Windows 2012 R2 WSUS hard questions Automatically Approved Updates does not download and ssl not working

"Automatically update all" scenario.

 Recently I discovered that not all combinations of Checkboxes in WSUS are working. Let's say all supported Windows and Office version updates took more than 400 gigs, i did not count more , just end of space hdd. If  you decided to download "Approved updates only" you have to be careful. Since updates are Approved automatically, You think they will be downloaded and approved automatically. Unfortunatelyy they will never be approved because Updates are Approved after they are downloaded, so we get unworking combinatoin of checkboxes.

If you want WSUS work seamlessly mostly you liked to Check "Automatically Approve Updates"

Then You choose what to approve in box "When update is in" and think that's all. Check box that has to be avoided, if You want updates  to be Approved automatically is "Download update files to this server when updates are approved"

 Actually what to be downloaded is decided in another box- "Products and Classifications" What is not documented- info about all Microsoft updates will come anyway, so you don't have to download all updates .

So whether update are Approved or not, they will be downloaded depending on checkboxes in Products and Classifications, only exception is checkbox mentioned above- Download update files only when they are approved- they will never be downloaded as they will never be Approved unless you approve them manually. So you have to go and approve each and every update manually anyway regardless of Automatic Approvals settings. 

IIS ssl bindings and unfinished installation

What admins do- deletes default web site. Unfortunatelly default web site has to be in place when you install wsus server, I just disabled it. If you did all according to prescriptions- enable ssl, issue certificate and appear- ssl wont work. One thing I discovered- certificate is not binded to site automatically. If You want to use ssl connection to administration purposes, you have not only request certificate, enable ssl, also you have to bind certificates. Just go to WSUS Administation and point to SSL certificate or ssl wont work.

Force to get updates

After Some investigation I find out, if somebody push button Run Auto Approve now- Server at last start to get updates, anyway options of all checkboxes are not documented. Seems to me, to start to get updates initially, server need to get some kick. See the picture. 

It works thanks God and leave it alone!