Possible Cause
This issue occurs if the WSUS servers are configured to use the old synchronization endpoint, https://fe2.update.microsoft.com/v6. This endpoint was fully decommissioned and is no longer reachable after July 8, 2019.
Resolution
To fix the issue, change the synchronization endpoint in WSUS configuration to https://sws.update.microsoft.com.
To do this, follow these steps on the topmost WSUS server that connects directly to Microsoft Update, such as the root WSUS server in a WSUS hierarchy:
- Close all WSUS consoles.
- At an elevated PowerShell command prompt, run the following PowerShell scripts.
Note Don’t run the scripts on a WSUS server that’s not the topmost server. If the server isn’t connected to the Internet, synchronization may fail.
For WSUS version 3.x:
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") $server = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer() $config = $server.GetConfiguration() # Check current settings before you change them $config.MUUrl $config.RedirectorChangeNumber # Update the settings if MUUrl is https://fe2.update.microsoft.com/v6 $config.MUUrl = "https://sws.update.microsoft.com" $config.RedirectorChangeNumber = 4002 $config.Save(); iisreset Restart-Service *Wsus* -v
Note WSUS servers that are running Windows Server 2008 (without the latest update) or earlier versions may be using the https://update.microsoft.com/v6 or https://www.update.microsoft.com synchronization endpoints. Because these versions of Windows don’t support SHA256 certificate authentication, use the following settings in the PowerShell scripts:
$config.MUUrl = " https://sws1.update.microsoft.com" $config.RedirectorChangeNumber = 3011
For WSUS on Windows Server 2012 and later versions:
$server = Get-WsusServer $config = $server.GetConfiguration() # Check current settings before you change them $config.MUUrl $config.RedirectorChangeNumber # Update the settings if MUUrl is https://fe2.update.microsoft.com/v6 $config.MUUrl = "https://sws.update.microsoft.com" $config.RedirectorChangeNumber = 4002 $config.Save() iisreset Restart-Service *Wsus* -v
Verify that WSUS synchronization succeeds.