This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

WSUS Patching to more than 1000 server

Question
0

Sign in to vote
Hi Team,

I just joined a company where my role to patch up more then 1000 Windows server.

Here WSUS is installed in Infra. Can you suggest the way:

1) how to test the patches before deploying on test server

2) After testing the patches, how i will deploy on huge production servers.

Also please suggest how to troubleshoot and identify the patch if it creates a problem.

Thanks,

Ankit
- Moved by Mahdi Tehrani Wednesday, October 9, 2019 2:33 PM
Wednesday, October 9, 2019 5:02 AM

All replies

0

Sign in to vote
Hello,
Thank you for posting in our TechNet forum.

1) how to test the patches before deploying on test server.

1. We can view the patches function and whether there is any known issue for the patches before deploying them.
2. We can deploy the patches only on test server through WSUS. Then deploy them on production servers.

2) After testing the patches, how i will deploy on huge production servers.

WSUS server can be in the domain or not in the domain. We can deploy the two GPO settings.

Computer Configuration > Policies > Administrative Templates > Windows components > Windows Update > Configure Automatic Updates
Computer Configuration > Policies > Administrative Templates > Windows components > Windows Update > Specify Intranet Microsoft Update Service Location

Reference:
Step 4: Configure Group Policy Settings for Automatic Updates

3)Also please suggest how to troubleshoot and identify the patch if it creates a problem.

For common problems we can refer to the article Fix Windows Update errors.

For the specific problem that we can not resolve through the above link troubleshoot steps, we can post the question or problem in the WSUS forum.
https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverwsus

Thank you for your understanding and support.

Best Regards,
Daisy Zhou

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Edited by Daisy ZhouMicrosoft contingent staff Wednesday, October 9, 2019 9:49 AM
Wednesday, October 9, 2019 9:48 AM
0

Sign in to vote

1) how to test the patches before deploying on test server

You can approve relevant patch from WSUS to particular test server or can be download patch from update catalog and install manually on that test server. Then you can check

For more info, refer below,

https://social.technet.microsoft.com/Forums/en-US/967d9553-5228-46f5-8a61-4cd81bbbfe8b/automatic-updates-patch-testing-best-practices-case-studies?forum=winserverwsus

2) After testing the patches, how i will deploy on huge production servers.

You can approve patch from WSUS server by using group level or using approval rules.

for more info, refer below,

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/3-approve-and-deploy-updates-in-wsus

http://woshub.com/wsus-update-approvals/

Also please suggest how to troubleshoot and identify the patch if it creates a problem.

For troubleshooting, refer below,

https://gallery.technet.microsoft.com/Troubleshooting-WSUS-d63da113?redir=0

https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc

Please refer below to know more about WSUS server.

https://www.youtube.com/watch?v=_WCfPUFthb0

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/update-management-with-windows-server-update-services

https://www.youtube.com/watch?v=3T1ggnxYsbQ

Friday, October 11, 2019 1:54 AM