Importing KB5001633 in WSUS failed. Error Number 80131509

SVSupport 1 Reputation point
2021-03-30T17:05:28.803+00:00

Hello,

We are currently trying to import kb5001633 in WSUS and we're getting an error number 80131509. Importing KB's update before is working just fine. I saw a potential solution from this post (see link below) but we would like to know before running this command if this added registry will not impose any sort of risk to the system. We would also like to know why we need to run this command now when importing KB's is working just fine before. If there are other potential solutions other this registry setting, it would be appreciated to have those shared as well. The recent changes to our WSUS is we upgraded our .NET Framework to 4.8.

https://learn.microsoft.com/en-us/answers/questions/97772/import-kb4497165-to-wsus-on-server-20162019-fail.html

If you have any questions or information about this, please don't hesitate to let us know.

Thanks,
SVSupport

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,117 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Adam J. Marshall 8,621 Reputation points MVP
    2021-03-30T17:45:38.287+00:00

    You need to tell .NET to use TLS1.2 which is what the PowerShell code below does (Run it from an Administrative PowerShell Window). 

    $Properties = @{
    Name = 'SchUseStrongCrypto'
    Value = '1'
    Type = 'DWord'
}

$null,'Wow6432Node' | Foreach-Object {
    Set-ItemProperty @Properties -Path "HKLM:\SOFTWARE$("\$_")\Microsoft\.NetFramework\v4.0.30319" -Verbose
}
    0 comments
  2. Rita Hu -MSFT 9,626 Reputation points
    2021-03-31T06:43:45.067+00:00

    Hello SVSupport,

    Thanks for your posting on Q&A.

    The issue is more related with the TLS 1.2 just as Adam said above. Since Microsoft force to enable the TLS 1.2 in the past, a lot of WSUS servers failed to sync and import updates. Adding the SchUseStrongCrypto registry setting to enable the TLS 1.2 will be helpful.

    In my opinion, there is no risk to operation system. A lot of workers have accepted the solution and it worked normally.

    In addition, we could refer to this link to know more about enabling the TLS 1.2 on the site servers and remote site systems.

    Hope the above will be helpful.

    Regards,
    Rita

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments