This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 20%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
We have had a couple of Windows 11 computers on our domain for a year or so and have just replaced a number of our old Win 10 units with new hardware running Win 11. I have noticed that these PC's are reporting in as Up to Date from WSUS. Initially we thought that the clients were at fault and updated ADMX/GPO's however having looked further it would appear as though the update downloads are not completing on the WSUS server.
From our observations it looks like the downloads are starting but as they get to 100% appear to get stuck. Looking at the security updates section it is the Cumulative Updates for Windows 11 Version 22H2 that are failing to download. All other updates appear to be downloading OK. I have updating the MIME types in IIS and performed an IIS restart.
In the event viewer Application log I'm seeing Event 10032 (The server is failing to download some updates) and Event 364 (Content download failed. Reason: File cert verification failure).
Server is Windows Server 2012R2. I can appreciate that this is now an unsupported OS however the updates have been failing since March.
Any help would be greatly appreciated. Thanks.
See: https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/#WSUSCheckHealth
and the one right below it.
Perform the checkhealth and also the reset and report back if that fixes it and/or reveals anything else.
You also may need
https://www.ajtek.ca/wsus/wsus-bits-foreground-priority-mode-vs-background-priority-mode/
Hi Adam, thanks for your quick response. I have run now run the WSUSutil reset, the server re-downloaded 500GB of updates but the same 28 updates appear to have failed. Tried switching BITS to foreground and same issue.
Thanks.
Do you have the UUP mimetypes setup?
https://www.ajtek.ca/guides/how-to-prepare-for-on-prem-wsus-uup-updates/
You can try declining the updates, running the Server Cleanup Wizard (SCW) and then re-approving the updates.
I already have the MIME types added and have done an IISRESET.
I have also tried the second step of declining, running cleanup and re-approving.
One thing I have just noticed is that someone had disabled the updates classification for auto approval. Have checked it and the WSUS server now has the following updates to run. Not sure if they will make a difference though:
Just an update in case it helps anyone else. Server was missing the above update classification. Ran the pending updates which lead to a host of new updates to run. After fully updating the WSUS server the Windows 11 UUP updates started downloading and distributing to clients.