Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Started WSUS up after 4 years and have a lot of old updates

  • Please log in to reply
2 replies to this topic

#1 michellepace


  • Members
  • 20 posts
  • Gender:Female
  • Local time:06:29 PM

Posted 04 December 2017 - 08:04 AM



Problem: My WSUS updates are really old and I'm not sure what to do

Server: Windows SBS 2011 standard (using WSUS 3.2)
Network: Size: x4 Windows 8.1 PRO, x4 Windows 10 PRO


These are the steps which I have followed:


  1. Started up WSUS after 4 years of it not connecting to Microsoft
  2. Ran Synchronisation (it took a very long time)
  3. Approved some updates, declined others but really I made a mess
  4. On Sunday, I Decided to rather first update each of our client machines manually (via the internet, not WSUS)
  5. Then I created a WSUS GPO for all client machines and applied it successfully
  6. Then I reduced the number of Products & Classifications selected in Update Services
  7. I re-ran Synchronisation
  8. Finally I ran the Clean Up Wizard (all options checked)
  9. When I click on "All Updates" and filter by "Any Except Declined" I still see updates dating all the way back to 2013, 2014, 2015, 2016
  10. When I click "All Computers" many of the computers which are up to date when I logon to them, say they are still pending updates in WSUS... to me it appears things are out of sync


Can I go ahead and decline all updates which were released before Tuesday as all my machines are individually updated anyhow?

Would the "cleanest" thing to do be to rather just start a fresh. Clear out my WSUS database and start a new... in the hope that everything will be in sync?



Thanks in advance,

Edited by michellepace, 04 December 2017 - 08:06 AM.

BC AdBot (Login to Remove)


#2 androbourne


  • Members
  • 25 posts
  • Local time:11:29 AM

Posted 05 December 2017 - 10:13 AM

I would advise you simply remove WSUS all together along with the GPOs in play and redeploy.


I'd also suggest that you deployment it on a newer server like 2013 and above. They play better with Windows 10. 2011 older will run into communicate issues and other problems with Windows 10 updates.


I just went through this myself for a large client that their previous MSP just never looked at WSUS once it was deployed 3 years ago.

#3 MLink


  • Members
  • 3 posts
  • Local time:04:29 PM

Posted 07 December 2017 - 11:39 AM

I would suggest you totally remove WSUS from this machine as mentioned above by 'androbourne'.


Deploy this again on that server after a reboot or a newer server OS.


Once you have done so, select only the relevant updates for the software/machines you have installed in your network.

Ensure you are not over selecting on language packs and including all of the update types you will need.


I would ensure all Group Policies are correct before setting off your initial sync.


Just remember while you are completing the initial sync you cannot make any amendments to the configuration while this is running!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users