This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Upgrading WSUS from 3.0 SP2 to 4.0 (Windows Server 2012) and re-enabling SSL

General discussion
0

Sign in to vote
Hi all

Our WSUS 3.0 SP2 server was running on W2K8 R2, using a database on a remote SQL server and using SSL with 80/443 ports (not tcp/853n ports). Last week I upgraded the server to 2012. In order to upgrade, I had to uninstall WSUS on W2K8 R2, then run the OS upgrade, and add the "Windows Update Services" role. During the role installation, I was able to de-select WID (Windows Internal Database) and add the "Database" role service instead. I then was asked for the name/instance of the SQL server. After granting my current login sysadmin/securityadmin rights in the SQL server login, WSUS seemed to do some DB-maintenance and then was up and running - but [Edit 2012/09/19] on the default port and with no SSL[End Edit]. The certificate used previously (from AD) was still present in the computer certificate store, as expected.

I was unable to find much info on enabling SSL on WSUS 4.0, so I followed the advice given on the Deployment Guide for WSUS 3.0 SP2 (Section "Configuring SSL on the WSUS Server"), basically:

Start IIS Manager, stop the Default Web Site and change the bindings (i moved the port binding one up, e.g. 80 -> 81, 443 -> 444)
Edit the bindings of the WSUS Administration Site and assign 80 and 443 and select the still present certificate
Now WSUS is responding to clients but the Management Console fails. After running %ProgramFiles%\Update Services\wsusutil.exe configuressl <fqdn>
Reboot (since I was unable to find out how to restart the ClientServicingProxy as mentioned by the Deployment Guide). Now everything seems OK.

Hope this is useful for others. Ideas or suggestions for streamlining are welcome.

/Maurice
- Edited by Maurice David Wörnhard Wednesday, September 19, 2012 9:41 AM Corrected wrong port wording
Wednesday, September 19, 2012 12:48 AM

All replies

0

Sign in to vote

Last week I upgraded the server to 2012.

There's a Bleeding Edge experiment! :-)

I'm not even aware that upgrading a Win2008/WSUS server to Win2012 is a supported activity, inasmuch as a Win2008/WSUS server is a .NET2 application and a Win2012/WSUS server is a .NET4 application. Kudos to you for taking on the project!

During the role installation, I was able to de-select WID (Windows Internal Database) and add the "Database" role service instead.

But did you actually uninstall the Windows Internal Database on the Windows Server 2008 system before doing the OS upgrade? Or did this happen in the Win2012 Server Manager after the OS upgrade?

but on the wrong port and with no SSL.

Well.... port 80 is the default port, so I'm not sure what you mean by "wrong port", and SSL is not enabled by default on any WSUS installation. Enabling and configuring SSL is a user-initiated action, so everybody will definitely need to redo that work.

I am happy to hear that you were able to perform the upgrade successfully; this is definitely useful information for the community. I did a similar 'upgrade exercise' from Win2003 to Win2008 a few years ago, just to see what would happen, although there was never much use for that information as most Win2003-to-Win2008 scenarios also involved a hardware migration from x86 to x64.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Product Manager, SolarWinds
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Wednesday, September 19, 2012 2:35 AM
0

Sign in to vote

Hello Lawrence

Thanks for reading and providing feedback. Good you pointed out that saying "wrong port" actually is misleading, will change the original post. More correct would be "different port", since we previously were using 80/443 and this is not the default, so the port change has to be done manually.

The Migrate Windows Server Update Services to Windows Server 2012 Technet page was actually a good start.

It is a while since I installed WSUS 3.0 SP2 on W2K8 R2, but as far as I remember I did not install the Windows Internal Databasen since I knew I would be using a remote SQL database.

/Maurice

Wednesday, September 19, 2012 9:40 AM
0

Sign in to vote

The Migrate Windows Server Update Services to Windows Server 2012 Technet page was actually a good start.

Interesting. Was not aware of that resource... but then <sigh> they don't talk to me much at all these days. But looking at it I see it appears to be an updated version of a previous document for migrating to/from any server. The procedure is somewhat convoluted for a migration, since WSUS has built-in migration capabilities (Install Replica; Synchronize; Migration Complete), but I imagine the detail information about the Win2012 environment would be helpful. I'll give it a full read soon.
It is a while since I installed WSUS 3.0 SP2 on W2K8 R2, but as far as I remember I did not install the Windows Internal Databasen since I knew I would be using a remote SQL database.
Ahh, yes, this would be a relevant distinction. I misunderstood your statement. (Actually I'm still very green on Win2012, so I wasn't even aware that there was a "Database" role.)
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
Product Manager, SolarWinds
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin

Wednesday, September 19, 2012 2:10 PM
0

Sign in to vote

Maurice,

I'm trying to upgrade my windows server 2008 R2 SP1 to 2012 R2, but the upgrade is failing on the last reboot. I was hoping to do in-place upgrade of my operating system, then sql on the same machine and then upgrade sccm from 2012 SP2 to sccm 1511. I uninstalled wsus 3.0sp2 before attempting to upgrade the OS to 2012R2. My sccm box is a vm running on esx6 platform. Any suggestions on how to successfully upgrade the OS? Thanks. sergei

Monday, July 25, 2016 5:57 PM
0

Sign in to vote

Hi Lawrence,

I am facing an issue while upgrading 2012r2WSUS machine to 2016DC.I am briefing about the issue below

Updrading 2012R2 to 2016DC

2012R2 Server having Windows update service3.0 SP2.

In upgrade wizard,I am getting an alert stating "uninstall Windows update service3.0 SP2 which is not compatible with Windows 10".

I am unable to uninstall this app directly from programs,so i was removed WSUS role from server manager and also deleted reg key of this WSUS.

I did restart and tried to upgrade again even though I can see same alert.

Can you help me out how to get rid of this issue.

Thanks,
Raj

Tuesday, July 30, 2019 2:42 PM
0

Sign in to vote

Raj,

Lawrence passed away many years ago.

Remove and completely reinstall WSUS

https://www.ajtek.ca/wsus/how-to-remove-wsus-completely-and-reinstall-it/
Adam Marshall, MCSE: Security
https://www.ajtek.ca
Microsoft MVP - Windows and Devices for IT

Thursday, August 8, 2019 5:24 AM