ISSUE
WSUS updates download stuck
BACKGROUND
This issue happened on an offline internal WSUS server, which does not have internet access. Its data was imported from another internet-accessible external source WSUS server. How to export and import WSUS data, refer to – Synchronize software updates from a disconnected software update point
BEHAVIOUR
WSUS console shows:
The files for this update have not yet been downloaded. The update can be approved but will not be available to computers until the download is complete.
SoftwareDistribution.log shows and nothing else about bits download:
UTC Info WsusService.22 ContentSyncAgent.Download Item: ed4fe8f2-08e3-4533-baf9-824531bcae8b has been submitted to BITS for Download
SOLUTION
When I ran in an elevated command prompt this command
bitsadmin /list /allusers /verbose
to list all the jobs, I observed 10 jobs in failed state due to being unable to resolve the download address.
GUID: {B179C08E-B3A6-4E53-A67C-2216F753EE78} DISPLAY: 'ed4fe8f2-08e3-4533-baf9-824531bcae8b' TYPE: DOWNLOAD STATE: TRANSIENT_ERROR OWNER: NT AUTHORITY\NETWORK SERVICE PRIORITY: HIGH FILES: 0 / 1 BYTES: 0 / UNKNOWN CREATION TIME: 25/5/2022 5:28:27 PM MODIFICATION TIME: 26/5/2022 11:02:09 AM COMPLETION TIME: UNKNOWN ACL FLAGS: NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 3 RETRY DELAY: 600 NO PROGRESS TIMEOUT: 86400 ERROR COUNT: 107 PROXY USAGE: NO_PROXY PROXY LIST: NULL PROXY BYPASS LIST: NULL ERROR FILE: http://download.windowsupdate.com/c/msdownload/eula/useterms_t1c_2r_ed_client_volume_1_et-ee-0631e9b6-a6be-4014-a512-db457f7e7bfe.txt -> D:\WSUS\WsusContent\83\E1084A7E5C68A4D0774CDEF8E8D90EDEC36A2C83.txt ERROR CODE: 0x80072ee7 ERROR CONTEXT: 0x00000005 DESCRIPTION: SUSFile JOB FILES: 0 / UNKNOWN WORKING http://download.windowsupdate.com/c/msdownload/eula/useterms_t1c_2r_ed_client_volume_1_et-ee-0631e9b6-a6be-4014-a512-db457f7e7bfe.txt -> D:\WSUS\WsusContent\83\E1084A7E5C68A4D0774CDEF8E8D90EDEC36A2C83.txt NOTIFICATION COMMAND LINE: none owner MIC integrity level: SYSTEM owner elevated ? true This job is read-only to the current CMD window because the job's mandatory integrity level of SYSTEM is higher than the window's level of HIGH. Peercaching flags Enable download from peers :false Enable serving to peers :false CUSTOM HEADERS: NULL ... Listed 10 job(s).
It was apparent that some EULA license files are missing. I downloaded those 10 missing files and put them in the correct WsusContent subfolders. Again, updates download stuck. Running the bitsadmin command again to list all user jobs, I found another 10 missing EULA license files. Okay. I realized what went wrong. The copied content from the source WSUS server had missing EULA license files. To fix that once and for all, I did the following:
- Go to the source WSUS server
- Open an elevated command prompt
- Navigate into C:\Program Files\Update Services\Tools
- Run: .\WsusUtil.exe RESET
- Copy all the folders again to the destination WSUS server
- Restart bits service (PowerShell): Restart-Service BITS
- Restart Wsus Service (PowerShell): Restart-Service WsusService
NOTE
By default, WSUS allows 10 simultaneous bits download jobs. This limit is defined in the table tbConfigurationB.
SELECT MaxSimultaneousFileDownloads FROM [SUSDB].[dbo].[tbConfigurationB]
If the first 10 jobs get stuck, all the remaining updates download will have to wait and show up in Downloading state, giving the impression that they are stuck. This is exactly what we are discussing in this article.
If you want more simultaneous jobs, you can change the setting in the database, eg. increase it to 20.
UPDATE [SUSDB].[dbo].[tbConfigurationB] SET MaxSimultaneousFileDownloads = 20