Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows Server 2016 / How to Manually Import (Add) Update into WSUS from Microsoft Update Catalog?

August 19, 2021 PowerShellWindows Server 2016Windows Server 2019

How to Manually Import (Add) Update into WSUS from Microsoft Update Catalog?

Not all fixes, patches, and updates for Microsoft products are available for installation in the Windows Server Update Services (WSUS) console. For example, you might have disabled update synchronization for a specific product, Windows version, or update class in your WSUS settings. Also, there are no updates in the WSUS console that are designed to solve a specific problem and don’t imply a bulk installation on all devices. In these cases, you can manually add (import) any update available in the Microsoft Update Catalog to WSUS or SCCM (Configuration Manager) via IE or PowerShell.

For example, we want to add the KB3125574 update to the list of WSUS updates (convenience rollup update that allows fixing a problem of high RAM usage by wuauserv).

Contents:
  • Importing Updates Manually into WSUS with Internet Explorer
  • Errors When Importing Updates and Drivers into WSUS
  • Adding Updates Manually into WSUS via PowerShell

Importing Updates Manually into WSUS with Internet Explorer

  1. Open the WSUS console;
  2. In the console tree, right-click on the Updates section and select Import Updates;WSUS -> Import Updates
  3. Then Internet Explorer will start and automatically go to Microsoft Update Catalog webpage (https://catalog.update.microsoft.com/);
      When you visit this website in IE for the first time, you will have to install a special ActiveX extension for WSUS. it’s better to add the Microsoft Update Catalog site to the list of trusted websites. You can register this ActiveX component with the command: regsvr32 c:\Windows\SysWOW64\MicrosoftUpdateCatalogWebControl.dll install wsus activex plugin for microsoft update catalog
  4. Find the KBs you need with the search and click Add to add them to the basket. It’s better not to select more than 20-30 updates at once; search for hotfix in Microsoft Update Catalog
  5. Then click View basket to open it;
  6. Check the option Import directly into Windows Server Update Services (if this option is not available, make sure you have the administrator privileges on your WSUS server) and click Import; Import directly into Windows Server Update Services
  7. Wait till the updates are downloaded (If the download is interrupted, try again); importing updates into wsus on windows server
  8. Then find the downloaded patches in the All Updates section of the WSUS console. Approve the installation of updates on the required computer groups (the easiest way to target computers to WSUS groups is through a GPO).

Thus, any update from the Microsoft catalog can be imported to the WSUS server, including drivers, service packs, feature packs, etc.

Errors When Importing Updates and Drivers into WSUS

You may receive an error when importing updates to WSUS running on Windows Server 2019/2016:

This update cannot be imported into Windows Server Update Services. Cause: it is not compatible with your version of WSUS.

update cannot be imported to wsus: not compatible with version

If such an error appears, you need to manually change the URL that is generated after clicking the Import Updates button. Replace in URL http://catalog.update.microsoft.com/…Protocol=1.20 to Protocol=1.80.

You should get something like this link:

http://catalog.update.microsoft.com/v7/site/Home.aspx?SKU=WSUS&Version=10.0.14393.2248&ServerName=yourwsushost&PortNumber=8530&Ssl=False&Protocol=1.80

If you receive a Failed status (Error Number: 80131509) when importing updates into WSUS, enable TLS 1.2 strong encryption support for .Net Framework version 4.0 on the WSUS server. To do this, set the SchUseStrongCrypto parameter to 1 in the registry. Run the following command in the elevated cmd:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1

wsus import update error: failed error number 80131509

The issue is described in the article Deploring Adobe Flash Player Removal Update on Windows.

Adding Updates Manually into WSUS via PowerShell

You can add new updates to the WSUS server using PowerShell. To do this, you need to download the update file from the Microsoft update catalog website and get its GUID.

Find the KB you need in the WSUS console and click on its name. A web page with a description of the update will open. Copy the updateid value from the address bar, download the MSU update file to your local disk.

microsoft update catalog: get update id via url

Connect to the WSUS server from the PowerShell console:

$WsusSrv = Get-WsusServer (if you run PowerShell console directly on WSUS server)
$WsusSrv = Get-WsusServer -Name mun-wsus1 -PortNumber 8531 –UseSsl (if you connect to the WSUS server remotely )

Now you can add the downloaded update to WSUS console. The following import command is used:

$WsusSrv.ImportUpdateFromCatalogSite('UpdateGUID', 'Update.msu')

For example:

$WsusSrv.ImportUpdateFromCatalogSite('a5e40bf9-f1dc-4e6d-93e7-b62c6bf1ce3e', 'C:\Downloads\Updates\kb5005260.msu')

You can check that the update was imported successfully and display information about it:

$WsusSrv.SearchUpdates('kb5005260') | fl *

When importing WSUS update via PowerShell, an error may appear:

Exception calling “ImportUpdateFromCatalogSite” with “2” argument(s): “The underlying connection was closed: An unexpected error occurred on a send.”   
+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException

This is also because PowerShell is trying to establish a connection over TLS 1.0 protocol, which is being blocked by the WSUS server. To solve the problem, add the SchUseStrongCrypto parameter on the WSUS server (and restart it):

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1

After that, importing the update to the WSUS server from PowerShell will work correctly.

7 comments
2
Facebook Twitter Google + Pinterest
previous post
PowerShell SecretManagement Module: Securely Manage Credentials and Secrets
next post
Hyper-V: Configuring Automatic Startup and Boot Order of VMs

Related Reading

Configure User’s Folder Redirection with Group Policy

February 3, 2023

Using Previous Command History in PowerShell Console

January 31, 2023

How to Install the PowerShell Active Directory Module...

January 31, 2023

Finding Duplicate E-mail (SMTP) Addresses in Exchange

January 27, 2023

How to Disable or Uninstall Internet Explorer (IE)...

January 26, 2023

7 comments

Derg December 21, 2018 - 6:44 am

I don’t have the Import option (logged as a local Administrator on the server). How can I fix that?

Reply
admin December 21, 2018 - 6:48 am

1. Add your admin account to the local WSUS groups.
2. Reset IE settings.
3. Temporary change the security setting in IE on lower level.
4. Try to import the update.

Reply
Aaron December 8, 2020 - 3:14 pm

Having a slight issue myself… I have the import option, but when I attempt to download, It fails each time.
If I uncheck the box, the download completes…

Reply
admin December 8, 2020 - 5:25 pm

If you receive a Failed error when importing updates, you must enable TLS 1.2 strong encryption support for .Net Framework 4 on the WSUS server.
Create a DWORD (32-bit) parameter named SchUseStrongCrypto with value 1 under reg key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319.
Restart WSUS to apply the new settings.
Then try importing updates.

Reply
Mike March 3, 2021 - 1:32 pm

This worked, thank you!

Reply
Alex December 19, 2020 - 12:58 am

Where is the log for the import? I imported 44 updates but I don’t see them in WSUS

Reply
Francesco August 20, 2021 - 9:22 am

Thank you! Great guide 🙂
Francesco

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configure User’s Folder Redirection with Group Policy

    February 3, 2023
  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Configuring Port Forwarding in Windows
  • Installing RSAT Administration Tools on Windows 10 and 11
  • Manage Windows Updates with PSWindowsUpdate PowerShell Module
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Start Menu or Taskbar Search Not Working in Windows 10/11
  • How to Hide Installed Programs in Windows 10 and 11?
  • Adding Drivers into VMWare ESXi Installation Image
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top