WSUS not pushing updates to server 2022 and server 2019

Updates show up in WSUS, I can approve them and all of my 2022 & 2019 servers are reporting to WSUS (via: tnc wsusservername -port 8530) but the updates never push to them after I approve them.

I ran server cleanup wizard, did the WUAUCLT commands, and everything else, but they still don't show up.

Have an idea what's wrong?

Yes it is and the servers are in the WSUS console.

Edited by rranger, 28 February 2024 - 04:21 PM.

Can the machines reach the sus?

Yes they can - they're communicating with the WSUS server. All other machines that aren't server 2022 or 2019 are reporting into the same WSUS server and do receive updates. 

I don't manage the workstations at my company, just the servers. There are no differences in the registry settings either between the 2022 & 2019 servers and out 2016 servers. 

This is a tough one. 

We do use an azure an automation account with log analytics workspaces, but we are NOT azure domain joined. I just use the deployment schedules for starting the install and reboots for the updates - WSUS is used to approve the updates. I was maybe thinking that the deployment schedules in Azure were possibly removing the updates somehow and just rebooting the servers (because the servers do reboot) but I don't think that's possible. I never bothered to look at if the approved updates showed up on my servers to begin with either (for this month, Feb 2024) because this has never been a problem until now.. Thanks.

The only other thing I can think of is that for our Jan patching, I was told to remove group policy as updating from azure would handle everything but that wasn't true - updating from azure works without group policy ONLY if you're azure domain joined and none of our servers are so I set group policy back to what it was.

Inheritance is also blocked on our WIN2022 OU but that's not big deal as we simply link the WSUS policy separately to it - our 2019 servers aren't in that OU either so that helps in determining that nothing got messed up with the inheritance being blocked (we have inheritance blocked due to event viewer being disabled if it's not).

Not at all. What's even crazier is that when I look at the report in WSUS for one of the feb. cumulative updates, it says the status is "installed" for all the 2022 servers. Something is very strange here. 

Both, it's literally just the status report you run by right clicking on a machine.

Yes