WSUS and SCCM configuration

I recently started a new position and have been asked to re setup their updates through sccm. Now im not that experienced since my last position had a fubar WSUS server but this one seems to be simple and kind of working. 
The configuration is as follows. 
SCCM SUP points to MSUpdate
Clients look at MSUpdate and never sees SUP
WSUS looks at MSUpate and hasn't downstream sync'd to sccm in 470+ days.
Now am i wrong for thinking that the flow should looks like Cloud->WSUS->SCCM->Client or should it be Cloud->SCCM->Client with WSUS parallel to SCCM? 

Keep in mind that ConfigMgr doesn't use WSUS in the same way as a standalone WSUS implementation. ConfigMgr is basically using the WSUS catalog to find which updates are available. The updates can then be added to Software Update Groups and can then be downloaded
to deployment packages, which in turn can be distributed to DPs and deployed to clients.
Your generalized flow would be Internet ("Cloud")-> ConfigMgr server(s) (with all that entails) -> Clients.
Check wsyncmgr.log (site server) for information about why a sync hasn't happened recently. You can also check WUAHandler.log on the clients to see what they're up to.
-Nick O.

Similar Messages

  • Can we re-activate Adobe patches once expired in SCUP and syncronized to WSUS and SCCM 2012 as expired?

    Hi,
    I expired a couple of Adobe patches in SCUP and published them in WSUS. They got synchronized in WSUS and SCCM as expired. After about two weeks those expired patches got cleaned from SCCM ( at least from UI).
    I want to activate them again in SCUP and re-publish as active patches in SCCM. But its not working - I've tried WSUS cleanup and  SCUP cleanup already!
    Is there any way to re-active expired patches published by SCUP in WSUS and SCCM ? & How?
    Excerpt from SCUP.Log:
    PublishItem: Item 'Reader Multi Lingual User Interface 10.1.4 Update (UpdateId:'5c22235f-a3d9-48db-95eb-a60ec1886e8e' Vendor:'Adobe Systems, Inc.' Product:'Adobe Reader')' is on the update server and is expired, no publish actions are possible.

    The key here is knowing WHY those updates were "expired" in the first place.
    Most likely they were expired because they superseded another update. If so, merely duplicating and publishing won't achieve anything, because the duplicated/re-published update will also be superseded and get promptly expired again.
    Ergo, if expired because superseded, the superseding package will need to be customized to remove the supersession references and it also will need to be republished, which also means that certain other considerations may need to be taken as well ... such
    as the fact that you now have multiple packages that will conflict with one another that no longer have the requisite supersession metadata.
    Regarding this scenario. Configuration Manager 2012 introduced the option to NOT EXPIRE superseded updates, or to defer the expiration for a specified number of days. This is not a SCUP thing; it's a ConfigMgr thing.
    Configure the ConfigMgr product to behave the way you desire. Problem solved. :)
    If YOU actually expired them in SCUP... then just UNEXPIRE them and republish. Shouldn't be any need to duplicate and republish. This is what Microsoft does all the time. Expire Update 'A' Rev 100 on Monday; publish Update 'A' Rev 101 on Patch Tuesday.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Content Transfer between WSUS and SCCM client on port 8530

    Dear All
    In my environment from last few days we are facing an strange situtaion where huge contents is getting transferred between WSUS server and SCCM client on port 8530.
    I check logs on client and found that client are getting contents from their associated DP's but still weekly network utlisation report showing that data in GB's was transferred between SCCM primary server and clients on port 8530.
    Kindly suggest what else need to check in this scenario
    Regards Suresh

    The only other possible traffic from WSUS is actual updates if and only if you have been approving updates directly in WSUS which you should not be doing.
    Thus, assuming you are not doing what you should not be doing, the only possibility is the update catalog. 150-200MB sounds excessive but that will be based upon what you all have selected for your catalog. There are also a handful of reasons why a full
    catalog resync would be initiated instead of just a delta.
    Jason | http://blog.configmgrftw.com

  • WSUS and SCCM 2012

    I'm finally getting around to trying to integrate WSUS with SCCM 2012 - i.e., to begin using SCCM 2012 to manage and deploy all Microsoft updates rather than using plain old WSUS as I have in the past.
    My first impression is that it's much more complicated than using WSUS alone. That said, I'm wondering now what are the advantages of using SCCM 2012 to manage Windows Updates rather than using WSUS? So far, I've added all of this complexity to the
    process, but I'm not seeing the added benefits after having gone through all this. Anyone else agree?
    I'm about to just trash the whole thing and go back to doing it the old way. Thoughts?
    Shaun

    Jorgen summed it up nicely here:
    http://ccmexec.com/2012/08/top-11-reasons-why-you-should-use-configmgr-2012-for-managing-software-updates/
    Jason | http://blog.configmgrftw.com

  • Manage SCUP published updates under WSUS and SCCM.

    After completion of SCUP environment, I published Adobe Flash player update successfully.
    Some where in blogs it was mentioned that published updates are under 'software library' but under SCCM2007 SP2 I am able to see 'software update' and there are no entry of published updates. Under 'software update' there is only Microsoft vendor and no updates
    under same.
    Also, there is no entry about Adobe updates in WSUS, only Micosoft specific updates are present as per sync.
    environment details:
    SCUP 2011
    WSUS on Win 2008 R2 Server
    SCCM 2007 SP2
    SQL Server 2008 R2
    Please let me know how can I view & manage published updates under SCCM and WSUS.
    Below are logs entry specific to SCUP:
    Publications workspace: Remove selected updates from publication AdobeFlashPlayer$$<Updates Publisher><Tue Feb 24 12:48:28.584 2015.1><thread=1>
    Publications workspace: Starting publish wizard for publication 'AdobeFlashPlayer'.$$<Updates Publisher><Tue Feb 24 12:48:33.573 2015.1><thread=1>
        Publish: Preparing list of selected updates for publishing.$$<Updates Publisher><Tue Feb 24 12:48:37.587 2015.12><thread=12>
        Connecting to a local update server with locally detected settings.$$<Updates Publisher><Tue Feb 24 12:48:37.588 2015.12><thread=12>
        Publish: Update server name: WIN2008R2DC$$<Updates Publisher><Tue Feb 24 12:48:37.610 2015.12><thread=12>
        Publish: Publish operation starting for 1 updates.$$<Updates Publisher><Tue Feb 24 12:48:37.611 2015.12><thread=12>
        Publish: Publish: Verifying update server is configured with a certificate prior to publishing.$$<Updates Publisher><Tue Feb 24 12:48:37.614 2015.12><thread=12>
        Publish: Publish: Update server appears to be configured with a certificate.$$<Updates Publisher><Tue Feb 24 12:48:37.656 2015.12><thread=12>
        Building dependency graph for update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')'$$<Updates Publisher><Tue Feb 24
    12:48:37.687 2015.12><thread=12>
        No dependencies found for update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')'$$<Updates Publisher><Tue Feb 24 12:48:37.717
    2015.12><thread=12>
    Found total of 0 dependencies (may include duplicates).$$<Updates Publisher><Tue Feb 24 12:48:37.717 2015.12><thread=12>
    PublishItem: Update ''Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')'' has no dependencies.$$<Updates Publisher><Tue Feb 24 12:48:37.718
    2015.12><thread=12>
    PublishItem: Publishing update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')'.$$<Updates Publisher><Tue Feb 24 12:48:37.718 2015.12><thread=12>
    PublishItem: --- Evaluating software update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')' for publishing as FullContent.$$<Updates Publisher><Tue
    Feb 24 12:48:37.719 2015.12><thread=12>
    PublishItem: --- Software update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')' needs to be published with full content.$$<Updates Publisher><Tue
    Feb 24 12:48:37.732 2015.12><thread=12>
    PublishItem: Retrieving content for update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')'.$$<Updates Publisher><Tue Feb 24 12:48:37.756
    2015.12><thread=12>
    PublishItem: --- Content will be saved to C:\Users\Administrator\AppData\Local\Temp\2\\kzfk4dzk.yiy\install_flash_player_16_plugin.msi.$$<Updates Publisher><Tue Feb 24 12:48:37.757 2015.12><thread=12>
    PublishItem: Download Content: file was downloaded successfully.$$<Updates Publisher><Tue Feb 24 12:48:57.68 2015.12><thread=12>
    PublishItem: Successfully retrieved content for software update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')' to local file: C:\Users\Administrator\AppData\Local\Temp\2\\kzfk4dzk.yiy\install_flash_player_16_plugin.msi$$<Updates
    Publisher><Tue Feb 24 12:48:57.69 2015.12><thread=12>
    File C:\Users\Administrator\AppData\Local\Temp\2\\kzfk4dzk.yiy\install_flash_player_16_plugin.msi appears to be signed, retrieved certificate, checking signature...$$<Updates Publisher><Tue Feb 24 12:48:57.204 2015.12><thread=12>
    TrustChecker: User trusts file.$$<Updates Publisher><Tue Feb 24 12:51:30.548 2015.1><thread=1>
    PublishItem: --- SDP XML file for publishing created at C:\Users\Administrator\AppData\Local\Temp\2\tmp182E.tmp$$<Updates Publisher><Tue Feb 24 12:51:30.640 2015.12><thread=12>
    PublishItem: --- Calling update server API for publishing update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')'$$<Updates
    Publisher><Tue Feb 24 12:51:30.752 2015.12><thread=12>
    PublishItem: --- PublishPackage call successful for update 'Adobe Flash Player 32-bit/64-bit Plugin 16.0.0.305 (UpdateId:'a2aa8ca4-3b96-4ad2-a508-67a6acbd78a4' Vendor:'Adobe Systems, Inc.' Product:'Adobe Flash Player')'$$<Updates Publisher><Tue
    Feb 24 12:51:59.290 2015.12><thread=12>
    PublishProgress: Publish operation completed.$$<Updates Publisher><Tue Feb 24 12:51:59.305 2015.12><thread=12>
    Publish: Background processing completed.$$<Updates Publisher><Tue Feb 24 12:51:59.306 2015.1><thread=1>
    WizardBase: closing Publish Software Updates Wizard wizard.$$<Updates Publisher><Tue Feb 24 12:55:37.211 2015.1><thread=1>
    Publications workspace: Publish wizard completed.$$<Updates Publisher><Tue Feb 24 12:55:37.234 2015.1><thread=1>
    I verified SCCM primary site but not able to trace published updates here. Please let me know how can I see published updates and how can I manage them as well.
    Thanks in advance!!!

    what does wsyncmgr.log,wsuscontrol.log and WCM.log says ? do they have any adobe related entries ? check if the published adobe products appearing in software update classification ?
    Eswar Koneti | Configmgr blog:
    www.eskonr.com | Linkedin: Eswar Koneti
    | Twitter: Eskonr

  • Partial integration of WSUS and SCCM SP1

    Hi,
    We have an environment with a CAS and nine primary sites. The primary sites are geographically located in different countries. Each country currently manages it's own external WSUS environment, downloading their relevant language packs, etc. Group policy
    is applied at a country level to direct clients to the WSUS server.
    We would like to install the SUP on our local primary site. I am aware that to do so I need to install the SUP (with WSUS) on the CAS before the role is available on my primary site.
    Can anyone confirm the impact of this on the other countries? If they do not install the SUP on their local primary site servers, then I would assume that the external, standalone WSUS infrastructure will continue to operate without issue independent of
    SCCM?
    My understanding is that there should be no impact, but I need some documentation to support this. If anyone has any links I would appreciate it.

    You won't find any documentation because it's not exactly a supported path but it will work and no else will be impacted. This has nothing to do with a possible conflict though as none is really possible because a stand-alone WSUS infrastructure is
    completely independent of the WSUS instances stood-up for ConfigMgr and they won't even know about each other.
    Ultimately, the clients will use whatever WSUS infrastructure that group policy points them to -- ConfigMgr doesn't do anything to get in the way of this even if they stand up a SUP in their primary site. without a SUP in their primary site though, the clients
    won't even enable their software updates client so there's no overlap whatsoever. As long as the GPO is in place though, it will override anything in ConfigMgr as far as WSUS goes.
    Note however though that if someone else wants to start using Software Updates in ConfigMgr in the future, you may run into issues because at that point you *must* share the same update catalog (remember that when integrated into ConfigMgr, WSUS is only
    responsible for the update catalog and not updates).
    As a side comment, I hope you didn't pay whoever recommended 9 primary sites very much because they robbed you (unless of course you actually have like 500,000 managed clients).
    Jason | http://blog.configmgrftw.com

  • ISE wsus and sccm

    Hi..
    We are deploying ISE 1.1.1 for an enterprise customer. Having some doubts about postering. Customer wants to check windows update as part of posture check. What I understood, ise supports only wsus. There is a predefined rule pr_WSUSRule,which can't be edited and don't know how it works. customer is using SCCM to periodically deploy windows patches. Don't know whether pr_WSUSRule is applicable in this scenario. How to go ahead in our case.
    Thanks and waiting for your valuable input....

    Hi,
    I have had this scenario on a few of my ISE deployments and I have made a check so that sms service on the clients are enabled on the workstations before they are granted access to the network. I also run an audit requirement for win 7 32 bit updates (for example) so their administrators can perform checks to see if the sccm patches are being recognized. If the check fails then I have the agent turn it on.
    Keep in mind when you deploy ISE you have provide customers a policy and in this case we are using as an enforcement and audit tool over their current sccm architecture.
    Sent from Cisco Technical Support Android App

  • WSUS and GPO - Configure Automatic Updates

    if Configure Automatic Updates is disabled for all of my domain, can I still use WSUS to update my clients?

    Hi,
    In brief, no.
    If we change Configure Automatic Updates to Disabled, any client updates that are available from the public Windows Update service must be manually downloaded from the Internet and installed.
    For detailed information, please refer to the link below,
    http://technet.microsoft.com/en-us/library/dn595129.aspx#BKMK_Comp5
    Best Regards.
    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • WSUS and SCCM

    Hi,
    Is WSUS Server required in the production infrastructure as well for the OS patching ?
    We have a 3 separate environments. Development, UAT and Production. UAT and Production environments does not have internet access. So in the Dev. which is in isolated network and has internet connection, have a WSUS server and SUP installed where the MS
    patches are acquired. Then  we do an export/import process to move our MS patches to the other environments. So do we need WSUS infrastructure as well in the UAT and Production too ?
    Regards,
    Vinod

    Hi,
    Yes you do as the clients use the WSUS server to scan for updates, here is a great post on how to manage software updates in an isolated envrionment.
    http://blogs.technet.com/b/aaronczechowski/archive/2008/11/11/configmgr-software-updates-on-an-isolated-network.aspx
    Regards,
    jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • SCCM 2007 R3 Software Updates Sync : 6703 WSUS server not configured

    Hi,
    We run SCCM 2007 R3 in native mode (Software Update Point and WSUS both reside on SCCM site server). We're having issues running Software Updates Synchronization which have previously worked fine. In SMS_WSUS_Control_Manager the errors appear as follows
    MessageID:6703
    SMS WSUS Synchronization failed.
    Message: WSUS server not configured.
    Source: CWSyncMgr::DoSync.
    The operating system reported error 2147500037: Unspecified error
    I've followed the suggested fixes in
    http://technet.micro...y/bb735874.aspx but still we have an issue.
    If I open the WSUS console directly and run a manual synchronization from Microsoft this completes successfully. However, I presume this will not be using SSL which is what SCCM will want to use in native mode. I've checked the bindings in IIS on WSUS Administration
    site to confirm that the certificate hasn't expired.
    Any ideas what else I can try?
    Cheers,
    Paul

    wsyncmgr.log repeatedly contains the following
    Performing sync on retry schedule SMS_WSUS_SYNC_MANAGER 13/10/2013 14:02:11 612 (0x0264)
    STATMSG: ID=6701 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=CCPSCCM02 SITE=WES PID=8084 TID=612 GMTDATE=Sun Oct 13 13:02:11.288 2013 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 13/10/2013
    14:02:11 612 (0x0264)
    Sync failed: WSUS server not configured. Source: CWSyncMgr::DoSync SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)
    STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=CCPSCCM02 SITE=WES PID=8084 TID=612 GMTDATE=Sun Oct 13 13:07:11.284 2013 ISTR0="CWSyncMgr::DoSync" ISTR1="WSUS server not configured" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6=""
    ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)
    Sync failed. Will retry in 60 minutes SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)
    Sync time: 0d00h05m00s SMS_WSUS_SYNC_MANAGER 13/10/2013 14:07:11 612 (0x0264)

  • WSUS Update KB2938066 and SCCM 2012 R2

    Looking at the newly release WSUS update KB2938066 and wondering if I need to apply it to my SCCM WSUS component. If so, what type of impact on the SCCM clients should I be aware of?
    Orange County District Attorney

    As the update is about securing and hardening WSUS and also the communication with WU/MU, I would definitely apply this update.
    The client-side is going to be tricky, depending on the configuration of your windows updates. Jason did a very good post about this here:
    http://blog.configmgrftw.com/the-wua-dilemma-in-configmgr/
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Using WSUS for Cluster Aware Updates and SCCM???

    Can WSUS support SCCM and CAU(cluster aware update) from the same WSUS instance? E.G. If I have my SCCM infrastructure getting its patches from a server called SCCM01 lets say and the primary/central site is also on this box, can the WSUS instance on
    this server support CAU or will that break SCCM? I ask because one of our admins did exactly this a few weeks ago and we end up having to reinstall WSUS. It could have been a coincidence but that WSUS instance had been running fine since it was built. Seems
    kina strange it broke relatively quickly.
    I've read plenty of sites that say to avoid meddling in the WSUS console once SCCM is installed but I can't find a specific technet article saying not to do this. I just built the 2012 environment and they're wanting to configure it the same way and I'm
    refusing because I suspect it will break either SCCM 2012 or WSUS or both! Please if someone could point me in the right direction or offer some clarity I would very much appreciate it. So far all I've seen about CAU is that it does support SCCM and WSUS but
    I can't find any documents saying what the repercussions of configuring CAU to use the same WSUS instance that SCCM uses. Thanks in advance. -KR.

    Correct, ConfigMgr is unaware of cluster updating or the WSUS capabilities around clustering.
    Also correct that direct WSUS administration after WSUS is integrated with ConfigMgr is a bad thing. There is no specific article that says don't do "stuff" in the WSUS admin console but it is eluded to in the TechNet docs (http://technet.microsoft.com/en-us/library/gg712696.aspx) and
    I do know that it is specifically unsupported. I also know from experience that it will/can cause issues.
    Cluster patching with ConfigMgr can be done using multiple techniques including maintenance windows, Orchestrator, or other automation tools but there's nothing definitively built in
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • WSUS vs SCCM SUP - What is the point of changing? Pros and Cons of both

    Hi,
    I have been using WSUS forever and have just made a very painful change over to SCCM 2012 SUP. In a room full of experienced WSUS users and facing a handover of SCCM SUP, I really need to have this question answered - What, if any, are the advantages of
    SCCM2012 SUP over WSUS. It's certainly not ease of use, ease of implementation or understandability.
    Even if i accept that yes, they are two different things now and i shouldn't think of SCCM as being like WSUS, I still have to compare and contrast, honestly, what they do and how they do it
    WSUS is ridiculously easy in comparison to SUP. With WSUS, I install it, create some GPOs and assign to OUs. I create security groups and add the servers in scope to to thoise groups and those security groups to the policy. I have different groups set up
    to keep separation of DCs and APP servers and SQL and SCCM and Antivirus servers and workstations
    If needs be i have a text list of all my servers/workstations and can individually target using PSEXEC to run wuauclt on any number of clients. It works great and is easily understandable
    Now, enter SCCM 2010 and SUP.
    The first thing i HAD to know was the last thing i learned. And not from Microsoft.That is that there is really only one method now, imposed by limitations on Software Update Groups and Deployment packages. You can only create a package of 1000 or less updates
    This means chopping up your historic updates and having them deployed as a separate strategy from your newer updates cycles
    Secondly, every month from now on you will need to create and sort your updates into a meaningful Update Group and Deployment package - even if you set up an Automatic Deployment rule, you still need to manually create your Update Groups
    You can only have one deployment package per update group and will need one software update group per "type" of install (available or Required) AND you will need one software update group and deployment package PER COLLECTION!
    To make this work as simply as possible, it will mean having two collections Available and Required (for example)
    Each collection will have a SUG associated with it (each with a limit of 1000 updates remember). Each group of circa 1000 updates takes about 2+ hours to compile and you will have a minimum of 5 groups per collection to get up to October 2014
    After this your ADRs should now do it all for you but lack the ability to create update groups so you have to do this manually every month beforehand. Whew!!
    Thirdly, in the background, WSUS still downloads metadata. In SCCM you should be pointing every update group manually to this folder. Same with Deployment packages and ADRs. Why is this not built-in - intuitive? These are then copied and downloaded as full
    packages into their respectively (manually) created source folders
    Now, when updates expire or are superseded, you have to manually replace them from each SUG
    And also quite a big thing i havent heard anyone else comment on, is the fact that these updates are now NOT shown in the Windows Update feature - they now appear in the Software Center - so now the Servers i sent "Available" updates have to be
    logged onto and manually installed - instead of being able to individually target them like i did with PSEXEC and wuauclt
    And logging?? There are at least 100 different logs to look at using the Trace Log Tool. It's a full time job just figuring out what logs to look at to resolve any problems
    This is, in my opinion, a really poor effort and the documentaion is wildly inconsistent across many forums.
    Some kind of standard document is needed. And i say this after having followed Microsoft's own documentation and using technet forums
    I, for one, just need one BIG question answered for now - how do i remove the SCCM SUP client and revert back to wuauclt on all my clients - if i remove SUP from SCCM will it remove the client from the clients?

    HI Jason,
    I have spent a long time trying to get this to work. My requirements are to have WSUS deploy updates automatically with as little intervention as possible and to be able to explain and show the process to others who will administer the system long after
    I've gone
    The reason I still have to think of things in the WSUS way is that I have a broken update infrastructure that doesn't do what my requirements are. So I now currently need to log into all my "Available " Servers to update them manually instead of
    being able to remotely execute the updates. I'll look at the SDK but this is the first time I've heard of it
    From the top - yes I agree that's a typo it's Update Goups that can only have 1000 updates. Do you agree that this causes a problem for this scenario? Updates since before 2013 amount to several thousand and so I have to break these up into groups of 1000
    - one each for Available and Required groups. That means 8 groups straight away
    Having to cater for these historic updates means painfully waiting 2 hours or so for each package to be created. I've done this already and its not pretty but its essential (unless I'm doing it wrong but I am following TechNet forums)
    My ADRs will absolutely not create the Update Groups and the docs I have read also say that this is a manual monthly process - Create a Group every month and then use an ADR to use that group - is that not correct?
    Update groups - you are mixing my words up and saying the same thing in a different way - "Update groups can absolutely have multiple deployments targeted to different collections" change the "can" for a "must" and you see my
    problem. You cannot create a single Update Group, package it up and the deploy it to both Available and Required groups. You need two update groups for this. One for available and one for Required.
    Metadata - OK then what is it that WSUS downloads to E:\WSUS\WsusContent\...  ? And why is this to be set as the download location for any Update Group, Deployment Package or ADR?? I have to create  or select a deployment package which is another
    manually created folder under "sources" for which the download location is set to my WSUS folder. This doesn't work unless I set my download location to Microsoft. But WSUS should already have synced in the background to WsusContent so why would
    I want to download from Microsoft. And I only want to actually download the "approved" packages. So as far as I'm aware the WSUS\WsusContent folder only contains metadata which is not downloaded until required. Am I wrong? What/who/how downloads
    the binaries and when?
    Lastly, What doesn't make sense? The goal used to be automation. If and when I needed to, I used to be able to manually intervene for single or multiple devices using PSEXEC to run wuauclt. With SCCM I can see for example, 2x non compliant devices just now.
    In the old days I would just psexec onto them and run wuauclt. In SCCM I err... Hmmm.. what? What do I do? Will look at the SDK
    Just one other thing - is there no way at all to continue to use the Windows UPdate control panel and have it show the same available updates as Software Centre? Why can SCCM not just work like Windows Update does? If I run Windows Update on any server it
    says up do date but if go to Microsoft to check it always comes back with updates
    I just want my internal SCCM SUP to work the same way Microsoft updates works for an internet connected computer. Completely Automatic. No intervention. My group of Availabel servers I would like to be able to remotely and individually install from either
    a central console or a script. Again, I will look at the SDK for this
    Thanks for your reply and advice. I'll give it one more week. ;-)

  • WSUS with SCCM 2012 - Products Missing, and Best Practices

    Good morning all
    I am integrating SCCM with WSUS, and I have a few questions regarding products.  I've noticed when running through the "Add site system roles wizard" in SCCM 2012 console that when I go to "Products" it does NOT list a few major
    products, such as office 2013, sql server 2013, exchange 2013, etc. 
    Am I missing something? I'm sure I am...what do I need to do? 
    Also, if there are any other gotchas or best practices you all can point me in the right direction as far as managing SCCM / WSUS together i'd be greatly appreciated. 
    Thanks so much!

    Do not use WSUS Console to manage the updates. All you things you can finish is in the SCCM Console. Refer to the link posted by Jason.
    Juke Chou
    TechNet Community Support

  • WSUS and SQL login failures

    We're having problems with the WSUS configuration.
    In the wcm.log:
    System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'domain\localmachine$'.~~   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)~~   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetConfiguration()~~  
    at Microsoft.UpdateServices.Internal.BaseApi.UpdateServerConfiguration.Load()~~   at Microsoft.UpdateServices.Internal.ClassFactory.CreateWellKnownType(Type type, Object[] args)~~   at Microsoft.UpdateServices.Internal.ClassFactory.CreateInstance(Type
    type, Object[] args)~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetConfiguration()~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.SetUpstreamServerSettings(Boolean SyncFromMicrosoftUpdate, Boolean ReplicaServer,
    String UpstreamWSUSServerName, Int32 UpstreamWSUSServerPortNumber, Boolean UseSSL, Boolean HostBinariesOnMU, Int32 ReportingLevel, Int32 MaximumAllowedComputers)~~ClientConnectionId:00000000-0000-0000-0000-000000000000
    Remote configuration failed on WSUS Server.
    In the softwaredistribution.log file:
    2014-02-06 20:49:29.092 UTC    Error    WsusService.8    SusEventDispatcher.DispatchManagerDatabasePollingThreadProc    SusEventDispatcher got exception while polling database. Polling will continue:
    Excpetion details: System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'domain\localmachine$'.
    Of course, these errors are causing the sync to fail as well.
    SQL is installed on the site server.  We have a separate database for WSUS.  This is on SCCM 2012 R2, SQL 2012.  The localmachine$ is the site server.
    In the SQL management studio, the site server is in the Security\logins.  So my question is, what rights (and where) should the site server have?  Under the Databases\SUSDB\Security\Users should the site server be added?  If so, what default
    schema should it have?
    Or under the "dbo" user, should I change the login name to the site server?  The login name for dbo is listed as another account and I think this is where the issue is, but I'm definitely not a SQL person and I don't have anyone here to ask....
    thanks

    So, you used a separate instance of SQL Server for the WSUS DB?
    If so, is that instance remote from the WSUS instance
    It's interesting that you say that as for some reason, WSUS was installed on 2 of the SCCM servers - once on the site server and then again on another server.  I'm not sure why as I didn't install SCCM and/or WSUS here but I'm trying to understand why
    this was done.  SQL is on the site server, so we have the site db, the SUSDB, Reportserver and ReportServerTempDB. 
    On the site server there's a folder for WSUS which has the UpdateServicesPackages and the WsusContent folders.  The SUP resides on the primary site server.
    So, I removed the WSUS from the non-site server (and now I think this may be what broke things).
    I guess I have 3 choices -
    Try to keep WSUS on the site server and get it working
    Try and put WSUS back on the other server and see if it fixes things
    Uninstall WSUS and the SUP and start over

Maybe you are looking for