Migration from 2003 to 2008R2 - Questions from a first-timer

How is everybody doing. 
I'm managing for the very first time a WSUS server.
Right now there's a WS2003x64 SP2 STD handling this role. The issue is that this server has gotten out of control: MMC crashes all the time due to different causes. For example: when I try to delete more or less 20 PCs it crashes, when I try to run the cleanup
utility it also happens, when this occurs all the actions that were started don't happen and WSUS stays the same.
This made me recommend the option of starting a new server (I've said to use a 2008R2 which I believe will have SP1 installed, don't know if it makes a difference here). Here's my thinking, I'd like to get any recommendation regarding these steps:
1- Install OS and role (with IIS, WID and Report Viewer 2008): do the role automatically install all neccesary tools for report creation and PCs reporting to the WSUS? After that update WSUS to SP2.
The server will use a different IP than the actual.
2- Create all the neccesary Computer Groups: will use a couple of groups for testing and then split all servers and user computers in
Critical (for servers), Download & Choose Install
(for servers), Automatic Install (for servers) and Workstations
(automatic install), Critical Workstations (DL & choose) and use client-side targeting to fill them.
3- Apply GPOs on the OUs hosting each type of computers: here I have a question; can I have the same computer apply to two different WSUS? On my mind the computer status should be the same on both so it shouldn't be a problem.
4- Choose the products and type of updates to syncronize.
5- Start synchronization with Windows Update to retrieve available updates.
And that should be it. Will this work? I guess I'm missing info here regarding implementation, let me know and I'll tell you what my plan is.
Thanks.

When I start synchronizing the server: which updates for approval will show? All the available ones on Windows Update catalog or only the ones that are missing on the computers/servers on our environment?
The Windows Update Agent will flag any update that is Not Installed and could be installed as "Needed". That does not, however, mean that the update should be installed, or that it would be installed even if you approved it.
Rule #1: Do not approve updates that are superseded. That will solve 90% of the issues right off the top.
Rule #2: Do not approve updates that are not listed as "Needed". (You can approve them later if you want them available for future systems.)
Rule #3: Consider approving updates in small to medium quantity batches. I suggest focusing on only Security Updates to start with. As the WSUS server downloads the updates, the clients will start to see these updates as available for installation. If you
approve a large number of updates, the download may take several days. Invariably this results in a client installing small batches of updates over several days, which has a unique tendency to totally annoy the person trying to use the computer to do real
work.
Regarding WSUS functionality: When I approve an update and it installs automatically due to GPO setting the 4th option. Now I have to uninstall it because it crashes an application being used in the company.
This can be a real problem -- which is why the most important part of patch management is TEST TEST TEST. Identify a PILOT group of highly-trusted and aware users for doing your initial deployment. If they don't encounter any issues in 48-72 hours, then
it's appropriate to unleash the updates on the rest of the organization.
When Automatic Updates searches again for new patches, will WSUS push and install the same update again?
Well, that depends. If you identify an update that is defective, the very first thing you should do is decline the update. This will prevent most future installations of the update. Clients that have already downloaded the update will still try to install
it until they discover it has been declined. If the update is declined, and you then uninstall the update, the client will not attempt to install the update again because it does not have an approval. If you don't remove the approval and remove the update,
the client will most definitely attempt to (re)install that update at the next opportunity.
When does it stop pushing updates? Can I configure that?
When you remove the approval for installation via the WSUS console.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Similar Messages

  • Raising Functional level - From 2003 to 2008R2

    Recently I have completed the AD upgrade from 2003 to 2012. Now all sites have 2012 DCs only. Next i plans to raise the functional level of both Forest and Domain from 2003 t0 2008R2.
    I want to know the things to take care before doing this upgrade.

    hi,
    if you are only using 2012 DC's that you may want to go straight to 2012 functional level. The functional level change is generally classed as low impact and simply tells AD it can use all it's additional features.
    There is no real roll back if any issues are caused during or after the change, so you need to ensure you have full backups and are aware of the forest recovery process. Make sure you have spoken to all your software vendors whose software integrates with
    AD before doing the change to ensure that it won't affect the running of this software.
    There is a very good article here from the MS Directory team on the process and the impact.
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Regards,
    Denis Cooper
    MCITP EA - MCT
    Help keep the forums tidy, if this has helped please mark it as an answer
    My Blog
    LinkedIn:

  • I downloaded from iTunes a hd movie for the first time. What a disaster !                                                Keep stopping and looks like after 2 days has not been downloaded. What am I suppose to do? Can I get my money back? How?

    I downloaded from iTunes a hd movie for the first time. What a disaster ! Keep stopping and looks like after 2 days has not been downloaded. What am I suppose to do? Can I get my money back? How?

    Contact iTunes suport... http://www.apple.com/support/itunes/contact/
    It sounds like you might have a slow wifi internet connection?  How fast is it with a speed test from your iPad.

  • I want to know why some box of Iphone5s it's not come full accessories in box simple my iPhone 5s I have bought from Apple store last week it's first time for me use iPhone but so surprise me how the company make the phone have to use a pin to open

    I want to know why some box of Iphone5s it's not come full accessories in box simple my iPhone 5s I have bought from Apple store last week it's first time for me use iPhone but so surprise me how the company make the phone have to use a pin to open the sim but didn't give a pin inside the box and I ask staff at store their said they also don't know some box have some of are don't have a pin come together so then they told me I have to find solution or I have to buy a pin by my self I can buy it by myself but I really don't understand how come apple big company but how it's happen like this?thank you.

    Where did you purchase this. The US phones do not come with the SIM removal tool anymore. They haven't for some time now. I'm not even sure it comes with any of the devices anymore. You can just straighten out a paper clip and do the same thing.

  • HT4236 if i sync photos from iphone to my mac fir the first time what happens

    if i sync photos from iphone to my mac fir the first time what happens

    The transfer of photos from an iPhone to a Mac is an import. It is very similar to what happens when you move photos from any camera to the Mac (if you have ever done that). Instructions: http://support.apple.com/kb/HT4083
    The iTunes sync can move photos the other direction (Mac to iPhone). That "sync" works the same way each time you do it -- it sets the non-Camera Roll photos on the phone to match the current iTunes photo page settings. Instructions for that: http://support.apple.com/kb/HT4236

  • Download music from ipod when opening iTunes for the first time?

    I just got a new iMac at work and the first time I plugged my iPod into the comupter to charge it up it opened my iTunes and then started to download all my songs from my iPod. Being 7am I wasn't thinking properly and pressed cancle to stop the download, then I remember I have 500GB free memory and why shouldn't I have my music on the computer. The problem is I can't get it to download the music again. I know you not ment to be able to download from your ipod but that is what happened.
    I have tried completely uninstalling iTunes by removing the icon in Applications and in the User>Music folder to get the same result but it makes no difference, where I once had a couple of meg's worth of music which had started to download I have none. Can somebody please explain to me how this happened and how I can revert iTunes back to how it was before I opened it so I can quickly download all my music onto my computer??

    We'll unfortunately that's not true. I had though that was the case as well until this happened. I wasn't sure if this a new feature that iTunes had for when you first attach an ipod to a new iTunes (where you need to go through the terms and conditions, and set up your settings at the beginging).
    I have downloaded very little from the iTunes store and the things which got downloaded were some funny adds which I had converted and put on my ipod as well as some AC/DC, some Beatles and a collection of 179 other songs (I'd be lucky if I've downloaded 5 songs in my life from iTunes). Before deleting everything in the hope that I could do it again I even played a couple of them in case all it had done was take the album artwork or something. But they all play fine and none of them were ones I had downloaded.
    Does anyone know what's happened and how it can be repeated?
    As to the other ways of getting music of your ipod I'm aware of them and have used irip in the past without any problems. I know how to do it that way but now that I have been made aware of this other way I was wanting to clear up how it happened and if it can be repeated, say if I was to reinstall iTunes.

  • Converting from WORD to pdf always fails the first time

    OS is XP. Acrobat Pro 8.1.5. When I first convert from WORD, EXCEL, whatever the program appears to be working but no file is created.  This happens always on the first time I convert to pdf for the day.  Once I do it again, it works and continues to work throughout the day.  I turn off my computer at night and again the next day when I come in it doesn't convert the first time but will work again.  Is there something in Windows or Acrobat that I can fix to get this to work properly?

    If you are using Word 2007 (you don't say) you might try the Microsoft plugin... this is instead of Acrobat
    http://www.microsoft.com/downloads/details.aspx?FamilyId=4D951911-3E7E-4AE6-B059-A2E79ED87 041&displaylang=en
    If you are using an earlier version of Word (or Word '07) make sure you have installed all Microsoft Office updates, so you'll know this is not a Microsoft bug

  • Migrating enterprise root CA from 2003 to 2008R2 - specific situation

    So i have following setup:
    Windows 2003R2 SP2 - owning all FSMO roles, root CA
    Windows 2003R2 SP2 - DC
    I want to upgrade domain to Windows 2008 R2 and migrate root CA. Since for CA migration it is essential that i preserve the same name what would be high level order of actions?
    1) move FSMO roles to 2nd win2k3 DC
    2) backup CA 
    3) depromo and remove server from domain
    4) join win2k8r2 to the domain under same name
    5) restore CA on it
    6) prepare forest/domain
    7) DC promo
    8) transfer FSMO roles
    9) depromo and remove old servers
    OR
    1) move FSMO roles to 2nd win2k3 DC
    2) join win2k8r2 to the domain 
    3) backup root CA
    4) prepare forest/domain
    5) depromo and remove ex win2k3 server from domain
    6) rename win2k8 so it matches removed server
    7) restore CA on it
    8) DC promo
    9) transfer FSMO roles
    10) depromo and remove old servers
    Biggest question is should I DC promo 1st and then restore CA or other way around?

    I migrated but i have few small issues:
    1) after i restored backup i can't see issued certificates
    2) In certmgr.mcs when i do Automatically enroll and retrieve certificates no templates are available but when i go to personal container and request certificate i see templates and i my cert requests finishes fine. Also i tried auto enrol over IIS work
    and over web form also works.
    There is 1 more confusing step from this guide http://technet.microsoft.com/pt-pt/library/ee126140(v=ws.10).aspx#BKMK_RestoreReg
    If the target CA's computer name is different from the source CA's computer name, search the file for the host name of the source CA computer. For each instance of the host name found, ensure that it is the appropriate value for the target environment. Change
    the host name, if necessary. Update the CAServerName value.
    Importante
    If the host name is located in the .reg file as part of the CA name, such as in the Active value within the Configuration key or the CommonName value within the CAName key,
    do not change the setting. The CA name must not be changed as part of the migration. This means the new target CA must have the old CA's name, even if part of that name is the old CA's host name.
    So do i change it since my new CA has new name or not? I did change is but not sure what is the effect since i did not change Common name and Active value which contains old CA name.
    Comments?

  • Migrate exchange 2003 to exchange online from EAC.

    Hi,
    I have to migrate my local exchange 2003 to my new exchange online from office365.
    I have to make a Cuteover migrate (complete migrate .... sorry for my english). I understand i have to use a batch to import my on-premise exchange to exchange 365. My question is : does the batch do a "cut-paste" or a "copy-paste" of
    my local data to online data ? do i will lost all local user mailbox data(mail contact calendar) ?
    Thanks you
    Julien

    Hi, first of all let me tell that the process from the ECP will create a single batch job for cutover migration, secondly, the process will consist of migrating Exchange mailboxes, contacts and Distribution Groups but the source content will remain as is
    not a cut/paste operation.
    If you want more info about the process I recommend you to read the following:
    http://technet.microsoft.com/en-us/library/jj874016(v=exchg.150).aspx
    Alberto Pascual MVP-MCSA-MCITP-MCTS-MCP-O365MS-MCC http://blogs.itpro.es/guruxp

  • I have Apple O/S 10.6.7 and Firefox 4 and when I play a homemade slideshow/movie from my webgallery it plays correctly the first time, and then play upside down after that, unless I shut down Firefox and then restart it...why?

    I discovered this incompatibility (?) with the help of a Sr. Advisor from Apple. I have uninstalled Firefox and the plist and reinstalled it and the same thing happened. Is there something that I can to do circumvent this problem?

    I discovered this incompatibility (?) with the help of a Sr. Advisor from Apple. I have uninstalled Firefox and the plist and reinstalled it and the same thing happened. Is there something that I can to do circumvent this problem?

  • I just tried to import photos on my iMac (OS v. 10.9.4) from my Olympus OMD EM1 for the first time and was given a message that it cannot read the files ending in ORF, in other words the raw files...I have the latest version of LIghtroom 5...help!

    I checked the list of supportive cameras and the EM-1 is listed as having preliminary support.  I checked for updates to LR5 and I have the latest version.

    I checked the list of supportive cameras and the EM-1 is listed as having preliminary support.  I checked for updates to LR5 and I have the latest version.

  • FTP Adapter fails first time when bpel process is invoked from concurrent

    Hi,
    We noticed that the invoke of the FTP adapter fails the first time when the bpel process is invoked from a concurrent program. The second time the concurrent is ran, it completes fine. However, when invoked from the console, it compeltes fine the first time itlsef.
    Any idea what could be worng. We are on SOA Suite 10.1.3.4
    Thanks
    -Prapoorna

    What you are doing with FTP adapter? Are you writing a file ? Any error details in logs when it is failing on first invocation ?

  • HT1349 When i click the buy it's asking me for a security question cause of the first time of using device for purchasing a game,but im already using this device before

    It's really not working..i always
    Buying an iTunes card and redeeming in one device but asking me a
    Security question cause of first time using device
    For purchasing oh my i already using this device

    Joiz wrote:
    {snip}. . . I don't remember..i know my email add and my password but I dont know the answer. . .
    There's not much anyone here can do for that particular issue.
    Your best bet is to seek assistance from iTunes Support.  If there is an alternate way to accsess your account, it will only be through them.
    http://www.apple.com/support/itunes/

  • How do you disable securtiy question, because iam trying to purchase apps, for the first time user

    how do u disable security questions for ur itunes if u don't remembet the question and answer, first time buyer for apps store
    its asking me the names that i set it up security, i have the password to login but i don't know how to disable those question, can u please help me
    how to disable those question

    Rescue email address and how to reset Apple ID security questions

  • Migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 and 2 other Domain External and Forest Trusts

    Is there anything that needs to be done or considered when migrating from 2003 domain/forest level to 2008R2 with all DC's at 2008R2 with 2 other 2003 separate Domain incoming
    and outgoing Trusts, one Trust that is a Forest Trust and the other is an External Trust? Is there any chance or risks that doing this upgrade will break either one of these Trust relationships? Some of the user accounts with SID history have been migrated
    from both Domain Trusts to our domain. Any chance that this upgrade will break these relationships for users that are using SID history for access to folders and files in their old Domains? If so what can be done to protect these trusts and SID history, prior
    to moving the Domain to 2008R2

    Hi,   
    Based on my knowledge,
    the Upgrade of the function level do not affect the trust relationship.
    Besides, before you upgrade the Functional Level,
    verify that all DCs in the domain are, at a minimum, at the OS version to which you will raise the functional level.
    Once the Functional Level has been upgraded, new DCs on running on downlevel versions of Windows Server cannot be added to the domain or forest.
    For more information about function level, we can refer to following links:
    Understanding Active Directory Domain Services (AD DS) Functional Levels
    http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(v=ws.10).aspx
    What is the Impact of Upgrading the Domain or Forest Functional Level?
    http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx
    Best Regards,
    Erin

Maybe you are looking for

  • Connecting directly macbook pro to ethernet big disk...

    I was wondering if i could connect directly my macbook pro to the ethernet plug of ethernet big disk with ethernet cable. I have used the lacie connected to netgear router but the big disk showed that it was connected at 100mbits/s. When I tried to t

  • ADC/dvi video  card

    Is it possible to get a ADC/Dvi video card for an open PCi X slot? or would I be better off getting a card w/2 dvis and purchasing the adapter because it is older technology? I have an older 23" display.

  • Ipod touch - white screen flashing endlessly

    As the title says it just keeps flashing off and on, can anyone point me in the right direction please? I've tried holding the buttons in and can't connect it via Windows all machines I've tried? Maybe it needs to go to an Apple outlet?

  • Creating Digital signature blocks w/ Acrobat 10.1.2 and using reader to sign...

    I'm using Adobe Acrobat 10.1.2 to add digtal signatures to pdf's but when I save them as a reader extended version so people that only have access to Reader can sign them, Reader won't allow them to sign.  How do I fix this problem?

  • Primary key voilation

    A function in my application first empties all the tables using "DELETE FROM <tablename>" and then imports a dump. The problem is that it is giving me "Oracle error 1, primary key voilation" on a table although there is only 1 record in that table. A