Patch My PC Publisher – Unable to connect to WSUS

When starting the Patch My PC Publisher, you get an error message stating that it is “Unable to Connect to WSUS”.
This issue usually appears due to a WSUS misconfiguration, and the cause might vary. The most common causes are documented in this article.

Topics covered in this article:

Basic troubleshooting

Before doing anything else, we need to ensure that the WsusPool and WSUS Service are running.

For the WsusPool, go to the IIS Manager –> Application Pool –> check the status.
If it is Stopped, right-click it and choose Start.

 Once ensured that the WsusPool is running, go to services.msc and ensure that the WSUS Service is also running.
If it’s not running, right-click the service and start it. 

The WsusPool stops immediately after being started

Make sure that the WSUS configuration is set as per the Microsoft docs recommendations. Key takeaways from the docs:

The computer that hosts a software update point requires the following configurations for IIS application pools:

  • Increase the WsusPool Queue Length to 2000.
  • Increase the WsusPool Private Memory limit by four times, or set it to 0 (zero), which translates to Unlimited.

In IIS, from the Application Pools, go to Advanced Settings.

In the Advanced Settings, make sure that the Queue Length (under General), is set to 2000.

And then, under Recycling, you will find the Private Memory Limit.

Microsoft recommends to set it to 0 (zero), which means Unlimited private memory limit. This should be done for the Virtual Memory Limit as well.

Additionally, review the WSUS best practices recommended by Microsoft.

The issue exists with https configured while the WsusPool is running

Ensure the SSL Certificate is bound to the WSUS Administration site and was not dropped for some reason:

  1. On the WSUS server, open Internet Information Services (IIS) Manager.
  2. Go to Sites > WSUS Administration.
  3. Select Bindings from either the action menu or by right-clicking on the site.
  4. In the Site Bindings window, select the line for https, then select Edit….

More InformationNote: Don’t remove the HTTP site binding even if HTTPS is configured. WSUS uses HTTP to update content files.

  6. Under the SSL certificate option, choose the certificate to bind to the WSUS Administration site if the option is set to Not Selected. The certificate’s friendly name is shown in the drop-down menu. If a friendly name wasn’t specified, then the certificate’s IssuedTo field is shown. If you’re not sure which certificate to use, select View and verify the thumbprint matches the one you obtained.

To verify if all other HTTPS settings are configured correctly, please follow this guide.

Published On July 29, 2022