locked
Should I install a new WSUS implementation or move my existing one? RRS feed

  • Question

  • I have an older server running my WSUS on my domain. I need to retire the old hardware so I am looking to move WSUS to a new server. My question is can I just install WSUS on the new server, and then change my group policy to have my clients point to it instead of the old server or should I move the contents of the old server to the new one? I know that if I move the updates etc. that I will not have to download them again, but honestly, I would like a fresh install. I am just not sure if I can do it and if all I need to do is install it on the new server and change the GP settings????? Thanks.
    Wednesday, August 27, 2014 11:25 PM

Answers

  • If you do a fresh install, this means a new WSUS database.
    All the information in the database will need to be rebuilt (which may not be a concern for you).

    Information which would be lost (and need to be rebuilt):

    - all computer groups (e.g. if you have defined groups of computers, with differing approvals for different groups, for whatever reason)

    - all updates which were downloaded, approved, declined

    - all history for all aspects, including reports

    - all products selected for sync, and all classifications selected for sync and all languages selected for sync

    - upstream/downstream WSUS relationships

    - automatic approval rules

    e.g., if you only have a single WSUS server, and only manage Windows7 and Office2010, and, you approve and deploy everything, only for English, and you don't care about the history of managed clients and don't ever run reports - that's maybe a simple decision for you to make. If you also aren't fussed about downloading lots of data from MS over the web, that's a simple choice also.

    There are probably many other considerations, but that might not be terribly important, if you have plenty of time on your hands, and initially at least, accept that you might not have a like-for-like cutover. The managed clients won't really be doing "extra" work in either case - but you might be tinkering at the server for a while until you get whatever parity you hoped for.

    Understand that the update files themselves (the actual patches) are going to end up exactly the same as what you have (assuming that you configure as identical products/classifications/languages, and you've been doing the regular maintenance via SCW etc).

    This also assumes that your older server is "healthy" and isn't being replaced due to failures (failures which could have been causing WSUS database integrity issues, for example). If your WSUS has been a source of grief for you, then maybe a clean install is a very good decision :)


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Thursday, August 28, 2014 6:59 AM
    • Marked as answer by Steven_Lee0510 Friday, September 5, 2014 6:58 AM
    Thursday, August 28, 2014 6:58 AM

All replies

  • If you have no problem with downloading all updates you can install a new server and just change the gpo settings to point to the new wsus server.
    Thursday, August 28, 2014 6:43 AM
  • Better start with the new server. In my experience I've re-installed WSUS a couple of times as the clean install is always without all the "noise" created in the past (old retired updates, logs etc ...). GPO change is not a big deal.

    Thursday, August 28, 2014 6:55 AM
  • If you do a fresh install, this means a new WSUS database.
    All the information in the database will need to be rebuilt (which may not be a concern for you).

    Information which would be lost (and need to be rebuilt):

    - all computer groups (e.g. if you have defined groups of computers, with differing approvals for different groups, for whatever reason)

    - all updates which were downloaded, approved, declined

    - all history for all aspects, including reports

    - all products selected for sync, and all classifications selected for sync and all languages selected for sync

    - upstream/downstream WSUS relationships

    - automatic approval rules

    e.g., if you only have a single WSUS server, and only manage Windows7 and Office2010, and, you approve and deploy everything, only for English, and you don't care about the history of managed clients and don't ever run reports - that's maybe a simple decision for you to make. If you also aren't fussed about downloading lots of data from MS over the web, that's a simple choice also.

    There are probably many other considerations, but that might not be terribly important, if you have plenty of time on your hands, and initially at least, accept that you might not have a like-for-like cutover. The managed clients won't really be doing "extra" work in either case - but you might be tinkering at the server for a while until you get whatever parity you hoped for.

    Understand that the update files themselves (the actual patches) are going to end up exactly the same as what you have (assuming that you configure as identical products/classifications/languages, and you've been doing the regular maintenance via SCW etc).

    This also assumes that your older server is "healthy" and isn't being replaced due to failures (failures which could have been causing WSUS database integrity issues, for example). If your WSUS has been a source of grief for you, then maybe a clean install is a very good decision :)


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Thursday, August 28, 2014 6:59 AM
    • Marked as answer by Steven_Lee0510 Friday, September 5, 2014 6:58 AM
    Thursday, August 28, 2014 6:58 AM