Our company is using WSUS servers for patching Windows Security patch for client PCs & Servers.
There is one upstream server, said Server1, which sync with Microsoft via internet directly. And, there is another downstream server, said Server2 and it sync with Server 1 via internal network. The purpose of Server2 is supporting for client server including Server1 and Server2 itself. This infrastructure is using for few years.
For Windows Security Path 2023-11, received support that their Windows Server 2016 cannot detect the new patch from Server2. After investigation, there are only the KB5032197 has issue:
Finding:
-KB5032197 are including Cumulative Update for Windows 10 1607 and Windows Server 2016.
-Server1 can get Patch of Windows 10 1607 & Windows Server 2016.
-Server2 showed, just get Patch of Windows 10 1607 without Patch of Windows Server 2016. (In attached Photo)
-Asked support to change the configuration of one client server, change the WSUS server from Server2 to Server1, then the client server can get the patch of Windows Server 2016.
-Server1 & Server2 are also Windows Server 2016.
-Synchronization is no any error.
-Other Windows Patch such as Cumulative Update for Windows Server 2008, 2012 R2 or 2019 are no problem found.
-Try to "Server Cleanup Wizard", "re-approve", and reset WSUS by Wsusutil.exe in Server2, But still same problem.
I think that is something wrong of the synchronization between Server1 and Server2 (Upstream to downstream). However, I am no idea to solve it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 98%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKH%3C/text%3E%3C/svg%3E)
