Considering the server availability, we administrators are not getting downtime as we desired. So, Microsoft should give the support for server OS to prevent the reboot the server in logged-off mode after windows update installation. I have a suggestion that I'm giving below. If it is possible, it is very helpful to the world of Windows administrators. Add the registry value in server at least in all available server operating systems

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

"NoAutoRebootWithLoggedOffUsers"=dword:00000001

KB4015553 on a Windows Server 21012 R2 with SQL 2008 R2 creates a System Kernel Process Handle/Thread Leak. It is easy to see in the Task Manager after adding the Handle/Thread count columns. The counts increase nearly 1 per second until the OS and system is unresponsive and collapses.

Another indicator is in the event logs, 4231 events appear: Description:
A request to allocate an ephemeral port number from the global TCP
port space has failed due to all such ports being in use.

But the ephemeral port alert is not the root cause.

I am missing to have more options than just a very common keyword search in Microsoft Update Catalog.

setting up filters like OS version, branch, x86 / x64 and update categories AND date equal / greater than would be amazingly helpful to find a specific group of updates.

Admit it, the current search is not very helpful if you are NOT searching for a specific KB but a set of updates.

E.g. try to enlist all Windows 2003 Server Updates released after January 2017. Good luck, trying.

It sure would be nice if the WsusContent folder would work with the dedup in Server OS. With Express Updates enabled for Windows 10 deltas this folder grows and grows. Performing a few test cases dedup saves 50% or more however it breaks WSUS.

Actually Windows 10 on WSUS is only reflected by a major product category and LTSB.

It would be much better if you could add a product category for each branch / release:

such as:
Windows 10 1507 (LTSB 2015)
Windows 10 1511
Windows 10 1607 (LTSB 2016, CBB)
Windows 10 1703 (CB)

This would allow companies with a good patch management to effectively avoid downloading CU patches for Windows 10 that they do not use and also would help to categorize updates in the views.

Actually it is not really possible to use automatic acknowledgement rules without acknowledgeing any Preview security or preview feature upates for Windows 7, 8.1 etc.

Please put them a seperate WSUS Category e.g. preview rollups so that an effective testing can be made with rulesets and a test group of computers.

I have a local WSUS server, it stores all my updates for my local users, I approve the updates and everything is great. At the same time I have bunch of remote offices that have faster WAN connections than VPN/MPLS.

I can setup a second WSUS server, point it at my upstream server at HQ and tell it to not store the updates. All clients connecting to this server will fetch updates from Microsoft.

Why not make this a simple binary GPO overwrite instead of adding the complexity?

Force client to fetch windows update binaries from Microsoft

It is cool to see that ADK will be updated with every new Windows 10 release but USMT seems to complicated for new admins.

Please implement a GUI and a visual creation for the XML files to control this service.

I personally don't want to study a book to make it work right.

this is a known bug but I think rather than reindexing and cleaning up the WSUS DB with a SQL script you could fix this programmatically.

The issue is know an happens during the first stage of the wizard when cleaning up old updates.

There exist a technet site with a maintenance SQL script to reindex the WID for WSUS 3.x, it would be great if you could implement this into the GUI, aside having a capability to backup and restore, aswell as shrinking the WID database.

The current 12 hour window for "Active Hours" needs to be longer so the updates/reboots can happen in the middle of the night.

https://social.technet.microsoft.com/Forums/windows/en-US/178c2075-98a3-4f9c-a121-b9b74522cad2/download-nonenglish-updates-from-windows-update-catalog?forum=w7itproinstall#1d010bae-c989-4615-9ce4-38c9f008935d
--
https://social.technet.microsoft.com/Forums/windows/en-US/178c2075-98a3-4f9c-a121-b9b74522cad2/download-nonenglish-updates-from-windows-update-catalog?forum=w7itproinstall#1d010bae-c989-4615-9ce4-38c9f008935d
--
https://social.technet.microsoft.com/Forums/windowsserver/en-US/5d7cd886-b8de-4f39-948f-f04991001927/windows-update-catalog?forum=winservergen#8266a0a6-abb8-43bd-a1df-4d5cdc78408c
--
https://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/f9fafd3e-6d90-4699-bca1-0a7849fd6b77/#f9fafd3e-6d90-4699-bca1-0a7849fd6b77

Currently there is a limit of 100 3party (non-microsoft) categories in WSUS.

We are using a 3party patchsupplier (Shavlik, now Ivanti) and this limit of 100 categories is a big limitation for us.

WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

. Background
WSUS 2012 does not display the operating system for Windows 2016 servers as 2016 servers. It shows them as Window 10 machines.

Problem Description
This creates a fair amount of confusion as we know these are Server 2016 systems but we can’t be certain that they’re being updated properly without examining each system to ensure it has the current platform-specific updates

Get-WsusComputer -ComputerUpdateStatus failed -ComputerTargetGroups clients <-- this lists ALL in the target group, instead of only those that have status=failed

Same result if I use -IncludedInstallationStates Failed too.