- January 22, 2022
- Posted by: Surender Kumar
- Categories: Tips & Tricks, WSUS Server
Import Updates from Microsoft Update Catalog to WSUS
If you’re using a WSUS server for managing patching and updates in your network, you would often come across the updates that are not directly made available for WSUS server. These updates are made available directly via Windows Update or Microsoft Update Catalog. In this situation, you have to manually import such updates to your WSUS server from Microsoft update catalog.
In this article, I will discuss how you can import the updates to WSUS server from Microsoft Update Catalog. For the import to work successfully, please make sure Internet Explorer is set as the default browser on your WSUS server. An ActiveX for Microsoft Update Catalog will be installed on your server first time which is needed for import to work.
Procedure
To import the updates from Microsoft Update Catalog to your WSUS server, follow these steps:
- Launch the WSUS Managememt Console with Administrator privilege.
- Under the
Actionmenu option, click onImport Updates.
This will launch
Internet Explorerautomatically. If any other web browser is launched, please make sure Internet Explorer is set as default web browser. - Now you need to search for the update. Type the KB ID for the update you want to import in search box and click on search.
- You will see a list of updates matching the KB ID. You can click on
AddorRemovebuttons to add or remove the specific updates to your basket.
- Once you’re done, click on
view basketlink and then click onImportbutton.
- You will see the
Import Completedmessage. If you get an error, you can jump to WSUS Cannot Import Updates from Microsoft Update Catalog section to troubleshoot the error.
Now you’ll notice the update is being downloaded in WSUS server and once it is done, it will be ready for deployment. - Now you can search for the update and approve it for deployment on any group.
WSUS Cannot Import Updates from Microsoft Update Catalog
If you see a Failed error during import process or see an error that says “Some updates could not be imported” (as shown in image above), follow these steps to understand the cause and fix the issue.
Checking the MuCatalog File
The error shown in Internet Explorer is not enough to understand what is going on. To see the actual error, you need to look inside the MuCatalog log file on your WSUS server. The path to log file is shown below:
C:\Users\%username%\AppData\LocalLow\Microsoft\MuCatalog\mucataloglog.txt
Open the log file in any text editor and try to look for any error.
On my server, I can see the actual error is “The underlying connection was closed: An unexpected error occurred on a receive”.
This error means that the Tls connection is not being supported by your WSUS server and the Update Catalog. To fix the error, we just need to explicitly set the .Net Framework 4.0 on our server to use the strong cryptography. This can be simply done by running a command on WSUS server either locally or via PowerShell remoting.
Run Command Directly on WSUS Server
If you are directly logged-in on the WSUS server, just launch the “cmd.exe” or “powershell” with Administrator privilege and run the following command:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1
Run Command via PowerShell Remoting on WSUS Server
If you want to run the command on the WSUS server via PowerShell remoting, just launch “PowerShell” on your local computer with Administrator privilege and run the following command:
Invoke-Command -ComputerName WSUS-SRV01 -ScriptBlock {reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1}
Just replace the WSUS-SRV01 with the name of your own WSUS server.
Once you see a success message after running this command, just reboot your WSUS server and try importing the update again. Now the WSUS import should succeed without any error.
