Updating Windows 10 to the latest release can be a bit tricky. This guide covers a common problem that prevents WSUS from syncing Windows 10 Upgrade and the five steps to fix it.

We can expect to see several major updates to Windows 10 each year. Keeping up with these updates can be very difficult depending on how they are treated. If you are like many IT administrators, you probably held off on the early releases and decided to let someone else sort through potential problems.

With another release on the horizon, you decided to catch up and enable the Upgrades classification. And that is where WSUS betrayed you.

The WSUS Upgrades button looks so innocent.

The WSUS Upgrades button looks so innocent.

Without a bit of prep work, the WSUS environment doesn’t understand the components needed to download and deploy the Windows 10 upgrade. The upgrade has been downloaded but it has been saved to the WSUS database as a regular update.

This problem was preemptively fixed by installing the hotfix for KB 309511. Until recently, the instructions for remediating an environment without KB 309511 were not available. A few different methods of fixing this problem exist. The solution outlined below is the official response from the WSUS product team, with a bit more explanation.

The five steps steps below fix improper upgrades in WSUS below specifically show how to undo the damage caused by improper syncing of the Windows 10 1511 upgrade. You can modify these steps for future versions if needed.

Although you should do most steps in PowerShell, you can do some from the GUI if you prefer. The PowerShell commands use the UpdateServices module, and you should run them from an elevated PowerShell window on the WSUS server(s).

Step 1: Uncheck the Upgrades classification ^

The Upgrades classification will need to be disabled on your standalone WSUS server or your highest WSUS instance in your update hierarchy (the server that directly syncs with Windows Update). Simply uncheck the classification (as seen in the picture above) or run the following PowerShell command:

Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification -Disable

Step 2: Remove the improperly synced upgrade content ^

This next step involves deleting the actual Windows 10 upgrade files. You will need to use PowerShell for this step. You’ll need to repeat this step on every WSUS server in your environment. Start from the highest server and work down.

In the second line, note the version number that is being queried. If you are having issues due to an upgrade that is not version 1511, you will need to change this line.

$s = Get-WsusServer
$s.SearchUpdates(“version 1511, 10586”) | foreach { $s.DeleteUpdate($_.Id.UpdateId) }

Step 3: Install the hotfix for KB 3095113 ^

You can download the hotfix from here: https://support.microsoft.com/en-us/kb/3095113 . If you haven’t read up on exactly what this hotfix does (and why it was released as a hotfix in the first place), read this explanation. As a precaution, reboot the WSUS server after applying this update.

Step 4: Enable the Upgrades classification ^

We are back to a supported WSUS state now, and the environment is ready to handle the new format for upgrades. Re-enable the Upgrades classification on your top WSUS server by using the GUI or the following PowerShell command:

Get-WsusClassification | Where-Object -FilterScript {$_.Classification.Title -Eq “Upgrades”} | Set-WsusClassification

Step 5: Sync your WSUS server ^

The final step is to perform a full sync on your top WSUS server. To do this, run the following PowerShell commands from that server:

$sub = $s.GetSubscription()
$sub.StartSynchronization()

 With that, your environment should be fully compliant and able to deploy the latest Windows 10 upgrade! If you have any issues (or improvements to this process), let us know in the comments below. You can read the original TechNet guidance here and here.

10 Comments
  1. Ivo 6 years ago

    Hello,

    very good article, but the upgrade is failed again. the client could not download the upgrade and get the error is 80240020, i have deleted the  distro folder, but still have same problem.

  2. Author

    Hi Ivo - are you trying to enable upgrades in WSUS or deploy the actual Windows 10 upgrade?

  3. Rob B 6 years ago

    Well, nuts.  KB3095113 is installed on the WSUS (Server 2012).  The Updgrade box is checked.  The Win10 components have downloaded. The Win10 upgrade icon is showing up on the clients.  (All in that order.)

    But the upgrade doesn't deploy.  Clicking on the client Win10 upgrade icon offers one option to install the upgrade for unmanaged clients and tells the user to see their admin for managed systems.  Even though they are managed systems, I tried installing from the client.  The process starts, them immediately terminates.

  4. TSer 5 years ago

    Thank you for the article. Almost everything works after following your guide, except hwne i create a 'Servicing Plans' i don't get any results through the Preview button in 'Upgrades' tab. My search criteria was Language: "English" or any other criteria i select. I do see 256 updates in "All Windows 10 Updates" under the "Windows 10 Servicing" folder.

    Anyone know whats the problem is?

  5. Marc 5 years ago

    Using WID with WSUS on a indows 2012R2.
    Removing improperly synced synced content ends with following error:

    Exception calling "DeleteUpdate" with "1" argument(s): "spDeleteRevision: cannot delete revisionid: 110986 because it
    is still deployed to a Non DSS Target Group
    spDeleteUpdate got error from spDeleteRevision
    spDeleteUpdateByUpdateID got error from spDeleteUpdate"
    At line:1 char:53
    + $s.SearchUpdates("version 1511, 10586") | foreach { $s.DeleteUpdate($_.Id.Update ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : SqlException

    Exception calling "DeleteUpdate" with "1" argument(s): "spDeleteRevision: cannot delete revisionid: 95726 because it
    is still deployed to a Non DSS Target Group

    Re-Indexing did not help..... anyone know what to do?
    spDeleteUpdate got error from spDeleteRevision
    spDeleteUpdateByUpdateID got error from spDeleteUpdate"
    At line:1 char:53
    + $s.SearchUpdates("version 1511, 10586") | foreach { $s.DeleteUpdate($_.Id.Update ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : SqlException

    • Marc 5 years ago

      Solved:

      Had to identify which updates are revisionid and unapproved them in WSUS.

  6. Michael M. 5 years ago

    What needs to be changed to have this apply to 1607's Anniversary update?

  7. Author

    I don't think anything has to be changed, Michael.

  8. Rick 5 years ago

    Windows 2012 R2 server, WSUS role installed using WID database

    Logged onto server as domain admin.

    The Get-WsusServer command fails, returning a 403 Forbidden error.

    Same result if you include option for portnumber 8530.

    Domain Admins group is a member of the server's WSUS Administrators group.

    If issuing the Get-WsusServer with -usessl option and portnumber 8531, the connection is refused.

  9. Jiri 3 years ago

    Very goog article, but step 3 - install KB3095113 - is not possible. MS provides only Windows8.1-KB3095113-v2-x64.msu package in 5 variants, but no one si aplicable on win 2012 R2 server.

    To apply this update in Windows Server 2012 R2, you must have April 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355). - I have it installed.

    KB3095113 has been superseded by KB4025336 and KB4034681. If you have installed either one of the two KBs, you don't need to install KB3095113 any more. ... I don`t have nothing from these, no one is aplicable on Win 2012 R2 server. Only exist for Windows 8.1.

    Still I`m not able use WSUS server on Win 2012 R2 server for Windows 10 workstations.

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account