How to Manually Import Updates into WSUS from Microsoft Update Catalog
This post explains how to manually import updates into WSUS from the Microsoft Update catalog. If you notice a critical Windows patch is missing in WSUS, you can use a simple procedure to manually import the update into WSUS from the update catalog and deploy it to computers.
The first question that comes to mind is why do I need to manually import Windows updates into WSUS? Can’t I simply run manual synchronization in the WSUS console and download the update? The answer is not all fixes, patches, and critical updates for Microsoft products are available for installation in the Windows Server Update Services (WSUS) console.
Occasionally, some Microsoft hotfixes and updates are not part of the WSUS catalog. So, even if you synchronize the updates, you may not see those updates in WSUS console. Therefore, you need to import the updates manually from Microsoft Update Catalog into the WSUS.
Even when you want to import a specific update into Configuration Manager, you’ll still need to use WSUS. Only when you import the update into WSUS, you can then sync that update from WSUS to SCCM. Take a look at the guide on how to import updates into Configuration Manager.
With critical updates missing into WSUS, you cannot deploy them to the client computers unless you import them. If you are using WSUS to deploy and manage updates, I will show you the correct procedure to import a missing update into WSUS.
Read: How to install and configure WSUS on Windows Server 2019
Introduction to WSUS Updates
Microsoft will always release the update with WSUS metadata catalog details. In rare cases, Microsoft will release individual updates that are not part of the WSUS catalog. That’s when you don’t see the individual patch in WSUS and the requirement for importing the update arises.
The below table lists the update release channel details and the action that you need to perform when the updates are missing in WSUS. This information is critical when you want to import updates into WSUS.
| Update Release Channel | Update Available | Next Step |
|---|---|---|
| Windows Update (Microsoft Update) | No | Take a look at the other options listed below. |
| Microsoft Update Catalog | Yes | Get the standalone package for the update from the Microsoft Update Catalog website. |
| Windows Server Update Services | No | Import the missing update into WSUS manually. |
| Configuration Manager Updates | No | Import the missing update into SCCM manually. |
Adding Updates from Microsoft Update Catalog
According to Microsoft, the Microsoft Update Catalog is a service that lists updates that can be shared across a corporate network. You can manually download Windows updates from the Microsoft Update Catalog for free. The Microsoft Update Catalog, which is also called the Windows Update Catalog, has updates for all the operating systems that Microsoft supports. These updates include the following:
- Device drivers
- Hotfixes
- Updated system files
- New Windows features
Microsoft typically releases security updates once a month. But if a critical vulnerability is found, like a virus or worm that spreads quickly, Microsoft will put out an update as soon as possible in the MS catalog. This update is also known as a “zero-day patch” (zero-day is commonly associated with the terms “vulnerability, exploit, and threat”).
Read: How to deploy Software Updates using SCCM
There is a procedure you must follow, but adding updates from the Microsoft Update Catalog is simple. Ensure you have a proper approval from the business prior to importing the updates and deployment them to your computers.
Prerequisites for importing Updates into WSUS
When you want to import updates into WSUS, you must make sure the following prerequisites are met.
- The WSUS Server must have the internet access to import the metadata from Microsoft to the WSUS Console. You don’t have to log in to the WSUS server to import the updates. You can install the WSUS admin console on your computer or other server.
- The Internet Explorer will require an add-on called ‘Microsoft Update Catalog‘ to find the updates from the Microsoft site. Normally, a prompt appears requesting users to this add-on and if installed, there shouldn’t be any issues.
- Internet Explorer is one of the prerequisites for importing updates into WSUS. But since IE11 is retired, you must use Microsoft Edge to import the updates into WSUS.
Manually Import Updates into WSUS from Microsoft Update Catalog
We will now go through the steps to import updates into WSUS from the Microsoft Update Catalog. As an example, we will import the update KB4554364 into WSUS. This update is applicable for computers running Windows 10 1903 and Windows 10 1909 OS.
Launch the WSUS console, expand your server, and select Updates. In the right pane, under the Actions section, select Import Updates.
Clicking Import Updates opens the browser and takes you to the Microsoft Update Catalog site. If you can’t get to the Update Catalog site, check to see if it’s being blocked by a firewall. In the text box, type the update KB number, which is 4554364 in our case and click Search.
You must pick the correct OS version because the 4554364 is applicable to Windows 10, Windows Server, etc. Most updates are applicable to more than one version of operating systems. Click the Add button next to the update that you wish to import.
Note: While manually importing updates into WSUS, you might find the “Add” button missing in the Microsoft Update Catalog. Here is a solution to fix WSUS Update Catalog Add Button Missing.
Clicking the Add button adds the update from the Microsoft Update Catalog to a basket. Select “View Basket.”
Now click on the Import button. Make sure the option “Import directly into Windows Server Update Services” is checked. This will import the selected update directly into Windows Server Update Services from the Microsoft Update Catalog.
You can now monitor the import progress of the update. If the update import status shows “Waiting,” it means the import operation has begun. The time taken to import the update will vary and mostly depends on the size of the update and your connection speed.
After a short while, we see the update is downloaded and the status is finally changed to Done. This means the update has been imported into WSUS. Click Close.
Verify if the Update is Imported into WSUS
Let’s check if the update has been successfully imported in to WSUS:
- Launch the WSUS console and select Search.
- In the Search box, type the update number and select Find Now.
- The update appears in the list of search results. This confirms that you have successfully imported the update(s) into WSUS.
Troubleshooting WSUS Import Updates Failed
Occasionally, when importing an update into WSUS from the Microsoft update catalog, the download fails. The update goes into the basket, however when you click on the Import button, the update goes to waiting and then shows as failed.
You might come across a standard canned message that says something like: Your WSUS server might not be configured correctly. This problem can be resolved with a straightforward registry change. Launch the cmd prompt as an administrator and run the below command.
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1
After you run the above command, try downloading the update again, and it should be successful. Take a look at this excellent article on how to troubleshoot WSUS Connection issues with SCCM. This is especially useful when WSUS fails to connect to the SCCM server.
WSUS Update Catalog Add Button Missing?
While manually importing updates into WSUS, you may find the Add button missing in Microsoft Update Catalog. When launching the Microsoft Update Catalog from WSUS, no option is available to allow for importing content into WSUS. Refer to the following troubleshooting guide to fix WSUS update catalog add button missing error.
Dear Prajwal,
I am trying to import updates directly to WSUS but i could not find option “Import directly into Windows Server Update”. I am using server 2016. I have checked in IE and also in edge but no luck.
Run as Administrator also same issue.
Please guide me how resolve this issue.
I see you have posted the question in the forums, I will respond over there.
I have manually imported the Microsoft KB’s but still not able to find in SCCM console. also tried lot of times to synchronize..
what will be root cause please ?
As Internet Explorer is out of Support, As it is not available in Current Server OS. How to import the patches with IE on the Server ?
To import updates from Edge you will need to enable IE Compatibility mode (Settings>Default Browser>Internet Explorer compatibility)and add the Windows Catalog page. Once you enabled the IE Compatibility mode you need to restart your Edge Browser, go to Windows Catalog page and the install prompt will show up so you can then follow this guide to add updates manually. Hope it helps!
Hi
i am unable to add a patch (KB5020436) from the update catalog, only Download is available.
Please advise how to add it because in our environment it is very important to be deployed asap
Hi Prajwal,
Is there any option to import KB in wsus if KB is not available in Microsoft catalog?
No, I don’t think so you can do that.
Thanks for you reply.
I have another Query. My client is saying that some KBs are missing in WSUS, and when I checked these KBs these are Delta updates and available in Microsoft Catalog and for the same KBs there is no any Cumulative updates. These KBs are KB4467696 , KB4467686 and KB4467702.
What should we enable in Product and classification so that these KBs can synchronize in WSUS as I can check in All updates there is no any delta updates available right now.
And when I am trying to import updates in WSUS Internet explorer throwing certificate error and unable to open Microsoft catalog website. We have 2012 R2 server.
So please guide me how these KBs can be available in WSUS.
Thanks
Do you know if any way to import from a different repository, such as a local file or the DoD repository at DISA?
Nope, you must import the updates from Microsoft update catalog.
So I imported the updated January 2022 updates into WSUS [Server 2012 R2] – I got the message that they were successfully uploaded and I see them in WSUS, but when I scan for updates on a client server, they are not appearing. Why?
That should take some time. Have you examined the log files?
while importing using IE, I am getting below error:-
“This update cannot be imported into Windows Server Update Services, because it is not compatible with your version of WSUS.”
That issue should be resolved now.
Hi,
When i go to import an update from WSUS, go to basket,import into wsus, it downloads and gives me the green dialog confirming this. but does not show up in WSUS.
I have synced many times.
Do you see any errors during synchronization?
On server 2016
1) ensure IE is your default browser (at least temporarily so WSUS will open IE)
2) when WSUS opens the page in IE if you get an error, change the 1.20 to 1.80 in the URL
3) add to basket and import directly as per directions above
Hi,
I had to access the site manually (www.catalog.update.microsoft.com) on the wsus server cause the “Import Updates” button failed to load anything on IE.
I chose the updates I wanted, but it isn’t giving me the option to import it to wsus directly from the site, just download the updates. Is there a specific directory I need to save it in for my wsus to access the updates?
Thanks,
Hi.
I have WSUS Server on Field Side with no internet where i have to import windows update manually . I have download the Updates from Microsoft Catalog site. Now i need to import these CAB files in WSUS server. kindly advise me to rectify this problem.
Do the updates have to be approved in WSUS before they appear in SCCM? when I run the sync in SCCM after importing a particular update, i cannot see it in sccm. I have also created an ADR for this update which falls into the classification of Feature packs. The update is .NET Framework 4.8 for Windows 10 1809 as all of our 1809 machines are missing the update. Please can someone advise? Thanks
If the import fails, where can we check logs.
The this command on the Administrator elevated CMD then restart the server try again it should work.
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1
Thank you! That fixed me!
Another thanks here – this fixed me up so that manual updates would download and import properly.
Ditto – first time I’ve had to do this but working fine now.
Hi Prajwal,
when i try to import KB to wsus – i get an error, which says that there’s a problem with proxy or WSUS – but automatic updates work. IE 11, *.microsoft.com added to trusted sites – what can be wrong?
Hi Prajwal,
When i click on import in WSUS the IE opens a blank white page and nothing happens
but if i try to open catalog.update.microsoft.com then it opens but i do not have import option to import wsus..
Thanks in advance
Hello,
I have followed the exact same steps for KB4551762.
There is I still cannot see the KB on the SCCM Console
Please see attached pictures as well.
How can I get to see the KB on the SCCM Console?
I have the same issue, I’ve imported KB4551762, KB4506991, KB4512508, KB4515384 and KB4489639. But, items are not showing up in SCCM. Can you please advise?
Even I am getting the same error now ,could please let me know what the procedure you followed to get this fixed(if this was resolved)
Hi Gokul & Prajwal, I don’t see the option for “View Basket” & “Add” in my WSUS console.
I am running SCCM 1902 in my production environment.
Please help me , how to get those options visible in browser.
I have tried accessing Microsoft Update Catalog site on IE,Chrome & Firefox, but still not getting those options available.
Waiting for your reply & solutions.
Thanks 🙂
Hi, Hope you have gone through the above Steps. Search with partucular KB and you will have an option ADD, Once added it will visible under VIEW BASKET
Hi Gokul
When a click on view basket I obtain a window that shows me only download button but not Import button. Is there something that I missed?
Thanks and regards.
Use internet explorer to access update catalog site.
Hi , Please use IE browser as default
Thanks Its working..