WSUS downstream server cannot sync the Windows Server 2016 patch from upstream server.

Ka Ho Cheng 105 Reputation points
2023-11-27T08:19:47.3433333+00:00

Our company is using WSUS servers for patching Windows Security patch for client PCs & Servers.

There is one upstream server, said Server1, which sync with Microsoft via internet directly. And, there is another downstream server, said Server2 and it sync with Server 1 via internal network. The purpose of Server2 is supporting for client server including Server1 and Server2 itself. This infrastructure is using for few years.

For Windows Security Path 2023-11, received support that their Windows Server 2016 cannot detect the new patch from Server2. After investigation, there are only the KB5032197 has issue:

Finding:

-KB5032197 are including Cumulative Update for Windows 10 1607 and Windows Server 2016.

-Server1 can get Patch of Windows 10 1607 & Windows Server 2016.

-Server2 showed, just get Patch of Windows 10 1607 without Patch of Windows Server 2016. (In attached Photo)

-Asked support to change the configuration of one client server, change the WSUS server from Server2 to Server1, then the client server can get the patch of Windows Server 2016.

-Server1 & Server2 are also Windows Server 2016.

-Synchronization is no any error.

-Other Windows Patch such as Cumulative Update for Windows Server 2008, 2012 R2 or 2019 are no problem found.

-Try to "Server Cleanup Wizard", "re-approve", and reset WSUS by Wsusutil.exe in Server2, But still same problem.

I think that is something wrong of the synchronization between Server1 and Server2 (Upstream to downstream). However, I am no idea to solve it.

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,324 questions
0 comments No comments
{count} votes

Accepted answer
  1. Adam J. Marshall 8,026 Reputation points MVP
    2023-11-30T04:58:49.2533333+00:00

    Is Server 2 a replica downstream or autonomous server?

    Are you performing the proper WSUS maintenance including but not limited to declining superseded updates, running the SQL Indexing script, etc.?

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-8-wsus-server-maintenance/

    Are you using the latest SSU on server 2?

    https://www.ajtek.ca/blog/why-kb-xxxxxxx-isnt-showing-up-in-wsus/

    The latest SSU for 2016 is

    https://support.microsoft.com/en-us/topic/kb5032391-servicing-stack-update-for-windows-server-2016-november-14-2023-2f98b245-4e9c-4b3e-8ef8-1268a8e36324

    You can always try to rebuild the downstream

    https://www.ajtek.ca/wsus/how-to-remove-wsus-completely-and-reinstall-it/

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful