none
Running SCCM and WSUS as seperate entities in same domain? RRS feed

  • Question

  • We have recently stood up a new instance of SCCM 2007 w/ Server 2008 R2. Our network is "offline" so we cannot sync with Microsoft. By "offline" I just mean it is a private network and not able to connect to Microsoft. We have been utilizing WSUS 3.0 SP2 for quite some time. Initially, we had deployed the SCCM client with the software updates agent, thinking that we would be able to sync our SCCM server with an upstream WSUS server that is also "offline."  We now realize that won't work. We had many of our clients check in to the update server, but with a status of "unknown." The actual SCCM portion for package deployment seems to be working fine though. We have since reimplemented the GPOs to point our client machines back to the WSUS server but none of the clients are checking in and getting updates.

    We have uninstalled the SUP and disabled the updates agent from SCCM. What we want to do now is run SCCM and WSUS as two totally seperate entities. Use SCCM for reporting, software inventory, 3rd party software patching. We want to use a stand alone WSUS for all Microsoft patching.

    Is this configuration possible? Is it possible to run SCCM and WSUS as separate system?

    Monday, November 1, 2010 12:50 PM

Answers

  • Maybe I misunderstood you question. Just to clarify; you want to use WSUS for pacthing and ConfigMgr for the other features?


    Kent Agerlund | http://scug.dk/ | The Danish community for System Center products

    Yes, that would probably be the easiest for us on this network since SCCM is unable to sync with an upstream, standalone WSUS server. Although, I did find this post that seems to speak of a potential workaround...

    http://social.technet.microsoft.com/Forums/en/configmgrsum/thread/634b9d5b-cab8-4027-bdae-d0d54ed5d9d5

    • Marked as answer by Eric Zhang CHN Tuesday, November 9, 2010 10:06 AM
    Monday, November 1, 2010 1:57 PM

All replies

  • Yes, that's supported and will work. Have you checked the wuahandler.log and windowsupdate.log files on the client(s)?
    Kent Agerlund | http://scug.dk/ | The Danish community for System Center products
    Monday, November 1, 2010 1:32 PM
    Moderator
  • No, it's not (directly) possible. The Windows Update Agent (WUA), which is a default component in every Windows OS, can only be configured to point to a single update source at a time using group policies (local or domain based).

    The underlying API/COM interface seems to offer the ability to add multiple update sources, but I have never seen example code for this or know whether it would even work.

    What issues are you having that you are wanting to move away from Software Update Management (SUM) in ConfigMgr?

    Have you reviewed this TechNet article about importing and exporting updates from an "upstream" server in a non-connected environment: http://technet.microsoft.com/en-us/library/bb680473.aspx?


    Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
    Monday, November 1, 2010 1:33 PM
    Moderator
  • Maybe I misunderstood you question. Just to clarify; you want to use WSUS for pacthing and ConfigMgr for the other features?


    Kent Agerlund | http://scug.dk/ | The Danish community for System Center products
    Monday, November 1, 2010 1:44 PM
    Moderator
  • Our upstream server is only a WSUS 3.0 server. Not SCCM. I am basically trying to avoid having to do the import/export process all the time.

    Right now, our WSUS server syncs directly with our upstream WSUS server, so it is very simple. I am currently trying to consolidate servers. Before this upgrade, we had a standalone WSUS and a standalone SMS 2003. I am trying to run both now off of the same server, which doesn't appear to be a problem. But, the fact that SCCM cannot sync with an upstream, standalone WSUS server is a big stumbling block.

    Since I don't see a whole lot of added value of using SUM vs WSUS (at least for our environment) I was going to try to just keep it simple and continue using WSUS for our disconnected networks.

    We do already do the import/export process on a separate disconnected network. But, because of the environment I work in, that requires downloading the patches and metadata on a connected network, burning them all to DVD, copying them all over, and reimporting. This is just a tedious activity to do all the time, ya know?

    What I tried to do to resolve my dilemma was this:

    Deployed SCCM client without Software Update Agent. This would manage all other portions of SCCM.

    Reconfigured the GPOs to point the client system back to my WSUS server. This did work and I did see communication in the client windowsupdate.log file, but, it kept showing zero updates needed even though they did actually need updates.

    So, now I am trying another solution. I copied all patches and metadata over from my current production WSUS server onto my SCCM server. I reinstalled the SUP on SCCM and WSUS role. I am going to perform the import/export process.

    But, the other problem I ran into was that when I first tried to utilize the combined SCCM/WSUS/SUM, clients were reporting as "unknown". When investigating on client, there was never a WUAHandler.log created. The only way I could get this to work correctly on some machines is if I ran a "repair" locally on the SCCM client. It is like the SMS to SCCM client upgrade didn't work correctly.

    Sorry to be so confusing...the updates portion has just been a mess! I appreciate all your help!

    Monday, November 1, 2010 1:52 PM
  • Maybe I misunderstood you question. Just to clarify; you want to use WSUS for pacthing and ConfigMgr for the other features?


    Kent Agerlund | http://scug.dk/ | The Danish community for System Center products

    Yes, that would probably be the easiest for us on this network since SCCM is unable to sync with an upstream, standalone WSUS server. Although, I did find this post that seems to speak of a potential workaround...

    http://social.technet.microsoft.com/Forums/en/configmgrsum/thread/634b9d5b-cab8-4027-bdae-d0d54ed5d9d5

    • Marked as answer by Eric Zhang CHN Tuesday, November 9, 2010 10:06 AM
    Monday, November 1, 2010 1:57 PM