How to fix: WSUS on Windows Server 2016 does not download Update Packages
I had this same problem and it took me ages to figure out what was going on. In my case i was using Windows Server 2012.
It turns out that WSUS uses Background Intelligent Transfer Service (BITS) to actually download the updates. I was authenticated against an upsteam WSUS server (not using the internet as source) and i was using SSL on 443 (not the 8531 WSUS port). I was able to synchronise against the upstream server but the updates just wouldnt download - no matter how long i left it.
On the WSUS server, i opened an administrative powershell and run the following commands.
Import-Module BITSTransfer
Get-BitsTransfer -AllUsers
This shows the current downloads that BITS is doing. I then expanded some of these and saw that the request was actually going via HTTP
Get-BitsTransfer -AllUsers | select *
So as supported by these posts: https://community.spiceworks.com/topic/2091224-wsus-client-download-through-ssl https://social.technet.microsoft.com/Forums/en-US/e87b96a2-2dd3-429b-9611-b5ff00f93d5c/clients-downloading-updates-on-http-from-wsus?forum=winservergen
BITS uses HTTPS for the authentication and synchronization (seeing what updates are available) but actually uses HTTP for the download of the updates.
I had to enable HTTP access (80) on my firewall and then the updates started to download.
This might be a niche solution, but it might be worth using those BITS commands to help debug what is going on.
Related videos on Youtube
22 : 33
03 : 01
24 : 03
07 : 17
04 : 31
Milad Habibian
I am Network & Security Administrator at Tajan system co.
Updated on September 18, 2022Comments
-
Milad Habibian almost 2 years
I have a Server with Windows Server 2016 OS in my network. I Configured WSUS service on it for deploying update packages in Domain. Everything went well but now I have a problem.
When I approve selected packages for download and try to deploy to computer, none of them download from Microsoft servers. There is no clear error message for this problem. How can I fix this?
-
TomTom almost 6 yearsSame here. Seems to just not download.
-
Am_I_Helpful almost 6 yearsWhat do you mean by "updates not getting downloaded"? Can you share the all updates screen from your WSUS Server? Also, can you share the WSUS default console screen where it shows the number of files and the update size to be downloaded? And, are you able to browse the Microsoft Update Catalog website from the same WSUS server? -
Milad Habibian almost 6 yearsyes i share 2 screen that you mean.and yes i can browse Microsoft update Catalog website from WSUS Server. as you maybe see in screens, there is lists of update packages in consol and i approved some of them to download and deploy to domain's computer but update packages don't download(Screen1).
-
Milad Habibian almost 6 years@HarryJohnston How I said In Previous Comment, yes i have access it from IE
-
Harry Johnston almost 6 yearsHave you looked at the log files in
C:\Program Files\Update Services\LogFiles? -
Milad Habibian almost 6 years@HarrisonGibbs yes there is folder on my NAS Storage that i addressed it for WSUS. it's okey
-
Am_I_Helpful almost 6 years@MiladHabibian - Can you check whether the synchronisations in WSUS has succeeded? Also, if the proxy is correctly set? lastly, can you share the top few error messages from the Application category of Event Viewer (this would contain the download error message reason too)?
-
Milad Habibian almost 6 yearsi check my event viwer and find this error: Reason:Error Calling [Kernell32.dll]: createDirectory(Path of wsuscontent) access Denied !!!! but this folder is there and during wsus installation i just gave the path and the wsuscontet folder create automatically. it means it had access to create it. i change permission of the folder to everyone and network service and give them full access. but error is continuing. then i try to change content folder to another place. every filder that i chosee the wsusutil said error access denied.
-
