locked
Grab Superseded updates from WSUS RRS feed

  • Question

  • Hey,

    I had previously asked about how WSUS deployed updates to end clients. I was able to figure this out doing some research and scanning these forums.

    Now the thing is the server behind our TMG which has no access to the internet and which I was assuming it would grab the updates from our WSUS server instead of WU since i made the change on our WSUS server.

    Thing is its able to determine right away the list of updates it needs ("Check for updates", succeeds almost instantly and uses netstat can see the connection to WSUS as established) However whenever I click install updates I once again see attempts to connect to internet based WU servers.

    My guess is since I selected to clear the server (Clear all old stale data, including no longer needed updates. or updates older than 30 days) even though it was never set to hold updates locally so this was kind of pointless.

    The things is that server hadn't had updates installed on it since over a year ago (18/4/13). When I check the status of the listed updates on WSUS, the reports says failed on this one server...

    I was hopin thered be an option on WSUS once the update was located using search to download a local copy, this does not seem to be the case.

    Any thoughts or suggestions on how I can grab these updates from WSUS, or get WSUS to grab them from WU?

    Updates in question are: 2798897
                                            2840631
                                            2833946
                                            2804579
                                            2756921
                                            2736422
                                            2832414

    Thanks!

    • Moved by Yagmoth555MVP Wednesday, April 2, 2014 1:11 AM Moved to a more appropriate forum, thanks !
    Monday, March 31, 2014 7:26 PM

Answers


  • Hi, as the TMG might block you, I would try that; Configure a Disconnected Network to Receive Updates with a another server that can have a more direct access to the internet, could be a temporary server for the test, and copy back the DB to your server behind the TMG after.

    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!

    • Marked as answer by Zewwy Wednesday, April 9, 2014 4:33 AM
    Friday, April 4, 2014 2:12 PM

All replies

  • Hi Zewwy,

    as you discovered in your last WSUS-related post, Lawrence knows most everything about WSUS, and he spends time in the dedicated WSUS forum, where your question would attract the attention of several WSUS experts (rather than here in the general server forum).

    If you're talking about the same WSUS as your last post, it sounds like your client might still have some BITS jobs queued, and they will need to be removed from the BITS queue on the client (or else you'll need to allow those jobs to succeed)

    Depending on the OS of your client machine, clearing the BITS queue can be fiddly.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Monday, March 31, 2014 8:46 PM
  • Thanks for the suggestion. Didn't realize there was a WSUS based forum. Guess theres no way to move the question there eh?

    if not I'll create a new one there pointing here.

    Tuesday, April 1, 2014 11:20 PM
  • Hi, I will move the post there no problem, as it will attract more expert to help you there.

    Regards, Philippe

    Wednesday, April 2, 2014 1:10 AM
  • I noticed, thank you so much. Hopefully someone can help me clear this up. Never realized how difficult it was dealing with a server that doesn't have direct internet access.
    Wednesday, April 2, 2014 1:54 PM
  • Please someone help?! lol These are critical servers and I don't like thinkin there could be vulnerabilities... even though they are behind the TMG and are extremely restricted, chances are unlikly, but still..All thoughts and suggestions welcomed!

    Thursday, April 3, 2014 2:56 PM

  • Hi, as the TMG might block you, I would try that; Configure a Disconnected Network to Receive Updates with a another server that can have a more direct access to the internet, could be a temporary server for the test, and copy back the DB to your server behind the TMG after.

    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!

    • Marked as answer by Zewwy Wednesday, April 9, 2014 4:33 AM
    Friday, April 4, 2014 2:12 PM
  • Hey Philippe,

    Thank you for that link, I guess I'll have to give that a shot, kinda sucks to have to setup another whole server just to get updates on 2 segregated servers... If only there was a way to just get standalone version of each update an run them manually on these 2 servers.

    But for future updates I guess having a dedicated "import server" would be best.

    Friday, April 4, 2014 8:45 PM
  • So, these 2 servers, can't connect to the internet, but they can connect to your WSUS?
    And, you recently changed your WSUS to your WSUS doesn't host updatefiles anymore?

    For these 2 servers, could you just download the needed updatefiles, the fullfile for each update is available from the KB article (in almost all cases).


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Saturday, April 5, 2014 1:16 AM
  • +1 for Don, I agree, didn't tougth to it, but a lot less burden to manually install the update if you can do it that way

    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!

    Saturday, April 5, 2014 1:34 PM
  • Thanks for the suggestion Don. I reconfigured our WSUS to host the files locally. It was set before that clients checked WSUS for approved updates but grabbed them from online windows update servers. Now they *should* be checking and downloading the updates from our internal WSUS server.
    Wednesday, April 9, 2014 4:35 AM
  • Now the thing is the server behind our TMG which has no access to the internet and which I was assuming it would grab the updates from our WSUS server instead of WU since i made the change on our WSUS server.

    Looks like I've already answered this question in this thread (and now I have the "missing thread" referenced by the other one). To be fair... today I'm reading from most recent post to older, so that's a contributing factor. (If the forums devs ever fix the current inability to easily identify NEW posts...)

    It seems to be just an issue of creating the proper Web Publishing Rule for the WSUS Server.

    (And to be clear... this is actually a Forefront TMG question, not a WSUS question either.)

    ===

    Supplemental... having read the rest of the thread, I'm still confused, because I don't see anywhere an actual description of the environment. There's confusing and conflicting statements about a client talking to WSUS, downloading files from the Internet (which if the WSUS server didn't have a content store is the answer to that question).. and some other conversation about the WSUS Server not having Internet access.

    So.. maybe.. the proper approach here is to start back at the beginning, identify the actual environment, the desired behaviors, and go from there.

    And.. with respect to the thread subject line.. what does superseded updates have to do with any of this?


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.



    Thursday, April 10, 2014 4:23 PM