locked
Remote DP with SUP on 1602 - WSUS sync question RRS feed

  • Question

  • Hi all, I know this is somewhere but looking for quick answer. I have just setup a remote DP with SUP. I have WSUS setup on the remote DP as downstream. Do I need to manually run a initial sync of WSUS on the remote DP from the WSUS console or will SCCM do that on its own? I know you are not supposed to touch WSUS console after SCCM takes a hold.

    Thanks for any speedy answers!


    Edward Swible

    Tuesday, August 16, 2016 6:23 PM

Answers

  • No. Updates come from DPs. As noted, update metadata comes from WSUS. This metadata is downloaded via BITS and is generally only a delta so it will cause some traffic but not that much usually (unless you are having WSUS issues). Also as noted, clients wouldn't necessarily use the "local" WSUS instance anyway.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by Ed - LSUHSC Tuesday, August 16, 2016 8:48 PM
    Tuesday, August 16, 2016 7:57 PM

All replies

  • Why are you adding a SUP to a remote DP? Client don't choose SUPs (and really their underlying WSUS instance) based on proximity or network location. Also, clients only use SUPs to get update metadata, not updates so having one at a remote location adds limited (if any) value while adding overhead and complexity.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, August 16, 2016 6:31 PM
  • I was adding it because of a bandwidth problem. Shouldn't the clients go to the local wsus to get updates? or should just a DP be enough?

    Thanks

     

    Edward Swible

    Tuesday, August 16, 2016 6:35 PM
  • No. Updates come from DPs. As noted, update metadata comes from WSUS. This metadata is downloaded via BITS and is generally only a delta so it will cause some traffic but not that much usually (unless you are having WSUS issues). Also as noted, clients wouldn't necessarily use the "local" WSUS instance anyway.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by Ed - LSUHSC Tuesday, August 16, 2016 8:48 PM
    Tuesday, August 16, 2016 7:57 PM
  • Apparently, I had it backwards. I thought the metadata was on the DPs and the actual patch was on WSUS. So it makes sense right now about the traffic we are seeing on the network. We have a remote location that has limited bandwidth and is blaming it on our DP. So we are staging a DP for the remote site.

    The problem I have now is that they are in the same AD as the rest of us. Therefore now I have to change to networking boundaries and there a couple of hundred of those at this point.


    Edward Swible

    Tuesday, August 16, 2016 8:25 PM
  • Make sure you use IP address ranges (not subnets) and aggregate when possible.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, August 16, 2016 8:33 PM
  • As it turns out, we looking at putting a DC there and I can separate out that way which is a much simpler solution. Thanks for the info!


    Edward Swible

    Tuesday, August 16, 2016 8:48 PM