WSUS downstream server cannot sync the Windows Server 2016 patch from upstream server.

Ka Ho Cheng 105 Reputation points

Our company is using WSUS servers for patching Windows Security patch for client PCs & Servers.

There is one upstream server, said Server1, which sync with Microsoft via internet directly. And, there is another downstream server, said Server2 and it sync with Server 1 via internal network. The purpose of Server2 is supporting for client server including Server1 and Server2 itself. This infrastructure is using for few years.

For Windows Security Path 2023-11, received support that their Windows Server 2016 cannot detect the new patch from Server2. After investigation, there are only the KB5032197 has issue:


-KB5032197 are including Cumulative Update for Windows 10 1607 and Windows Server 2016.

-Server1 can get Patch of Windows 10 1607 & Windows Server 2016.

-Server2 showed, just get Patch of Windows 10 1607 without Patch of Windows Server 2016. (In attached Photo)

-Asked support to change the configuration of one client server, change the WSUS server from Server2 to Server1, then the client server can get the patch of Windows Server 2016.

-Server1 & Server2 are also Windows Server 2016.

-Synchronization is no any error.

-Other Windows Patch such as Cumulative Update for Windows Server 2008, 2012 R2 or 2019 are no problem found.

-Try to "Server Cleanup Wizard", "re-approve", and reset WSUS by Wsusutil.exe in Server2, But still same problem.

I think that is something wrong of the synchronization between Server1 and Server2 (Upstream to downstream). However, I am no idea to solve it.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,324 questions
0 comments No comments
{count} votes

Accepted answer
  1. Adam J. Marshall 8,026 Reputation points MVP

    Is Server 2 a replica downstream or autonomous server?

    Are you performing the proper WSUS maintenance including but not limited to declining superseded updates, running the SQL Indexing script, etc.?

    Are you using the latest SSU on server 2?

    The latest SSU for 2016 is

    You can always try to rebuild the downstream

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful