I have a Server with Windows Server 2016 OS in my network. I Configured WSUS service on it for deploying update packages in Domain. Everything went well but now I have a problem.
When I approve selected packages for download and try to deploy to computer, none of them download from Microsoft servers. There is no clear error message for this problem. How can I fix this?
Best Answer
I had this same problem and it took me ages to figure out what was going on. In my case i was using Windows Server 2012.
It turns out that WSUS uses Background Intelligent Transfer Service (BITS) to actually download the updates. I was authenticated against an upsteam WSUS server (not using the internet as source) and i was using SSL on 443 (not the 8531 WSUS port). I was able to synchronise against the upstream server but the updates just wouldnt download - no matter how long i left it.
On the WSUS server, i opened an administrative powershell and run the following commands.
This shows the current downloads that BITS is doing. I then expanded some of these and saw that the request was actually going via HTTP
So as supported by these posts: https://community.spiceworks.com/topic/2091224-wsus-client-download-through-ssl https://social.technet.microsoft.com/Forums/en-US/e87b96a2-2dd3-429b-9611-b5ff00f93d5c/clients-downloading-updates-on-http-from-wsus?forum=winservergen
BITS uses HTTPS for the authentication and synchronization (seeing what updates are available) but actually uses HTTP for the download of the updates.
I had to enable HTTP access (80) on my firewall and then the updates started to download.
This might be a niche solution, but it might be worth using those BITS commands to help debug what is going on.