This guide explains how to manually add or import updates into WSUS from Microsoft Update catalog.
The first question that comes to mind is why do I need to manually import or add Windows updates into WSUS? Can’t I simply run manual synchronization in WSUS console and download the update?
The answer to that is sometimes the Microsoft hotfixes and updates are not part of WSUS catalog. So, even if you synchronize the updates in WSUS, you may not see those updates in WSUS console. Therefore, you need to import the updates manually from MS Update Catalog.
Adding Updates from Microsoft Update Catalog
As per Microsoft, the Microsoft Update Catalog is a service from Microsoft that provides a listing of updates that can be distributed over a corporate network.
You can manually download Windows updates from Microsoft catalog Update for free. The Microsoft Update Catalog (Windows Update Catalog) offers updates for all operating systems supported by Microsoft. These updates include the following:
- Device drivers
- Updated system files
- New Windows features
Microsoft releases Security-related updates once a month. However, if there is a critical vulnerability found, such as a widespread virus or worm, Microsoft will release a corresponding update as soon as possible in the MS catalog.
Adding updates from Microsoft Update Catalog is easy however there is a procedure that you need to follow. The next topic discusses the steps to import updates into WSUS.
Manually Import Updates into WSUS
Use the below procedure to manually import updates in WSUS. As an example, we will look at importing the update KB4554364 into WSUS. This update is applicable for computers running Windows 10 1903 and Windows 10 1909 OS.
Launch the WSUS console, expand your server and click Updates. In the right pane, under Actions section, click Import Updates.
Clicking Import Updates opens the browser and takes you to the Microsoft Update Catalog site. If you are unable to browse the update catalog site, ensure it is not blocked or restricted by firewall. In the text box, type the update number which is 4554364 in our case and click Search.
Since the 4554364 is applicable to Windows 10, Windows Server etc., you must select the correct OS version. From the list of updates displayed, read click Add button.
Note: While manually importing updates into WSUS, you might find the Add button missing in Microsoft Update Catalog. Here is a solution to fix WSUS Update Catalog Add Button Missing.
Clicking Add button adds the update to a basket. Click View Basket.
Now click Import button. This will import the selected update directly into Windows Server Update Services from Microsoft Update Catalog.
You can monitor the import progress on this window. If the Progress shows Waiting, it means the import operation has begun.
Finally after few minutes, the progress is changed to Done. Click Close.
Let’s check if the imported update has been added in WSUS console. In the WSUS console, click Search. In the Search box, type the update number and click Find Now. You can now see we have successfully imported the update into WSUS.
At this point, you can choose to deploy this update to your endpoints. Refer to the following guide to configure WSUS Server.
WSUS Import Updates Failed
In some cases, while importing an update from update catalog, the download fails. The update goes into the basket, however when you click on the Import button, the update goes to waiting and then shows as failed.
You may see a generic canned message such as If you use a proxy server… and Your WSUS server might not be configured correctly.
To resolve this issue, a simple registry tweak is required. Launch the cmd prompt as administrator and run the below command.
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1
After you run the above command, try downloading the update again, and it should be successful.