cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
End of synchronization for WSUS 3.0 SP2
By
Paul_Reed
Published May 20 2021 07:01 AM 49.3K Views
Paul_Reed
Microsoft
‎May 20 2021 07:01 AM

End of synchronization for WSUS 3.0 SP2

‎May 20 2021 07:01 AM

Update 11.18.2021: To provide organizations more time through the upcoming holiday period to complete necessary migrations, we are extending the deadline for organizations still using WSUS 3.0 SP2 to migrate to a currently supported version by January 10, 2022.

On October 31, 2021, Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2) will no longer synchronize and download updates.

WSUS is key to the Windows servicing process for many organizations. Whether being used standalone or as a component of other products, it provides a variety of useful features including automating the download and installation of Windows updates.

Extended support for WSUS 3.0 SP2 ended on January 14, 2020, in alignment with the end of support dates for Windows Server 2008 SP2 and Windows Server 2008 R2. It is, however, still possible to synchronize and download updates from Microsoft using WSUS 3.0 SP2.

WSUS relies on several different components for secure communication. The protocol that is used for a given connection depends on the capabilities of the associated components. If any component is out of date, or not properly configured, the communication might use an older, less secure protocol. Microsoft is transitioning all endpoints to the more secure TLS 1.2 cryptographic protocol. WSUS 3.0 SP2 does not support this newer protocol. As a result, any organizations still using WSUS 3.0 SP2 must migrate to a currently supported version of WSUS by October 31, 2021.

Additional guidance (added July 16, 2021)

WSUS supports a hierarchy of servers. As part of your transition, you can setup a new top level WSUS running on Windows Server 2012 or newer, then use WSUS 3.0 SP2 as a downstream server. WSUS 3.0 SP2 will continue to sync updates with upstream server after October 31, 2021.

To prepare for this date, we will turn off the sws1.update.microsoft.com endpoint at periodic intervals, occurring on:

  • July 20 – 22, 2021
  • August 17 – 19, 2021
  • September 21-23, 2021
  • October 19 – 21, 2021

During the shutdown, if you attempt to sync WSUS 3.0 SP2 it will not succeed, which results in the following error message in your log file:

2021-05-10 23:05:49.230 UTC    Warning               WsusService.33 WebServiceCommunicationHelper.ProcessWebServiceProxyException ProcessWebServiceProxyException found Exception was WebException. Action: Retry. Exception Details: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

To verify the version of WSUS you are using in your environment, follow these steps:

  1. Open the WSUS console.
  2. Click on your WSUS server name.
  3. In the center, you will see a section called Overview.
  4. Within that area, you will see Connection.
  5. See Server Version.

Learn more

For more information, see Deploy Windows Server Update Services.

 

12 Comments
kjstech
Brass Contributor
‎Jun 14 2021 12:06 PM
‎Jun 14 2021 12:06 PM

How do I know what version of WSUS I'm on?  It says Server version 6.3.9600.18838.  Will that still work after 10/31/2021?  Then if I go Help > About Update Services it says
Update Services

Microsoft Corporation
Version: 10.0.17132.1

 

 

0 Likes
Like
Paul_Reed
Microsoft
‎Jun 15 2021 03:09 PM
‎Jun 15 2021 03:09 PM

Hi @kjstech 

 

WSUS 3.0 Sp2 was supported on Windows Server 2008 and Windows Server 2008 R2.  That was when WSUS was a separate product.  Starting with Windows Server 2012, WSUS was integrated as a server role.  You can check your version of WSUS by doing the following:

 

  1. Open the WSUS console
  2. Click on your WSUS server name
  3. In the center you will see a section called "Overview."
  4. Within that area you will see "Connection"
  5. See "Server Version." 

Thanks,

Paul

Best Regards,

0 Likes
Like
Alexander_Efimov
Copper Contributor
‎Aug 23 2021 08:54 PM
‎Aug 23 2021 08:54 PM

Hi

@Paul_Reed  do you have any information is sws1.update.microsoft.com turned on again after 19/08/2021 ?

Synchronization does not work since 17/08/2021 

0 Likes
Like
VladislavSi
Copper Contributor
‎Aug 24 2021 06:19 AM
‎Aug 24 2021 06:19 AM

How about older updates, released before October 31. Will the WSUS 3.2 be able to download these updates from MS endpoints?

 

 

0 Likes
Like
Alexander_Efimov
Copper Contributor
‎Aug 24 2021 08:19 PM
‎Aug 24 2021 08:19 PM

Hi @VladislavSi !

Don't think this is possible. If they turn off TLS lower than 1.2 than WSUS won't be able to connect. It won't be possible to perform initial sync etc.

 

0 Likes
Like
Paul_Reed
Microsoft
‎Aug 24 2021 09:58 PM
‎Aug 24 2021 09:58 PM

Hi @Alexander_Efimov 

The endpoint is back up and you should be able to resume sync for updates.  Please endure that your team is prepared for the eventual shut down on October 31.  

0 Likes
Like
Paul_Reed
Microsoft
‎Aug 24 2021 10:00 PM
‎Aug 24 2021 10:00 PM

Hi @VladislavSi,

 

As long as you sync prior to October 31, 2021, those updates will remain on your WSUS 3.0 SP2 server.  After that date, WSUS 3.0 SP2 will no longer be able to sync and download updates even if they were published prior to October 31.  That is because the endpoint being used will require a TLS 1.2 secure connection.  

0 Likes
Like
Arbaxter88
Copper Contributor
‎Nov 10 2021 05:55 AM
‎Nov 10 2021 05:55 AM

Hello,

 

What is the current situation with WSUS 3.0? This article states that will be disabled on 31st October 2021, but I can see it has successfully synced on 10th November 2021 with November updates.

 

Is there a new date for this to be become inactive? @Paul_Reed 

0 Likes
Like
abbodi1406
Steel Contributor
‎Nov 27 2021 09:47 AM
‎Nov 27 2021 09:47 AM

Thanks for the update and extension :)

0 Likes
Like
Jasonap_Caguia
Copper Contributor
‎Jan 24 2022 03:43 PM
‎Jan 24 2022 03:43 PM

Is there any update for this? According to SSL Labs, TLS 1.0 is still enabled on the server @Paul_Reed . https://www.ssllabs.com/ssltest/analyze.html?d=sws1.update.microsoft.com

0 Likes
Like
Paul_Reed
Microsoft
‎Jan 25 2022 09:44 AM
‎Jan 25 2022 09:44 AM

@Jasonap_Caguia 

 

Thank you for reaching out.  The sws1 endpoint in reference only supports TLS 1.0 which is why it was shut down.  Newer versions of WSUS (included with Windows Server 2012 and newer) support TLS 1.2 connections.  WSUS 3.x doesn't.  The newer versions of WSUS automatically get redirected to an endpoint that supports TLS 1.2 connection.

Akherraz_el_hachem
Copper Contributor
‎Nov 12 2023 02:47 AM
‎Nov 12 2023 02:47 AM

Akherraz el hachem Aléxandre 125 boulevard de charonne 75011 paris france cexdex11 

ILE-DE-FRANCE 75001 CEDEX01 PARIS FRANCE . . . MONSIEUR :AKHERRAZ-1978-25/04/1978 ...

0 Likes
Like
Co-Authors
Version history
Last update:
‎Feb 02 2023 09:08 AM
Updated by: