How to Manually Import Updates into WSUS

ByPrajwal Desai Hours
Comments 33 Comments

This post explains how to manually import updates into WSUS from the Microsoft Update catalog. If you notice a windows patch is missing in WSUS, you can use a simple procedure to manually import the update into WSUS and deploy it.

But the first question that comes to mind is why do I need to manually import or add Windows updates into WSUS? Can’t I simply run manual synchronization in WSUS console and download the update?

Well, sometimes the Microsoft hotfixes and updates are not part of WSUS catalog. So, even if you synchronize the updates, you may not see those updates in WSUS console. Therefore, you need to import the update manually from Microsoft Update Catalog.

PatchMyPC HorizontalAD
Patch My PC Sponsored AD

You can use this post as a guide to install and set up WSUS on Windows Server 2019. If you are using WSUS to deploy and manage updates, I will show you how to import updates into WSUS.

Read: How to install and configure WSUS on Windows Server 2019

Introduction to WSUS Updates

Microsoft will always release the update with WSUS metadata catalog details. In rare cases, Microsoft will release individual updates that are not part of the WSUS catalog. That’s when you don’t see the individual patch in WSUS and the requirement for importing the update arises.

The below table lists the update release channel details and the action that you need to perform when the updates are missing in WSUS. This information is critical when you want to import updates into WSUS.

Update Release ChannelUpdate AvailableNext Step
Windows Update (Microsoft Update)NoTake a look at other options listed below.
Microsoft Update CatalogYesGet the standalone package for the update from the Microsoft Update Catalog website.
Windows Server Update ServicesNoImport the missing update into WSUS manually.
Configuration Manager UpdatesNoImport the missing update into SCCM manually.
WSUS Updates

Adding Updates from Microsoft Update Catalog

According to Microsoft, the Microsoft Update Catalog is a service that lists updates that can be shared across a corporate network. You can manually download Windows updates from the Microsoft Update Catalog for free. The Microsoft Update Catalog, which is also called the Windows Update Catalog, has updates for all the operating systems that Microsoft supports. These updates include the following:

  • Device drivers
  • Hotfixes
  • Updated system files
  • New Windows features

Microsoft typically releases security updates once a month. But if a critical vulnerability is found, like a virus or worm that spreads quickly, Microsoft will put out an update as soon as possible in the MS catalog. This update is also known as a “zero-day patch” (zero-day is commonly associated with the terms “vulnerability, exploit, and threat”).

Read: How to deploy Software Updates using SCCM

There is a procedure you must follow, but adding updates from the Microsoft Update Catalog is simple.

Prerequisites for importing Updates into WSUS

When you want to import updates into WSUS, you must make sure the following conditions are met.

  1. The WSUS Server must have the internet access to import the metadata from Microsoft to WSUS Console.
  2. The Internet Explorer will require an add-on called ‘Microsoft Update Catalog’ to find the updates from the Microsoft site. Normally, a prompt appears requesting users to this add-on and if installed, there shouldn’t be any issues.
  3. Internet Explorer is one of the prerequisites for importing updates into WSUS.

Manually Import Updates into WSUS

We will now go through the steps to import updates into WSUS. As an example, we will look at importing the update KB4554364 into WSUS. This update is applicable for computers running Windows 10 1903 and Windows 10 1909 OS.

Launch the WSUS console, expand your server, and click Updates. In the right pane, under the Actions section, click Import Updates.

Manually Import Updates into WSUS
Manually Import Updates into WSUS

Clicking Import Updates opens the browser and takes you to the Microsoft Update Catalog site. If you can’t get to the Update Catalog site, check to see if it’s being blocked by a firewall. In the text box, type the update KB number, which is 4554364 in our case and click Search.

You must pick the correct OS version because the 4554364 is applicable to Windows 10, Windows Server, etc. Click the Add button after reading the list of updates to determine which OS the update is appropriate for.

Note: While manually importing updates into WSUS, you might find the “Add” button missing in the Microsoft Update Catalog. Here is a solution to fix WSUS Update Catalog Add Button Missing.

Microsoft Update Catalog
Microsoft Update Catalog

Clicking the Add button adds the update from the Microsoft Update Catalog to a basket. Click “View Basket.”

Add Update - Microsoft Update Catalog
Add Update – Microsoft Update Catalog

Now click on the Import button. This will import the selected update directly into Windows Server Update Services from the Microsoft Update Catalog.

Import Update - Microsoft Update Catalog
Import Update – Microsoft Update Catalog

You can now monitor the import progress of the update. If the status shows “Waiting,” it means the import operation has begun.

How to Manually Import Updates into WSUS
How to Manually Import Updates into WSUS

After a short while, the status is finally changed to Done. This means the update has been imported into WSUS. Click Close.

How to Manually Import Updates into WSUS
How to Manually Import Updates into WSUS

Let’s see if the update has been added to the WSUS console and imported. In the WSUS console, click Search. In the Search box, type the update number and click Find Now. You can now see we have successfully imported the update into WSUS. At this point, you can decide whether or not to use WSUS to send this update to your endpoints.

Update Imported into WSUS Console
Update Imported into WSUS Console

Troubleshooting WSUS Import Updates Failed

In some cases, while importing an update from update catalog, the download fails. The update goes into the basket, however when you click on the Import button, the update goes to waiting and then shows as failed.

You might come across a standard canned message that says something like: Your WSUS server might not be configured correctly. This problem can be resolved with a straightforward registry change. Launch the cmd prompt as an administrator and run the below command.

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1

After you run the above command, try downloading the update again, and it should be successful.

Take a look at this excellent article on how to troubleshoot WSUS Connection issues with SCCM. This is especially useful when WSUS fails to connect to the SCCM server.

WSUS Update Catalog Add Button Missing?

While manually importing updates into WSUS, you might find the Add button missing in Microsoft Update Catalog. When launching the Microsoft Update Catalog from WSUS, no option is available to allow for importing content into WSUS. Refer to the following troubleshooting guide to fix WSUS update catalog add button missing error.

Avatar photo

Prajwal Desai is a Microsoft MVP in Enterprise Mobility. He writes articles on SCCM, Intune, Configuration Manager, Microsoft Intune, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.

Leave a Reply

Your email address will not be published. Required fields are marked *

33 Comments

  1. Avatar photo Pullela Nagaraju says:

    As Internet Explorer is out of Support, As it is not available in Current Server OS. How to import the patches with IE on the Server ?

    Reply
  2. Avatar photo Herbert Piljer says:

    Hi
    i am unable to add a patch (KB5020436) from the update catalog, only Download is available.
    Please advise how to add it because in our environment it is very important to be deployed asap

    Reply
  3. Avatar photo Lalan Kumar says:

    Hi Prajwal,
    Is there any option to import KB in wsus if KB is not available in Microsoft catalog?

    Reply
      1. Avatar photo Lalan Kumar says:

        Thanks for you reply.
        I have another Query. My client is saying that some KBs are missing in WSUS, and when I checked these KBs these are Delta updates and available in Microsoft Catalog and for the same KBs there is no any Cumulative updates. These KBs are KB4467696 , KB4467686 and KB4467702.
        What should we enable in Product and classification so that these KBs can synchronize in WSUS as I can check in All updates there is no any delta updates available right now.

        And when I am trying to import updates in WSUS Internet explorer throwing certificate error and unable to open Microsoft catalog website. We have 2012 R2 server.

        So please guide me how these KBs can be available in WSUS.

        Thanks

        Reply

  4. Do you know if any way to import from a different repository, such as a local file or the DoD repository at DISA?

    Reply

  5. So I imported the updated January 2022 updates into WSUS [Server 2012 R2] – I got the message that they were successfully uploaded and I see them in WSUS, but when I scan for updates on a client server, they are not appearing. Why?

    Reply
  6. Avatar photo Srikant Yadav says:

    while importing using IE, I am getting below error:-
    “This update cannot be imported into Windows Server Update Services, because it is not compatible with your version of WSUS.”

    Reply
  7. Avatar photo Keith Sherwood says:

    Hi,

    When i go to import an update from WSUS, go to basket,import into wsus, it downloads and gives me the green dialog confirming this. but does not show up in WSUS.

    I have synced many times.

    Reply

  8. On server 2016
    1) ensure IE is your default browser (at least temporarily so WSUS will open IE)
    2) when WSUS opens the page in IE if you get an error, change the 1.20 to 1.80 in the URL
    3) add to basket and import directly as per directions above

    Reply

  9. Hi,

    I had to access the site manually (www.catalog.update.microsoft.com) on the wsus server cause the “Import Updates” button failed to load anything on IE.

    I chose the updates I wanted, but it isn’t giving me the option to import it to wsus directly from the site, just download the updates. Is there a specific directory I need to save it in for my wsus to access the updates?

    Thanks,

    Reply
  10. Avatar photo Umair Shafi says:

    Hi.

    I have WSUS Server on Field Side with no internet where i have to import windows update manually . I have download the Updates from Microsoft Catalog site. Now i need to import these CAB files in WSUS server. kindly advise me to rectify this problem.

    Reply
  11. Avatar photo Mac Quazi says:

    Do the updates have to be approved in WSUS before they appear in SCCM? when I run the sync in SCCM after importing a particular update, i cannot see it in sccm. I have also created an ADR for this update which falls into the classification of Feature packs. The update is .NET Framework 4.8 for Windows 10 1809 as all of our 1809 machines are missing the update. Please can someone advise? Thanks

    Reply

  12. If the import fails, where can we check logs.

    Reply
    1. Avatar photo Mogomotsi Lebane says:

      The this command on the Administrator elevated CMD then restart the server try again it should work.

      reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1

      Reply

      1. Thank you! That fixed me!

        Reply
      2. Avatar photo Dude named Ben in CO says:

        Another thanks here – this fixed me up so that manual updates would download and import properly.

        Reply

      3. Ditto – first time I’ve had to do this but working fine now.

        Reply

  13. Hi Prajwal,
    when i try to import KB to wsus – i get an error, which says that there’s a problem with proxy or WSUS – but automatic updates work. IE 11, *.microsoft.com added to trusted sites – what can be wrong?

    Reply

  14. Hi Prajwal,

    When i click on import in WSUS the IE opens a blank white page and nothing happens

    but if i try to open catalog.update.microsoft.com then it opens but i do not have import option to import wsus..

    Thanks in advance

    Reply
  15. Avatar photo Lukholo Jeneto says:

    Hello,

    I have followed the exact same steps for KB4551762.

    1. Import from MS Catalog
    2. Approved Updates
    3. All Updates are visible on my WSUS Console
    4. I ran Synch on SCCM Console a few times & they were successful.

     
    There is I still cannot see the KB on the SCCM Console

    Please see attached pictures as well.

    How can I get to see the KB on the SCCM Console?

    Reply

    1. I have the same issue, I’ve imported KB4551762, KB4506991, KB4512508, KB4515384 and KB4489639. But, items are not showing up in SCCM. Can you please advise?

      Reply

      1. Even I am getting the same error now ,could please let me know what the procedure you followed to get this fixed(if this was resolved)

        Reply
  16. Avatar photo Rohit Goud says:

    Hi Gokul & Prajwal, I don’t see the option for “View Basket” & “Add” in my WSUS console.
    I am running SCCM 1902 in my production environment.
    Please help me , how to get those options visible in browser.
    I have tried accessing Microsoft Update Catalog site on IE,Chrome & Firefox, but still not getting those options available.
    Waiting for your reply & solutions.
    Thanks 🙂

    Reply

    1. Hi, Hope you have gone through the above Steps. Search with partucular KB and you will have an option ADD, Once added it will visible under VIEW BASKET

      Reply

  17. Hi Gokul
    When a click on view basket I obtain a window that shows me only download button but not Import button. Is there something that I missed?
    Thanks and regards.

    Reply

    2. Hi , Please use IE browser as default

      Reply
      1. Avatar photo Shadab Khan says:

        Thanks Its working..

        Reply