WSUS for Windows Server 2012 or higher supports the installation of both common security patches and large upgrade packages (upgrades in Microsoft terminology) on Windows 10. However, this feature doesn’t work out-of-the-box: these upgrades (they are called Redstone in Windows 10 concept) simply cannot be downloaded on clients. Let’s consider this problem.
In WSUS for Windows Server 2012, there appeared a new type of update classes – Upgrades. It is enabled in the WSUS console in Options ->Product and Classification ->Classification. We need the Upgrades option (if it is disabled, don’t hurry to enable it!).
If you enable this option, your WSUS server won’t download the upgrades returning an error. To make WSUS download upgrade packages, install a separate update KB 3095113 (https://support.microsoft.com/en-us/kb/3095113) on your WSUS server.
- Disable the classification:
UpgradesGet-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification –Disable - Delete the information about these upgrades from WSUS database:
$wsus = Get-WsusServer
$wsus.SearchUpdates(“version 1511, 10586, 1607”) | foreach { $wsus.DeleteUpdate($_.Id.UpdateId) } - Enable the classification:
UpgradesGet-WsusClassification | Where -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification - And run the synchronization:
$subsc = $s.GetSubscription()
$subsc.StartSynchronization()
But it is only a part of the story, after the installation of KB 3095113 on the server, the upgrade packages do not appear on the clients. In WindowsUpdate.log on a PC running Windows 10, you can find the error 0x80244019:
2016/09/24 11:31:36.3654849 1064 2660 DownloadManager BITS job {842564BB-06CE-4251-941C-43B4424EB32} failed, updateId = 8CB53244-8521-238E-AAFB-443D553DC0A6.200, hr = 0x80190194. File URL = http://wsus.adatum.com:8530/Content/7C/6FCFDF07883BAE0E36654F3222603EAF377707B7C.esd, local path = C:\Windows\SoftwareDistribution\Download\dc0dc85b32300fe505d5d9a2f479c1b0\10586.0.151029-1700.th2_release_CLIENTENTERPRISE_VOL_x64fre_en-us.esd
2016/09/24 11:31:36.3658125 1064 2660 DownloadManager Progress failure bytes total = 2659650046, bytes transferred = 18574952
2016/09/24 11:31:36.3845664 1064 2660 DownloadManager Error 0x80244019 occurred while downloading update; notifying dependent calls
In the log, you can see the attempt to download an ESD file (a new format of distributing the OS image)—7C/6FCFDF07883BAE0E36654F3222603EAF377707B7C.esd from the server. Try to open this URL in a browser and you’ll get the error 404. The matter is that this file type is not allowed in the IIS settings and its transfer is blocked.
To allow the WSUS server to transfer ESD files, start Internet Information Service (IIS) Manager, go to WSUS Administration site and select Content directory. In IIS settings, select Mime Types section.
Add a new MIME type (Add MIME type):
File name extension: .esd
MIME type: application/octet-stream
cd %windir%\system32\inetsrv
appcmd set config /section:staticContent /+"[fileExtension='.esd',mimeType='application/octet-stream']"
Restart IIS (iisreset) and re-run the synchronization on the clients. Windows 10 clients have to start downloading .esd files and can install upgrade packages.