locked
About Window updates ! RRS feed

  • Question

  • Hi All,

    As i know the SUP first should be configure on top level site and that will be considered as your upstream server ,that will be connected to Microsoft site to download meta data, but some     where i found that we can also install a site system  in DMZ and configure wsus and sup on that system and make that system our upstream server .

    Here my question is --- If sup can only b first configure on  top site server than how come we can use a site system as a upstream server ? How will updates process from top to down ?


    Thursday, July 2, 2020 2:37 AM

Answers

  • No, you can never make a site system or a SUP an upstream server. The first installed SUP is always the top WSUS instance in the ConfigMgr hierarchy. You can choose to sync this WSUS instance with either Microsoft or another WSUS instance that is *not* a site system in the hierarchy.

    Jason | https://home.configmgrftw.com | @jasonsandys

    • Proposed as answer by Gerry HampsonMVP Sunday, July 5, 2020 3:20 PM
    • Marked as answer by Arunrana5050 Tuesday, July 7, 2020 2:25 PM
    • Unmarked as answer by Arunrana5050 Tuesday, July 7, 2020 3:52 PM
    • Marked as answer by Arunrana5050 Wednesday, July 8, 2020 3:31 PM
    Saturday, July 4, 2020 11:39 PM

All replies

  • That would be an incorrect, circular configuration. Updates wouldn't be processed. I'm not sure if there's anything in the UI to prevent you from doing this, but as noted, it won't work and makes no sense to configure this way.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Thursday, July 2, 2020 3:53 PM
  • Hi,

    Thanks for posting in TechNet.

    Could we check if a site system in DMZ be able to connect Intranet as the top level site? 

    If so, we could install a site system in DMZ and configure just WSUS as upstream server, and then the sup of the top level site could download meta data from the WSUS of upstream server. 

    Generally, the SUP which connectes to Microsoft must be installed on top level site. 

    Thanks for your time.

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Amanda You Friday, July 3, 2020 10:06 AM
    Friday, July 3, 2020 6:36 AM
  • Hi jason.  so  you mean to say there is way we can make  a site system placed at dmz zone our upstream server ...right ?

    Upstream server should b our top most site and then we can configure a site system at dmz zone from which clients can take data.. is this right ?

    Saturday, July 4, 2020 2:51 AM
  • No, you can never make a site system or a SUP an upstream server. The first installed SUP is always the top WSUS instance in the ConfigMgr hierarchy. You can choose to sync this WSUS instance with either Microsoft or another WSUS instance that is *not* a site system in the hierarchy.

    Jason | https://home.configmgrftw.com | @jasonsandys

    • Proposed as answer by Gerry HampsonMVP Sunday, July 5, 2020 3:20 PM
    • Marked as answer by Arunrana5050 Tuesday, July 7, 2020 2:25 PM
    • Unmarked as answer by Arunrana5050 Tuesday, July 7, 2020 3:52 PM
    • Marked as answer by Arunrana5050 Wednesday, July 8, 2020 3:31 PM
    Saturday, July 4, 2020 11:39 PM
  • You can find this in the official docs

    https://docs.microsoft.com/en-us/mem/configmgr/sum/plan-design/plan-for-software-updates#BKMK_WSUSSyncSource

    "Typically, the top-level site in your hierarchy is configured to synchronize software updates metadata with Microsoft Update. When your organizational security policy doesn't allow the top-level site to access to the internet, configure the synchronization source for the top-level site to use an existing WSUS server. This WSUS server isn't in your Configuration Manager hierarchy".



    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Sunday, July 5, 2020 3:22 PM
  • ok i think finally i understood the concept , instead of placing site system at dmz  zone i just need a server configured with wsus which i can use at upstream server for my top site.

    i think i am right this time :)

    Tuesday, July 7, 2020 2:27 PM
  • thanks gerry i have checked that post. i just wanted to know if i have a plan to place a system at dmz  zone and then use that system as upstream  , how could i do this .I think  jason helped me alot in this
    Tuesday, July 7, 2020 2:29 PM