Orphaned Expired Updates at Downstream WSUS Servers


I'm running a WSUS estate with a primary W2012R2 servers and several downstream W2012R2 servers. I regularly run the cleanup wizard on the primary to decline expired updates. What I find though is that there are thousands of updates at the downstream that are expired but not declined but that update is not present on the primary. I cannot decline them as these are on downstream servers.

The sync task is running successfully each night. I'm wondering if this is due to the upstream, having been replaced at some stage and these are now orphaned.

