You need to lower the TLS security to manually import updates in #WSUS

The endpoints used by #WSUS for manually importing updates like the “Cumulative Update Preview for Windows 10” are not capable of TLS 1.2. So, after installing the TLS hardening via July updates on a WSUS server the import fails with error 80131509.
To reenable the import you need to allow the fallback to the less secure TLS versions.
Create a ‘w3wp.exe.config’ file in ‘C:\Windows\System32\inetsrv’ with:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <runtime>
        <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>
    </runtime>
</configuration>

And run ‘iisreset’.
Be aware that this allows the TLS fallback for all w3wp instances and is not limited to WSUS.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

End-User Computing

Managed Enterprise Workspace

You need to lower the TLS security to manually import updates in #WSUS

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply