Our company is using WSUS servers for patching Windows Security patch for client PCs & Servers.
There is one upstream server, said Server1, which sync with Microsoft via internet directly. And, there is another downstream server, said Server2 and it sync with Server 1 via internal network. The purpose of Server2 is supporting for client server including Server1 and Server2 itself. This infrastructure is using for few years.
For Windows Security Path 2023-11, received support that their Windows Server 2016 cannot detect the new patch from Server2. After investigation, there are only the KB5032197 has issue:
Finding:
-KB5032197 are including Cumulative Update for Windows 10 1607 and Windows Server 2016.
-Server1 can get Patch of Windows 10 1607 & Windows Server 2016.
-Server2 showed, just get Patch of Windows 10 1607 without Patch of Windows Server 2016. (In attached Photo)
-Asked support to change the configuration of one client server, change the WSUS server from Server2 to Server1, then the client server can get the patch of Windows Server 2016.
-Server1 & Server2 are also Windows Server 2016.
-Synchronization is no any error.
-Other Windows Patch such as Cumulative Update for Windows Server 2008, 2012 R2 or 2019 are no problem found.
-Try to "Server Cleanup Wizard", "re-approve", and reset WSUS by Wsusutil.exe in Server2, But still same problem.
I think that is something wrong of the synchronization between Server1 and Server2 (Upstream to downstream). However, I am no idea to solve it.