WSUS Disconnected network

    Discussion générale

  • WSUS - Doesnt appear to be working..a little background on this..

    1. Created a  WSUS VM using Virtual Box to download updates from

    2.Then followed procedure for using WSUS on a disconnected LAN per MS Article on WSUS Disconnected networks.

    3.Used xcopy /J /F /E /S c:\WSUS\WSusContent\* to destination(by the way, i tried the /O switch to preserve permissions/ACL and it didnt like that).

    4. Ran wsusexport on exporting server/vm (imported .cab file with content and made a log file of transaction)

    5. Ran wsusimport on importing server giving it the exported( file from export server) and create an imprt.log file

    6. Walked away from VM for awhile(as there is no indication other than a blinking cursor telling you that updates are being imported.

    7. Came back and i noticed the VM seemed to endlessly try to start windows..killed/powered down VM.

    8. Upon reboot, noticed that 1: all files in wsuscontent were there per xcopy. 2: that upon opening up the wsus console to look at all updates it reports that upon trying to approve updates, that once they are downloaded they can then be applied..

    9. Assuming that my WSUS content folder is preserved and it does  show the same size in GB as my exporting server as well as size and amount of files/folders, why would they still say they needed to be downloaded?

    10. I tried or am in the process of re-importing the wsus file from the export server maybe hoping this is why i am seeing the updates as not downloaded?

    any thoughts/ideas on this? does this method even work? and if so, are permissions on copied wsuscontent folder/files beneath that folder, in need of their original permission sets?

    jeudi 28 mars 2013 16:34

Toutes les réponses

  • A couple of observations.

    Using XCOPY direct from the 'connected' to 'disconnected' server is not typical, since usually there's going to be some intermediate source, typically a portable USB drive. You're right that /O won't work. You cannot copy ACLs from the connected to the disconnected, they must be inherited on the disconnected server. (This is due to the local SID for the WSUS Administrators group.)

    There's essentially three reasons a 'disconnected' server will report that files need to be downloaded:

    • The file really is missing.
    • The files are not where the server expects to find them.
    • They are where they're supposed to be but the ACLs are incorrect.

    After using the /O switch and having it fail, did you completely purge the ~\WSUSContent\* folder tree on the 'disconnected' server before the subsequent copy?

    I'd focus on why the VM was repeatedly rebooting ... given that you weren't observing the machine, it's possible that a reboot corrupted the import reconciliation and what you're getting is based on bad results from the import. I agree that re-running the import is probably the best 'next move'.

    Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
    SolarWinds Head Geek
    Microsoft MVP - Software Distribution (2005-2013)
    My MVP Profile:
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    jeudi 28 mars 2013 21:49