For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
2819484 CAB file that is exported by using the Wsusutil.exe command is displayed as 0 KB on a Windows Server 2012-based WSUS server
This update also includes the following fixes:
2530678 System Center Update Publisher does not publish customized updates to a computer if WSUS 3.0 SP2 and the .NET Framework 4 are installed
2530709 "Metadata only" updates cannot be expired or revised in WSUS 3.0 SP2
2720211 An update for Windows Server Update Services 3.0 Service Pack 2 is available
2734608 An update for Windows Server Update Services 3.0 Service Pack 2 is available
Update 2720211 and update 2734608 are included in this update. These updates strengthen the WSUS communication channels.
The Windows Update Agent (WUA) on computers that are managed by this WSUS server are automatically upgraded after you apply this update.
WSUS must work correctly to apply this update. If WSUS is configured to synchronize updates from Microsoft Update, make sure that WSUS can synchronize updates. Additionally clients must be able to communicate with the WSUS server.
For more information about how to perform basic health checks on a WSUS server, go to the following Microsoft TechNet websites:
We recommend that you synchronize all WSUS servers after you apply this update. If you have a hierarchy of WSUS servers, apply this update, and then synchronize the servers from the top of the hierarchy to the bottom of the hierarchy. To do this, follow these steps:
Start the components in WSUS 3.0 SP2 that synchronize with Microsoft Update.
Apply update 2828185 to the server at the top of the WSUS 3.0 SP2 server hierarchy.
Synchronize the server.
Repeat steps 2 through 3 for the WSUS 3.0 SP2 servers that synchronize with the server at the top of the hierarchy (from the top of the hierarchy to the bottom of the hierarchy).
Known issues with this update
If you use the Local Publishing feature from a remote WSUS console, you must apply this update on all remote WSUS consoles. This is to make sure that the API versions of the consoles match.
You have to re-sign and republish all local updates after you apply this update. To re-sign and republish local updates, a minimum of a SHA1, 1024 key-length certificate is required. For more information about how to locally publish updates, go to the following Microsoft Developer Network (MSDN) website:
After you apply the update to the WSUS server, follow these steps to synchronize Windows 8 or Windows Server 2012 clients with WSUS 3.0 SP2:
Open cmd.exe in elevated mode on the Windows client.
Type the following commands. Make sure that you press Enter after you type each command:
Net stop wuauserv
rd /s %windir%\softwaredistribution\
Net start wuauserv
You have to create exception rules in the HTTPS inspection server if the following conditions are true for your environment. You have to do this so that the Windows Update traffic is not inspected when it is tunneled.
You connect to Windows Update through a network proxy.
The network proxy uses HTTPS or SSL content inspection.
There is an intermediate server between the SSL traffic of the client and Microsoft Update.
For more information about how to create HTTPS inspection exceptions for Microsoft Forefront Threat Management Gateway (TMG), go to the following Microsoft website:
For a list of URLs and domains to exclude from the HTTPS inspection, click the following article number to view the article in the Microsoft Knowledge Base:
885819 You experience problems when you access the Windows Update Version 6 website through a server that is running ISA Server
If you manually install the executable file that is included in this update, you have to restart the computer to apply the update.
Remote Microsoft SQL Server administrators must download and install the update by using an account that has SQL Server Administrator permissions. SQL Server must always be installed manually.
To apply this update, you must be running Windows Internal Database or SQL Server.
You must stop Internet Information Services (IIS) and the WSUS service to prevent the database from being accessed while the Network Load Balancing (NLB) clusters are upgraded. For more information about how to upgrade NLB clusters, see the "How to upgrade NLB clusters on all computers" section.
How to upgrade NLB clusters on all computers
Shut down the NLB service on each node in the NLB cluster. To do this, type the following command at a command prompt.
Note In these steps, press ENTER after every time that you type a command prompt.
Shut down IIS and the WSUS service. To do this, type the following commands at a command prompt:
net stop wsusservice
Make sure that no other services can access the SQL Server database during the NLB cluster upgrade process. To do this, type nlb.exe disable together with the appropriate additional parameters for the port or application at a command prompt: