You need to lower the TLS security to manually import updates in #WSUS

The endpoints used by #WSUS for manually importing updates like the “Cumulative Update Preview for Windows 10” are not capable of TLS 1.2. So, after installing the TLS hardening via July updates on a WSUS server the import fails with error 80131509.
To reenable the import you need to allow the fallback to the less secure TLS versions.
Create a ‘w3wp.exe.config’ file in ‘C:\Windows\System32\inetsrv’ with:

<?xml version="1.0" encoding="utf-8"?>
        <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>

And run ‘iisreset’.
Be aware that this allows the TLS fallback for all w3wp instances and is not limited to WSUS.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s