Share via

My Windows 11 machines won't download patches from WSUS but will get them from the web.

Richard Demoret 5 Reputation points
2024-06-17T02:39:56.35+00:00

The Windows Server 2019 in my environment has WSUS installed. We are currently upgrading our Windows 10 clients to Windows 11 through fresh builds. While the Windows 10 clients are successfully receiving updates from WSUS, including the Cumulative update, the Windows 11 clients are only receiving .NET updates and not the cumulative updates. The WSUS console indicates that the updates are either installed or not applicable for the Windows 11 clients.

After connecting the Windows 11 machines to the Internet and disabling patch updates from WSUS, all previously missed updates are successfully received on the test machines. However, the machines still connected to WSUS do not receive these updates. It has been confirmed that the updates have been downloaded to the WSUS Server and have been approved for installation.

After conducting a thorough investigation, I have reconstructed a test WSUS and transferred a few Windows 11 machines to it for evaluation. Despite attempting various solutions such as renaming the download folder, removing and re-adding the machine to WSUS, and implementing registry changes, such as DisableDualScan and DisableWindowsUpdateAccess, the Windows 11 machines continue to be unable to download cumulative updates. Relying on the web for updates is only a temporary solution and does not meet our standards for managing the testing and deployment of patches.

There have been similar occurrences of this issue, but a reliable solution has not been found. I am seeking constructive feedback on this matter.

Windows for business | Windows Client for IT Pros | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Adam J. Marshall 10,356 Reputation points MVP
    2024-06-18T13:18:07.9133333+00:00

    For your systems that are having issues, are they reporting to WSUS properly?

    https://www.ajtek.ca/wsus/client-machines-not-reporting-to-wsus-properly/

    Run down the list of troubleshooting from the top to the bottom.

    Also, specifically:

    What is the Scan Source of the Windows Update Agent on the affected systems? Is it WSUS (likely)?

    $(New-Object -ComObject "Microsoft.Update.ServiceManager").Services | Select-Object Name, IsDefaultAUService

    If yes, have you performed the required changes for UUP?

    https://www.ajtek.ca/guides/how-to-prepare-for-on-prem-wsus-uup-updates/

    What products & Classifications do you have selected?

    Under the Products tab, make sure you have “Windows 10, 1903 and later” checked as well or you will not receive upgrades past 1809. For Windows 11 upgrades, under the Products tab, make sure you have “Windows 11” checked. If you are synchronizing the Drivers classification, it is also recommended to check “Windows 10, 1903 and later, Servicing Drivers” and “Windows 10, 1903 and later, Upgrade & Servicing Drivers”

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-3-windows-as-a-service-waas-and-group-policy-administrative-templates/

    You may be missing a specific SSU - did you notice any differences in what was downloaded from online than what is available (approved) in WSUS?

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.