Need to add windows updated to a WSUS that has no internect connection.

All replies

• 

  

  0

  Sign in to vote

  Hi Raf,
   
  Thanks for your posting.
   
  Depending on your description, you could refer to the following steps.
   
  1. Install a WSUS server on the disconnected network segment. This server is known as the WSUS import server. 
  
  2. Synchronize updates and metadata to a WSUS server that is connected to the Internet. This server is known as the WSUS export server.
  
  3. Transfer the required updates and metadata from the WSUS export server to removable media.
  
  4. Transport the removable media to the WSUS import server.
  
  5. Import the updates and metadata to the WSUS import server.
  
  6. Manage and download updates to client computers on the disconnected network segment by using the WSUS import server.
   
  Please refer to the following link:
  https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939873(v=ws.10)?redirectedfrom=MSDN
   
  If you have any updates, please keep us in touch.
   
  Regards,
  Rita

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  
  

  • Edited by Rita HuMicrosoft contingent staff Monday, June 1, 2020 9:55 AM
  • Marked as answer by Raf Biton Thursday, June 4, 2020 7:01 AM

  Monday, June 1, 2020 9:43 AM
• 

  

  0

  Sign in to vote

  Hi Raf,
   
  It seems there is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?
   
  If you have any questions, please keep us in touch.
   
  Regards,
  Rita
  

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Thursday, June 4, 2020 6:52 AM
• 

  

  1

  Sign in to vote

  Hi Raf,
   
  I am glad to hear that your issue was successfully resolved. If there is anything else we can do for you, please feel free to post in the forum.
   
  Best Regards,
  Rita
  

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Friday, June 5, 2020 1:57 AM
• 

  

  0

  Sign in to vote

  Hi Rita, 

  Thanks for the help & support.

  Some issues trying to follow the steps you offered:

  1.wsusutil export failes to exoort due to the cab file is to big... try another util 

  2. Windows backup doesn't restore the \WsusContent folder.

  So I kind of "stuck" on this way to move the data ftom the export wsus server to the internal wsus server.

  Raf Biton

  Sunday, June 7, 2020 5:17 AM
• 

  

  0

  Sign in to vote

  Hi Raf,
   
  Thanks for your posting.
   
  The exported cab file is too large. 
  If the number of updates approved at one time is too large, it is recommended that you approve them in batches and then import and export. 
   
  The current environment may store too many cab files, it is recommended that you consider deleting the current WSUS server、related binaries and metadata files, and then try to rebuild WSUS. Please refer the following steps:
  To remove WSUS completely, you need to:
  1. Remove the following server roles and features through Server Manager:
  Roles: Windows Server Update Server
  features: Windows Server Update Services Tools(at Remote Server Administration Tools -> Role Administration Tools)
  Follow the wizard prompts to complete the deletion. Then restart the server.
  
  2. After the server is restarted, manually delete the folder or file of the following path:
  - C:\WSUS (this depends on where you choose to install WSUS)
  - C:\Program Files\Update Services
  
  3. Delete database files
  If you use SQL Server Management Studio to delete a database, you can try as follow.
  In Object Explorer, connect to an instance of the SQL Server Database Engine, and then expand that instance.Expand Databases, right-click the database to delete, and then click Delete.Confirm the correct database is selected, and then click OK.
  
  If you use a WID database, it is recommended to delete the following path folders:
  C:\Windows\WID
  
  4. In the IIS Information Services (IIS) Manager, manually remove the WSUS Administration site. Then restart the server. 
   
  If you have any updates, please keep us in touch.
   
  Regards,
  Rita
  

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Edited by Rita HuMicrosoft contingent staff Tuesday, June 9, 2020 2:46 AM

  Tuesday, June 9, 2020 2:43 AM
• 

  

  0

  Sign in to vote

  Hi Raf Biton,
  
  Thanks for your time.
  
  May we know the current status of the problem? Due to the internal limit of CAB files is 2 GB included files. Because the process of rebuilding the WSUS server is cumbersome, it is recommended that you consider changing the export file format.
  
  Please consider importing and exporting metadata with the following command:
  wsusutil.exe export export.xml.gz export.log
  wsusutil.exe import import.xml.gz import.log
  
  Here is a link just for your reference:

  https://docs.microsoft.com/en-us/archive/blogs/wsus/problem-solved-the-wsus-export-bug

  
  If you have any updates about this issue, please let me know.
  
  Regards,
  Rita 

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Edited by Rita HuMicrosoft contingent staff Wednesday, June 10, 2020 6:46 AM

  Wednesday, June 10, 2020 6:45 AM
• 

  

  0

  Sign in to vote

  Hi Rita,

  1. The cab file that I tried to export with wsusutil.exe was 25 KB , and yet I got the file to big failure.

  2. The command "wsusutil.exe export export.xml.gz export.log " exports all WSUS updates.

  Since not all updates that were published will be installed on my private servers and workstation, I need a way to selectively export updates (one at a time) - like the wsusutil.exe %updatename%.cab logfile.log

  Raf Biton

  Wednesday, June 10, 2020 7:19 AM
• 

  

  0

  Sign in to vote

  Hi Raf Biton,
   
  Thanks for your posting.
   
  In my opinion, the WSUS does not seem to be able to filter and export some specific updates. Because the WSUS server is in the form of a package when importing and exporting, there may be no way to filter. If WSUS has any updates to this feature, I will notify you the first time.
   
  Regards,
  Rita

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Edited by Rita HuMicrosoft contingent staff Wednesday, June 10, 2020 7:32 AM

  Wednesday, June 10, 2020 7:31 AM
• 

  

  0

  Sign in to vote

  Hi Raf Biton,
   
  It seems there is no update for a couple of days. May we know the current status of the problem? Is there any other assistance we can provide?
   
  If you have any questions, please keep us in touch.
   
  Regards,
  Rita

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Tuesday, June 16, 2020 2:29 AM
• 

  

  0

  Sign in to vote

  Hi,

  I've installed a WSUS Export Server (connected to the Internet) and marked "Windows 10" for updates download.

  878 updates were added to the WSUS Export server.

  I choose a critical update (KB3125217) and approved it for installtion. The \WSUSContent library was added 3 more folders.

  I've backed-up the \wsuscontent and restored to the Imort WSUS server.

  Also I used wsutiles to export and import METADATA.

  Now' I've approved the same update (KB3125217), and created a GPO in my DC to direct ro updated to the import server.

  The update was not installed.

  Can you help on this ? Is there a log to understand what is wrong ?

  I can see that from ActiveDirectory point of view the GPO was asimilated. 

  But trying to manually start windows updates from "Settings" writes that "You're up tp date"

  Sunday, June 21, 2020 8:38 AM
• 

  

  1

  Sign in to vote

  Hi Raf Biton,
   
  Thanks for your time.
   
  We could check Windowsupdate.log to see the client update installation status. Open the PowerShell as an administrator and enter the following command: get-windowsupdate.log to check Windowsupdates.log
   
  Regards,
  Rita 

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Edited by Rita HuMicrosoft contingent staff Monday, June 22, 2020 3:29 AM
  • Marked as answer by Raf Biton Sunday, July 5, 2020 9:11 AM

  Monday, June 22, 2020 3:27 AM
• 

  

  0

  Sign in to vote

  Hi,

  Some good news.

  The updates for WINDOWS 10 clients were installed via the Groupolicy I've created.

  Updates for Server2016 are nhot being installed, It looks like that the GPO is not "working" on machins with Server 2016.

  The GPO has a Link Enabled under the root domain object.

  Any hints why ? 

  How how to debug the issue ?

  Raf Biton

  
  

  ---

  Raf Biton CNE|MCSE

  Sunday, July 5, 2020 9:10 AM
• 

  

  0

  Sign in to vote

  Hi Raf,
   
  Thanks for your response.
   
  What is the meaning of "Updates for Server2016 are nhot being installed, It looks like that the GPO is not "working" on machins with Server 2016"? Windows server 2016 client does not detect updates or updates but cannot install. Open CMD as an administrator and enter the "rsop" command to check the Windows Server 2016 Client Group Policy settings. If there is no problem with Group Policy settings, consider checking the Windowsupdate.log in the Windows Server 2016 client.
   
  If you have any updates about this issues, please keep us in touch. I will try my best to help.
   
  Regards,
  Rita

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Monday, July 6, 2020 2:47 AM
• 

  

  0

  Sign in to vote

  Hi Rita

  After waiting a while it looks like the updates were installed both on WIN10 and Server2016 machines.

  I wonder why I can't see the "Some Settings are managed by your organization" message in the windows update screen on Server 2016 machines. That what led me thinking that the group policy is not working on  those machines.

  Raf

  ---

  Raf Biton CNE|MCSE

  Monday, July 6, 2020 1:24 PM
• 

  

  0

  Sign in to vote

  Hi Raf,
   
  Tanks for your response.
   
  It is glad to hear that your issue was successfully resolved. As for the Windows Server 2016 client you mentioned above can't see the "Some Settings are managed by your organization" message. This is a different system version that causes. Windows Server 2016 clients do have this phenomenon. However, you could check client group policy settings in the following ways:
  Open CMD as an administrator and enter "rsop" to check group policies setting.
   
  Thanks for your time.
   
  Regards,
  Rita

  ---

  Please remember to mark as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  Tuesday, July 7, 2020 5:30 AM