locked
SCCM 2012 R2 How to setup second SUP and WSUS? RRS feed

  • Question

  • I have SUP working fine on my primary site (Windows 2012 R2, SQL, WSUS and SCCM 2012 R2 all on same machine)

    I have a second site system server setup as a distribution point and working fine. I'm trying to add the SUP role, but not sure how. I'd like this second server to use the WSUS database on my primary site, but I can't find any instructions.

    Anyone have detailed steps on how to share WSUS database from pimary to remote SUP?


    • Edited by Carltonw1 Thursday, June 26, 2014 3:51 PM
    Thursday, June 26, 2014 3:40 PM

Answers

All replies

  • Why would you want to do that?


    John Marcum | http://systemcenteradmin.com



    • Edited by John Marcum Thursday, June 26, 2014 3:56 PM
    Thursday, June 26, 2014 3:56 PM
  • I have five remote offices. If I have a SUP at each location the software updates will be pushed locally instead of from my primary SUP.

    If there is a way for the primary SUP to tell the remote PCs/laptops which updates they need and then have them download directly from the Internet that would be great.
    • Edited by Carltonw1 Thursday, June 26, 2014 4:00 PM
    Thursday, June 26, 2014 3:59 PM
  • Updates come from the DP not the SUP.


    John Marcum | http://systemcenteradmin.com

    • Marked as answer by Carltonw1 Thursday, June 26, 2014 8:04 PM
    Thursday, June 26, 2014 4:01 PM
  • I had a single SUP running 125+ hostipals, 10,000 clients. No problems.

    John Marcum | http://systemcenteradmin.com

    Thursday, June 26, 2014 4:02 PM
  • John,

    Does your SUP allow for the clients to download the Windows updates directly from Microsoft or do they pull them from your DP/SUP?


    Thursday, June 26, 2014 5:47 PM
  • Clients in ConfigMgr never download updates directly from Microsoft. As John stated above, updates come from DPs. The SUP itself simply provides a thin layer of management on top of the WSUS instance -- clients never communicate with the SUP. Clients do however get the update catalog from the WUSUS instance where their SUP is installed. The initial download of the catalog is usually a bit large 10-20MB or so depending upon what you have chosen. But this is done via BITS and after the initial download only deltas are downloaded by the clients which are usually in 500KB range and also downloaded via BITS.

    To sum it up, putting a remote SUP and WSUS instance at a location provides no true benefit and will actually cause issues because clients do *not* use WSUS instances based on proximity so you could end up worse than you started.


    Jason | http://blog.configmgrftw.com

    Thursday, June 26, 2014 6:03 PM
  • Jason,

    Thanks for the clarification. If I already have the DP roloe installed on my remote site do I need anything else for software updates to work in the remote site?

    Thursday, June 26, 2014 6:07 PM
  • No, not anything other than normal site operations which includes client connectivity to the central MP and WSUS instance.

    Jason | http://blog.configmgrftw.com

    • Marked as answer by Carltonw1 Thursday, June 26, 2014 8:04 PM
    Thursday, June 26, 2014 6:21 PM
  • John and Jason,

    Thanks for your help. I had installed SUP role and WSUS instance on remote site server so I will remove both and just have DP role on remote site server.

    One more question. How can I limit bandwidth usage between my primary site server and remote site server? I plan to do OS deployment from remote site as well, but don't want to completely tie up VPN connection between offices during work hours.


    • Edited by Carltonw1 Thursday, June 26, 2014 6:42 PM
    Thursday, June 26, 2014 6:41 PM
  • For remote DPs, there is  bandwidth limiting and scheduling tab on the properties of the DP role itself in the console: http://technet.microsoft.com/en-us/library/gg682083.aspx#BKMK_ThrottlingScheduling

    Jason | http://blog.configmgrftw.com

    • Marked as answer by Carltonw1 Thursday, June 26, 2014 8:04 PM
    Thursday, June 26, 2014 7:27 PM