Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows Server 2016 / How to Manually Import (Add) Update into WSUS from Microsoft Update Catalog?

August 19, 2021 PowerShellWindows Server 2016Windows Server 2019

How to Manually Import (Add) Update into WSUS from Microsoft Update Catalog?

Not all fixes, patches, and updates for Microsoft products are available for installation in the Windows Server Update Services (WSUS) console. For example, you might have disabled update synchronization for a specific product, Windows version, or update class in your WSUS settings. Also, there are no updates in the WSUS console that are designed to solve a specific problem and don’t imply a bulk installation on all devices. In these cases, you can manually add (import) any update available in the Microsoft Update Catalog to WSUS or SCCM (Configuration Manager) via IE or PowerShell.

For example, we want to add the KB3125574 update to the list of WSUS updates (convenience rollup update that allows fixing a problem of high RAM usage by wuauserv).

Contents:
  • Importing Updates Manually into WSUS with Internet Explorer
  • Errors When Importing Updates and Drivers into WSUS
  • Adding Updates Manually into WSUS via PowerShell

Importing Updates Manually into WSUS with Internet Explorer

  1. Open the WSUS console;
  2. In the console tree, right-click on the Updates section and select Import Updates;WSUS -> Import Updates
  3. Then Internet Explorer will start and automatically go to Microsoft Update Catalog webpage (https://catalog.update.microsoft.com/);
      When you visit this website in IE for the first time, you will have to install a special ActiveX extension for WSUS. it’s better to add the Microsoft Update Catalog site to the list of trusted websites. You can register this ActiveX component with the command: regsvr32 c:\Windows\SysWOW64\MicrosoftUpdateCatalogWebControl.dll install wsus activex plugin for microsoft update catalog
  4. Find the KBs you need with the search and click Add to add them to the basket. It’s better not to select more than 20-30 updates at once; search for hotfix in Microsoft Update Catalog
  5. Then click View basket to open it;
  6. Check the option Import directly into Windows Server Update Services (if this option is not available, make sure you have the administrator privileges on your WSUS server) and click Import; Import directly into Windows Server Update Services
  7. Wait till the updates are downloaded (If the download is interrupted, try again); importing updates into wsus on windows server
  8. Then find the downloaded patches in the All Updates section of the WSUS console. Approve the installation of updates on the required computer groups (the easiest way to target computers to WSUS groups is through a GPO).

Thus, any update from the Microsoft catalog can be imported to the WSUS server, including drivers, service packs, feature packs, etc.

Errors When Importing Updates and Drivers into WSUS

You may receive an error when importing updates to WSUS running on Windows Server 2019/2016:

This update cannot be imported into Windows Server Update Services. Cause: it is not compatible with your version of WSUS.

update cannot be imported to wsus: not compatible with version

If such an error appears, you need to manually change the URL that is generated after clicking the Import Updates button. Replace in URL http://catalog.update.microsoft.com/…Protocol=1.20 to Protocol=1.80.

You should get something like this link:

http://catalog.update.microsoft.com/v7/site/Home.aspx?SKU=WSUS&Version=10.0.14393.2248&ServerName=yourwsushost&PortNumber=8530&Ssl=False&Protocol=1.80

If you receive a Failed status (Error Number: 80131509) when importing updates into WSUS, enable TLS 1.2 strong encryption support for .Net Framework version 4.0 on the WSUS server. To do this, set the SchUseStrongCrypto parameter to 1 in the registry. Run the following command in the elevated cmd:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1

wsus import update error: failed error number 80131509

The issue is described in the article Deploring Adobe Flash Player Removal Update on Windows.

Adding Updates Manually into WSUS via PowerShell

You can add new updates to the WSUS server using PowerShell. To do this, you need to download the update file from the Microsoft update catalog website and get its GUID.

Find the KB you need in the WSUS console and click on its name. A web page with a description of the update will open. Copy the updateid value from the address bar, download the MSU update file to your local disk.

microsoft update catalog: get update id via url

Connect to the WSUS server from the PowerShell console:

$WsusSrv = Get-WsusServer (if you run PowerShell console directly on WSUS server)
$WsusSrv = Get-WsusServer -Name mun-wsus1 -PortNumber 8531 –UseSsl (if you connect to the WSUS server remotely )

Now you can add the downloaded update to WSUS console. The following import command is used:

$WsusSrv.ImportUpdateFromCatalogSite('UpdateGUID', 'Update.msu')

For example:

$WsusSrv.ImportUpdateFromCatalogSite('a5e40bf9-f1dc-4e6d-93e7-b62c6bf1ce3e', 'C:\Downloads\Updates\kb5005260.msu')

You can check that the update was imported successfully and display information about it:

$WsusSrv.SearchUpdates('kb5005260') | fl *

When importing WSUS update via PowerShell, an error may appear:

Exception calling “ImportUpdateFromCatalogSite” with “2” argument(s): “The underlying connection was closed: An unexpected error occurred on a send.”   
+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException

This is also because PowerShell is trying to establish a connection over TLS 1.0 protocol, which is being blocked by the WSUS server. To solve the problem, add the SchUseStrongCrypto parameter on the WSUS server (and restart it):

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1

After that, importing the update to the WSUS server from PowerShell will work correctly.

7 comments
2
Facebook Twitter Google + Pinterest
previous post
PowerShell SecretManagement Module: Securely Manage Credentials and Secrets
next post
Hyper-V: Configuring Automatic Startup and Boot Order of VMs

Related Reading

Create Organizational Units (OU) Structure in Active Directory...

May 17, 2022

Windows Security Won’t Open or Shows a Blank...

May 17, 2022

How to Manually Install Windows Updates from CAB...

May 16, 2022

RDS and RemoteApp Performance Issues on Windows Server...

May 16, 2022

Deploying Software (MSI Packages) Using Group Policy

May 12, 2022

7 comments

Derg December 21, 2018 - 6:44 am

I don’t have the Import option (logged as a local Administrator on the server). How can I fix that?

Reply
admin December 21, 2018 - 6:48 am

1. Add your admin account to the local WSUS groups.
2. Reset IE settings.
3. Temporary change the security setting in IE on lower level.
4. Try to import the update.

Reply
Aaron December 8, 2020 - 3:14 pm

Having a slight issue myself… I have the import option, but when I attempt to download, It fails each time.
If I uncheck the box, the download completes…

Reply
admin December 8, 2020 - 5:25 pm

If you receive a Failed error when importing updates, you must enable TLS 1.2 strong encryption support for .Net Framework 4 on the WSUS server.
Create a DWORD (32-bit) parameter named SchUseStrongCrypto with value 1 under reg key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319.
Restart WSUS to apply the new settings.
Then try importing updates.

Reply
Mike March 3, 2021 - 1:32 pm

This worked, thank you!

Reply
Alex December 19, 2020 - 12:58 am

Where is the log for the import? I imported 44 updates but I don’t see them in WSUS

Reply
Francesco August 20, 2021 - 9:22 am

Thank you! Great guide 🙂
Francesco

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Installing RSAT Administration Tools on Windows 10 and 11
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • How to Hide Installed Programs in Windows 10 and 11?
  • Manage Windows Updates with PSWindowsUpdate PowerShell Module
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Tracking and Analyzing Remote Desktop Connection Logs in Windows
  • How to Create a UEFI Bootable USB Drive to Install Windows 10 or 7?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top