locked
configuration on getting Microsoft update online RRS feed

  • Question

  • If I configure to store update files remotely on Microsoft servers, enable client-side targeting on gpo, leave "specify intranet Microsoft update service location" not configured, how can the client machine know where to get approved updates to install because there is no setting or gpo to let client machines to contact a particular wsus server? Therefore, no computers report to WSUS server even with "enable client-side targeting" gpo there.   I am lost.

    Based on the Microsoft document, updates are still approved on the WSUS server, but each client connects to the Internet to download the approved updates from Microsoft servers. But how???



    • Edited by L14507 Thursday, April 28, 2016 8:47 PM
    Thursday, April 28, 2016 8:34 PM

Answers

  • Hi L14507,

    >But the key question is how to set "specify intranet Microsoft update service location".

    "specify intranet Microsoft update service location" is your WSUS server.

    If we choose to store the update files on Microsoft Update, then the WSUS server obtains only update information (metadata) for the criteria you specifics on the synchronization Options page.

    In this scenario, the update files come directly from Microsoft Update and are downloaded at the time of installation on the client computers receiving updates. We need to make sure your client computers have direct access to Microsoft Update.

    >Are client machines smart enough to get updates directly on microsoft update website?

    In another word, we can manage updates via WSUS server while clients download these updates files from Microsoft Update.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, April 29, 2016 6:08 AM
  • <...> "specify intranet Microsoft update service location". If I put my wsus server there, then all the workstations will direct to get updates from wsus server but I have configured to store updates on Microsoft server. Are client machines smart enough to get updates directly on microsoft update website? Do I miss anything here?

    You must specify intranet MS update service location, to cause your workstations to refer to your WSUS server.
    The settings you configure on your WSUS server (eg do not store updates on local server) will cause the workstations to be directed to the microsoft update website for update package download.

    So, in this scenario, WSUS instructs the workstation that the workstation must directly download the update packages.

    The workstation scans/detects against the metadata sourced from your WSUS.
    The workstation now has a list of "missing/required/applicable" updates.
    The workstation then checks for Installation Approvals (approved by you on WSUS) from your WSUS.
    The workstation then downloads the update packages from Microsoft update website.
    The workstation then commences installation of the approved+downloaded updates.
    The workstation then reports status (downloaded/installed/rebooted/etc) to your WSUS.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by L14507 Friday, April 29, 2016 1:36 PM
    Friday, April 29, 2016 8:37 AM

All replies

  • If I <....> leave "specify intranet Microsoft update service location" not configured, how can the client machine know where to get approved updates to install because there is no setting or gpo to let client machines to contact a particular wsus server?


    The client machine cannot know without this setting, so you *must* configure this setting, else your client will not contact your WSUS.

    client-side targeting is irrelevant for this purpose, since client-side targeting requires that the client computer is configured for a WSUS server.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Thursday, April 28, 2016 9:41 PM
  • That makes sense to me. But the key question is how to set "specify intranet Microsoft update service location". If I put my wsus server there, then all the workstations will direct to get updates from wsus server but I have configured to store updates on Microsoft server. Are client machines smart enough to get updates directly on microsoft update website? Do I miss anything here?
    Friday, April 29, 2016 12:05 AM
  • Hi L14507,

    >But the key question is how to set "specify intranet Microsoft update service location".

    "specify intranet Microsoft update service location" is your WSUS server.

    If we choose to store the update files on Microsoft Update, then the WSUS server obtains only update information (metadata) for the criteria you specifics on the synchronization Options page.

    In this scenario, the update files come directly from Microsoft Update and are downloaded at the time of installation on the client computers receiving updates. We need to make sure your client computers have direct access to Microsoft Update.

    >Are client machines smart enough to get updates directly on microsoft update website?

    In another word, we can manage updates via WSUS server while clients download these updates files from Microsoft Update.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, April 29, 2016 6:08 AM
  • <...> "specify intranet Microsoft update service location". If I put my wsus server there, then all the workstations will direct to get updates from wsus server but I have configured to store updates on Microsoft server. Are client machines smart enough to get updates directly on microsoft update website? Do I miss anything here?

    You must specify intranet MS update service location, to cause your workstations to refer to your WSUS server.
    The settings you configure on your WSUS server (eg do not store updates on local server) will cause the workstations to be directed to the microsoft update website for update package download.

    So, in this scenario, WSUS instructs the workstation that the workstation must directly download the update packages.

    The workstation scans/detects against the metadata sourced from your WSUS.
    The workstation now has a list of "missing/required/applicable" updates.
    The workstation then checks for Installation Approvals (approved by you on WSUS) from your WSUS.
    The workstation then downloads the update packages from Microsoft update website.
    The workstation then commences installation of the approved+downloaded updates.
    The workstation then reports status (downloaded/installed/rebooted/etc) to your WSUS.


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Marked as answer by L14507 Friday, April 29, 2016 1:36 PM
    Friday, April 29, 2016 8:37 AM
  • thank you very much, Anne He and DonPick!

    Now I understand how that thing works now. :-)

    Friday, April 29, 2016 1:38 PM