Share via

Windows Server 2019 cannot detect Security Patch.

Ka Ho Cheng 435 Reputation points
2024-11-01T08:06:51.04+00:00

Received a report from support of customer that a few servers can not get the Windows Update Patch since Sep 2024. (It is normal to install Patch 2024-08 around early of Sep but cannot detect the Patch 2024-09 & 2024-10 after that). All of them are Windows Server 2019. It showed "You're up to date" after run Windows Update, of cause it is not a fact.

After investigation, those are connecting WSUS server to get patch. It showed the status date is current. However, the "needed" patch is showed "0". Cross checked the Windows Patches have been approved in the group of those servers. AND, checked another server (same Windows Server 2019) can install the security patch without error. I assumed WSUS should be no problem.

Sound some configuration change applied to those servers but without any record and I do not have access right in those servers.

Seem those servers does not available to verify the Missing Patch with WSUS.

May I know any Windows configuration is affected this issue and any troubleshoot method. (those servers do not available to connect internet.)

Windows for business Windows Server User experience Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-11-04T07:12:41.3633333+00:00

    Hello

    Thank you for posting in Q&A forum.

    Here are a few steps you can take to troubleshoot:

    1. Check WSUS Configuration:

    • Ensure that the WSUS server is properly configured and that the necessary updates are approved for the Windows Server 2019 group.

    1. Reset Windows Update Components:

    • On the affected servers, open Command Prompt as an administrator and run the following commands:

    net stop wuauserv

    net stop cryptSvc

    net stop bits

    net stop msiserver

    ren C:\Windows\SoftwareDistribution SoftwareDistribution.old

    ren C:\Windows\System32\catroot2 catroot2.old

    net start wuauserv

    net start cryptSvc

    net start bits

    net start msiserver

    • This will reset the Windows Update components.

    1. Check for Duplicate WSUS Client IDs:

    • Sometimes, duplicate WSUS client IDs can cause issues. Run the following script on the affected servers to reset the WSUS client ID:

    net stop wuauserv

    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f

    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f

    reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f

    net start wuauserv

    wuauclt /resetauthorization /detectnow

    1. Review WSUS Logs for more details:

    • Check the WSUS logs on both the server and the clients for any errors or warnings that might indicate the cause of the issue. Logs can be found in the following locations:

    • WSUS Server: C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log

    • Client: C:\Windows\WindowsUpdate.log

    Reference:

    Win 2019 not detecting updates from WSUS - Microsoft Q&A

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.