May 25, 2012

Should my WSUS provide update information before it is fully synchronized?


I recently installed WSUS in a network and am now waiting for it to download all the updates I want to provide to other clients.

enter image description here

The updates are already approved. The installation is set up to only download approved updates. That is what it is doing right now.

So, this is going to take a while. In the meantime, I set up my group policies to make my clients aware of this new service.

Sadly, my Windows 7 test client (freshly installed), doesn’t seem to think there are any updates available:

enter image description here

So, now I’m asking myself, is my setup broken? Or do I simply have to wait for those 140GB to download before it will all start to function properly.

The WindowsUpdate.log on my test client seems to tell that my correct server is being used:

2012-05-19  15:44:25:523     944    43c AU  ###########  AU: Initializing Automatic Updates  ###########
2012-05-19  15:44:25:523     944    43c AU    # WSUS server: http://SRV-PDC

The log is also pretty clear on the number of updates that should be applied:

2012-05-19  15:44:27:133     944    85c Agent     * Found 0 updates and 61 categories in search; evaluated appl. rules of 174 out of 895 deployed entities
2012-05-19  15:44:27:149     944    754 AU    # 0 updates detected

The reportingevents.log also indicates that no updates are available:

{6DB29978-5D20-4D80-9088-5F87D0CC3417}  2012-05-19 20:13:23:388+0200    1   147 101 {00000000-0000-0000-0000-000000000000}  0   0   AutomaticUpdates    Success Software Synchronization    Windows Update Client successfully detected 0 updates.
{03B0D7A7-A599-41CE-B583-F2870CEF4225}  2012-05-19 20:13:23:388+0200    1   156 101 {00000000-0000-0000-0000-000000000000}  0   0   AutomaticUpdates    Success Pre-Deployment Check    Reporting client status.


So, after waiting a couple of hours days, the first updates are being served.

I guess what my confusion boiled down to was: Can WSUS offer updates to clients before they are downloaded to the server?

Which, in hindsight, is a pretty stupid question.

In case you’re someone waiting desperately for your WSUS to synchronize so you can test your lab or whatever. Here are a few mistakes I made that you might be able to not make yourself.

Initial Synchronization

Your WSUS won’t download anything before it is synchronized. Make sure your initial synchronization has already finished (and was actually started).

Initial synchronization can take quite some time. I made the mistake of shutting down the server in the middle of the synchronization process. It would have synchronized every morning at 6am, but the (lab) server was never running at that time.

So I wasn’t synchronized for quite a while, not downloading anything.


Make sure to approve your updates. Updates that are not approved, might not be downloaded and they won’t be offered to any clients either.

BITS Transfer Priority

If you’ve made sure that updates are actually being downloaded to your server, you can additionally increase download speed of those updates by increasing the download priority of BITS. Please refer to KB922330 and this technet article for exact details. There is also this excellent blog post that summarizes setting the foreground download priority.

However, please note that increasing the WSUS download priority in production environments can be counter-productive as it might saturate your internet connection.

Please keep in mind, even after setting the foreground priority for BITS, transfer speeds were far from optimal considering my potential throughput.

enter image description here

Answered by Oliver Salzburg

Related posts:

  1. Can’t update Windows 2008 server with WSUS installed on it
  2. Use WSUS when local, MU when remote? (But still report to WSUS)
  3. Using WSUS to update machines not on the domain
  4. How can I extract a single update out of WSUS for an unmanaged PC?
  5. WSUS Clients Updating from Microsoft Update

Leave a comment