You see the following error on WSUS Replica Server (DSS) whilst trying to synchronize with WSUS Upstream Server (USS):
ApplicationException: Failed to approve some updates —>
System.Data.SqlClient.SqlException: Explicit deployments to updates that are
expired are not allowed.
- As the error says – Explicit deployments to updates that are expired are not allowed – which means if an update is expired on WSUS Upstream Server (USS) then WSUS Replica Server (DSS) will not be able to synchronize the expired update from the USS and the sync fails.
- An update has been expired on WSUS USS during a recent sync with MU and this expired update is still approved on USS for either detection or install. Thus, the DSS is not aware of expired update and tries to download the expired update as it is still approved for either detection or install and eventually it fails.
- Also, If you do not choose to automatically approve the revised version, the older version will continue to be approved even if it is expired and synchronization will fail on DSS.
- Expired Updates cannot be synchronized to DSS.
I am not aware of any way to UN-expire an update from WSUSAdmin Console on USS (Is there any way to cheat SUSDB??.).
- You might want to choose to automatically approve the Revised/Updated versions of updates that you have previously approved from Automatic Approval Options.
- Then, review the synchronization logs and search for the “Expired” updates on the Master WSUS server that are still deployed (for either Install or Detect Only) and “Decline” it.
NOTE: This issue is supposed to be fixed in WSUS SP1.
To find the Revised updates which are expired, take a look at;
- Find New and Changed Windows Updates
- Find New and Changed Updates for Microsoft Products Other Than Windows
- Archived Updates
Once you decline the expired updates, perform a manual synchronization from DSS and this time it should sync successfully!