Hello, we are running upstream WSUS server which synchronizes from Microsoft Update.

The server configuration:

- virtual machine on VM host with ESXi 7.0U2, VM version 19, VMware Tools 11365

- 2x CPU, 16 GB RAM, C: 60 GB (17 GB free), D: 3 TB (308 GB free), single NIC

- OS: Windows Server 2016 Standard, uninstalled Windows Defender

- domain joined, connected to administrative network

- WID database was migrated to SQL, using SQL Express 2016 SP1

The server has been serving properly for several years.

WSUS configuration:

- synchronize with Microsoft Update, using proxy server (Cisco WSA, anonymous access)

- products: Office 2013, Office 2016, Microsoft Edge, Windows 10 LTSB, Windows 10 version 1903 and later, Windows 10, Windows Server 2012 R2, Windows Server 2016

- classifications: critical updates, security updates, service packs, update rollups, updates, upgrades

- update files and languages: storing updates locally, downloading approved only, not downloading express files, downloading 20 languages

- synchronization schedule: automatic, 1 per day

- automatic approval: no update rules; enabled: wsus updates, new revisions + auto decline of expired

- computers: using group policy

- server clean-up: using generally found powershell script on monthly basis

- iis application pools: wsuspool - recycling - private memory limit: 8388608 KB

Problem: When we add Windows 11 product then the synchronization fails.

It fails with result "An HTTP error occurred"

Details: "WebException: The operation has timed out
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at Microsoft.UpdateServices.ServerSync.ServerSyncCompressionProxy.GetWebResponse(WebRequest webRequest)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetRevisionIdList(Cookie cookie, ServerSyncFilter filter)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetRevisionIdList(ServerSyncFilter filter, Boolean isConfigData)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

Symptoms:

When the synchronization works then it can be clearly seen that CPU and memory resources are utilized.

When the synchronization does not work then CPU is mostly idle and memory is not very used. The synchronization fails after about 1 hour of system doing "nothing".

What I tried to get it work (including various combinations of the below):

- turned off / uninstalled antivirus (f-secure business suite server security) - it did not help

- new test WSUS server - selected Windows 11 product only - it does not work

- another test WSUS server - used original WID for WSUS DB - it does not work

- used SQL Express 2019 - it did not help

- used Windows Server 2022 (evaluation) - it does not work

- unjoined server from domain - sometimes works (?) (mostly not working)

- another test WSUS server running in hyper-v - it did not help

- used other ISP connection, without web proxy - it did not help

- not used web proxy (while connected through main ISP) - it did not help

- re-indexed WSUS database - it did not help

- increased CPU cores to 4 - it did not help

- another test WSUS server, not joined to domain - running in DMZ, not using web proxy - it does not work

- added products, classifications and languages in various order

- iis application pools: wsuspool - recycling - private memory limit: tested 4, 6 and 8 GB

- monitoring network traffic on web proxy - nothing blocked was found

- tried many other things found on the web, check various logs - no progress

The very last test server results:

I added products, classifications and languages in the following order:

- added small group of currently used products, classifications and languages => synchronization succeeded

- added all remaining currently used products and classifications => synchronization succeeded

- added windows 11 product => synchronization succeeded

- added remaining languages => synchronization failed

I am currently at 11 languages. If I add any additional language then the synchronization fails.

If I remove some existing language and add additional one then the synchronization fails.

I am exhausted and I would appreciate your help how to get it work / how to identify the cause.

When I see a hope (like occasional working scenario with unjoined server from domain then another test with the same configuration fails).

It appears to be problem of some combination of products, classifications and languages.

I do not think it is problem of VM host, VM, OS, WSUS configuration, ISP / web proxy.

Update:

To get it work, it is required to select "download updates in all languages, including new languages" instead of selecting multiple desired languages.