per year for a WSUS server is not even a cost. Spend 1 hour doing maintenance once a month and you have spent $600 minimum.

cheers, Paul

Reply | Quote

Well, it ran for 6 hours, got me back 13GB of disk space but doesn’t appear to have fixed the problem.

I will now try remove the role then re-add it and see if that solves the problem.

byw: I get paid $21 per hour 🙂 But I don’t make the financial decisions. It doesn’t help when you boss has no technical knowledge whatsoever.

 

Reply | Quote

That’s what you get paid but the cost to the employer is probably twice that – taxes, insurance etc.  🙂

And why does your employer not trust your judgement when it comes to technical matters?

cheers, Paul

Reply | Quote

The clean-wsus script did not resolve the matter.

I removed and re-added the role, and that took most of the day as it kept failing. Then I stumbled across a post that said the post installation configuration is not compatible with .net 4.7. So once I removed the role/features, cleaned everything up I managed to get it installed.

It only found one patch; the remove flash patch for one PC.

I have put a couple of PCs back to 2021-03 CU level to see if a synchronize would detect 2021-04 and 2021-05 would be offered. No luck.

Also, the office 2016 patch, which was still needed for a few PCs is no longer offered.

Enough for today.

It’s a simple matter of money. I get paid regardless of what I’m working on. Having WSUS not working is not a big issue to management. It doesn’t cost them $600 more to have me manually touch the PCs, but with all costs considered, it will cost more to purchase the subscription.  We are enduring our 4th lock down and business is bad. If it isn’t a matter of life or death, it isn’t going to happen.

I found a copy of the script (v3) that I had used a few years ago. Since it didn’t resolve the issues, that didn’t help my case to pay for a subscription.

But, with all due respect, I’d rather focus on getting things working than on office politics.

 

 

Reply | Quote

I gave it another try this morning. I’ve got the server back to where it was before I started looking into this. The 2021-04 updates are now available for the PCs I rolled back to 2021-03, but I am still only seeing the 2021-05 SSU.

When I look at unapproved updates, they are all there (eg 2021-05 CU), but are showing as needed by 0 computers. All the PCs are on LTSC. Why would WSUS think no PCs need the updates? Even today’s Patch Tuesday updates are showing as unapproved and needed by 0 computers.

Or am I missing something else?

Did Microsoft change how updates are handled in May? WSUS does service LTSC, right?

Reply | Quote

LTSB Updates in WSUS? – Windows 10 – Spiceworks  You do have the 10 LTSB category checked right? (sorry stupid question I know but just making sure)

Susan Bradley Patch Lady

Reply | Quote

There are no stupid questions. Yes, I definitely have the category ticked.

Reply | Quote

Is there anything in the event logs on the server itself?  It syncs okay (even if it doesn’t get new updates)?

Susan Bradley Patch Lady

Reply | Quote

Yes, it syncs ok. Nothing in the event logs that I can see.

Looks like the next step is to install Windows from scratch and all the other applications. Joy 🙁

Reply | Quote

Got in this morning, and the updates were showing. They showed up on the latest sync. Took a week for them to be detected, but at least I don’t have to re-install Windows now.

No idea why they didn’t show up for so long.

Will monitor and see how it goes.

Reply | Quote

Actually, I should clarify; No new updates showed since the April 21 updates except the 2021-05 CUs. Despite these being applied to PCs, no new updates showed after that either, including office 2016 updates.

Running the clean up script didn’t appear to resolve the problem. It was only several days after completely removing the WSUS role and reinstalling it that updates eventually showed up.

PCs report daily, and when checking the console I could see them reporting in.

Seems WSUS just had a mind of it’s own and eventually decided to cooperate. Gosh, I do so love Windows 🙁

Reply | Quote

Correction “…except to 2021-05 SSUs”

Reply | Quote

The company I work for creates Master drives with an OEM Windows 10 1909 IoT Enterprise key. The issue is that the three updates for 1909 that were released in June refuse to install from our WSUS server. All previous updates installed on this version of windows, but no matter what we do we cannot get them to install. If I use a different key, the updates immediately apply. Additionally, if the drive was at 1809 (not IoT) Enterprise and we update it to 1909 with the feature update then the updates DO apply. The Master drive for 20H2 is also an IoT and it installs the June updates. Is anyone else on the planet having the same issue with this version of windows this month? We have been searching high and low for anyone having similar issues this month but cannot find anything. Microsoft gave us a different key to try and it’s not working either.

It looks like it could be the applicability rules for that update, but then I would think someone else would have the same issue we are having. Is there something wrong with Windows 10 IoT Enterprise?

Thoughts anyone? I’m out of ideas and we are talking about 2000 machines that will not get updates.

Thank you in advance,

Reply | Quote