none
SCCM WUServer Value RRS feed

  • Question

  • Hi Guys,

    Just looking to see if anyone is aware where the "WUServer" reg key comes from.

    We are not setting this via GPO (and dont really want to) and would like to change the value in SCCM for our clients as we are making some DNS and port changes.

    I could not find this anywhere in the client settings or the Software Update site system role settings.

    We have 2 Software Update points and clients either get 1 or 2 set in their WUServer key.

    Monday, June 24, 2019 1:57 PM

Answers

  • The value is set using a local group policy by the ConfigMgr agent itself based on your SUP infrastructure and the identity of the systems hosting the SUP role. You cannot directly set this.

    What exactly are you changing? Is the identity of the site systems hosting the SUP role changing?


    Jason | https://home.configmgrftw.com | @jasonsandys


    Monday, June 24, 2019 2:44 PM
    Moderator

All replies

  • The value is set using a local group policy by the ConfigMgr agent itself based on your SUP infrastructure and the identity of the systems hosting the SUP role. You cannot directly set this.

    What exactly are you changing? Is the identity of the site systems hosting the SUP role changing?


    Jason | https://home.configmgrftw.com | @jasonsandys


    Monday, June 24, 2019 2:44 PM
    Moderator
  • Hi Jason thanks for your answer!

    We currently have 2 sites in IIS (Default and WSUS) on the default sites Active Efficiency using port 80. We also want to use port 80 for WSUS but you cannot run 2 sites from the same port. So we are looking into adding the hostname in the binding (meaning active efficiency can continue to work using hostname.fqdn) but this means that the SCCM clients wont be able to receive updates as SCCM specifies the server.fqdn in the reg value.

    So looks like we will have to create a cname entry to redirect the traffic to the non fqdn to resolve the problem.

    What we were looking to do (if possible) was to create a new DNS entry "WSUS-SCCM.domain.co.uk" set this as the WUServer Value and have it redirecting to the 2 SUP in a round robin which would have gotten us around the IIS sites on the same port issue.
    • Edited by B_G24 Monday, June 24, 2019 3:03 PM
    Monday, June 24, 2019 3:00 PM
  • The WSUS default is 8530 (or 8531 if using SSL). If you already have the WSUS Admin site listed in IIS, then your WSUS is already most likely configured to use 8530/8531 (once again, this is the default and changing it, while not difficult, is not obvious and requires effort outside of installation to change).

    Also, does Active Efficiency even create its own website? I doubt it.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, June 24, 2019 3:07 PM
    Moderator
  • We are in the process of changing it over to port 80/433 from 8530/ 8531.

    We have completed the additional configuration in IIS to swap Wsus over to use 80/ 433.

    And are ready to swap over in SCCM itself. 

    Its been tested using port 80 and does work but then Active Efficiency stops as you cant run to sites on the same port. 

    We just needed to get the communication in the middle right with in DNS to get both sites running at the same time.

    Just to add our SCCM environment is in Azure and there is no trust between Azure and our on Prem environment.
    • Edited by B_G24 Monday, June 24, 2019 3:33 PM
    Monday, June 24, 2019 3:19 PM
  • I'm confused. Why are you changing it to port 80 at all instead of just leaving it at 8530?

    You won't be able to use a CName for WSUS in a ConfigMgr environment. As noted, the identity of the system hosting WSUS is used and there is no way to change this.

    > Just to add our SCCM environment is in Azure and there is no trust between Azure and our on Prem environment.

    This is irrelevant as nothing that you are writing about has anything to do with authentication.

    > Its been tested using port 80 and does work but then Active Efficiency stops as you cant run to sites on the same port.

    So, does AE use it's own website?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, June 24, 2019 3:38 PM
    Moderator
  • Hi Yes AE uses its own website - http://x.domain:80/activeefficiency

    So if we add a entry to redirect the traffic from the WUServer "http://x.domain.com:8530/SimpleAuthWebService/SimpleAuth.asmx" to http://x:80/SimpleAuthWebService/SimpleAuth.asmx the client wont recognise this and use http://x:80/SimpleAuthWebService/SimpleAuth.asmx for its updates? 

    Monday, June 24, 2019 3:54 PM
  • That may work, but I doubt it would be supported and still begs the question here of why? You are intentionally breaking the WSUS admin site for no reason here. Why not just leave it on 8530 as designed?

    Also, http://x.domain:80/activeefficiency does not represent a website, it simply represents a sub-folder of the main website.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, June 24, 2019 6:50 PM
    Moderator
  • Just adding further info to how i resolved the issue.

    So after amending the SCCM Software Distribution ports to 80/ 433

    I also ran the command - WSUSutil usecustomwebsite false

    From: C:\Program Files\Update Services\Tools\

    This takes a few mins to complete when it has you'll see the message "Using Port number: 80"

    This moved all the WSUS sub-sites into the Default Site which was where Active Efficiency is sitting.

    Restart the server after and the result of this was that WSUS then changed to use Port 80 / 433. This can be varied in the WSUS desktop app as the "Connection Port" will show 80.

    As soon as this change was made patches started instantly going out to machines and they began reporting their compliance with in minutes.

    We wanted to move WSUS over to port 80 as a halfway house to use moving Software Updates to use SSL 433 along with 3rd Part Updates for drivers in SCCM.


    Friday, July 5, 2019 2:47 PM
  • Yes, that is all the standard and well-documented procedure for moving the WSUS web site to default port but it still doesn't explain why as there is no conflict here.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, July 5, 2019 7:28 PM
    Moderator