Server 2016 not Downloading Updates from WSUS? Try This Fix

If you experience Server 2016 not downloading updates from WSUS, it is likely caused by a known bug. Follow the 3 steps in this guide to fix the problem.

Step 1: Determine Your Server’s Update Source

The first step to fix the problem is to determine where the server receives updates from. Here are the steps:

• Open Windows PowerShell. Then type the following command and press enter.

$MUSMObject = New-Object -ComObject "Microsoft.Update.ServiceManager" 

• Then type this command and press enter

$MUSMObject.Services | Select-Object Name, IsDefaultAUService

Here is the result of the last command.

For a server with problem downloading updates from WSUS, the results will be different. It will read:

Windows Store (DCat Prod)              False
Windows Server Update Service        False
Windows Update                              True

If your Windows Server 2016 has these results, it will not be able to download updates from WSUS. The following steps will fix the problem.

Step 2: Install KB4103720 and KB4462928 to Fix the Bug

Once you have confirmed that your Server 2016 has the problem as detailed in the last step, the next step is to download and install these two updates:

KB4103720 – click on the last link in the page (for Server 2016)
KB4462928 – also click the last link

The updates will take a while to install. While it is installing proceed to the last 2 step:

Step 3: Configure or Modify WSUS GPO

The final step to fix Server 2016 not downloading updates from WSUS is to configure some Group Policy settings.

Follow the steps below to modify your WSUS GPO settings:

• Login to a Domain Controller and open Server Manager
• From Server Manager, click Tools. Then select Group Policy Management

• When Group Policy Management opens, expand your domain name. Then expand Group Policy Objects container.

• Then right-click your WSUS GPO and select Edit.

• When the GPO opens for editing, open this path: Computer Configuration > Policies > Administrative Templates > System. Then select Device Installation.
• Locate Specify the search server for device driver source locations policy. Then double-click to open it.
• To enable the policy, click Enabled. Then beneath Options: Select search order: drop-down, select Do not search Windows Update. Click Apply, then OK.

• Next, locate Specify the search server for device driver updates policy and open it. Enable the policy. Then select the option shown in the image below. When you finish, click Apply. Then click OK.

• The two policies should now show as Enabled.

• Then navigate to Computer Configuration > Policies > Administrative Templates > System > Internet Communication Management > Internet Communication Settings.
• Locate and open Turn off access to all Windows Update features policy. Enable the policy. Then click Apply, OK.

• Also enable Turn off access to the Store policy.

• Finally, open Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update. Then configure the following policies:
• Enable Do not allow update deferral policies to cause scans against Windows Update policy.

• Enable No auto-restart with logged on users for scheduled automatic updates installations policy.

• Configure Specify intranet Microsoft update service location policy as shown below: Replace RolesSRV1 with your WSUS server. Unless you changed your WSUS server port, the default is 8530.

Step 4: Confirm Your Configuration Works

The final step is to check that your changes have fixed the problem. The following will verify that your modifications will work.

Here are the steps:

• Ensure that the Server 2016 that had the problem is in the Active Directory OU where the WSUS GPO is applied.
• Open PowerShell, type these commands then press enter.

$MUSMObject = New-Object -ComObject "Microsoft.Update.ServiceManager"  

$MUSMObject.Services | Select-Object Name, IsDefaultAUService 

The command result should now look like this:

Conclusion

The steps in this guide have fixed Server 2016 not downloading updates from WSUS issue for so many administrators. Hope it worked for you!

If you found the guide helpful, kindly share the part of the guide you found most helpful. Share your feedback by responding to the “Was this page helpful?” question below.

Our team and other community members will respond to your questions as soon as possible.

For more Windows Server fixes, visit our Windows Server Fix page.