locked
Point de mise à jour logicielle dans DMZ - Software update point in DMZ RRS feed

  • Question

  • Good Afternoon,

    I allow myself to pose my problem here. Here I have 1 MP and 4 DP, one of the DP is in a DMZ. The problem is that all my client workstations in the DMZ are getting application packages but not receiving Windows security updates. My Wsus Server is not in the DMZ. I see nothing blocked on my Stormshiel firewall. Do you know what escapes me?

    Thank you for your help.

    Wednesday, August 12, 2020 11:40 AM

All replies

  • Hi,

    To deploy software updates to the internet-based client using IBMC, you have to configure also a Software Update Point in the DMZ, more details:

    Regards,

    _________________________

    Youssef Saad | Blog LinkedIn | Twitter

    Please remember to mark the replies as answer if they help, thank you!

    Wednesday, August 12, 2020 1:19 PM
  • Hi,

    We need to install the Internet-based software update point on a site system that is remote from the site server, located in a perimeter network, and accessible to Internet-based client computers. The Internet-based software update point synchronizes with the active software update point at the same site by default. 
    Here is a discussion about SUP in DMZ for your reference:
    https://social.technet.microsoft.com/Forums/en-US/63a2d32b-4326-47c5-9d40-c7d8de81b463/software-update-point-in-dmz?forum=configmanagergeneral

    This "System Center" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,
    Allen

    "MECM" forum will be migrating to a new home on Microsoft Q&A!
    We invite you to post new questions in the "MECM" forum's new home on Microsoft Q&A!
    For more information, please refer to the sticky post.

    Thursday, August 13, 2020 7:54 AM
  • Good afternoon,

    I had already configured the software update point. despite this, client workstations in DMZ do not receive updates.

    Best regards,

    Thursday, August 13, 2020 9:29 AM
  • Are you using the same machine as MP/DP/SUP in the DMZ ?

    If true, do not forget to open the following ports on your firewall from Clients > Software Update Point :

    • 8530
    • 8531

    More details:

    You can troubleshoot also from the client side by checking those log files under "%WINDIR%\CCM\Logs" :

    • ClientLocation.log
    • LocationServices.log
    • ScanAgent.log
    • UpdateStore.log
    • WUAHandler.log

    Regards,

    _________________________

    Youssef Saad | Blog LinkedIn | Twitter

    Please remember to mark the replies as answer if they help, thank you!

    Sunday, August 16, 2020 9:13 AM