Unable to import KB Notfall,Interim,Post Microsoft Patchday patch into WSUS-Server running under Microsoft Server 2012 R2

Unable to import KB Notfall/Interim/Post Microsoft Patchday patch into WSUS-Server running under Microsoft Server 2012 R2.

Problem: You are unable to import Patches from Windows Update Catalog on 2012 R2 WSUS

Problem: You do not see the import direct into WSUS button /Direct in WSUS-importieren auf 2019 nicht sichtbar (EDGE/IE mix)

Most people discover while in a hurry to deploy following 14.11.2021 emergency patches post 11/2021 November updates which takes apart their Azure, Load Balancer, ADFS, WAF-IIS etc.

Windows Server 2019: KB5008602 — DOWNLOAD

Windows Server 2016: KB5008601 — DOWNLOAD

Windows Server 2012 R2: KB5008603 — DOWNLOAD

Windows Server 2012: KB5008604 — DOWNLOAD

Windows Server 2008 R2 SP1: KB5008605 — DOWNLOAD

Windows Server 2008 SP2: KB5008606 — DOWNLOAD

https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1607-and-windows-server-2016#2748msgdesc

Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server. On impacted systems, end-users cannot sign into services or applications using Single Sign-On (SSO) in Active Directory on-premises or hybrid Azure Active Directory environments.

On the WSUS-Server if you try to Import a patch from WSUS-catalog it fails:

ERROR/FEHLER you see:

“Es konnten nicht alle Updates importiert werden. Wenn Sie den Vorgang abgebrochen haben, starten Sie den Import der Updates erneut. Ist ein Fehler aufgetreten, klicken Sie in der Statusspalte neben dem jeweiligen Update auf Fehler, um die Lösung für das Problem anzuzeigen.”

Here is the process to Import a KB File into your WSUS.

*********** STEP NEEDED if you run WSUS on ONLY Server 2019 ************** FROM HERE

If you are UNABLE to see the ADD/Hinzufügen on Server 2019 then do following. Start iexplore.exe manual from start menu.

Open the site:

https://catalog.update.microsoft.com/

Install the Plugin (Only appears on IE Internet Explorer 11 not EDGE) on Server 2019

You can check the add-on here also in IE addons:

Open Import from Windows Catalog

The site will open in EDGE > Copy the full URL and open iexplore.exe (IE11) again, past the full URL there

Now in IE you see the import button:

Still you can ONLY import the 2019 patches on WSUS running on Server 2019 😉 Very nice. We need to rollout full SCCM now for every SBS/KMU?

*********** STEP NEEDED if you run WSUS on Server 2019 ************** TO HERE / END STEP 2019 ONLY

Error:

Importergebnisse

Solution:

Add following Registry Key and reboot the Server

Cmd line 1 line:

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SchUseStrongCrypto /T REG_DWORD /D 1

Single registry values:

VALUE name: SchUseStrongCrypto

Value Data: 1

Type: DWORD (32-bit) Value

Reboot

Retry

OK