WSUS 2.0 synchronises but will not download content


Onsite today and I was checking a WSUS 2.0 server to ensure that I approved any waiting patches etc. I found that the WSUS server had stalled in the download process. It could synchronise successfully, but it sat at Downloading 0.00MB of xx MB. Screenshot below.


Checked the event logs and found this error

Event Type:    Error

Event Source:    Windows Server Update Services

Event Category:    Synchronization

Event ID:    364

Date:        6/09/2007

Time:        9:18:32 AM

User:        N/A

Computer:    SERVERNAME


Content file download failed. Reason: The parameter is incorrect. Source File: /msdownload/update/v3-19990518/cabpool/windowsserver2003-kb938829-x86-enu_262c3433045b22164aadaae6c3eb761ee7737f18.exe Destination File: f:\WSUS\WsusContent\18\262C3433045B22164AADAAE6C3EB761EE7737F18.exe.

For more information, see Help and Support Center at

Did a quick google for "364 and WSUS" and found this site

It looked simple – setting the WSUS downloads to occur in the foreground. Tried that – using both methods – both failed.

Ok – I decided to disable all the caching in ISA 2006 as some of the content I read from the google search above suggested it might be cache related. Restarted the Update Services service on the WSUS server and waited…

Nope – that didn’t work either.

Ok – I need help – I need "The Amy Babinchak – ISA goddess extraordinaire" I pinged Amy and she’s sure she’s seen this before – last time it was the McAfee AV software. Hmm – I don’t have McAfee here, but I do have Trend CSM for SMB 3.6. I added an exclusion for the F:\WSUS directory (where the database and content is stored) and tried again. That didn’t work either.

Turned to ISA 2006 Logging. I set it to show all accesses from the client IP of the WSUS server. Below is the pattern we saw when we restarted the Update Services and forced a synch – the synch works, but the updates are not downloaded.


Hmm – I thought to myself – the third column shows that I’ve got WSUS configured to use the ISA Proxy server. There’s no denied results in there, so it didn’t look like a rule problem.

I decided to modify WSUS to not use the ISA Proxy server, and instead use ISA as a SecureNAT client. To do this you remove the ISA settings from the WSUS Synchronisation Options

Then I created a rule to allow outbound HTTP and HTTPS direct from the WSUS server in ISA 2006.

Save the configuration and retry – that worked!

See below.


WSUS is now happily downloading it’s update. No idea why I needed to do this but I did.

If you know – please let me know.

Category: Troubleshooting
Published: 6/09/2007 10:32 AM

Leave a Reply

Your email address will not be published. Required fields are marked *