KB4015553 on a Windows Server 21012 R2 with SQL 2008 R2 creates a System Kernel Process Handle/Thread Leak. It is easy to see in the Task Manager after adding the Handle/Thread count columns. The counts increase nearly 1 per second until the OS and system is unresponsive and collapses.

Another indicator is in the event logs, 4231 events appear: Description:
A request to allocate an ephemeral port number from the global TCP
port space has failed due to all such ports being in use.

But the ephemeral port alert is not the root cause.

I have a local WSUS server, it stores all my updates for my local users, I approve the updates and everything is great. At the same time I have bunch of remote offices that have faster WAN connections than VPN/MPLS.

I can setup a second WSUS server, point it at my upstream server at HQ and tell it to not store the updates. All clients connecting to this server will fetch updates from Microsoft.

Why not make this a simple binary GPO overwrite instead of adding the complexity?

Force client to fetch windows update binaries from Microsoft

Considering the server availability, we administrators are not getting downtime as we desired. So, Microsoft should give the support for server OS to prevent the reboot the server in logged-off mode after windows update installation. I have a suggestion that I'm giving below. If it is possible, it is very helpful to the world of Windows administrators. Add the registry value in server at least in all available server operating systems

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

"NoAutoRebootWithLoggedOffUsers"=dword:00000001

Actually Windows 10 on WSUS is only reflected by a major product category and LTSB.

It would be much better if you could add a product category for each branch / release:

such as:
Windows 10 1507 (LTSB 2015)
Windows 10 1511
Windows 10 1607 (LTSB 2016, CBB)
Windows 10 1703 (CB)

This would allow companies with a good patch management to effectively avoid downloading CU patches for Windows 10 that they do not use and also would help to categorize updates in the views.

Actually it is not really possible to use automatic acknowledgement rules without acknowledgeing any Preview security or preview feature upates for Windows 7, 8.1 etc.

Please put them a seperate WSUS Category e.g. preview rollups so that an effective testing can be made with rulesets and a test group of computers.

There exist a technet site with a maintenance SQL script to reindex the WID for WSUS 3.x, it would be great if you could implement this into the GUI, aside having a capability to backup and restore, aswell as shrinking the WID database.

this is a known bug but I think rather than reindexing and cleaning up the WSUS DB with a SQL script you could fix this programmatically.

The issue is know an happens during the first stage of the wizard when cleaning up old updates.

It is cool to see that ADK will be updated with every new Windows 10 release but USMT seems to complicated for new admins.

Please implement a GUI and a visual creation for the XML files to control this service.

I personally don't want to study a book to make it work right.

https://social.technet.microsoft.com/Forums/windows/en-US/178c2075-98a3-4f9c-a121-b9b74522cad2/download-nonenglish-updates-from-windows-update-catalog?forum=w7itproinstall#1d010bae-c989-4615-9ce4-38c9f008935d
--
https://social.technet.microsoft.com/Forums/windows/en-US/178c2075-98a3-4f9c-a121-b9b74522cad2/download-nonenglish-updates-from-windows-update-catalog?forum=w7itproinstall#1d010bae-c989-4615-9ce4-38c9f008935d
--
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5d7cd886-b8de-4f39-948f-f04991001927/windows-update-catalog?forum=winservergen#8266a0a6-abb8-43bd-a1df-4d5cdc78408c
--
https://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/f9fafd3e-6d90-4699-bca1-0a7849fd6b77/#f9fafd3e-6d90-4699-bca1-0a7849fd6b77

The current 12 hour window for "Active Hours" needs to be longer so the updates/reboots can happen in the middle of the night.

Currently there is a limit of 100 3party (non-microsoft) categories in WSUS.

We are using a 3party patchsupplier (Shavlik, now Ivanti) and this limit of 100 categories is a big limitation for us.

WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

. Background
WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

Problem Description
This creates a fair amount of confusion as we know these are Server 2016 systems but we can’t be certain that they’re being updated properly without examining each system to ensure it has the current platform-specific updates

Get-WsusComputer -ComputerUpdateStatus failed -ComputerTargetGroups clients <-- this lists ALL in the target group, instead of only those that have status=failed

Same result if I use -IncludedInstallationStates Failed too.

Currently the non quality security updates are superseded by the security quality updates. This causes most of the standard reporting to break for companies that do not need or want the quality updates for security patches. 3rd party scanners also will show servers as non patched if a company only installs the non quality package. Please do not set the quality updates to supersede the non quality updates. This will prevent companies from having to spend large amounts of development time to rework their processes that worked for several years.

After install KB3159706, WSUS console can't be opened. Need to do post installation action. It did make trouble. At firs, user doesn't know what cause this problem. After spending time to search for solution, user figure out that this problem is caused by KB3159706. It waste user's time. It's better to have a way to warning user that there is known issue in the update patch when user install the update patch.

Minimize number of 500 errors in IIS logs due to recycling of WSUS AppPool during client scans as it causes excessive false positives in monitoring systems.