WSUS Post Install Essentials – it.megocollector.com

Contents

1 Install Reporting
2 Install WSUS Update
3 Repair Database
4 Source(s)

There are many articles that more than adequately detail a basic installation of the Windows Server Update Services (WSUS). This article assumes two things. The GPO has been configured and that this is a fresh installation of Windows Server 2012 with WSUS installed. No computers have connected yet. This article picks up at this point. Additional updates and configurations were needed to get a fully operational WSUS.

The reason for the Windows Server 2012 with WSUS is simple, Microsoft no longer provided adequate support required to handle their free Microsoft Windows 10. Another hidden cost of free. A new license for Windows Server 2012, where Windows Server 2008 was once adequate.

A basic install of Windows Server 2012 with WSUS in itself will not provide the support for Windows 10. Microsoft offers updates and configuration changes needed to support Windows 10.

Here are steps taken to take a basic, fresh install of WSUS to support Windows 10 with reporting.

Install Reporting

This isn’t needed to support Windows 10; however, the reporting isn’t “enabled” by default.

Install prerequisite .NET Framework 3.5 (includes .NET 2.0 AND 3.0) – An earlier version of .NET is required to get Microsoft Report Viewer installed. Select .NET Framework 3.5 (includes .NET 2.0 AND 3.0) Features in the Server Manager Add Roles and Features wizard.
Download and install the Microsoft Report Viewer 2008 SP1 Redistributable

Install WSUS Update

The following updates were used to add support for Windows 10 to WSUS. An oversimplified way to determine if Windows 10 is not supported in WSUS, Windows Vista will incorrectly be displayed rather than the correct Windows (Version 10.0).

Reboots will be necessary.

Install Update for Windows Server 2012 (KB3095113) (Windows8-RT-KB3095113-v3-x64.msu)

Install Update enables ESD decryption provision in WSUS in Windows Server 2012 and Windows Server 2012 R2
Open an elevated Command Prompt window, and then run “C:\Program Files\Update Services\Tools\wsusutil.exe postinstall /servicing” (case sensitive, assume C: as the system volume).
Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.
Restart the WSUS service.

Repair Database

This is an ideal install. However, if for some reason your computers started reporting in or your database is already populated. It has been recommended to start from scratch. However, there is a series of PowerShell scripts to execute at an elevated prompt to fix things. This is something I resorted to and worked well.

// disable Upgrades classification on local WSUS server
Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq "Upgrades"} | Set-WsusClassification -Disable &
 
// delete all update content on the current server belonging to the 1511 release
$s = Get-WsusServer
$s.SearchUpdates("version 1511, 10586") | foreach { $s.DeleteUpdate($_.Id.UpdateId) }
 
// enable Upgrades classification
Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq "Upgrades"} | Set-WsusClassification
 
// perform full sync
$sub = $s.GetSubscription()
$sub.StartSynchronization()

Source(s)

https://social.technet.microsoft.com/Forums/windows/en-US/59ad21be-7514-46df-adf3-fdf6ec15e132/wsus-breaks-after-kb3159706-released-552016?forum=winserverwsus
https://blogs.technet.microsoft.com/wsus/2016/01/29/how-to-delete-upgrades-in-wsus/