The Story
Today was a bit annoying…
I did my usual updates sync, and approve required updates, and in the past this has included CU’s without much fuss. However today I did my usual and ran check for updates on a member machine, returned clean (which i was expecting as per the results on WSUS console) and then I did the followup “Check for updates from Microsoft Updates” to my dismay the server stated an update was available a CU (KB4516061)… ughhh OK…
Checking WSUS
Decided to double check WSUS, to my dismay, re-syncing, and checking unapproved updates yielded no new updates. But I know there’s a new CU/// what gives?
Doing some reseach I find this is nothing really new and has been a problem for a while due to what could be multiple problems, including apparently packaging certain updates into other updates… how lovely.
As the main answer from that one says you can Import them… Ughhh fine…
*Expectation* Download MSU, click Import update, update gets imported to WSUS, and approve.
*Reality* Well reality is generally always worse then the expectations…
Importing Update into WSUS
So I downloaded the 1.5 Gig KB from MS Catalog and on my MMC snap-in click Import update… What do I get, a Windows Explorer popup asking me where the msu file I want to import is… NO… a link to the MS Catalog website…
Ughh… I already downloaded it what gives…
after a bit more research (honestly software should not be this non-intuitive, but that’s how old software was… non-intuitive…) turns out this “Import Updates” is not even designed for remote use (uhhh isn’t that the whole point of MMC Snap-ins?!?!?) Anyway, OK so people state you have to use it directly on the WSUS server….
FINE, Log directly into the server and open the WSUS console, click “Import Updates” IE opens and page can’t be loaded. Strange checking the IE security settings the site attempting to be navigated should be trusted.
Even grabbing the direct catalog link and pasting it in this IE window only gave me the option to Download, not “add” and then “view basket”. It turns out the option to add only becomes available after an ActiveX install for something.
Originally I was not getting this, it wasn’t until I read this , I found a golden egg on Technet, and very carefully read the answer:
MS WSUS Product Team:
“Just to let you know, a statement from the WSUS Product Team has been published: WSUS Catalog import failures
“We are aware of the issue and presently working on a fix. In the meantime, the following workarounds can be used to unblock your deployment:
After clicking on the “Import Updates…” option in the WSUS console, an Internet Explorer window will open on the following URL: http://catalog.update.microsoft.com/… &Protocol=1.20
Before proceeding with importing the updates, change the “1.20” protocol value in the URL to the previous protocol value “1.8”. The URL should look like this when you’re done: http://catalog.update.microsoft.com/… &Protocol=1.8″
Uhhh ok… so it turns out on the initial pop-up where you get the Windows can’t display this page:
Change end number to 1.8
Yes, and Yes
Once this page loads, you can add the Active X control at the bottom:
Now you get the add, and view basket, and finally get the import option:
Well that was an annoying morning…
And there they finally are…
Another annoying WSUS morning… :S *Update Feb 2020* still valid procedure.