none
Import WSUS approval to security offline environmet RRS feed

  • Question

  • Hi there,

    I have a problem with a WSUS Solution on Windows Server 2019. We have one online WSUS with Internet connections.

    One Offline WSUS in Site A and one Replica WSUS in site B as a Test environment without Internet connection.

    The Productive WSUS is also one at site A and one on site B but without network connection to the test environment.

    With the online WSUS we get the Microsoft updates and copy all include the wsusutil export metadata and the WsusContent Folder to the Test WSUS on site A. Here we do the approvals. WSUS on site B is configured as a replica, this works fine. After the Test we will Copy the WsusContent folder the exported metadate (with wsusutil) and the APPROVALS to the productive environment.

    I could not find a solution to export and import the APPROVALS from the Test to the Productive WSUS Server. We Use Windows Server 2019.

    Did you guys have any idear

    THX Gerd


    Herzlichen Dank

    Tuesday, November 12, 2019 12:09 PM

All replies

  • Hi Gerd,
       

    My understanding is that if you need to transfer the contents of the test WSUS server to another WSUS server in a site that cannot connect to the Internet, you need to complete the following two aspects:
       

    1. Update metadata and update files
      This part can be exported and imported via wsusutil.exe. For reference: "Configure a Disconnected Network to Receive Updates"
         
    2. Approved update record
      There are many methods in this part, but most of them are implemented by scripts. One of the threads I have replied to has a script that can get an approval record from a WSUS and apply it to another WSUS for reference: "Synchronising approved updates between WSUS Servers"   
         

    Hope the above can help you.
      

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 13, 2019 2:35 AM
  • Hi Yic,

    THX for your answer. the Approved Update record script did not work in my environment.

    I have two offline networks, one for testing and one for productive (Security Environment without Internet connection)

    We import the MS Updates from one separate WSUS server, that works fine.

    We do the Approvemt on the test Network, now we want move the Approvals from the test to the productive WSUS. there is no network connection between the test and productive WSUS.

    So we had to copy an approval file from test to productive WSUS. In the past we could do that with the WSUS 3.0 API Samples and Tools, but after using Windows Server 2019 WSUS the Tool don´t work.

    Any solution ?

    THX
    Gerd


    Herzlichen Dank

    Monday, November 18, 2019 12:12 PM
  • Hi Gerd,
      

    For copy approval between two WSUS servers that do not have a direct network connection, provide two scripts for your reference:
       

    1. "Export WSUS Approvals per Computer Group to a CSV"
      This script can be scheduled to be used to export update approval information in the experimental environment WSUS server.
         
    2. "To Approve a list of updates in a file for a specific group in WSUS using PowerShell"
      This script can be scheduled to be used to import approvals in a production environment.
         

    These scripts also require you to modify them according to your actual situation.
    Hope the above can help you.
       

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 19, 2019 3:18 AM
  • Hi Yic,

    THX for your answer. I try to modify the first script so I can export the approvals for specific Groups at WSUS and the second one to import the approved Updates for each group.

    Regards

    Gerd


    Herzlichen Dank

    Tuesday, November 19, 2019 1:13 PM
  • Hi Gerd,
     

    Any update is welcome here.
    If the issue is resolved, share your solution or find the helpful response "Mark as Answer" to help other community members find the answer.
     

    Thank you for your cooperation, as always.
     

    Regards,
    Yic

    Please remember to mark as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 28, 2019 7:30 AM