Setting up WSUS + SUP on a Secondary Site (SCCM2012)


Installing WSUS (Action to be taken on Secondary Site Server)
1. Install WSUS onto the Secondary Site server using Server Manager (Add Role)

2. Install the following Microsoft hotfix patches below:
a. WSUS-KB2734608-x64

b. WSUS-KB2720211-x64

==========================================================================
Installing SUP (Action to be taken on Primary Site Server)

1. On your Primary Site Server, open Configuration Manager 2012
2. Click on Administration on the bottom left menu
3. Navigate to Overview\Site Configuration\Servers and Site System Roles
4. A list of servers (Primary and Secondary Site) will appear on the right panel, right click on your Secondary Site and select Add Site System Role
5. Click Next , specify proxy settings and click Next
6. Click on Software Update Point and click Next
7. If you are using Windows Server 2008 R2, select WSUS Server is configured to use port 80 and 443 (which is for my case), if you are using Windows Server 2012, select the second option.
8. Under Client Connection type, select Allow Intranet and Internet Client connection (this can vary in your enviroment) and click on Next

9. Under WSUS Server account, add an existing account which you are using for SCCM and click Next and Next.

==========================================================================

Monitoring SUP installation (Action to be taken on Secondary Site Server)
1. On your Secondary Site Server, Navigate to C:\Program Files\Microsoft Configuration Manager\Logs\SUPSETUP.LOG to check if the installation has been completed.

2. If the installation is successful, at the end of the log, it will show  Installation was successful.
If it is not successful, follow the instructions that the log gave youVVV.

Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)

==========================================================================

Configuring your SUP (Action to be taken on Primary Site Server)<– Must do or you will not see any clients reporting on the WSUS server.

1. On your Primary Site Server, open Configuration Manager 2012
2. Click on Administration on the bottom left menu
3. Navigate to  Site Configuration\ Site , on the right panel , right click on your Secondary Site , select Configure Site Components>Software Update Point

4. Under WSUS reporting events, after the SUP is installed, the Do not create WSUS reporting events will be selected by default. Select “Create all WSUS reporting events

Failing to do the above will lead to the following issues

a. Clients stopped reporting and the reporting time is out of date on the Secondary Site WSUS server
b. Newly detected clients will show Not Yet Reported status
c.  You will see  error = 0x8024400D, soap client error = 7, soap error code = 300, HTTP status code = 200

Nothing is wrong with your WSUS or client computers at this point. You need to do this step and have alot of patience.

==========================================================================
Verifying your WSUS is now integrated with SCCM2012 (Action to be taken on Secondary Site Server)

1. Open WSUS on your Secondary Site Server
2. On the left panel, click on Options
3. Click on Product and Classification
4. You will see something like this: Note you cannot make any changes here. You will need to go to the Primary Site server SUP to change it.

5. Sync the WSUS with the Primary Site Server SUP and wait for it to complete.

opt

6. Last but not least, you are ready to change add clients to get updates from your Secondary Site 😀
Update your WSUS group policy to point your clients to the Secondary Site WSUS servers.
Hope this helps!

4 thoughts on “Setting up WSUS + SUP on a Secondary Site (SCCM2012)

  1. richsmif says:

    Question, when you install WSUS on the secondary site, do you setup another db on a SQL instance, or local database (WID). Our top level WSUS writes out a SQL instance, so for speed should I use a WID on the secondary sites?

    • Phyllis says:

      Hi, sorry for the very late reply.
      Normally I will setup a local database. As the client computers that I work with are over slow WAN network.
      If you are deploying Windows Update over slow and unstable network, I would suggest to use the Software Update Point.
      This uses the distribution point on the Secondary Server, no further setup is required.

  2. rishipandit says:

    What should we chose when we Install WSUS onto the Secondary Site server – WID or databse ?

    i used WID and SUP installation was successful. When open wsus console to Verifying WSUS integrated with SCCM2012 then i opens “Complete WSUS installation” windows and asks for the path to store wsus content locally. Am i wrong anywhere ?

    • Phyllis says:

      Hi, WSUS content is where Windows Update are downloaded after you have approved the updates. It is normal.
      Possible to share why you are installing the WSUS on the Secondary Site server please? Are you doing it for clients and servers?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s