This guide will help you set up your own WSUS server on Windows Server 2012 R2 and Sync with SCCM 2012.
Windows Server Update Services (WSUS) is a free patch management tool by Microsoft. It allows System Admins to centrally push Microsoft product updates to computers that are running Windows on their network
Steps 1 – Once Server Manager is open, select Add roles and features.
Step 2 – In the Add Roles and Features Wizard, click next on the Before You Begin page. You can optionally select to Skip this page by default for the future.
Step 3 – Select Role-based or feature-based installation. Click Next…
Step 4 – Select your server from the server pool. If you’re not using Hyper-V, you will see only one server.
Step 5 – In the Server Roles list, scroll down and select Windows Server Update Services
Step 6 – A window will pop up showing you the features that are required for WSUS which will be enabled. Click Add Features
Step 7 – You will get the below screen, Click Next…
Step 8 – On Role Services page please select Database (It will use the SQL DB). Click Next…
Step 9 – This page will allow you to set the destination directory for the downloaded updates. Tick the checkbox for Store updates in the following location.
Enter the path here. It can either be a local or a remote path. Keep in mind that WSUS will take up considerable amount of storage as time goes on. It is not unusual to find update folders of sizes greater than 50 GB.
Choose your destination accordingly. Click Next…
Step 10 – Provide the database server name and check the connection, should be successfully connected to server. Click Next…
Step 11 – You need to add the Web Server Role (IIS), Click Next…
Step 12 – Select the Required IIS role servers. Click Next…
Step 13 – On the Confirmation screen, check the Restart the destination server automatically if required option if you wish to do so, otherwise you can leave it unchecked. Click Install…
Installation will start ….
Step 14 – Need to click on Launch Post-Installation tasks
Step 15 – You will the below screen and Windows Server Update Service status will be: Configuration successfully completed. Click Close
Note: WSUS configuration is not required from WSUS server, as that configuration will be taken care by SCCM while we install the SUP. (Do not follow the Wizard from WSUS Server)
Installing SUP On remote Server
In this section we will see the steps how to deploy the software update point on Remote server using SCCM 2012 R2.
Step 1 – To start with, install the Software Update Point role first. Launch the Configuration Manager Console, click on Administration, expand Overview, click Site Configuration, click on Sites. Right click on Primary Site àConfiguration Site Components à Software Update Point
Step 2 – Select server where you want to install the Software Update Point
Step 3 – Click Next… with default setting.
Step 4 – Click Next… with default setting.
Step 5 – At Site Role Selection, Select Software Update Point.
Step 6 – When you install WSUS, you can specify whether to use the default Internet Information Services (IIS) website or create a new custom WSUS website. WSUS configures port 8530 for HTTP and port 8531 for HTTPS. You must specify these port settings when you create the software update point for the site.
Click Next … with default setting.
Step 7 – At Synchronization Source, Select Synchronize from Microsoft Update (As this the first server and we don’t have any upstream server)
Step 8 – At this step please update the Synchronization Schedule as per your requirement.
Step 9 – For Supersedence Rules, select immediately expire a superseded software update. Click Next.
Step 10 – Select Critical Updates, Definition Updates and Security Updates. Note that you can do this after installation of SUP. Click Next.
Step 11- Choose the products that you want to synchronize. Click Next…
Step 12 – Choose the desired language, click next.
Step 13 – The Software Update Point role has been installed. Click Close.
Step 14 – Go to Primary Site Server If you are running with WSUS v 6.2 or later then we needs to install the “Windows Server Update Services Tools” Features on your primary site server.
After this installation, in the configuration manager console, click Software Library, expand Overview, click Software Updates, click All Software Updates and at the top ribbon click Synchronize Software Updates.
Now all update will available at \Software Library\Overview\Software Updates\All Software Updates
Now you need to create Software Update Group and deploy to the required collections.