WSUS Product Team Blog

WSUS Product Team thoughts, information, tips and tricks and beyond :-)

Solution to KB2919355 preventing interaction with WSUS 3.2 over SSL

Solution to KB2919355 preventing interaction with WSUS 3.2 over SSL

  • Comments 14
  • Likes

A fix is now available from Microsoft that resolves the issue where some computers that have the KB 2919355 update for Windows 8.1 and Windows Server 2012 R2 installed stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2)-based servers that are configured to use HTTPS and do not have TLS 1.2 enabled. Direct download links, installation instructions, and more information you can use to check if you’re impacted by this issue, are provided on the KB 2959977 page.

  • If you manually imported KB 2919355 prior to the issue of KB 2959977, you should decline the old revision on your WSUS server. Once you decline the revision in WSUS, it will no longer be distributed to clients.

  • For all users (even if your environment was not impacted), we recommend that administrators approve the latest revision of KB 2919355 for distribution to enable deployment of Windows 8.1 Update in your environment.

Comments
  • Update KB2959977 is only for old version KB2919355 and because of that update KB2959977 is not available over WSUS deploy. Is this correct??? because I dont have KB2959977 on wsus server.

  • yes, KB2959977 fix only the issue that Systems with old KB2919355 cannot talk to WSUS (without TLS 1.2)
    Therefore KB2959977 will not be available on WSUS, cause in this Situation WSUS will fail to deploy any Patch to such Clients anyway.

  • thank you

  • so if you have a 2003 R2 WSUS server that doesn't support TLS 1.2 protocol I will be forced to upgrade to 2008 or 2012 WSUS server? Thanks a lot Microsoft...

  • Hi, I want to deploy KB2919355 to a test computer group. When I run a computer report I see that the kb2919355 is set to Install but status is Not Applicable. The prerequisity updateKB2919442 is installed on each computer in my test WSUS group. Other WSUS updates are deployed without problem.
    I've also managed to install the kb2919355 on one of the computers manually using Windows8.1-KB2919355-x64.msu.
    Has anyone encountered similar problem, please?

  • I also found that KB2919355 seems not to be found as "needed" by WSUS for some Windows 8.1 and some 2012 R2 Systems (especially Hyper-V Server 2012 R2). So looks like some dection bug.
    Those Systems could install KB2919355 by file.

  • After the latest iteration of KB2919355, all of my W8.1 are sending the desired "needed" status to WSUS and installing the update after approving, so it has somehow solved itself..

  • WSUS role on Server 2012 R2 fails to configure. Why does MS make us try 10+ different possible causes and give no useful help to resolve this. Please please, a simple download that runs to troubleshoot and fix the problems please!

  • http://msdn.microsoft.com/en-us/library/aa374757%28v=VS.85%29.aspx (TLS / Ciphers in Win7)
    http://msdn.microsoft.com/en-us/library/ff468651(v=vs.85).aspx (TLS / Ciphers in Vista)

  • We have a similar problem but with WSUS for Windows Server 2012 (version 6.3.9600.16384) - none of our 2012 R2 clients report their daily status to the WSUS server (also 2012 R2) after their initial status report. At the minute, our workaround is a scheduled task on each client that does the following on a daily basis:

    net stop wuauserv
    rd /q /s %windir%\softwaredistribution
    reg delete HKLM\Software\Microsoft\Windows\CurrentVersion
    /WindowsUpdate /f
    net start wuauserv

    Is it possible that an update that fixed a prior issue has re-introduced this issue into 2012 clients?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment