none
Using WSUS via SCCM and direct RRS feed

  • Question

  • Greetings,

      If I deploy updates using a SUP and SCCM software update groups, can other clients also point to that WSUS SUP server as though it was a standalone server and get updates (assuming those other clients are not SCCM clients)?.

    Thanks

    David Z

    Tuesday, September 10, 2019 4:40 AM

Answers

  • Technically, you actually can. However, unless you are familiar with *all* of the ramifications and all of the interactions, it's quite easy to unexpectedly deploy updates directly from WSUS to your ConfigMgr managed systems or to prevent them from being available to deploy in ConfigMgr. And even if you do try to control for these, it's still possible under certain circumstances for it to happen.

    As with most unsupported things (as clearly noted in the blurb that Kaylan posted) you are accepting a risk of something happening that Microsoft did not design or account for. Unsupported configurations lead to unsupported results.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by David Zemdegs Tuesday, September 10, 2019 9:42 PM
    Tuesday, September 10, 2019 1:41 PM

All replies

  • Hi David,

    If SCCM client not installed, those machines will not receive update / deployment from SCCM.

    If you want to manage update from standalone WSUS , you have to create GPO to make the client receive update from WSUS server.

    Tuesday, September 10, 2019 6:46 AM
  • Hi David,

    No. When a WSUS server is configured as a software update point, you're no longer able to use it as a standalone WSUS server. If you use SUP WSUS server to deploy updates to other clients, it will affect the SCCM clients, so you will need a separate standalone WSUS server to manage other clients. 

    Best Regards,
    Tina

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 10, 2019 6:55 AM
  • Why cant the same WSUS server be used by non SCCM clients?

    What's the actual technical reason?

    Tuesday, September 10, 2019 7:06 AM
  • Hi David,

    When the same WSUS server to be used by non SCCM clients, you will approve the updates in WSUS to make the non SCCM clients to get the updates. However, since the SCCM clients also point to this WSUS server, the SCCM clients will also receive these updates at the same time.

    There are also clear instructions in the official documentation.
    https://docs.microsoft.com/en-us/sccm/sum/plan-design/plan-for-software-updates#BKMK_WSUSInfrastructure

    Best Regards,
    Tina


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 10, 2019 7:28 AM
  • Tuesday, September 10, 2019 7:28 AM
  • Technically, you actually can. However, unless you are familiar with *all* of the ramifications and all of the interactions, it's quite easy to unexpectedly deploy updates directly from WSUS to your ConfigMgr managed systems or to prevent them from being available to deploy in ConfigMgr. And even if you do try to control for these, it's still possible under certain circumstances for it to happen.

    As with most unsupported things (as clearly noted in the blurb that Kaylan posted) you are accepting a risk of something happening that Microsoft did not design or account for. Unsupported configurations lead to unsupported results.


    Jason | https://home.configmgrftw.com | @jasonsandys

    • Marked as answer by David Zemdegs Tuesday, September 10, 2019 9:42 PM
    Tuesday, September 10, 2019 1:41 PM