Throttle Downstream WSUS Update Pull from upstream
Is it possible to throttle the download of updates on a downstream WSUS server i.e. when it is pulling it's updates from an upstream WSUS server? We have some downstream WSUS servers on low bandwidth links and whilst we generally schedule the pull of updates during an out-of-hours window this is problematic for us for several reasons. I'd rather they pull during the day but with throttling. I’m aware the WSUS clients can do this in Windows 10 BITS etc. but wondering can the WSUS server do this on the synchronisation cycles.
WSUS Certificate pinning
Hi, is there any docs as to how to enable certificate pinning? Asking because in those posts, it says that we can do this to secure our WSUS servers, but I can't seem to find out to actually do it. Changes to improve security for Windows devices scanning WSUS - Microsoft Tech Community Scan changes and certificates add security for Windows devices using WSUS for updates - Microsoft Tech Community Thank you in advance and don't hesitate if you have any questions
Latest LCU not detected from WSUS if corresponding SSU preinstalled
Hi, for a few months now, the SSU is bundled with the LCU. I have noticed that, if the bundled SSU is manually preinstalled with e.g. DISM, the corresponding LCU portion will no longer be detected as applicable from WSUS! It will however be detected if I scan against WU directly. WSUS will even show the entire bundle as installed for clients which only have the SSU portion installed! This doesn't seem like a common scenario, however it becomes a huge problem if a device does a feature upgrade (from media or WSUS, doesn't matter) from an older version (<= 1909) to 20H2, with the "/DynamicUpdate NoLCU" option enabled. What seems to happen is, Windows Setup does not, as instructed, download and apply the latest LCU, but will still download and apply the latest SSU! This results in an installation that's effectively stuck at the LCU of the upgrade media used (currently 2020-11 for the WSUS upgrade package) and cannot upgrade to the current LCU, if WSUS is used as the only update source - at least until a newer LCU is released and approved. And since SSUs cannot be uninstalled, there is no easy workaround for affected machines. I don't know if anyone from the WSUS team reads this, but there seems to be a faulty "is installed" detection logic in the SSU+LCU bundles published to WSUS, that needs to be addressed asap. Right now I have 35 Windows 10 clients stuck at the November '20 LCU, unable to upgrade. Can anybody else confirm this problem? Regards, Markus
2021-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5003171): Not Applicable
2021-05 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5003171) is downloaded in WSUS and approved for installation. It is showing not applicable. I have tons of Windows Server 2019 servers. I have two separate WSUS on different environment and both showing the same status as not applicable. Anyone seeing this issue? ThanksWSUS plugin in WAC
Are there any plans to bring the WSUS console into WAC as a plugin, reflecting most of the features, including the ability to import updates? Most of the actions in the WSUS console should be underlying PowerShell commands, which would be the qualifying thing for this task, imho. There are still a lot of customers that rely on WSUS and do not leverage ConfigMgr (due overhead, licensing, TCO) or WuFB (cloud use restriction policies), missing ability of WuFB of managing Windows Server. I am not aware if WuFB can now also manage Windows Server 2012 and newer and gather the update status in a dashboard, as it does for Windows 10. If this is a limitation it should be considered to offer a single pane for free* of modern management as a whole pendant to WSUS. *eventually charging log analytics workspaceWindows 10 servicing office hours – May 14th
Our next "office hours" session will take place here in the Windows 10 servicing community on Thursday, May 14th from 8:00-9:00 a.m. Pacific Time. Join us to get answers to any questions you may have around managing updates for the remote devices in your organization, help with specific issues, and tips on how to increase update velocity. We'll have members of the Windows and Microsoft Endpoint Manager product and engineering teams on hand, as well as the FastTrack team. Save the date and see the Windows IT Pro Blog for full details.
