Installing SUP on Remote Server in Tiered Hierarchy RRS feed

  • General discussion

  • I wanted to throw up a quick post on a few caveats for settings up a "remote SUP" (WSUS) in Configmgr 2012.  These are the "same rules apply" as with Configmgr 2007, but I got caught by this trap - so I thought I'd share.  Hopefully if someone runs into this in the future, they will find this when searching for an answer!

    Desired Situation:  Tiered Site (Central, Primaries), Remote SUP for one or more Primary.   For those individuals with large regional footprints, this may be a common situation.

    Actual Situation:  You install WSUS Full Install on the central, you install WSUS Full installation on your remote SUP server (your choice whether to use the database on your primary or the sql express option).  You then install the SUP on the Central Admin Site - it succeeds and syncs.  You then install the SUP on the remote server (which you specify will be in your primary's site).  The SUP install/configure succeeds, but syncronization on the primary does not occur - and you are left with an unusual "setup" icon in the SUP Synchorication in monitoring with no status. 

    The WCM.log:

    • This PRIMARYSITENAME.FQDN.COM system will Sync from the parent site's WSUS Server as it is not the Top Site. SMS_WSUS_CONFIGURATION_MANAGER 9/4/2012 3:43:05 PM 6764 (0x1A6C)
    • The installed WSUS build ( does not have the valid and supported WSUS Administration DLL assembly version. Please install WSUS 3.0 SP2(minimum 3.1.6001.65) or above SMS_WSUS_CONFIGURATION_MANAGER 9/4/2012 3:43:05 PM 6764 (0x1A6C)


    • You must install the WSUS administrator console on the "Primary Site."  Synchronization starts and configuration is still performed by the primary site, so the WSUS dll's are required to be installed on the Primary site - even though it is not the SUP. 
    • You do get a nice warning in the "pre-requisites" when you do the actual site isntallation, I just hadn't realized that if the SUP was remote - it would still be needed.
    • The Primary checks every 60 minutes for the DLL's, so if you install the WSUS Admin Console once you find the error message, just wait 60 minutes and it will then finish the configuration and kick off the sync!

    Hope this helps!  If you have a single primary, it's easier to remember to perform this step since synchronization and the SUP install can't even start w/out the admin console installed - but if you have a tiered site, it's a bit harder to determine since the SUP installs, and you just get synchronization failure.

    P.S.  Ensure you follow all the other configuration requirements as well if you are stuck with a remote sup install:

    • Edited by Beamer25 Wednesday, September 5, 2012 9:23 PM
    Wednesday, September 5, 2012 9:21 PM

All replies

  • Is there a method to remove this stuff? We have an admin who configured this only partially and now we have all the wsus components in an error state. I have already removed the wsus role from the site server, so I'm at a loss at what to do next. 

    Jeffrey S. Patton Jeffrey S. Patton Systems Specialist, Enterprise Systems University of Kansas 1001 Sunnyside Ave. Lawrence, KS. 66045 (785) 864-0242 | http://patton-tech.com

    Tuesday, September 11, 2012 4:13 PM
  • Thank you Beamer, this helped immensely.  In my case, I have a single primary site but was installing the SUP role on a remote site server.  I was getting the same "build(" error.  After installing the WSUS console on the primary site server, all was well.  Thanks again!
    Monday, December 17, 2012 8:27 PM