WSUS server shows 77 updates needed on client but client says up to date

Peter B 0 Reputation points
2024-06-20T12:41:51.44+00:00

Hello,

I have an WSUS server installed in our system.

The WSUS server is a Windows 2019 server version 1809 - same as other servers in the system (it is a domain system).

WSUS is an offline system, since the client does not provide internet connection to outside.

Updates are manually loaded to the WSUS and all the clients connected to the WSUS server.

Report says, there are updates needed on the clients.

For example one of them has 77 indicated as Update needed, and most of it approved for install.

The problem is, when I check updates on the client side, it says it's up to date (tried to check updates both from the Windows Update and with a Power Shell command to check updates). Both came back there is no update available.

Tried to remove a client from the WSUS by deleting registry entries on the client, deleting on the WSUS, restarting the client and get it back to the WSUS fresh, but still says it is up to date.

Also tried to manually install one of the Microsoft cumulative update on the client what was indicated as Install (was approved) on the WSUS. After manual install, the WSUS only indicated 70 as Update Needed and all the superseded and the lates cumulative update disappeared from the report. That proves at least the WSUS gets a proper information from the clients.

I tried multiple things, nothing worked. Firewall is properly configured, but even tried with FW turned off. Same result.

Appreciate any ideas! Thanks

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,601 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,600 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Adam J. Marshall 9,121 Reputation points MVP
    2024-06-21T14:54:36.3+00:00

    Your WSUS server in the offline network likely is missing something that is a prerequisite to all the other updates. This is usually an SSU or possibly a file is missing from the WSUS server itself (EULA agreements is a common one).

    On your ONLINE system (where you export from), run:

    & "$env:ProgramFiles\Update Services\Tools\WsusUtil.exe" Reset
    

    And then export/copy/import to your offline system.

    0 comments No comments

  2. Hania Lian 11,036 Reputation points Microsoft Vendor
    2024-06-24T06:05:56.6166667+00:00

    Hello,

    It sounds like you’ve already done quite a bit of troubleshooting, here are a few additional steps you can take to try:

    Check for superseded updates: Superseded updates are updates that have been replaced by newer updates. Make sure that the superseded updates are also approved in WSUS. If the superseded updates are declined or not approved, it can cause confusion on the client side.

    WSUS self-update: Verify if the WSUS server itself is updated with the latest updates. WSUS requires regular updates to ensure proper functionality.

    Verify client communication: Confirm that the clients are correctly communicating with the WSUS server. You can use the WindowsUpdate.log file on the client to troubleshoot communication issues.

    Use the WSUS client diagnostic tool: Microsoft provides a diagnostic tool (wsusutil.exe) to troubleshoot WSUS client issues. Running this tool on the client can help diagnose any potential problems.

    Check for update metadata corruption: It’s also possible that there may be corruption in the update metadata on the WSUS server. You can use the Server Cleanup Wizard in the WSUS console to clean up unnecessary files and potentially resolve this issue.

    Best Regards,

    Hania Lian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments