locked
WSUS RRS feed

  • Question

  • Hi everyone

    i am using SCCM 2012 R2
    i cannot Push Microsoft updates on Windows Servers as our license support only Client OS.

    My network is an internal network not connected to outside world.
    I want to  come up with 2 WSUS servers 

    One WSUS server connected to the internet and one WSUS server connected to my internal network
    where i will export metadata from internet WSUS Server and import it in internal WSUS server.

    I will use software update point where i can push microsoft updates using SCCM on client computers and
    i want to use WSUS to push updates on windows servers.

    Will this work out for me.


    Monday, December 8, 2014 4:27 PM

Answers

All replies

  • You can't use the same WSUS server to publish updates as stand alone WSUS and SCCM too.

    John Marcum | Microsoft MVP - Enterprise Client Management
    My blog: System Center Admin | Twitter: @SCCM_Marcum | Linkedin: John Marcum

    Monday, December 8, 2014 5:15 PM
  • here's a link related to using Software Updates in an isolated environment:

    http://blogs.technet.com/b/aaronczechowski/archive/2008/11/11/configmgr-software-updates-on-an-isolated-network.aspx

    The WSUS instance installed along side the Software Update Point is dedicated to SCCM; do not try to use it for other purposes. You use another internet connected WSUS to export and import into the internal/SCCM WSUS.

    Monday, December 8, 2014 5:22 PM

  • So i can use internet connected WSUS to export and import into internal WSUS to push updates on WINDOWS SERVERS 2008/2012? if I dont connect to SUP in SCCM then i can also use this WSUS deploy updates on client computers?
    Monday, December 8, 2014 7:02 PM
  • For the first phrase, you are in the right path. After that, not so much.

    The intranet WSUS is to be used for SCCM ONLY. You must not configure WSUS beyond the installation (the wizard prompts to continue with the configuration, but you must not. See Gerry's guide on how to do this: http://www.gerryhampsoncm.blogspot.ie/2013/04/sccm-2012-sp1-step-by-step-guide-part.html

    Once WSUS is installed, you also need to install the SUP role (SCCM admin console) so that you can patch with SCCM. If you don't install SUP, you cannot use SCCM to patch...

    If you want to patch other devices without SCCM, setup a third WSUS server and perform the same import?

    But, do not attempt to use the SCCM WSUS to patch devices directly.

    • Marked as answer by Risingflight Monday, December 8, 2014 7:46 PM
    Monday, December 8, 2014 7:13 PM
  • Thanks alot for all the support.

    I have decided to come up with 2 WSUS servers one in internet and one in internal and i will import metadata in to internal WSUS from internet and i will update my internal servers and client computers. I will not use SCCM to patch(i will not install SUP) 

    Monday, December 8, 2014 7:46 PM