WSUS client getting update from Microsoft instead of WSUS server

Question

_{Tuesday, March 6, 2018 5:43 AM}

Hi Team,

I configured WSUS server in my lab and many client machine connected to WSUS server. But client getting update from Microsoft instead of WSUS server.

I configured local gpo policy for each wsus client machine in which I provided wsus address/url. Please let me know the root cause of this problem.

For Example- 

1100  SLS             Making request with URL HTTPS://sls.update.microsoft.com/SLS/{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}/x64/10.0.16299.0/0?CH=799&L=en-US&P=&PT=0x30&WUA=10.0.16299.98&MK=ASUS&MD=All+Series

I copied this url from windowsupdate.log file.

All replies (1)

_{Wednesday, March 7, 2018 7:10 AM ✅Answered | 1 vote}

There are some GPOs needs to be configured.

1# Configure Automatic Updates(enable Auto download and notify for install,  )

2# Specify intranet Microsoft update service location(enter http://Your_WSUS_Server_FQDN:PortNumber)

3# Do not connect to any Windows Update Internet locations(enable)

4# Allow signed updates from an intranet Microsoft update service location.(enable)

The first two GPOs make sure your clients can get updates from WSUS, the last two GPOs prevent clients from getting updates from Internet by themselves.

One more thing, you need to note this GPO: Select when Feature Updates are received

Which is located in Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates.

Don’t configure this GPO, don’t enable it.

Have a try please.

Regards

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.