When the WSUS Server and WSUS console are not on the same Patch Level and not on the same WSUS server version, an error message for version mismatch is displayed and publishing of packages fails. This is caused by a known incompatibility of different versions of the WSUS Server console and it is purely a Microsoft problem. As SVM leverages the standard WSUS APIs, it is affected indirectly by this issue.
You must first ensure that your versions match. If you have decided to host the Software Vulnerability Manager console on a separate system than the actual WSUS, then you must plan the setup before implementing it. If your setup has already encountered this error, you may have to correct that.
To do that, perform the following steps of planning and implementation:
To determine what Windows OS version/flavor you would need for your corresponding WSUS, use this:
When you have matched the WSUS versions, required OS flavors, and have installed the correct RSAT tools for WSUS, you may still have to match the patch levels of both systems. If one of the systems has some particular KB patches while the other does not have the very same, publishing can still fail.
You can see what has been installed from appwiz.cpl > Installed Updates menu as shown next:
At the bottom of the list, you will find the WSUS updates installed. The range of KB numbers that will fix the incompatibility (or the patch difference) boils down to KB2720211, KB2734608, and KB2828185.
These updates will be required particularly in Windows 2008 WSUS setups and WS 2012 R2 installations. In Windows 10/2016/2019, these should be handled by default and included in the source code already.
Another workaround is to simply install the SVM interface on the very WSUS system and work with the console and WSUS through a single API interface thus eliminating the remote vector that essentially eliminates the version mismatch problem immediately. Many customers prefer this approach instead.
on Nov 15, 2018 07:31 PM - edited on Sep 25, 2019 05:24 AM by RDanailov