locked
Multiple WSUS servers behaving as if the are a single server. RRS feed

  • Question

  • Hi

    I’ve just setup two WSUS servers running on Server 2012 R2.

    Server1 is the upstream server synching with Windows Update.
    Server2 is the downstream server synching with Server1 and having the replica setting turned off.

    Server1 is to download and save the updates locally. Server2 is to tell computers to download approved updates from Windows Update.

    The servers aren’t set up for NLB.

    Group Policies have been setup, based on location to determine whether a computer gets directed to Server1 or Server2.

    Computers are successfully communicating with both servers.

    The problem I’m having is that any configuration change I make on one server also applies to the other.

    For Example: On Server2, when I change the Source to point to Server1, Server1 also changes its Source to be Server1, thereby making Server1 to be a downstream server of itself. When I change Server1 to point back to Windows Update, Server2 also changes its Source back to Windows Update.

    This behaviour occurs regardless of the setting I’m changing.

    I looked over the forums and found something I thought could the problem (http://social.technet.microsoft.com/Forums/en-US/2fb00066-7c8a-4f45-9c68-a3b0f86ffaa4/not-able-to-download-updates-on-client-after-migration-win2012-to-win2012-r2?forum=winserverwsus). I went through the steps suggested and found the WSUS ServerIDs on both servers were the same and so I changed the GUID on Server2. However, even this change was replicated to Server1.

    It’s as if the servers are behaving as if they’re the same server.

    Any help or suggestions would be greatly appreciated.


    • Edited by Daverino Thursday, April 24, 2014 3:20 PM Typo
    Thursday, April 24, 2014 3:17 PM

Answers

  • I’ve just setup two WSUS servers running on Server 2012 R2.

    Server1 is the upstream server synching with Windows Update.
    Server2 is the downstream server synching with Server1 and having the replica setting turned off.

    Proceeding on the presumption that the downstream server is configured as an autonomous server. (Which is quite unusual these days, thus I make note of the presumption.)

    Server1 is to download and save the updates locally. Server2 is to tell computers to download approved updates from Windows Update.

    Quite a convoluted deployment strategy, and probably totally unnecessary. Certainly it's contributing to the problem. But continuing on....

    Computers are successfully communicating with both servers.

    The problem I’m having is that any configuration change I make on one server also applies to the other.

    The ONLY way I know for this to happen at this scale with an autonomous downstream server is that you've configured BOTH servers to use the SAME database.

    Might I suggest... all things considered above... that you go READ the WSUS Deployment Guide, cover-to-cover, then come back and redesign your architecture and install ONE WSUS server from scratch.

    One additional note. I do grasp your intent to use the downstream server as a no-CONTENT server... but the conventional methodology for this is with that server in the DMZ to serve VPN clients, and configured as a REPLICA server. I'm really curious what purpose is being served by having both types of servers on the same LAN. (And I'm assuming they're on the same LAN since you were able to successfully configure the SAME database for both servers.)


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Thursday, April 24, 2014 4:15 PM