none
SCCM 2012 and external WSUS Correct integration?

    Question

  • Hello. I have installed and configured SCCM 2012.
    Now I'm trying to integrate it to existing WSUS server (on other machine)

    I have installed WSUS Console on SCCM Machine and i've added SCCM2012 machine to existing WSUS Groups: Administrators, WSUS Administrators
    WSUS also signed with correct certificate and can be opened on SCCM Machine thru WSUS Console

    Windows Versions:

    SCCM2012: Windows Server 2008R2 Enteprise SP1
    WSUS: Windows Server 2008R2 Enteprise SP1

    WSUS Versions:

    SCCM 2012: Console 3.2.7600.226
    WSUS: Server and console 3.2.7600.226

    I've added WSUS as "Software update point" to SCCM, and Synchronized updates, here is wsyncmgr.log file:

    Synchronized update 1c0c3f17-9423-4f9c-9267-811bbb6a0690 - Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1386.0).    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:21:55    4048 (0x0FD0)
    Synchronized update 9a353803-831e-4a35-b4ac-ed0eef98077b - HTTP Malware Definition Update for Microsoft Forefront Threat Management Gateway (Antimalware 1.127.1386.0).    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:21:58    4048 (0x0FD0)
    Synchronized update 78efada7-895e-49ff-9fc2-c08458495f3f - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.127.1386.0).    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:05    4048 (0x0FD0)
    Synchronized update 526b85fb-b88b-4506-97a8-bab2441cae09 - Definition Update for Microsoft Forefront Client Security - KB977939 (Definition 1.127.1386.0).    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:12    4048 (0x0FD0)
    sync: SMS synchronizing updates, processed 18937 out of 18937 items (100%)    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:12    4048 (0x0FD0)
    sync: SMS synchronizing updates, processed 18937 out of 18937 items (100%)    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:12    4048 (0x0FD0)
    Removing unreferenced updates...    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:12    4048 (0x0FD0)
    sync: SMS performing cleanup    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:12    4048 (0x0FD0)
    sync: SMS performing cleanup, processed 202 out of 202 items (100%)    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:14    4048 (0x0FD0)
    Removed 202 unreferenced updates    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:14    4048 (0x0FD0)
    Done synchronizing SMS with WSUS Server wsus.domain.ltd    SMS_WSUS_SYNC_MANAGER    06/06/2012 00:22:14    4048 (0x0FD0)


    Also WSUS reported correct sync as well.

    So it works.

    However, when i'm trying to publish SCCM Client to be available thru Software Update Based Installation, it went to error and never get published, WCM.log:

    Successfully connected to server: wsus.domain.ltd, port: 8531, useSSL: True    SMS_WSUS_CONFIGURATION_MANAGER    06/06/2012 17:31:42    3488 (0x0DA0)
    PublishApplication(7da1560d-a721-47a2-a110-2f6e6b248822 - 0) failed with error System.InvalidOperationException: Publishing operation failed because the console and remote server versions do not match.~~   at Microsoft.UpdateServices.Internal.BaseApi.Publisher.LoadPackageMetadata(String sdpFile)~~   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetPublisher(String sdpFile)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.PublishApplication(String sPackageId, Int32 nRevision, String sSDPFile, String sCabFile)    SMS_WSUS_CONFIGURATION_MANAGER    06/06/2012 17:31:42    3488 (0x0DA0)
    ERROR: Failed to publish sms client to WSUS, error = 0x80131509    SMS_WSUS_CONFIGURATION_MANAGER    06/06/2012 17:31:42    3488 (0x0DA0)

    Please suggest

    Thursday, June 07, 2012 9:58 AM

Answers

  • As mentioned though, using a pre-existing WSUS server is highly discouraged and *will* cause you issues. Is there a reason you must use that instance of WSUS?

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, June 08, 2012 1:26 AM
  • What downstream servers? When integrated into ConfigMgr, WSUS should be used for ConfigMgr and only ConfigMgr. You should never go into the WSUS console to do any administration.

    As for the original issue, errors messages may mislead because they are generic or misinterpreted, but they never lie: "Publishing operation failed because the console and remote server versions do not match".


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys


    Saturday, June 09, 2012 2:33 AM

All replies

  • Was this a previosuly used WSUS server?

    If so, bad joo-joos there. You should always start with a clean and fresh WSUS instance to ensure the metadata is not affected by any prior approvals or declines in WSUS -- having these will adversely affect ConfigMgr.

    Also, there is no need to grant any WSUS permisisons to ConfigMgr as ConfigMgr doesn't do anything in WSUS.

    The error message above clearly indicated a version mismatch between the admin console you installed on the site server and your remote WSUS instance.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Thursday, June 07, 2012 2:19 PM
  • Yes this WSUS server has been used for ages as Master server, and also, previous SCCM 2007 was integrated to it

    versions are exactly the same, I've triple-checked. maybe there is a way to check versions any other way?

    I've checked - add remove programs, .exe files versions, console versions, etc.

    Thursday, June 07, 2012 3:03 PM
  • As mentioned though, using a pre-existing WSUS server is highly discouraged and *will* cause you issues. Is there a reason you must use that instance of WSUS?

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, June 08, 2012 1:26 AM
  • Not really, i can reinstall this WSUS server from scratch and reconfigure downstream servers. I thought it must work if sync between sccm and wsus succeeded

    So your post isn't actually an answer for the problem, it's just a suggestion to avoid using old WSUS with SCCM2012

    Probably will need to reinstall...

    Friday, June 08, 2012 9:07 AM
  • What downstream servers? When integrated into ConfigMgr, WSUS should be used for ConfigMgr and only ConfigMgr. You should never go into the WSUS console to do any administration.

    As for the original issue, errors messages may mislead because they are generic or misinterpreted, but they never lie: "Publishing operation failed because the console and remote server versions do not match".


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys


    Saturday, June 09, 2012 2:33 AM
  • Successful published and approved package 7da1560d-a721-47a2-a110-2f6e6b248822 - 0 for Install to a0a08746-4dbe-4a37-9adf-9e7652c0b421, Deadline UTC time= 2012.06.07. 16:30:32    SMS_WSUS_CONFIGURATION_MANAGER    11/06/2012 16:18:22    3716 (0x0E84)

    Monday, June 11, 2012 1:46 PM