ISSUE: Cannot import updates to WSUS, due to erroneous redirection in Windows Update Catalog

Frequent Contributor


Management Host: Windows Server 2022 Build 20348.405

WSUS Server: Windows Server 2019 Build 10.0.17763.1971

Microsoft Edge Release 96.0.1054.62


Repro Steps:

- Edge is your default browser

 On the Management Host open WSUS MMC (via Server Manager) to connect to the WSUS Server via https

- in the WSUS MMC > Update > Import Updates 

- Open the catalog in Edge IE Mode: refer my guide

HOW-TO: Import Out of Band Updates to WSUS using Microsoft Edge Chromium and modern IE Mode - Micros...


- Accept the ActiveX 


What is happening:

- you may add updates to the cart


What is the issue: 

- you cannot import (OOB) updates for Windows Server 2022 updates or other updates
- on affected systems we get redirected to a different update catalog server that seems to be different

Browser: IE, natively
Result: import works


Browser: Edge, IE Mode
Result: import works


Browser: Edge, IE Mode
Result: import does not work



What we have tried so far:
- reproduce this on the local Windows Server running WSUS instead of remote server > no change
- changing Protocol Version from 1.20 to 1.80 (old, but fixed issue) > no change
- troubleshooting via Developer Mode
- we will upgrade the WSUS to Windows Server 2022 and try to reproduce

Error message:

This update cannot be imported. Reason: It is not compatible with your version of WSUS


Affected patches:

apparently any patches that have a different build than the WSUS Server

see screenshots

- Windows Server 2022

- Azure Stack HCI 22H2

- Windows 11 

- Windows 10


Reproducible: mostly


We see this happening at different customers. 
Using Edge IE Mode, despite using same setting, Edge IE mode sometimes get redirected
to a different server that has not the v7/sites. This results into missing ability to import updates.



@Aria Carley 

@Andrei Stoica have you heard about similar reports?
Do you know anyone that could check a potential redirection or inconsistency on the update catalog server?

Originally we would like to import 2022-01 updates into WSUS running on Windows Server 2019 to patch affected RDS Servers. 

15 Replies

We too seem to be experiencing this issue.

WSUS server is Windows Server 2022.
Client machine is Windows 11 running RSAT and managing/importing updates remotely.
Edge 96 is my default browser, but running the update catalogue site in IE mode with the ActiveX control installed.

We can search for and add updates to our basket, but when proceeding to the basket, we are told they could not be imported because they are not compatible with our version of WSUS.
The update we are trying to import is KB5010197.

I have tried to add the /v7/site part to our catalogue URL as a workaround, but I get a site/page error.
Our URL loaded when clicking import updates is of the format:

Are there any other potential workarounds to this issue at this time?

Many thanks


- If not already added, add SystemDefaultTlsVersions (and/or SchUseStrongCrypto) registry values to both .NETFramework\v4.0.30319 keys, and restart the system


- Add these URLs to IE mode pages, and remove any other catalog url 



- If not already installed, open and install ActiveX controller


@abbodi1406 I know you have deep knowledge about servicing.
We have already added both links according to my guide. 
The TLS settings have been made earlier and as such are already correct.

Any other ideas?

edit: I still hope that the Microsoft Servicing team can respond on this post, why sometimes the browser does not get redirected to the /v7/site/Home.aspx when clicking import updates in the WSUS MMC. This should fix it, when the settings are applied.

best response confirmed by kwester-ebbinghaus-business (Frequent Contributor)


I have spent more time into the testing and found out that it worked in a VERY specific configuration. So to say must be exactly this configuration as you stated.


ONE MAY NOT USE in the exception 
While these pages can be technically reached, they do not work correctly and will not redirect. Imho this is still a server-side config issue on the IIS 10.

1. It only works as expected when you use the link without www. It does not work with the www. anymore.

2. you need to actually add both links. One or the other won't be enough anymore.
Both was till November 2021. But no more.

3. really remove any other links in the scope of *

4. close all tabs and restart the browser (just in case you have set that Edge should reopen all tabs on next start)


Thank you @abbodi1406 I will update my guide accordingly. 


@Eds1989 can you please confirm this solution worked for you?


Glad it worked
yes, urls must be without www.
now :) it worked with www. back in November. I hope they are going to look into this if you do not add both links either it will redirect to www.catalog.* or the redirect will not be to v7/site page which means no import is possible at all or the said error happens.
If you have time check the updated guide, just to make sure it is correct again.
I did not include the TLS thing as this is a practice one should do globally and is also in place on Windows Server 2022 (I believe except PS 5.1).


We use enterprise site manager to add our IE mode sites to a centrally stored XML files, that Edge group policies are set to load.

We have these two URLs configured as below:



We do not see these in Edge settings, but they should be effective:



When I click on the import updates button, it still loads a www. URL without the v7 in the path:



It's gone midnight now, so I'll try updating policies and from another machine in the morning to see what happens.



Scratch that, just tried once more before bed, and can confirm this does now seem to be loading the correct URL, however....

When trying to complete the import process, it fails:


Error page:



Have I done something wrong?

You must add SystemDefaultTlsVersions registry value and restart the system
The ActiveX controller utilize legacy .NET 4.0 connection which do not use TLS 1.2 by default
SystemDefaultTlsVersions (or SchUseStrongCrypto) is needed to force it to TLS 1.2

Can you kindly elaborate on where this key needs to be created, what type it should be, and what value I need to set it to?


@Eds1989Run these in command prompt as administrator

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /V SystemDefaultTlsVersions /T REG_DWORD /D 1 /F
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 /V SystemDefaultTlsVersions /T REG_DWORD /D 1 /F

more info 

@abbodi1406 @Eds1989 these are settings I would propose to deploy via Group Policy GPP across your organization not only for WSUS. There are many other settings in this regard, that should be checked I will try to blog about it on techcommunity on a later date.


I've added those entries to my WSUS server and am testing from there. It says that the ActiveX failed to run though:



If I re-run my test my from my client machine, I assume I also need to add those entries and reboot?





Adding those keys to my client machine, I am able to now import:



Thanks for the help guys!