Clients can't scan WSUS 4.0 server after June/July rollup installed

Applies to: Windows ServerWindows Server 2012 FoundationWindows Server 2012 Datacenter More

Symptom


On a Windows Server Update Services (WSUS) 4.0 server that was configured to use the default website (leave as is, port 80 for WSUS traffic instead of 8530), you install the June or July monthly update or rollup. After that, you may find that clients can no longer successfully scan against the WSUS server.

Cause


The June rollup (whose content is included in the July rollup and will be in all future rollups) adds a change to WSUS behavior that requires both HTTP and HTTPS bindings to be present in the IIS website configuration. When the server uses the default website, this HTTPS binding isn't automatically created. Installing a new WSUS server role after you apply either of these updates will generate the correct bindings, but existing WSUS installations must be manually updated to resume usual operation.

Resolution


Run the following commands at an elevated command prompt:

wsusutil.exe UseCustomWebsite truewsusutil.exe UseCustomWebsite false

Note The two commands must be run in this order. The second command generates the HTTPS binding that's needed to unblock the scenario. However, it will only take effect if the website is configured as nondefault, which is done by the first command.