Marta Barillas also wrote a significant portion of this blog posting.
Some customers have indicated that some update files are not being downloaded by WSUS after approval, which results in those updates being unavailable to clients.
For an update to be offered to clients, the following needs to happen:
Update must be approved to a target group in WSUS.
Update files must be available; so if WSUS is configured to store content locally, the update files must be successfully downloaded by WSUS.
The setting is controlled by a checkbox in the WSUS console.
When this is selected, if the update files fail to download to WSUS, the update will not be offered to Clients even though it has been approved.
First, check if WSUS is syncing from another (upstream) WSUS server. (We’ll refer to the upstream WSUS server as USS and the downstream WSUS server as DSS henceforth).
If WSUS is syncing from another WSUS server, verify that the USS has the update files available by looking in the content directory on the USS. If the update files do exist on the USS, make sure that the DSS has access to:
If files are missing because they were never downloaded; ensure that files are downloaded by the Upstream WSUS (USS) and retry the download of the files on the Downstream WSUS (DSS).
If files are missing because the update has been declined and Cleanup Wizard has deleted the files from USS; proceed to decline the update from the DSS as well.
Note that in a WSUS hierarchy the Cleanup Wizard is recommended to be run from the bottom to the top in order to avoid DSS requesting updates that are no longer available on the USS.
Instructions for using the Server Cleanup Wizard are available on TechNet.
If files are missing because somehow they got deleted (not through WSUS Clean Up wizard); run Reset on USS and after files are available, retry the download of the files from the DSS. Please note that resetting a WSUS server can be a time consuming operation, as the reset happens for all the updates.
In order to run Reset, run the following command as an administrator: %SystemDrive%\Program Files\Update Services\Tools\WsusUtil.exe reset
For help information run: %SystemDrive%\Program Files\Update Services\Tools\WsusUtil.exe help reset
If WSUS is syncing from MU (there is no USS), verify that the update has not been Expired; otherwise it means that the update is no longer available. To verify that the update exists, search for it in the Microsoft Update Catalog.
If the update is no longer available from MU, Decline the update from the WSUS.
If the update exists, verify that WSUS has access to the root folder of the WsusContent folder.
The WSUS Team
Some newer updates are not downloaded after approval, even wsusutil.exe reset doesn't fix the problem.
The update files are not on the wsus server, no errors in eventlog.
If update files have actually failed to download TO the WSUS Server from a upstream source, inspect the AppEventLog for the presence of EventID 364s, which will tell you exactly why the download failed. If external issues are causing the failure, a wsusutil
reset won't help at all, this is true.
Thank you Ben. Good works.
Lawernce your idea is good to track event id 364
thank you http://www.kodes.com/
The other command that I don't find mentioned enough for WSUS issues is: "bitsadmin /list /allusers" which is deprecated but a fantastic utility.