Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.
Category published:  Server 2019 Server 2022 [21H2/22H2/32H2] WSUS   Click on the Category button to get more articles regarding that product.

WSUS Server 2019 + 2022 Sync Problem 09.07.2025

Posted by admin on 09.07.2025


EUROPE: WSUS Server download failure – all customers since 09.07.2025 during the night

SOLVED/SEEM FIXED MS SIDE:10.07.2025, 00:03, Switzerland, Could sync most of our DE + CH customer

Error we see in WSUS under Sync, 23:39 [Switzerland · UTC+2], 09.07.2025, InvalidOperationException: There is an error in XML document (666, 324159)

Error we see in WSUS under Sync, 21:27 [Switzerland · UTC+2], 09.07.2025, WebException: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden. —> System.Net.Sockets.SocketException

 

Latest: Susan Bradley from AskWoody just posted the ticket from MS.There is no workaround at this time. A problematic update revision in the storage layer has been identified as potentially causing this issue and repairs are in progress.
Next steps: We are working on a resolution
and will provide more information when it is available.

Many customers in Europe, from BSB to Enterprise, are facing an urgent problem with the Windows Update Server (WSUS).

The SYNC failed during the night of 09 July 2025, starting at different times. For example, 13 out of 15 WSUS servers at different customers within CH/DE failed to fetch the important 07-2025 0-day updates which we urgently need to roll out.
Two out of 15 servers did download the updates just fine, but we assume this happened before the problem appeared.

  • SRV2019 + SRV2022 German or English OS, VL, STD or ENT
  • There also seem to be problems with Exchange and update patterns
  • NO Proxy, NO IPS/Exploit rule, NO AV Filter on the firewalls of those WSUS servers (so it is not firewall or proxy related)
  • Event 10022, Application, Windows Server Update Service (Fehler beim letzten Versuch zur Synchronisierung des Katalogs)

There seems to be a flip-flop effect:

  1. Either you can’t download from MS (described by some people in German forums=

OR

  1. Your clients cannot connect to the WSUS

 

Check of Round Robin sws.update.microsoft.com From Switzerland, 21:27, 09.07.2025, [Switzerland · UTC+2],

sws.update.microsoft.com

glb.serversync.prod.dcat.dsp.trafficmanager.net

 

IP

Port 80

Port 443

135.236.118.207

Unreachable

Reachable

20.10.149.151

Unreachable

Reachable

52.165.164.33

Unreachable

Unreachable

 

 

Error we see in WSUS under Sync , 23:39, 09.07.2025, [Switzerland · UTC+2],

It downloaded 546+ Updates around 23:00+ but then also failed 1hr later. Actualy what it does is just redo the APROVALS and you will have to cleanup the WSUS after this. Like if the WID/SQL Express crashses or you run out of space.

InvalidOperationException: There is an error in XML document (666, 324159). —> System.Net.WebException: The operation has timed out.

at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events)

at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)

at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetUpdateData(Cookie cookie, UpdateIdentity[] updateIds)

at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetUpdateData(UpdateIdentity[] updateIds, List`1 allMetadata, List`1 allFileUrls, List`1& updatesWithSecureFileData, Boolean isForConfig)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetUpdateDataInChunksAndImport(List`1 neededUpdates, List`1 allMetadata, List`1 allFileUrls, Boolean isConfigData)
at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.GetAnd

 

 

Error we see in WSUS under Sync, 21:27, 09.07.2025, [Switzerland · UTC+2],

WebException: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden. —> System.Net.Sockets.SocketException: Ein Verbindungsversuch ist fehlgeschlagen, da die Gegenstelle nach einer bestimmten Zeitspanne nicht richtig reagiert hat, oder die hergestellte Verbindung war fehlerhaft, da der verbundene Host nicht reagiert hat 20.10.149.151:443

 

bei System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)

bei System.Net.HttpWebRequest.GetRequestStream()

bei System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

bei Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetRevisionIdList(Cookie cookie, ServerSyncFilter filter)

bei Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.WebserviceGetRevisionIdList(ServerSyncFilter filter, Boolean isConfigData)

bei Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)

Eventviewer, 10022, 7, Windows Server Update Services

 

 

09.07.2025, 21:38 Switzerland

 

Normal output from a redirect



 Category published:  Server 2019 Server 2022 [21H2/22H2/32H2] WSUS   Click on the Category button to get more articles regarding that product.