WSUS synchronization fails after adding Windows 11 product

Question

Hello, we are running upstream WSUS server which synchronizes from Microsoft Update.

The server configuration:

• virtual machine on VM host with ESXi 7.0U2, VM version 19, VMware Tools 11365
• 2x CPU, 16 GB RAM, C: 60 GB (17 GB free), D: 3 TB (308 GB free), single NIC
• OS: Windows Server 2016 Standard, uninstalled Windows Defender
• domain joined, connected to administrative network
• WID database was migrated to SQL, using SQL Express 2016 SP1

The server has been serving properly for several years.

WSUS configuration:

• synchronize with Microsoft Update, using proxy server (Cisco WSA, anonymous access)
• products: Office 2013, Office 2016, Microsoft Edge, Windows 10 LTSB, Windows 10 version 1903 and later, Windows 10, Windows Server 2012 R2, Windows Server 2016
• classifications: critical updates, security updates, service packs, update rollups, updates, upgrades
• update files and languages: storing updates locally, downloading approved only, not downloading express files, downloading 20 languages
• synchronization schedule: automatic, 1 per day
• automatic approval: no update rules; enabled: wsus updates, new revisions + auto decline of expired
• computers: using group policy
• server clean-up: using generally found powershell script on monthly basis
• iis application pools: wsuspool - recycling - private memory limit: 8388608 KB

Problem: When we add Windows 11 product then the synchronization fails.

It fails with result "An HTTP error occurred"

Details: "WebException: The operation has timed out
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetRevisionIdList(Cookie cookie, ServerSyncFilter filter)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetRevisionIdList(ServerSyncFilter filter, Boolean isConfigData)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

Symptoms:

When the synchronization works then it can be clearly seen that CPU and memory resources are utilized.

When the synchronization does not work then CPU is mostly idle and memory is not very used. The synchronization fails after about 1 hour of system doing "nothing".

What I tried to get it work (including various combinations of the below):

• turned off / uninstalled antivirus (f-secure business suite server security) - it did not help
• new test WSUS server - selected Windows 11 product only - it does not work
• another test WSUS server - used original WID for WSUS DB - it does not work
• used SQL Express 2019 - it did not help
• used Windows Server 2022 (evaluation) - it does not work
• unjoined server from domain - sometimes works (?) (mostly not working)
• another test WSUS server running in hyper-v - it did not help
• used other ISP connection, without web proxy - it did not help
• not used web proxy (while connected through main ISP) - it did not help
• re-indexed WSUS database - it did not help
• increased CPU cores to 4 - it did not help
• another test WSUS server, not joined to domain - running in DMZ, not using web proxy - it does not work
• added products, classifications and languages in various order
• iis application pools: wsuspool - recycling - private memory limit: tested 4, 6 and 8 GB
• monitoring network traffic on web proxy - nothing blocked was found
• tried many other things found on the web, check various logs - no progress

The very last test server results:

I added products, classifications and languages in the following order:

• added small group of currently used products, classifications and languages => synchronization succeeded
• added all remaining currently used products and classifications => synchronization succeeded
• added windows 11 product => synchronization succeeded
• added remaining languages => synchronization failed

I am currently at 11 languages. If I add any additional language then the synchronization fails.

If I remove some existing language and add additional one then the synchronization fails.

I am exhausted and I would appreciate your help how to get it work / how to identify the cause.

When I see a hope (like occasional working scenario with unjoined server from domain then another test with the same configuration fails).

It appears to be problem of some combination of products, classifications and languages.

I do not think it is problem of VM host, VM, OS, WSUS configuration, ISP / web proxy.

Answer 1

OK. I will test it during weekend. I will move (migrate) the whole D: drive (where WsusContent is located) from the HP Primera storage to the VM host local disks. I will inform about the result.
At this stage, I would appreciate any solution, even if it does not make sense.

Answer 2

I moved WsusContent folder to "local" drive. It did not help.
Let me summarize the configuration and the last test - just to be sure I performed the recommended test correctly.

The current (last) test WSUS server is a virtual machine.
The VMware VM host has two datastores.
One storage consists of local disks which is normally not used for Virtual Machines.
The other storage is HP Primera (3par nextgen storage) which is generally used for Virtual Machines.

The test WSUS server used the main storage HP Primera only.
Based on your recommendation, I added new disk to the test WSUS server Virtual Machine by using the VM host's local disks.
Then I moved WsusContent to the new drive by using wsusutil.
It was moved OK (based on the new directory content and log file that I let be created during WsusContent move).

Answer 3

Hi AndrejCepko-7134,

Thank you for posting your query.

To enable Windows 11 product in WSUS console. Log in to the WSUS server and launch the WSUS console.

If you have installed WSUS console on a different server, you can still enable Windows 11 product from the console. It actually doesn’t matter because even it’s a remote WSUS server, you still use WSUS console to enable Windows 11.

In the WSUS console, click Options and select Products and Classifications. Here you can specify the Microsoft products for which you want updates and the types of updates that you want.

On the Products and Classifications window, under Windows product, enable Windows 11 product. Click Apply and OK.

This completes the steps to enable Windows 11 product in WSUS console.

Kindly check this link also for additional troubleshooting procedures https://learn.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wsus

Do not hesitate to message us if you need further assistance.

------------------------------------------------------------------------------------------------------------------

If the answer is helpful kindly click "Accept as Answer" and upvote it. Thanks.

Answer 4

LimitlessTechnology-0326: Thank you for your response. I am familiar with the product adding. The issue is that after I add Windows 11 product then the synchronization fails.

AJTek-Adam-J-Marshall: I installed one more test WSUS server. I installed Windows Server 2022 on physical system. The system uses one physical drive for storage. I configured WsusContent folder on the only drive. Synchronization fails the same way as on the virtual machine.

What is the recommended way how to report this to Microsoft?

Answer 5

Update:
To get it work, it is required to select "download updates in all languages, including new languages" instead of selecting multiple desired languages.