WSUS syncing from upstream server takes forever

windows windows-server-2008-r2 windows-server-2012 wsus upgrade

8,938

Solution 1

When I installed WSUS on the new server I used my credentials (I am member of the Domain Admins group). After I have tried to sync for a few days and it didn't work I logged on to that server using the Domain Administrator's account. As soon as I started syncing it really synced the updates from the USS (Windows Server 2008 R2).

Solution 2

Based on your description of the issue, I understand that your Upstream Server (USS) is on Server 2008 R2, and you're installing a new Downstream Server (DSS) on Server 2012 (R2?).

When trying to manage an environment of mixed versions of WSUS, the USS should always be the newest. A new USS can handle downlevel protocols to older WSUS servers, but newer WSUS servers will not talk the older protocol to its USS.

You can start with the new server as directly contacting WU/MU, and migrate other DSS servers onto it when you're happy with the results. Then decommission the original USS - or for load balancing purposes re-use it as a DSS of your new system.

For troubleshooting, you can also verify if your 2008R2 system is running WSUS 3.0 SP1 or SP2. Server 2012 (and R2) definitely only supports WSUS 3.0 SP2. See also: https://msdn.microsoft.com/en-us/library/dd357814.aspx

If other working DSS systems are also on the same version of Server 2012 (R2?), then we can look at specific misconfigurations related to this individual server - for instance TLS settings if the communication is over HTTPS. https://support.microsoft.com/en-us/kb/2938066

8,938

josibu

Updated on September 18, 2022

Comments

josibu over 1 year

I am just deploying a new WSUS server in our company. The old one (server1) is WS 2008 R2 and runs WSUS 3. It downloads updates directly from microsoft. There are a few other WSUS servers in different facilities working as replica downstream servers and have the first one defined as their upstream server. In the main office I've now installed WSUS on a member server (Windows Server 2012) and configured exactly like the other replica servers - server1 is it's upstream server.

Now, when I try to sync nothing happens. I've waited for several hours but a. there is no traffic visible in resource monitor between those two servers and b. the size of the WSUS folder is not growing. Not even 1 byte.

The two servers are on the same subnet and I have already done all steps listed under this link except for the one with the HTTP protocol because I do not get this event and there is no proxy between the two servers.

On server1 the new one gets registered but "Mode" is "Unknown" while the other ones are written "replica".

Does anyone know a possible solution? Thanks
- ZEE over 7 years
  
  To help diagnostic... you said there is no traffic (?in the network)... try the same procedure with firewall disabled... if works then just open the required ports in the firewall... ;-)
- josibu over 7 years
  
  WSUS is using port 8530. There is an exception for that port and in the beginning for a few minutes I can see a few MBs traveling between those two servers but after a few minutes this traffic stops completely and is not getting re-established.
- josibu over 7 years
  
  I've just disabled firewall and synced again manually. It does not make any difference -> still not working
- JBaldridge over 7 years
  
  Is there any reason for your new wsus server to download anything? Are there any clients requesting patches for it to need to download anything? Have you approved any patches?
- josibu over 7 years
  
  Yes. There are clients requesting patches. They even do show up. In event viewer I get the event 10022 - The last catalog synchronization was unsuccessful, but no help with google.