WSUS Post Install Essentials

There are many articles that more than adequately detail a basic installation of the Windows Server Update Services (WSUS). This article assumes two things. The GPO has been configured and that this is a fresh installation of Windows Server 2012 with WSUS installed. No computers have connected yet. This article picks up at this point. Additional updates and configurations were needed to get a fully operational WSUS.

The reason for the Windows Server 2012 with WSUS is simple, Microsoft no longer provided adequate support required to handle their free Microsoft Windows 10. Another hidden cost of free. A new license for Windows Server 2012, where Windows Server 2008 was once adequate.

A basic install of Windows Server 2012 with WSUS in itself will not provide the support for Windows 10. Microsoft offers updates and configuration changes needed to support Windows 10.

Here are steps taken to take a basic, fresh install of WSUS to support Windows 10 with reporting.

Install Reporting

This isn't needed to support Windows 10; however, the reporting isn't "enabled" by default.

  • Install prerequisite .NET Framework 3.5 (includes .NET 2.0 AND 3.0) - An earlier version of .NET is required to get Microsoft Report Viewer installed. Select .NET Framework 3.5 (includes .NET 2.0 AND 3.0) Features in the Server Manager Add Roles and Features wizard.
  • Download and install the Microsoft Report Viewer 2008 SP1 Redistributable
Install WSUS Updates

The following updates were used to add support for Windows 10 to WSUS.  An oversimplified way to determine if Windows 10 is not supported in WSUS, Windows Vista will incorrectly be displayed rather than the correct Windows (Version 10.0).

Along the way reboots will be necessary
For this next update, if it looks like your WSUS server is broken, that is because there are post install things that need to be completed. Once those post install things are completed, WSUS will work as expected.  I know this from experience.  It helps to read.
Repair Database

This is an ideal install.  However, if for some reason your computers started reporting in or your database is already populated.  It has been recommended to start from scratch.  However, there is a series of PowerShell scripts to execute at an elevated prompt to fix things.  This is something I resorted to and worked well.

// disable Upgrades classification on local WSUS server
 Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq "Upgrades"} | Set-WsusClassification -Disable  

// delete all update content on the current server belonging to the 1511 release
 $s = Get-WsusServer
 $s.SearchUpdates("version 1511, 10586") | foreach { $s.DeleteUpdate($_.Id.UpdateId) }

// enable Upgrades classification
 Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq "Upgrades"} | Set-WsusClassification

// perform full sync
 $sub = $s.GetSubscription()
 $sub.StartSynchronization()

 

Source(s)
https://social.technet.microsoft.com/Forums/windows/en-US/59ad21be-7514-46df-adf3-fdf6ec15e132/wsus-breaks-after-kb3159706-released-552016?forum=winserverwsus

How to delete upgrades in WSUS