You need to lower the TLS security to manually import updates in #WSUS

The endpoints used by #WSUS for manually importing updates like the “Cumulative Update Preview for Windows 10” are not capable of TLS 1.2. So, after installing the TLS hardening via July updates on a WSUS server the import fails with error 80131509.
To reenable the import you need to allow the fallback to the less secure TLS versions.
Create a ‘w3wp.exe.config’ file in ‘C:\Windows\System32\inetsrv’ with:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <runtime>
        <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
    </runtime>
</configuration>

And run ‘iisreset’.
Be aware that this allows the TLS fallback for all w3wp instances and is not limited to WSUS.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s