locked
WSUS integration plan RRS feed

  • Question

  • Hello friends.
    My bosses gave me an assignment to make plan how to integrate WSUS server in our infrastructure.
    So please help me with advise how to do it.
    By now i install windows server 2012 and add WSUS role on it. Test the server in test environment and everything was good.
    Now i have to accept WSUS updates in exchange servers and domain controllers, SQL servers and DMZ servers.
    My question is which one will be first to update, if some update broke the server what should i do.
    Our infrastructure is:
    4 domain controllers - 2 with windows 2008 and 2 with windows 2012 R2
    Exchange  servers(Windows Server 2012 R2 Datacenter) have 2 DAG-а with 3 mailbox servers and 2 client access servers. 
    We also have 20 child domains
    So please what will be the procedure to update. I must use GPO suppose but tell me what is the right order
    Thanks.
    Wednesday, June 22, 2016 5:47 AM

Answers

  • It sounds like you want us to give you a step by step instructions on how to do this. If you have 20 child domain which also need updating then your going to want to use multiple WSUS servers in an upstream/downstream configuration. How should you design this? It depends on the topology of your existing network and we have no way of knowing that. You really need to research how WSUS works to understand how to best integrate this into your environment.

    This forum is staffed by individuals giving up their spare time to try and help others, we are not paid to do this or offer consulting services which is what is sounds like you are asking for. We can answer specific questions when we have them but to design from scratch is another story.

    "My question is which one will be first to update, if some update broke the server what should i do."

    You are using WSUS to replace Microsoft Update. All your existing procedures relating to your clients do not have to change. You recover the same way you would currently do with manual updates, your install them in the same order you currently prefer to do.

    Wednesday, June 22, 2016 2:22 PM
  • Hi WSUSIVAN,

    >My question is which one will be first to update, if some update broke the server what should i do.

    WSUS provides the possibility for admins to manage updates for their internal network. It can store updates locally, admins can approve or decline updates for clients due to their specific requirements.

    Generally, we will not discuss what is the order to patch your domain servers. In WSUS server, we'll select all needed "Products" and "Classifications", after sync and approve, updates for these products and classifications will be available for WSUS clients at the same time. And WSUS clients will download and install needed updates for themselves at scheduled automatic update time.

    Certainly, we cannot rule out the possibility that there are some issues with specific update, such as after installing the KB, clients will crash, while we will not know it before installing, the only things we can do from WSUS server side is decline the KB timely, so that the KB will not be installed by other clients that haven't downloaded and installed it.

    Another things, if you have multiple domains and separated network topology, we'll recommend using downstream WSUS servers.

    Related articles for your reference:

    Choose a Type of WSUS Deployment

    https://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx

    Deploy Windows Server Update Services in Your Organization

    https://technet.microsoft.com/en-us/library/hh852340(v=ws.11).aspx

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, June 23, 2016 2:25 AM

All replies

  • Hi,

    Windows Forms General Discuss client application development using Windows Forms controls and features.

    Since your issue is about WSUS, I will move the thread to that forum for better support. Thanks for your understanding.

    Regards,

    Moonlight


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Wednesday, June 22, 2016 7:52 AM
  • It sounds like you want us to give you a step by step instructions on how to do this. If you have 20 child domain which also need updating then your going to want to use multiple WSUS servers in an upstream/downstream configuration. How should you design this? It depends on the topology of your existing network and we have no way of knowing that. You really need to research how WSUS works to understand how to best integrate this into your environment.

    This forum is staffed by individuals giving up their spare time to try and help others, we are not paid to do this or offer consulting services which is what is sounds like you are asking for. We can answer specific questions when we have them but to design from scratch is another story.

    "My question is which one will be first to update, if some update broke the server what should i do."

    You are using WSUS to replace Microsoft Update. All your existing procedures relating to your clients do not have to change. You recover the same way you would currently do with manual updates, your install them in the same order you currently prefer to do.

    Wednesday, June 22, 2016 2:22 PM
  • Hi WSUSIVAN,

    >My question is which one will be first to update, if some update broke the server what should i do.

    WSUS provides the possibility for admins to manage updates for their internal network. It can store updates locally, admins can approve or decline updates for clients due to their specific requirements.

    Generally, we will not discuss what is the order to patch your domain servers. In WSUS server, we'll select all needed "Products" and "Classifications", after sync and approve, updates for these products and classifications will be available for WSUS clients at the same time. And WSUS clients will download and install needed updates for themselves at scheduled automatic update time.

    Certainly, we cannot rule out the possibility that there are some issues with specific update, such as after installing the KB, clients will crash, while we will not know it before installing, the only things we can do from WSUS server side is decline the KB timely, so that the KB will not be installed by other clients that haven't downloaded and installed it.

    Another things, if you have multiple domains and separated network topology, we'll recommend using downstream WSUS servers.

    Related articles for your reference:

    Choose a Type of WSUS Deployment

    https://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx

    Deploy Windows Server Update Services in Your Organization

    https://technet.microsoft.com/en-us/library/hh852340(v=ws.11).aspx

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, June 23, 2016 2:25 AM