This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 42%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
If the primary SUP role needs to be removed and re-added in a site that also has a downstream SUP to troubleshoot EULA's not syncing for Windows 11 feature updates (other non-feature Win11 updates sync fine), what are all the steps to do this safely without having to reinstall WSUS and delete recreate the SUSDB?
The main concern is potentially losing all existing software update deployments and ADR's if WSUS is reinstalled and the SUSDB needs to be delted and re-recreated. Clients may lose their correct WSUS server registry entry if the SUP role is removed for more than an hour when policy refreshes, but can I assume they will gain back once the SUP is healthy again and not point to the downstream WSUS/SUP server instead?
Unfortunately, running wsusutil reset on the WSUS/SUP servers does not resolve the EULA's from syncing, even after unchecking all the update categories and resyncing. All IIS settings, SUSDB, file share, NTFS, and registry permissions have been double checked on both SUP's and it's only Windows 11 feature updates that EULA's are not syncing. The required MIME types for UUP are added, and all 3 check boxes in the WSUS console for Automatic Approvals are selected in the Advanced tab.
There appears to be no way to accept the EULA's or accept updates in the WSUS console ("This update cannot be approved for installation because its Microsoft Software License Terms are still downloading. Error result when trying to approve: "Unable to display the Microsoft Software License Terms for this update; the update will not be approved"), is there a way to manually download the EULA's or specific instructions to accept the EULA in WSUS v10?
If WSUS needs to be rebuilt including deleting and re-creating the SUSDB, are existing ADR's and software deployments lost and need to be re-created?
What are the implications of reinstalling the SUSDB when updates for third-party (e.g. Dell, Lenovo) are not being expired after being unchecked in the SUP settings and sync is ran, and can't be cleared out of the DB before the reinstall (hash errors, duplicates, etc.)?
The solution was to enable the Windows Firewall service on the SUP/WSUS server which allowed the EULA .txt files to download after running a wsusutil.exe reset, then syncing software updates.
Also, even when using SSL, make sure to uncheck the ‘Require SSL’ option on the below WSUS/SUP IIS virtual directories when the SUP is syncing to Microsoft update:
· ApiRemoting30
· ClientWebService
· DSSAuthWebService
· ServerSyncWebService
· SimpleAuthWebService
Hi, @Steve
Thank you for posting in Microsoft Q&A forum.
Usually, run wsusutil reset will force it to redownload all EULAs.
Did you run wsusutil reset on the system hosting your top-level WSUS instance?
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".
Yes, I've tried wsusutil reset running as admin multiple times on the top level WSUS/SUP. Is there a way to manually download the Windows 11 EULA's or specific instructions to accept the EULA in WSUS v10? If WSUS needs to be rebuilt, including deleting and re-creating the SUSDB, are existing ADR's and windows update software deployments lost and need to be re-created?
When running wsusutil reset, I'm seeing a lot of the below errors in the SoftwareDistribution.log on the top level WSUS/SUP:
2023-05-18 14:49:31.113 UTC Warning w3wp.596 SoapUtilities.CreateException ThrowException: actor = https://server:8531/ClientWebService/client.asmx, ID=5ccb72de-750a-43bf-8cb6-8ace753a81b7, ErrorCode=ConfigChanged, Message=, Client=732452f9-c30f-44ce-a8e3-8d297697709e
Have you tried to open WSUS on the downstream, switch the configuration to Autonomous mode, run wsusutil reset, and then switch it back to replica mode?
