WSUS on Windows Server 2012 R2 appears to be badly broken

Windows Update server won't synchronize and is throwing errors 7032 and 7053 when trying to connect

WSUS 2012 R2 admins may face a difficult day ahead if a report from Cliff Hogan, posted this morning on, is any indication.

Hogan reports:

What a mess!!! Microsoft Update upstream for WSUS was down for about 12 hours for Windows 2012 R2 version. It was OK for Windows 2008 R2 and Windows Server 2016 Technology Preview 5. This is more than likely related to the failed patch last month KB3148812 which has now been pulled.

The problem is the "new" WSUS distribution method that was supposed to take effect on May 1. Microsoft had warned about it, tried to put manual procedures in place to fix it, and ultimately pulled the bad patch, as I described two weeks ago.

Right now, Microsoft's most recent update to its What you need to know about KB3148812, Part Two Technet post says:

This update contains critical functionality that needs to be in place before the Anniversary Update, but it does not need to be installed this week (e.g., there is no security fix that patches a known vulnerability).  Therefore, here are our recommendations: Until further notice, if you have not already installed this update, do not install KB3148812…

We have identified the root cause for the issue and are currently testing a fix.  We've gotten a good number of positive results from those that offered to test the package, and are working out some corner case scenarios with the few that had issues.

It looks like the root cause has come home to roost. WSUS on Server 2012 R2 appears to be badly broken.

I'm starting to see reports in Europe this morning that say WSUS 2012 R2 is throwing errors 7032 and 7053 when trying to connect to the WSUS server.

Hogan (who's tackling these problems in Australia) says:

While failing syncing, it still synchronised 10 Office Updates this morning. I am wondering if it fails on that new functionality only or it is just an outage at Microsoft or a last minute try to block some updates. It works for individual computers though.

It is likely that Windows Server 2008 R2 is not aware of the new configuration while Windows 2016 TP5 supports it natively.

It looks like the WSUS 2012 R2 Titanic just crashed into the new ESD-encrypted update stream iceberg. Microsoft really needs to get its patching act together. If it can't get KB 3148812 to work, there should be an alternative. Now.

Give your admin a smile this morning. They may be in for a hellacious day.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon