Forum Discussion

kwester-ebbinghaus-business's avatar
kwester-ebbinghaus-business
Iron Contributor
Jan 06, 2022

ISSUE: Cannot import updates to WSUS, due to erroneous redirection in Windows Update Catalog

Scenario:

Management Host: Windows Server 2022 Build 20348.405

WSUS Server: Windows Server 2019 Build 10.0.17763.1971

Microsoft Edge Release 96.0.1054.62

 

Repro Steps:

- Edge is your default browser

 On the Management Host open WSUS MMC (via Server Manager) to connect to the WSUS Server via https

- in the WSUS MMC > Update > Import Updates 

- Open the catalog in Edge IE Mode: refer my guide

HOW-TO: Import Out of Band Updates to WSUS using Microsoft Edge Chromium and modern IE Mode - Microsoft Tech Community

 

- Accept the ActiveX 

 

What is happening:

- you may add updates to the cart

 

What is the issue: 

- you cannot import (OOB) updates for Windows Server 2022 updates or other updates
- on affected systems we get redirected to a different update catalog server that seems to be different

Browser: IE, natively
Result: import works
https://catalog.update.microsoft.com/v7/site/Home.aspx?SKU=WSUS&Version=10.0.17763.1971&ServerName=YOURSERVER.CONTOSO.LOCAL&PortNumber=8531&Ssl=True&Protocol=1.20

 

Browser: Edge, IE Mode
Result: import works
https://catalog.update.microsoft.com/v7/site/Home.aspx?SKU=WSUS&Version=10.0.17763.1971&ServerName=YOURSERVER.CONTOSO.LOCAL&PortNumber=8531&Ssl=True&Protocol=1.20

 

Browser: Edge, IE Mode
Result: import does not work
https://www.catalog.update.microsoft.com/Home.aspx?SKU=WSUS&Version=10.0.17763.1971&ServerName=YOURSERVER.CONTOSO.LOCAL&PortNumber=8531&Ssl=True&Protocol=1.20

 


What we have tried so far:
- reproduce this on the local Windows Server running WSUS instead of remote server > no change
- changing Protocol Version from 1.20 to 1.80 (old, but fixed issue) > no change
- troubleshooting via Developer Mode
- we will upgrade the WSUS to Windows Server 2022 and try to reproduce

Error message:

This update cannot be imported. Reason: It is not compatible with your version of WSUS

 

Affected patches:

apparently any patches that have a different build than the WSUS Server

see screenshots


- Windows Server 2022

- Azure Stack HCI 22H2

- Windows 11 

- Windows 10

 

Reproducible: mostly

 

Summary:
We see this happening at different customers. 
Using Edge IE Mode, despite using same setting, Edge IE mode sometimes get redirected
to a different server that has not the v7/sites. This results into missing ability to import updates.

 

AriaUpdated 

Andrei Stoica have you heard about similar reports?
Do you know anyone that could check a potential redirection or inconsistency on the update catalog server?

Usecase:
Originally we would like to import 2022-01 updates into WSUS running on Windows Server 2019 to patch affected RDS Servers. 

Management
Windows Server
  • kwester-ebbinghaus-business's avatar
    kwester-ebbinghaus-business
    Jan 13, 2022

    abbodi1406 

    I have spent more time into the testing and found out that it worked in a VERY specific configuration. So to say must be exactly this configuration as you stated.
    Bummer. 

     

    ONE MAY NOT USE https://www.catalog.update.microsoft.com/ in the exception 
    While these pages can be technically reached, they do not work correctly and will not redirect. Imho this is still a server-side config issue on the IIS 10.

    1. It only works as expected when you use the link without www. It does not work with the www. anymore.

    2. you need to actually add both links. One or the other won't be enough anymore.
    Both was till November 2021. But no more.

    3. really remove any other links in the scope of *.catalog.microsoft.com

    4. close all catalog.microsoft.com tabs and restart the browser (just in case you have set that Edge should reopen all tabs on next start)

     

    Thank you abbodi1406 I will update my guide accordingly. 

     

    Eds1989 can you please confirm this solution worked for you?

     

  • Eds1989's avatar
    Eds1989
    Brass Contributor
    Jan 12, 2022
    Hello,

    We too seem to be experiencing this issue.

    WSUS server is Windows Server 2022.
    Client machine is Windows 11 running RSAT and managing/importing updates remotely.
    Edge 96 is my default browser, but running the update catalogue site in IE mode with the ActiveX control installed.

    We can search for and add updates to our basket, but when proceeding to the basket, we are told they could not be imported because they are not compatible with our version of WSUS.
    The update we are trying to import is KB5010197.

    I have tried to add the /v7/site part to our catalogue URL as a workaround, but I get a site/page error.
    Our URL loaded when clicking import updates is of the format:
    https://www.catalog.update.microsoft.com/Home.aspx?SKU=WSUS&Version=10.0.20348.143&ServerName=OUR_SERVER_NAME&PortNumber=8530&Ssl=False&Protocol=1.20

    Are there any other potential workarounds to this issue at this time?

    Many thanks
    James
  • abbodi1406's avatar
    abbodi1406
    Steel Contributor
    Jan 13, 2022

     

    - If not already added, add SystemDefaultTlsVersions (and/or SchUseStrongCrypto) registry values to both .NETFramework\v4.0.30319 keys, and restart the system

     

    - Add these URLs to IE mode pages, and remove any other catalog url

     

     

    https://catalog.update.microsoft.com/
https://catalog.update.microsoft.com/v7/site/Home.aspx

     

     

    - If not already installed, open https://catalog.update.microsoft.com/v7/site/Home.aspx and install ActiveX controller

     

    • kwester-ebbinghaus-business's avatar
      kwester-ebbinghaus-business
      Iron Contributor
      Jan 13, 2022

      abbodi1406 I know you have deep knowledge about servicing.
      We have already added both links according to my guide. 
      The TLS settings have been made earlier and as such are already correct.

      Any other ideas?

      edit: I still hope that the Microsoft Servicing team can respond on this post, why sometimes the browser does not get redirected to the /v7/site/Home.aspx when clicking import updates in the WSUS MMC. This should fix it, when the settings are applied.

    • kwester-ebbinghaus-business's avatar
      kwester-ebbinghaus-business
      Iron Contributor
      Jan 13, 2022

      abbodi1406 

      I have spent more time into the testing and found out that it worked in a VERY specific configuration. So to say must be exactly this configuration as you stated.
      Bummer. 

       

      ONE MAY NOT USE https://www.catalog.update.microsoft.com/ in the exception 
      While these pages can be technically reached, they do not work correctly and will not redirect. Imho this is still a server-side config issue on the IIS 10.

      1. It only works as expected when you use the link without www. It does not work with the www. anymore.

      2. you need to actually add both links. One or the other won't be enough anymore.
      Both was till November 2021. But no more.

      3. really remove any other links in the scope of *.catalog.microsoft.com

      4. close all catalog.microsoft.com tabs and restart the browser (just in case you have set that Edge should reopen all tabs on next start)

       

      Thank you abbodi1406 I will update my guide accordingly. 

       

      Eds1989 can you please confirm this solution worked for you?

       

      • abbodi1406's avatar
        abbodi1406
        Steel Contributor
        Jan 13, 2022
        Glad it worked
        yes, urls must be without www.

Resources