WSUS Sync | TheaterFire

[-]

NocturnalGenius@reddit

Mine sync'ed overnight but I magically have over 5000 "new" updates that are all very, very old updates. At least its sync'ing tho so thats something.

[-]

ellileon@reddit

Lucky you - for me it synched nearly 10k Updates without any changes which blow up the D Volume on our main WSUS Server because it downloaded 300 GBs of Updates.

[-]

Vivid_Mongoose_8964@reddit

so it started sync'ing and is trying to download 186GB's of updates, WTF!!!!

[-]

ellileon@reddit

Same here but at our server it downloaded over 300 GB and killed couple of volumes on different sites....

[-]

SlappyKippy@reddit

Getting the same here. It's killed the drive and used all the space. More ridiculous Microsoft bullshit.

[-]

ellileon@reddit

For me it downloaded over 300 GBs tonight and killed couple of D volumes on several of our sites! This is a huge problem right now...

[-]

Daveism@reddit

Make me a fourth. Now we can play a card game while we wait for our monthly updates!

[-]

MSe-5-14@reddit

We opened a ticket to microsoft. this is the response:

We would like to inform you that we are currently investigating a synchronization issue affecting WSUS. Our internal teams have observed similar behavior across multiple environments, and we are actively working to find a resolution.

While the exact cause is still under investigation, we are collaborating closely with our engineering teams to determine a resolution path.

There is a possible workaround we just discovered to get the synchronization to work.

If you uncheck the “Updates” classification, synchronization will be successful.

Issue is due to .Net Framework 3.5 related updates published this month with “Updates” classification.

Please don’t hesitate to reach out if you have any questions or need further assistance.

[-]

MSe-5-14@reddit

case closed :)
Symptom(s):

On July, 9^(th), your WSUS/SUP server failed to synchronize the new updates from Microsoft Update.

Cause:

The issue was due to updates published with defective metadata causing WSUS servers to run a full sync all over the world.

Because all WSUS servers were doing full sync, it put a high pressure on the Microsoft Update infrastructure causing these servers to be unresponsive.

Because of this unresponsiveness, your servers ended with a time out when trying to synchronize.

Resolution:

The issue has been resolved after Microsoft expired the culprit updates. Updates that were classified within the “Updates” category, not “Security Updates” or “Critical Updates”.

Determining the culprit updates took time, and then the replication of expiration because of the Microsoft Update servers being overwhelmed.

Once the load on Microsoft Update was lower, the synchronization was then successful for WSUS/SUP servers.

More information:

If you are a Microsoft 365 admin, you may have access to the public information on this link : https://admin.microsoft.com/#/windowsreleasehealth/knownissues/:/issue/WI1112355 (Microsoft 365 Admin Center > Windows Release Health)

[-]

oohgodyeah@reddit

I don't see "Windows Release Health" under my M/O365 account in any section, whether Health or all Admin Centers. Is it possibly just Health > Service Health ?

[-]

Iason_Argonaut@reddit

That sort of worked for me. Failed first try but succeeded on retry. Rechecking 'updates' and syncing still fails.

[-]

1759@reddit

I tried unchecking the Updates classification just for laughs. It still did not synch. In case anyone else wants to try this, it didn't work when I tried it.

[-]

lecaf__@reddit

it works

[-]

Atrium-Complex@reddit

Microsoft, probably:
“After investigating, we have decided to deprecate WSUS entirely. Please enjoy our new Azure Patch Management solution, now with 80% more AI and 0% Reliability.”

[-]

UKBedders@reddit

I didn't see the 'probably' part of that at first, and it scared me. Thanks for waking me up this morning.

[-]

Atrium-Complex@reddit

I learned to always have a cup of coffee before browsing reddit. Hope you've learned the same! lol

[-]

deltashmelta@reddit

"...also it costs money now. So...there."

[-]

Least_Gain5147@reddit

Only for Arc-enabled machines. Azure VM's don't cost extra

[-]

deltashmelta@reddit

True, but there's the cloud-fee of running the load that more than makes up for it.

[-]

OK_it_guy@reddit

Same. Synced yesterday and before then just fine, but has not worked after multiple tries today (rebooted server too).

[-]

LoveTechHateTech@reddit

Mine (on Server 2019) synced fine at 8:30 last night, then failed at 10:30 continued to onwards every 2 hours.

Also strangely I had a whole lot of updates that were “unapproved” from the past few years that I definitely declined. As of yesterday afternoon I only had the recently released ones that i hadn’t approved yet.

[-]

47kOverlord@reddit

Same here - around 3000 updates back to 2017

[-]

LoveTechHateTech@reddit

The last sync that failed last night, at 7:18, had 2,833 “new” updates, but had a successful sync at 7:20 that had 0. Whatever it issue was, it looks like it resolved itself.

[-]

Low-Warning-8918@reddit

We just got our sync running by replacing the IIS SSL Cert on the update servedr with one with a 2048 bit Public key. The 4096 bit key was causing the sync to fail. This IS NOT a recommeded permanent fix as it causes a vulnerability. It's only temporary until MS fixes the issue. Can't hurt to try.

[-]

MadCichlid@reddit

*Update* WSUS is synching now. My ADR's are downloading the updates and everything is flowing again...

Hmmm, I wonder if this is some back office stuff to try and persuade CIO's to switch to the cloud and have everything on Intune.

[-]

lecaf__@reddit

I'm flabbergasted there is no official comm on this

(at least none I could easy find with google)

[-]

rhomel1@reddit

There is now.

WSUS update and sync operation fail with timeout errors

Status Confirmed

Affected platforms Client Versions Message ID Originating KB Resolved KB Windows 11, version 24H2 WI1112355 - - Windows 11, version 23H2 WI1112356 - - Windows 11, version 22H2 WI1112357 - - Windows 10, version 22H2 WI1112358 - - Windows 10, version 21H2 WI1112359 - - Windows 10 Enterprise LTSC 2019 WI1112362 - - Windows 10, version 1607 WI1112363 - - Windows 10 Enterprise 2015 LTSB WI1112364 - -

Server Versions Message ID Originating KB Resolved KB Windows Server 2025 WI1112360 - - Windows Server 2022 WI1112361 - - Windows Server, version 1809 WI1112362 - - Windows Server 2019 WI1112362 - - Windows Server 2016 WI1112363 - - Windows Server 2012 R2 WI1112365 - - Windows Server 2012 WI1112366 - -

Devices trying to synchronize updates from Microsoft Updates using Windows Server for Update Services (WSUS) might fail to complete the synchronization process. As a result, updates cannot be deployed using WSUS or Configuration Manager.

WSUS synchronization tasks are frequently configured to occur automatically in business and enterprise environments, although manual tasks are also possible. Error logs for WSUS are usually found in the SoftwareDistribution.log file under C:\Program Files\Update Services\LogFiles. Common messages may include text similar to "Unable to connect to the remote server" and "A connection attempt failed because the connected party did not properly respond after a period of time"

There is no workaround at this time. A problematic update revision in the storage layer has been identified as potentially causing this issue, and repairs are in progress.

Next steps: We are working on a resolution and will provide more information when it is available.

[-]

johne121@reddit

A reddit post is great, but an official link would be even better! Thx

[-]

thewhippersnapper4@reddit

https://admin.microsoft.com/#/windowsreleasehealth/knownissues/:/issue/WI1112355

[-]

coondini@reddit

Liiewise

[-]

Daveism@reddit

Wow - I'm not getting that much information in my sync details. I get this instead:

InvalidOperationException: There is an error in XML document (1, 40631). ---> System.Net.WebException: The operation has timed out. at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events) at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetRevisionIdList(Cookie cookie, ServerSyncFilter filter) at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetRevisionIdList(ServerSyncFilter filter, Boolean isConfigData) at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

[-]

Unable-Entrance3110@reddit

I am receiving this:

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 52.165.164.33:443

[-]

yaboiWillyNilly@reddit

WSUS is a synchronization issue

[-]

Economy_Contest7464@reddit

it's working now

gif

[-]

Kindly-Photo-8987@reddit

+1 for sync failling... MS just sent this email:


Devices trying to synchronize updates from Microsoft Updates using Windows Server for Update Services (WSUS) might fail to complete the synchronization process. As a result, updates cannot be deployed using WSUS or Configuration Manager. WSUS synchronization tasks are frequently configured to occur automatically in business and enterprise environments, although manual tasks are also possible. Error logs for WSUS are usually found in the SoftwareDistribution.log file under C:\Program Files\Update Services\LogFiles\. Common messages may include text similar to "Unable to connect to the remote server" and "A connection attempt failed because the connected party did not properly respond after a period of time" There is no workaround at this time. A problematic update revision in the storage layer has been identified as potentially causing this issue, and repairs are in progress. Next steps: We are working on a resolution and will provide more information when it is available.

Devices trying to synchronize updates from Microsoft Updates using Windows Server for Update Services (WSUS) might fail to complete the synchronization process. As a result, updates cannot be deployed using WSUS or Configuration Manager. WSUS synchronization tasks are frequently configured to occur automatically in business and enterprise environments, although manual tasks are also possible. Error logs for WSUS are usually found in the SoftwareDistribution.log file under C:\Program Files\Update Services\LogFiles\. Common messages may include text similar to "Unable to connect to the remote server" and "A connection attempt failed because the connected party did not properly respond after a period of time" There is no workaround at this time. A problematic update revision in the storage layer has been identified as potentially causing this issue, and repairs are in progress. Next steps: We are working on a resolution and will provide more information when it is available.

[-]

Vivid_Mongoose_8964@reddit

how did you get this email? is there a list i can signup for?

[-]

Kindly-Photo-8987@reddit

Yeah you can sign up for it at the Microsoft admin center.

[-]

jerryrenault@reddit

Yup, saw a whole bunch of failed automatic syncs this morning. Was working on other stuff so I didn't come back and deal with it until early afternoon. Rebooted my wsus server first, then did a cleanup, then ran a manual sync and worked fine for me. I never unchecked the updates category.

[-]

kgborn@reddit

See my blog post: https://borncity.com/win/2025/07/09/wsus-has-synchronization-problems-july-9-2025/ MS is investigating

[-]

CHolschuh@reddit

Ours began syncing. We are now seeing Windows 11 Updates for 2025-07

[-]

ghgard@reddit (OP)

Mine just synced for the first time today.

[-]

IndyPilot80@reddit

Mine brought in some updates but still failed. Some XML error.

[-]

Redeptus@reddit

It just started synchronizing for us in SEA. May the God of wsus bless you all soonish

[-]

lecaf__@reddit

did it succeed ? or still syncing ?

[-]

Redeptus@reddit

It started working for us in SEA when I posted. Haven't caught the admin since, I've been in bed!

[-]

chicaneuk@reddit

Still can't get a sync over the line... been about 14 hours now.

[-]

Dennywayne1@reddit

Yes, I am having the same problem. None of our WSUS servers are syncing with Microsoft Update services. Started on 7/8/2025

[-]

Low-Warning-8918@reddit

OK. We just got our sync running by replacing the IIS SSL Cert on the update servedr with one with a 2048 bit Public key. The 4096 bit key was causing the sync to fail. This IS NOT a recommeded permanent fix as it causes a vulnerability. It's only temporary until MS fixes the issue.

[-]

Low-Warning-8918@reddit

OK. We just got our sync running by replacing the IIS SSL Cert on the update servedr with one with a 2048 bit Public key. The 4096 bit key was causing the sync to fail. This IS NOT a recommeded permanent fix as it causes a vulnerability. It's only temporary until MS fixes the issue.

[-]

coondini@reddit

So that must be why I'm not seeing the July updates with my ADR in MECM.

[-]

MadCichlid@reddit

Same here with my 365 ADR...sucks

[-]

Trooper27@reddit

Having the same issue myself. Still cannot get it to work.

[-]

MadCichlid@reddit

M365 ADR has not downloaded the new version of Office. Win 11 updates are also not working. Is there any sort of timeframe when this will be resolved?

[-]

SlipBusy1011@reddit

WSUS is the biggest piece of shit that I really wish worked. There's a need for it, but man what a heaping pile of junk. Constant headaches.

[-]

chicaneuk@reddit

I'd disagree. I've run WSUS for decades and it's been an absolute pillar of reliability, honestly.

[-]

Unable-Entrance3110@reddit

I tend to agree. The problems come in due to the default configuration. WSUS is one of those services that *requires* configuration away from the OOBE.

But, like you, I have not had any issues with WSUS in years.

[-]

chicaneuk@reddit

Yeah I mean I run a server cleanup every month or two, and try and decline the packages I know I'll never need.. and it just kinda trucks along.

[-]

andrew_joy@reddit

Its simple and effective , but it needs a lot of hand holding to keep it that way or you have 10,000 of updates sitting there and the thing falls over when it tries to run maintenance.

[-]

Joe-Cool@reddit

It does need a bit of babying regarding superseded updates. Very true.
But if you keep it maintained and manually reindex the database from time to time it works reasonably well.

A standalone VM/Machine just for WSUS helps a lot. Some people install WSUS on their Domain Controllers. That's a recipe for disaster.

[-]

andrew_joy@reddit

What absolute mental case would do that !

[-]

Unable-Entrance3110@reddit

Remember all the best practices that Microsoft ignored with their SBS product?

It's like they were training a whole generation for r/ShittySysadmin

[-]

doubled112@reddit

People loved SBS for a reason. Jam as many things on as few machines as possible.

[-]

GeneMoody-Action1@reddit

Came here to say this, if I had a nickel for every time someone "Set up SBS" then called to have it set up correctly, which often involved setting it up again...

All on a computer with a 1/10 the resources of a modern system at best if it was high dollar the the time.

Exchange is not for the faint of heart, and for a business to believe it is, configure some settings, and Boom enterprise email services, lunacy.

Misconfiguration Risk: When one machine runs AD, Exchange, and internet-facing services, any compromise has a higher blast radius.
Underqualified Administrators: SBS was often sold and installed by generalist consultants or small MSPs, many of whom lacked formal exchange and AD training or security awareness.
Patch Management Gaps: Because of the complex integration, patches could break dependencies, leading to delayed updates.

SBS was a money grab by MS, never a good idea to begin with.

[-]

Lost_Balloon_@reddit

Nobody loved SBS. Well, nobody who had to maintain it. Clients loved it because it was a cheap way to spin up an office prior to 365 being a viable product.

[-]

someguy7710@reddit

Viable Product? ms365 wasn't even a glimmer in their eye when sbs came out.

[-]

Lost_Balloon_@reddit

Read again. I didn't say when SBS came out. It lasted well after 365 came out. I had clients using SBS as late as 2016, by which time 365 was finally in good shape.

[-]

someguy7710@reddit

Ok fine, I suppose I misread. And I agree it was a terrible product that even violated MS' own best practices.

[-]

Lost_Balloon_@reddit

No worries. Yes, it was garbage and an all-eggs-in-one-basket nightmare to maintain.

[-]

jake04-20@reddit

I never really understood the supersedence in WSUS. In theory shouldn't you only ever approve the updates that supersede other updates? Yet when I fully patch a machine according to WSUS updates, then toggle it back to getting updates from Windows Update as opposed to WSUS, it finds updates that were not approved in WSUS (or in a few cases, updates I can't even find anywhere in WSUS). It makes me reluctant to trust that my servers/clients are getting all the necessary updates.

[-]

Joe-Cool@reddit

Sometimes a superseded update will still appear as required and the automated cleanup doesn't fix that.
What I usually do is sort approved updates by the "supersedence" column (that little icon) and decline every update that is superseded.
That clears it from the database and marks the downloaded files for deletion during cleanup.

[-]

jake04-20@reddit

That sounds similar to my workflow. I right click on the column to get the supersedence icon, then I create a view for the OS I'm trying to approve updates for, then group by classification and sort by the supersedence column. Then I approve all updates that supersede others. But you're saying you decline any update that is superseded? Sometimes I swear I don't see the update that supersedes it even if it claims it's superseded.

[-]

Joe-Cool@reddit

Yes, somewhere in the documentation it states that cleanup will never remove approved updates even if they are superseded. You'd need to "unapprove" them and wait for 30 days or decline them to get them to stop cluttering the database.
Especially the defender definitions will slow everything to a crawl after a year if you don't do that.

[-]

samasake@reddit

WSUS is really all I've known and it's always been rock solid for me.

[-]

lordmycal@reddit

The point is that WSUS needs regular maintenance, and it should be set-it-and-forget it. You need to configure the thing to regularly clean up superseded and expired updates, obsolete computers, content files, etc. and then need to do regular database maintenance to ensure it doesn't just stop working one day. It's been a known issue for decades and why it doesn't automatically do that shows that Microsoft doesn't care. They want you to move on and use cloud services to manage your stuff instead.

[-]

rbj208@reddit

I'm starting to see successful syncs on my side now.

[-]

PDQ_Brockstar@reddit

I know this doesn't resolve the WSUS sync issue, but you could try using PSWindowsUpdate in the meantime if you need to get updates deployed in a hurry.

[-]

InvisibleTextArea@reddit

MS update servers are always overloaded on patch day. Give a few hours and try again.

[-]

chicaneuk@reddit

I've been managing our WSUS and server patching for the better part of two decades and I genuinely can't remember, at least in the last decade, this ever happening.

[-]

Vivid_Mongoose_8964@reddit

agree

[-]

Lukage@reddit

Today is "a few hours" after patch day, which was yesterday.

[-]

Jazzlike-Post7257@reddit

I raised a case with Microsoft earlier and they informed me they are aware of the issue. No official comms but the team are working on it. Hopefully it will be resolved soon.

[-]

Nri_Eze@reddit

same here. It's upsetting they haven't put anything out about sws.update.microsoft.com being down for almost 24 hours

[-]

atsnut@reddit

Continually failing here on all of our WSUS servers. We're not able to get any of them to sync.

[-]

greenstarthree@reddit

Yep, 2022 and 2016 both not syncing. They synced the July updates initially but since stopped with HTTP error.

Was mentioned on the patch Tuesday mega thread although I haven’t seen a reason posted there yet.

[-]

Top-Syllabub-2015@reddit

Same here in India

[-]

tletang@reddit

Same

[-]

meatwad75892@reddit

Same, Server 2022. My sync yesterday at 1pm was fine and got this month's patches downloaded, but subsequent syncs will just sit at 0% forever.

[-]

YSFKJDGS@reddit

Are you guys actually not getting patches though? I seem to be failing but I'm still showing the july updates for things.

[-]

ZebedeeAU@reddit

Last successful sync for me was on 08/07/2025 at 18:59 UTC

My WSUS server tried again on 09/07/2025 at 00:59 UTC and it failed (and has continued to fail ever since)

Luckily it got most if not all of the required patches on its last successful sync and once the patches were approved, they download from Microsoft Update just fine and are served out to internal clients.

[-]

51l3nc@reddit

Not to play "me too," but, me too. Odds that its DNS issues at MS?

[-]

ignescentOne@reddit

"it's always dns"

[-]

meatwad75892@reddit

All good on mine, running Server 2022.

https://imgur.com/a/iqwMXtL

[-]

ghgard@reddit (OP)

Thanks, at least I know its not my system...

[-]