Windows updates issue

asked 2019-07-31 17:48:11 +0000

dee gravatar image

We noticed recently (when our print server crashed trying update via WSUS) that certain subnets are not able to pull Windows updates from WSUS.

Initially I was able to find that the WSUS Pool service on the WSUS kept crashing, and not being able to find why I ran a capture from the WSUS ( and a capture from our DC ( and ran wuauclt /updatenow on the DC while the capture was running, and not really knowing what to look for yet I filtered traffic from the WSUS capture to ip.addr == and ip.addr == from the DC capture.Only six packets show up with that filter but the first thing that stood out to me was PHS,ACK packets which I'm trying to comprehend, and it sounds like this is generated when information is not received by the receiving host so the sender is requesting it again without verifying whether or not it sent initially. (captured from the DC, (captured from the WSUS,

Still new to this and haven't quite gotten to the point where I'm understanding what I'm seeing, just looking for some input if someone is available to take a look.

edit retag flag offensive close merge delete