My Windows 11 machines won't download patches from WSUS but will get them from the web.

Richard Demoret 0 Reputation points
2024-06-17T02:39:56.35+00:00

The Windows Server 2019 in my environment has WSUS installed. We are currently upgrading our Windows 10 clients to Windows 11 through fresh builds. While the Windows 10 clients are successfully receiving updates from WSUS, including the Cumulative update, the Windows 11 clients are only receiving .NET updates and not the cumulative updates. The WSUS console indicates that the updates are either installed or not applicable for the Windows 11 clients.

After connecting the Windows 11 machines to the Internet and disabling patch updates from WSUS, all previously missed updates are successfully received on the test machines. However, the machines still connected to WSUS do not receive these updates. It has been confirmed that the updates have been downloaded to the WSUS Server and have been approved for installation.

After conducting a thorough investigation, I have reconstructed a test WSUS and transferred a few Windows 11 machines to it for evaluation. Despite attempting various solutions such as renaming the download folder, removing and re-adding the machine to WSUS, and implementing registry changes, such as DisableDualScan and DisableWindowsUpdateAccess, the Windows 11 machines continue to be unable to download cumulative updates. Relying on the web for updates is only a temporary solution and does not meet our standards for managing the testing and deployment of patches.

There have been similar occurrences of this issue, but a reliable solution has not been found. I am seeking constructive feedback on this matter.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,888 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Adam J. Marshall 9,116 Reputation points
    2024-06-18T13:18:07.9133333+00:00

    For your systems that are having issues, are they reporting to WSUS properly?

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

    Run down the list of troubleshooting from the top to the bottom.

    Also, specifically:

    What is the Scan Source of the Windows Update Agent on the affected systems? Is it WSUS (likely)?

    $(New-Object -ComObject "Microsoft.Update.ServiceManager").Services | Select-Object Name, IsDefaultAUService
    

    If yes, have you performed the required changes for UUP?

    https://www.ajtek.ca/guides/how-to-prepare-for-on-prem-wsus-uup-updates/

    What products & Classifications do you have selected?

    Under the Products tab, make sure you have “Windows 10, 1903 and later” checked as well or you will not receive upgrades past 1809. For Windows 11 upgrades, under the Products tab, make sure you have “Windows 11” checked. If you are synchronizing the Drivers classification, it is also recommended to check “Windows 10, 1903 and later, Servicing Drivers” and “Windows 10, 1903 and later, Upgrade & Servicing Drivers”

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-3-windows-as-a-service-waas-and-group-policy-administrative-templates/

    You may be missing a specific SSU - did you notice any differences in what was downloaded from online than what is available (approved) in WSUS?

    0 comments No comments