WSUS server: Microsoft Disables Old Sync Endpoint

Anyone who administers a WSUS server should now and then check the software. On July 8, 2019, Microsoft shuts down an old WSUS endpoint address. In addition, starting on July 9, Windows 2008 will not be able to refresh Server SP2 if SHA-2 code signing is not accepted.

WSUS server: Microsoft Disables Old Sync Endpoint

Microsoft will be phasing out as the endpoint for synchronizing Windows Server Update Services (WSUS) patches on July 8, 2019, the company announced. That should cause no problems in most cases, according to Microsoft. However, there will be a one-time slow sync that typically takes a few minutes.

In the event that there are still problems and the WSUS should not be able to synchronize, Microsoft points to an older Knowledge Base article. In fact, Microsoft officially shut down the endpoint a while ago, but allowed it to remain accessible for compatibility reasons. Alternatively, is available as an endpoint.

It is also important that Microsoft further restricts the practice of dual signing (SHA-1/2) for Windows updates for security reasons. Microsoft has been working for months to stop the old signing without causing problems for the clients to retrieve the updates. On July 9, 2019, the next step is to be expected. Then dual signing will also be disabled for Windows Server 2008 SP2. A week later, various Windows 10 versions are on the line. Problems are not expected; First, Windows 10 is a modern system that has always been able to handle SHA-2-signed updates, and second, the target audience of the server is technically savvy.

The next step in August could be more critical. Because then the mass of Windows 7 clients affected. The necessary patches, so that Windows 7 understands the new signatures, Microsoft already published in March. However, if these are missing, Windows updates will fail on those systems.