Summary
Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2). This article includes information about the contents of the update and how to obtain the update.
Issue that this update fixes
Consider the following scenario:
-
A Windows Server Update Services (WSUS) server is running Windows Server 2003 SP2, Windows Server 2008 SP2, or Windows Server 2008 R2 SP1.
-
You use the Wsusutil.exe command-line tool to synchronize software update metadata on the WSUS server. For example, you run the following command:
wsusutil.exe export export.cab export.log
-
The command is completed without an error, and a package file (Export.cab) is exported.
In this scenario, the file size of Export.cab is displayed as 0 kilobytes (KB).
This issue occurs because the metadata.txt file within the exported CAB file exceeds the limit of 2 gigabytes (GB). To resolve this issue, install the update that is described in this article. Then, use the following syntax to export or import update metadata by using the GZIP file format:wsusutil.exe export export.xml.gz export.log
wsusutil.exe import import.xml.gz import.log For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:2819484 CAB file that is exported by using the Wsusutil.exe command is displayed as 0 KB on a Windows Server 2012-based WSUS server This update also includes the following fixes:
-
2530678 System Center Update Publisher does not publish customized updates to a computer if WSUS 3.0 SP2 and the .NET Framework 4 are installed
-
2530709 "Metadata only" updates cannot be expired or revised in WSUS 3.0 SP2
-
2720211 An update for Windows Server Update Services 3.0 Service Pack 2 is available
-
2734608 An update for Windows Server Update Services 3.0 Service Pack 2 is available
Notes
-
Update 2720211 and update 2734608 are included in this update. These updates strengthen the WSUS communication channels.
-
The Windows Update Agent (WUA) on computers that are managed by this WSUS server are automatically upgraded after you apply this update.
-
WSUS must work correctly to apply this update. If WSUS is configured to synchronize updates from Microsoft Update, make sure that WSUS can synchronize updates. Additionally clients must be able to communicate with the WSUS server.
For more information about how to perform basic health checks on a WSUS server, go to the following Microsoft TechNet websites:
How to apply this update
We recommend that you synchronize all WSUS servers after you apply this update. If you have a hierarchy of WSUS servers, apply this update, and then synchronize the servers from the top of the hierarchy to the bottom of the hierarchy. To do this, follow these steps:
-
Start the components in WSUS 3.0 SP2 that synchronize with Microsoft Update.
-
Apply update 2828185 to the server at the top of the WSUS 3.0 SP2 server hierarchy.
-
Synchronize the server.
-
Repeat steps 2 through 3 for the WSUS 3.0 SP2 servers that synchronize with the server at the top of the hierarchy (from the top of the hierarchy to the bottom of the hierarchy).
Known issues with this update
-
If you use the Local Publishing feature from a remote WSUS console, you must apply this update on all remote WSUS consoles. This is to make sure that the API versions of the consoles match.
-
You have to re-sign and republish all local updates after you apply this update. To re-sign and republish local updates, a minimum of a SHA1, 1024 key-length certificate is required. For more information about how to locally publish updates, go to the following Microsoft Developer Network (MSDN) website:
-
After you apply the update to the WSUS server, follow these steps to synchronize Windows 8 or Windows Server 2012 clients with WSUS 3.0 SP2:
-
Open cmd.exe in elevated mode on the Windows client.
-
Type the following commands. Make sure that you press Enter after you type each command:
Net stop wuauserv rd /s %windir%\softwaredistribution\ Net start wuauserv
-
-
You have to create exception rules in the HTTPS inspection server if the following conditions are true for your environment. You have to do this so that the Windows Update traffic is not inspected when it is tunneled.
-
You connect to Windows Update through a network proxy.
-
The network proxy uses HTTPS or SSL content inspection.
-
There is an intermediate server between the SSL traffic of the client and Microsoft Update.
For more information about how to create HTTPS inspection exceptions for Microsoft Forefront Threat Management Gateway (TMG), go to the following Microsoft website:
Excluding sources and destinations from HTTPS inspectionFor a list of URLs and domains to exclude from the HTTPS inspection, click the following article number to view the article in the Microsoft Knowledge Base:
885819 You experience problems when you access the Windows Update Version 6 website through a server that is running ISA Server
-
-
If you manually install the executable file that is included in this update, you have to restart the computer to apply the update.
-
Remote Microsoft SQL Server administrators must download and install the update by using an account that has SQL Server Administrator permissions. SQL Server must always be installed manually.
-
To apply this update, you must be running Windows Internal Database or SQL Server.
-
You must stop Internet Information Services (IIS) and the WSUS service to prevent the database from being accessed while the Network Load Balancing (NLB) clusters are upgraded. For more information about how to upgrade NLB clusters, see the "How to upgrade NLB clusters on all computers" section.
How to upgrade NLB clusters on all computers
-
Shut down the NLB service on each node in the NLB cluster. To do this, type the following command at a command prompt.
Note In these steps, press ENTER after every time that you type a command prompt.nlb.exe suspend
-
Shut down IIS and the WSUS service. To do this, type the following commands at a command prompt:
iisreset/stop
net stop wsusservice -
Make sure that no other services can access the SQL Server database during the NLB cluster upgrade process. To do this, type nlb.exe disable together with the appropriate additional parameters for the port or application at a command prompt:
disable {vip[{:Port | :all}] | all[{:Port | :all}]} {Cluster[:{Host]| all {local | global}}}
-
Back up the SQL Server database. For more information about how to back up a SQL Server database, go to the following Microsoft website:
-
Individually upgrade each front-end computer. To do this, follow these steps:
-
Set up WSUS, and install update 2828185. To do this, type one of the following commands at a command prompt, as appropriate for your system:
-
WSUS-KB2828185-x64.exe /q C:\MySetup.log
-
WSUS-KB2828185-x86.exe /q C:\MySetup.log
-
-
Check the setup log to verify that the upgrade was successful. To do this, type C:\MySetup.log at a command prompt.
-
Make sure that IIS and the WSUS service are stopped. To do this, type the following commands at a command prompt:
iisreset/stop
net stop wsusservice -
Repeat steps A-C on each front-end computer.
-
-
After you upgrade all the nodes, start IIS and the WSUS service. To do this, type iisreset at a command prompt, and then type net start wsusservice on each node in the NLB cluster.
-
Start the NLB service on each node in the NLB cluster. To do this, type nlb.exe resume at a command prompt.
-
Type nlb.exe enable at a command prompt for all the ports or applications that you disabled in step 3.
Update information
The following files are available for download from the Microsoft Download Center:
Update for Windows Server Update Services 3.0 SP2 (KB2828185)
Update for Windows Server Update Services 3.0 SP2 for x64-based Systems (KB2828185)
Prerequisites
You must have Windows Server Update Services 3.0 SP2 installed to apply this update.
For more information about Service Pack 2 for Windows Server Update Services 3.0, click the following article number to view the article in the Microsoft Knowledge Base:972455 Description of Windows Server Update Services 3.0 Service Pack 2
Restart information
You must restart the computer after you apply this update.
Replacement information
This update does not replace a previously released update.
References
For more information about Windows Server Update Services, go to the following Microsoft TechNet website:
General information about Windows Server Update ServicesFor more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates