Solution to KB2919355 preventing interaction with WSUS 3.2 over SSL


A fix is now available from Microsoft that resolves the issue where some computers that have the KB 2919355 update for Windows 8.1 and Windows Server 2012 R2 installed stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2)-based servers that are configured to use HTTPS and do not have TLS 1.2 enabled. Direct download links, installation instructions, and more information you can use to check if you’re impacted by this issue, are provided on the KB 2959977 page.

  • If you manually imported KB 2919355 prior to the issue of KB 2959977, you should decline the old revision on your WSUS server. Once you decline the revision in WSUS, it will no longer be distributed to clients.

  • For all users (even if your environment was not impacted), we recommend that administrators approve the latest revision of KB 2919355 for distribution to enable deployment of Windows 8.1 Update in your environment.


Comments (17)

  1. hassan sayed issa20014 says:

    thank you

  2. Anonymous says:

    こんにちは。WSUS サポートチームです。

    2014 年 4 月 16 日に Windows 8.1 Update (KB2919355) を WSUS に公開いたしました。 この更新プログラムは

  3. Anonymous says:

    С выпуском решения проблем подключения WSUS 3.2 мы опубликовали обновление для Windows 8.1 (а также обновление для Windows Server 2012 R2 и Windows Embedded 8.1 Industry) для Windows Server Update Services (WSUS).

    Для компаний, использующих WSUS, Windows

  4. zoka says:

    Update KB2959977 is only for old version KB2919355 and because of that update KB2959977 is not available over WSUS deploy. Is this correct??? because I dont have KB2959977 on wsus server.

  5. 127 says:

    yes, KB2959977 fix only the issue that Systems with old KB2919355 cannot talk to WSUS (without TLS 1.2)
    Therefore KB2959977 will not be available on WSUS, cause in this Situation WSUS will fail to deploy any Patch to such Clients anyway.

  6. Anonymous says:

    227 Microsoft Team blogs searched, 53 blogs have new articles. 155 new articles found searching from

  7. KG1234 says:

    so if you have a 2003 R2 WSUS server that doesn’t support TLS 1.2 protocol I will be forced to upgrade to 2008 or 2012 WSUS server? Thanks a lot Microsoft…

  8. azarro says:

    Hi, I want to deploy KB2919355 to a test computer group. When I run a computer report I see that the kb2919355 is set to Install but status is Not Applicable. The prerequisity updateKB2919442 is installed on each computer in my test WSUS group. Other WSUS updates are deployed without problem.
    I’ve also managed to install the kb2919355 on one of the computers manually using Windows8.1-KB2919355-x64.msu.
    Has anyone encountered similar problem, please?

  9. 127 says:

    I also found that KB2919355 seems not to be found as “needed” by WSUS for some Windows 8.1 and some 2012 R2 Systems (especially Hyper-V Server 2012 R2). So looks like some dection bug.
    Those Systems could install KB2919355 by file.

  10. azarro says:

    After the latest iteration of KB2919355, all of my W8.1 are sending the desired "needed" status to WSUS and installing the update after approving, so it has somehow solved itself..

  11. tygrus says:

    WSUS role on Server 2012 R2 fails to configure. Why does MS make us try 10+ different possible causes and give no useful help to resolve this. Please please, a simple download that runs to troubleshoot and fix the problems please!

  12. Anonymous says:

    Pingback from Windows 8.1 Update: WSUS Availability, Extended Deployment Timing | Windows for IT Pros

  13. Joe says:

    We have a similar problem but with WSUS for Windows Server 2012 (version 6.3.9600.16384) – none of our 2012 R2 clients report their daily status to the WSUS server (also 2012 R2) after their initial status report. At the minute, our workaround is a scheduled
    task on each client that does the following on a daily basis:

    net stop wuauserv
    rd /q /s %windir%softwaredistribution
    reg delete HKLMSoftwareMicrosoftWindowsCurrentVersion
    /WindowsUpdate /f
    net start wuauserv

    Is it possible that an update that fixed a prior issue has re-introduced this issue into 2012 clients?

  14. Rap says:

    thank you

    http://www.kodes.com Hiphop, Rap, Ceza, sagopa, Kolera

    http://www.gekkog.com Hiphop, Rap, Gekko G

    http://www.maskanimasyon.com Animasyon

  15. ali says:

    Thanks for the its much appreciated..
    http://www.kaderim.net

  16. Leo Jacob says:

    net stop wuauserv
    rd /q /s %windir%softwaredistribution
    reg delete HKLMSoftwareMicrosoftWindowsCurrentVersion/WindowsUpdate /f
    net start wuauserv

    Careful with this, the line break will prompt you to delete the entire WindowsCurrentversion key