WSUS: 1909 updates not shown as needed

Question

I have some machines with Windows 10 1903 and some with 1909, both categories are reporting correctly their status to WSUS.
In WSUS console, in the view "Needed" I can see only updates related to 1903. If I select the view "Any" I can see also the ones for 1909 but the needed count for them is 0. Why? It seems I am not approving updates to 1909 machines but only to 1903.
Thanks

Answer 1

Hi, Thanks for posting in Q&A. We could check the last status report of Window 10, 1909 on the WSUS console. ![18547-microsoftteams-image-14.png][1] If the update status is not up-to-date, kindly click the tab of check for updates on the side of client, and wait for several minutes, check the last status report again on the console to see if the connction is normal between WSUS and client. ![18559-microsoftteams-image-15.png][2] If the update status is up-to-date, we could view update history to check if the client of Window 10, 1909 is installed the needed update, if so, the update will not exist in the Needed tab. ![18560-microsoftteams-image-16.png][3] Hope my answer will help you. ---Please Accept answer if the reply is helpful--- Best regards, Amanda You [1]: /api/attachments/18547-microsoftteams-image-14.png?platform=QnA [2]: /api/attachments/18559-microsoftteams-image-15.png?platform=QnA [3]: /api/attachments/18560-microsoftteams-image-16.png?platform=QnA

Answer 2

Hello, I think I've not explained correctly. I'll try again for points:

• in my WSUS I have enabled Product: Windows 10, version 1903 and later versions
• WSUS is syncronizing correctly
• someone before me declined Feature Update to Windows 10 version 1909 - this for all available languages - and it's ok for me, I would like to skip this and stay on 1903 until we migrate to 20XX
• I am still preparing my machines with the 1903 iso and before connecting them to internet I change the registry to target our WSUS
• although it correctly says "updates are managed by your org" if I search for updates they get the 1909 version found and installed
• due to the previous point, I have in my fleet a lot of machines updated to 1909, but in my wsus console all 1909 updates (security, etc) are not listed as needed, I only find updates for 1903 as needed - if I select status=any I can find also 1909 ones

so I guess I have tow different issues
I'd like the 1909 upgrade not to install since I declined it in WSUS
since some machines are already on 1909, I'd like to see those updates listed in WSUS

Answer 3

WSUS is a repository of updates. It does not tell the systems if they 'need' updates or not. It's the individual client systems that report to WSUS what they 'need' and then WSUS marks the updates as 'needed' by the appropriate clients.

If the clients are not reporting in correctly (see my first post above), you'll never get the 'needed' updates listing through the WSUS MMC console.

To keep 1903, instead of upgrading to 1909/2004, make sure that 1909 and 2004 Feature Upgrades are approved to 'Not Approved' (not declined as you'll eventually move up)

Verify you don't have a Dual Scan scenario happening - https://www.ajtek.ca/wsus/dual-scan-making-sense-of-why-so-many-admins-have-issues/

Use my guide on GPO policies to help get your machines working great with WSUS.

https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-4-creating-your-gpos-for-an-inheritance-setup/

Remember, if an update is approved in WSUS as 'Not Approved' (yes, very weird that you have to approve it to be not approved) or declined, the update will not install on a computer system.