код ошибки 80131509 wsus
Managing WSUS: TLSv1.0 needed to import from the Windows Update Catalogue
Importing updates to WSUS from the Windows Update Catalogue requires TLS v1.0 client and SHA.
Jonathan
As you might have gathered from a previous troubleshooting post in relation to Windows Server Update Services (WSUS), one of my tasks is to manage our WSUS environment. Sometimes it’s necessary to import updates from the Microsoft Windows Update Catalogue and I ran in to another problem with this recently.
While attempting to import some updates outside of our usual set of classifications I was repeatedly told the import had failed. I tried an update I’d expect to work too and got the same error:
«Some updates could not be imported» message, showing the import has failed.
Clicking the failed links didn’t provide much in the way of useful information:
Some updates could not be imported.
[Error number: 80131509]
The following are common causes and solutions for this issue:
If you use a proxy, be sure that it is the same proxy being used by your Windows Server Update Services (WSUS) server. Your WSUS server might not be configured correctly. Contact your WSUS administrator.
After a lot of searching online it transpired that WSUS still needs TLSv1.0, even on Windows Server 2012r2. In the organisation’s bid to harden the environment we’ve disabled TLSv1.0 server practically everywhere, and in some places client too.
Turns out that TLSv1.0 with SHA client is required for the update import to work. Note that SHA needs to be specified in addition to TLSv1.0, both are required.
Successfully importing updates after enabling TLSv1.0 client with SHA.
If you need to adjust SSL / TLS settings on a Windows device I recommend the Nartac Software IISCrypto tool. IISCrypto presents a very easy to use graphical interface allowing you to change protocols, ciphers, hashes etc. Note that to apply the settings the Windows device needs to be restarted.
Nartac IISCrypto GUI, showing a working configuration for importing updates.
Banner image a screenshot of the error message I was receiving.
Disclosure: Nartac do not sponsor this post, their tool is recommended following extensive usage and peer recommendation.
Sign up for more like this.
Playing with honeypots: part 4
Looking at a different attack on the honeypot I investigate an attempt to deploy a crypto currency miner.
Releasing people from their old roles
When changing roles in the same organisation you sometimes end up still doing your old job for a while.
Playing with honeypots: part 3
Having built a honeypot and published it to the Internet, it’s time to see what the attackers tried to do.
Код ошибки 80131509 wsus
Общие обсуждения
New install (a lot of downloads occurring) of WSUS 3.1 server. I am trying to import new updates into the WSUS server using the MS update catalog. When I try to import them directly into the WSUS server it fails with the error code 80131509. I’m attempting to do direct import of Forefront Security updates, to speed up the distribution of these files.
Все ответы
As described in the other thread: Because you currently have JOBS downloading for WSUS. When you import metadata from the MU catalog, the only thing you import is the METADATA. Then, just like a regular update, when you approve that update, it has to be downloaded. That download gets queued up in the list with all the rest of the updates.
I explained to you how to work around your =75= updates you’re waiting to be downloaded, as it’s highly unlikely you NEED all 75 of those updates, although a few of them you seriously needed yesterday (like MS08-067, if not already installed).
For the sake of thread consolidation, here are those instructions again:
= = = = = = = = = =
Might I suggest that if you need Forefront signature files NOW, then you UNAPPROVE all of the other updates on your WSUS Server; leave only the latest Forefront updates approved, and allow your Forefront content to be updated. Once you’ve obtained your Forefront signature files, then go back and approve other needed SECURITY updates (only). Allow the content for the NEEDED Security Updates to be downloaded. Then approve other needed CRITICAL updates (only), and allow for the content of the NEEDED Critical Updates to be downloaded. Then approve anything else that’s needed and you wish to deploy via WSUS.
Do not approve SUPERCEDED updates.
Do not approve UNNEEDED updates.
After you’ve downloaded and deployed everything that is NEEDED, then you can evaluate the interest and value in approving anything else that is not needed.
= = = = = = = = = =
One additional note I did not explicitly state in the previous post. After unapproving the updates, you’ll likely need to clear out the BITS download cache using the BITSADMIN utility.
Код ошибки 80131509 wsus
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Asked by:
General discussion
New install (a lot of downloads occurring) of WSUS 3.1 server. I am trying to import new updates into the WSUS server using the MS update catalog. When I try to import them directly into the WSUS server it fails with the error code 80131509. I’m attempting to do direct import of Forefront Security updates, to speed up the distribution of these files.
All replies
As described in the other thread: Because you currently have JOBS downloading for WSUS. When you import metadata from the MU catalog, the only thing you import is the METADATA. Then, just like a regular update, when you approve that update, it has to be downloaded. That download gets queued up in the list with all the rest of the updates.
I explained to you how to work around your =75= updates you’re waiting to be downloaded, as it’s highly unlikely you NEED all 75 of those updates, although a few of them you seriously needed yesterday (like MS08-067, if not already installed).
For the sake of thread consolidation, here are those instructions again:
= = = = = = = = = =
Might I suggest that if you need Forefront signature files NOW, then you UNAPPROVE all of the other updates on your WSUS Server; leave only the latest Forefront updates approved, and allow your Forefront content to be updated. Once you’ve obtained your Forefront signature files, then go back and approve other needed SECURITY updates (only). Allow the content for the NEEDED Security Updates to be downloaded. Then approve other needed CRITICAL updates (only), and allow for the content of the NEEDED Critical Updates to be downloaded. Then approve anything else that’s needed and you wish to deploy via WSUS.
Do not approve SUPERCEDED updates.
Do not approve UNNEEDED updates.
After you’ve downloaded and deployed everything that is NEEDED, then you can evaluate the interest and value in approving anything else that is not needed.
= = = = = = = = = =
One additional note I did not explicitly state in the previous post. After unapproving the updates, you’ll likely need to clear out the BITS download cache using the BITSADMIN utility.
Код ошибки 80131509 wsus
Общие обсуждения
New install (a lot of downloads occurring) of WSUS 3.1 server. I am trying to import new updates into the WSUS server using the MS update catalog. When I try to import them directly into the WSUS server it fails with the error code 80131509. I’m attempting to do direct import of Forefront Security updates, to speed up the distribution of these files.
Все ответы
As described in the other thread: Because you currently have JOBS downloading for WSUS. When you import metadata from the MU catalog, the only thing you import is the METADATA. Then, just like a regular update, when you approve that update, it has to be downloaded. That download gets queued up in the list with all the rest of the updates.
I explained to you how to work around your =75= updates you’re waiting to be downloaded, as it’s highly unlikely you NEED all 75 of those updates, although a few of them you seriously needed yesterday (like MS08-067, if not already installed).
For the sake of thread consolidation, here are those instructions again:
= = = = = = = = = =
Might I suggest that if you need Forefront signature files NOW, then you UNAPPROVE all of the other updates on your WSUS Server; leave only the latest Forefront updates approved, and allow your Forefront content to be updated. Once you’ve obtained your Forefront signature files, then go back and approve other needed SECURITY updates (only). Allow the content for the NEEDED Security Updates to be downloaded. Then approve other needed CRITICAL updates (only), and allow for the content of the NEEDED Critical Updates to be downloaded. Then approve anything else that’s needed and you wish to deploy via WSUS.
Do not approve SUPERCEDED updates.
Do not approve UNNEEDED updates.
After you’ve downloaded and deployed everything that is NEEDED, then you can evaluate the interest and value in approving anything else that is not needed.
= = = = = = = = = =
One additional note I did not explicitly state in the previous post. After unapproving the updates, you’ll likely need to clear out the BITS download cache using the BITSADMIN utility.
Import to WSUS fails direct import from MS Update Catalog
All updates were installed on my machines, but occasionally I’ll check on-line to see if WSUS missed anything and it looks like WSUS didn’t download KB4284833 that was released this month and so I went to import into WSUS via Update Catalog and I’m getting failed for both the Server 2016 and Win10 1607:
When I initially clicked the link to import and IE opened, it wanted me to install an update for WSUS. did that, searched for the KB, added to basket, clicked import (with direct to WSUS checked) and it gave the above error. I’ve tried 3 times so far and same result. I don’t use a proxy so that’s not an issue.
I did find oooooold posts about this but also found a brand new link published today describing the same errors that MS is aware of but no fixes:
But this talks about WSUS on 2016 where my WSUS is still on 2012R2. Wanted to check in there with you guys to see if anyone else has found a solution for this? Do the old solutions work or is this a newer issue than the 2009 posts I’m finding.
Thanks for the help!
The problem persists with vanilla Server 2019 as of August 2020:
(you follow one the WSUS-MMC provided links to import updates from the Microsoft Update Catalog Website, which opens Internet Explorer and you already confirmed to install/run the required Active-X addon – after triggering the basket-imprt, you get the error 80131509).
Although frustrated reading so many – at least outdated – info (not to say wrong info), I’d like to share the real problem description and solution here, hopefully saving others an hour of valuable time, which they can better use for learning drums or coding C 😉
Reboot your machine. Don’t change anything else in your IIS setup or any other registry values.
Repeating update import now succeeds:
This should also solve various other contemporary vs. legacy TLS socket options on windows.
60 Replies
Do you have Protected Mode enabled for the Internet (within the Security tab on Internet Options)? I have to turn that off for the Import function to work for me. Also, you are using Internet Explorer 11 on the WSUS Server itself correct? Those are the 2 things I had to do to get things to work. I am using 2012R2 also.
Yes to using IE11 on the WSUS server itself and yes. Enable Protected Mode is checked. will try taking that off to see if it works and report back. Thanks for the response!
No love. still the same error 80131509
Brand Representative for AJ Tek
Download firefox on the WSUS Server. Set it as your default browser, try importing again. If that doesn’t work, switch back to IE as the default, and go into IE Options, Advanced tab, and reset all preferences and settings to defaults, then try again.
@Overdrive You can use Firefox to do the Imports? I thought the website installed a ActiveX Control that allowed you to do the Imports straight from the website instead of just getting a Download option.
Brand Representative for AJ Tek
@Overdrive You can use Firefox to do the Imports? I thought the website installed a ActiveX Control that allowed you to do the Imports straight from the website instead of just getting a Download option.
It is true, that Only IE is allowed to import as of Oct 2016 (https://redmondmag.com/articles/2016/10/18/microsoft-update-catalog-browser-access.aspx) but I’m not sure if this has changed. It probably hasn’t, but it doesn’t hurt to try as Edge, Firefox, and Chrome are now allowed for downloading manually from the site, and it’s been almost 2 years. If it didn’t work, the alternative to setting IE to default and resetting all preferences and options to defaults should fix the problem.
@Troy_PBGNW Does the mucataloglog.txt have any errors listed in it? It is located in C:\Users\ \AppData\LocalLow\Microsoft\MuCatalog. I would also make sure the Microsoft Update Catalog ActiveX Control is loading and Enabled. Make sure it has microsoft.com listed for «You have approved this add-on to run on the following websites:»
Download firefox on the WSUS Server. Set it as your default browser, try importing again. If that doesn’t work, switch back to IE as the default, and go into IE Options, Advanced tab, and reset all preferences and settings to defaults, then try again.
FF didn’t work (as in could only download). resetting IE to defaults didn’t work either. Same error 80131509