Update 11.18.2021: To provide organizations more time through the upcoming holiday period to complete necessary migrations, we are extending the deadline for organizations still using WSUS 3.0 SP2 to migrate to a currently supported version by January 10, 2022.
On October 31, 2021, Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2) will no longer synchronize and download updates.
WSUS is key to the Windows servicing process for many organizations. Whether being used standalone or as a component of other products, it provides a variety of useful features including automating the download and installation of Windows updates.
Extended support for WSUS 3.0 SP2 ended on January 14, 2020, in alignment with the end of support dates for Windows Server 2008 SP2 and Windows Server 2008 R2. It is, however, still possible to synchronize and download updates from Microsoft using WSUS 3.0 SP2.
WSUS relies on several different components for secure communication. The protocol that is used for a given connection depends on the capabilities of the associated components. If any component is out of date, or not properly configured, the communication might use an older, less secure protocol. Microsoft is transitioning all endpoints to the more secure TLS 1.2 cryptographic protocol. WSUS 3.0 SP2 does not support this newer protocol. As a result, any organizations still using WSUS 3.0 SP2 must migrate to a currently supported version of WSUS by October 31, 2021.
Additional guidance (added July 16, 2021)
WSUS supports a hierarchy of servers. As part of your transition, you can setup a new top level WSUS running on Windows Server 2012 or newer, then use WSUS 3.0 SP2 as a downstream server. WSUS 3.0 SP2 will continue to sync updates with upstream server after October 31, 2021.
To prepare for this date, we will turn off the sws1.update.microsoft.com endpoint at periodic intervals, occurring on:
- July 20 – 22, 2021
- August 17 – 19, 2021
- September 21-23, 2021
- October 19 – 21, 2021
During the shutdown, if you attempt to sync WSUS 3.0 SP2 it will not succeed, which results in the following error message in your log file:
2021-05-10 23:05:49.230 UTC Warning WsusService.33 WebServiceCommunicationHelper.ProcessWebServiceProxyException ProcessWebServiceProxyException found Exception was WebException. Action: Retry. Exception Details: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
To verify the version of WSUS you are using in your environment, follow these steps:
- Open the WSUS console.
- Click on your WSUS server name.
- In the center, you will see a section called Overview.
- Within that area, you will see Connection.
- See Server Version.
For more information, see Deploy Windows Server Update Services.