• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 392
  • Last Modified:

WSUS 3.0 Client Configuration

I need to set up the following distributed management configuration:
1 WSUS Active Software Update Point Server (ASUP)
5 WSUS Downstream Servers

The ASUP Server is located in our main office, where our global Internet connection is located, all other 5 offices are connected to the main/central office via MPLS network links, hence the 5 Downstream servers.
We have Windows 2003 Active Directory in place.

As far as the server installation and configuration goes, the installation wizard is pretty straight forward, but Im stuck trying to add the first WinXPSP2 client to one of the downstream servers.

Can you please provide me with detail instructions as to how can I direct WinXP clients to get the Microsoft updates from the local downstream WSUS server rather than the Microsoft Update site?

If your advice is to user GPOs please be very specific with the steps I should follow.
0
camilorgp
Asked:
camilorgp
1 Solution
 
brent_caskeyCommented:
Here you go:

http://technet2.microsoft.com/windowsserver/en/library/43bcd87f-9483-4d84-bad5-bdff68761d0d1033.mspx?mfr=true

You will need to have different GPOs for the different downstream servers and might will need to have different OUs as well (most likely)
0
 
tigermattCommented:
You will need to use multiple GPOs for each site. Undoubtedly the easiest method is to use the Group Policy Management Console to view the list of all your sites. You can then create a GPO object for every site you have, and configure the site's local WSUS server in that GPO. GPOs will then be applied to the site as defined by the subnets in AD Sites and Services.

You will need to configure the option which specifies something to the effect of "Intranet location to retrieve updates from" with the address of the WSUS server. You will also need the "Configure Automatic Updates" setting enabled and configured appropriately, and it is a good idea to use grouping by Client Side Targeting in the GPO as opposed to grouping computers in WSUS manually.
0
 
ngailfusCommented:
GPO is the only way that I know of to redirect clients to your WSUS servers.  I would create a new GPO and under Computer Configuration right click Administrative Templates and select Add\Remove Template.  The template you want to add is wuau.adm which should be found in the Windows\inf directory.  This will add more options to the Windows Update settings under Computer Configuration > Administrative Templates > Windows Components.  

The option you want to look for is "Specify intranet Microsoft update service location."  You would enable this policy and in both fields fill in http://yourservername.  I would suggest looking at the other policies under Windows Update such as scheduling the updates specifying WSUS computer groups.  Setting the group is under "Enable client-side targeting."  For this option to work you would have to go into the WSUS console and go to Options > Computers and set "Use Group Policy or Registry..."  
WSUS.jpg
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
camilorgpAuthor Commented:
Hello ngailfus,

I just finish the configuration of a GPO for a group of clients. How can I make sure that these clients are in fact using the local WSUS and not the Windows Update?
0
 
camilorgpAuthor Commented:

For instance, I was expecting to find the lsit of the clients affected by the GPO in the WSUS Administrator under "All Computers\WinXP" where "WinXP" is a group that I created specifically for this purpose. But unfortunately I'm not seeing any of the clients affected by the GPO in any of the groups under "All Computers" in the WSUS Administrator tool. How long should I wait for this list to be populated???
0
 
ngailfusCommented:
You should start slowly seeing computers as they refresh their policy and report to the WSUS server.  One   way to test would be to go to one of the computers that should be getting the policy.  Go to the command line and type "gpupdate /force" and once that's complete, reboot the machine.  It should see the new policy and appear in the WSUS interface.  If you don't see it, a way to verify that GPOs are being applied is the command gpresult.  Running that on the client will let you see what GPOs are being applied.
0
 
camilorgpAuthor Commented:

I know this is not the original question, but for some reason the GPO I created is not being applied. I created this GPO from AD to affect only one especific OU. I check the GPO and it looks like is all right but after running gpupdate /force and rebooting, I run gpresult and my GPO does not appear on the list. Do you have any ideas as to why could this be happening?
0
 
ngailfusCommented:
Make sure the GPO Scope has Domain Computers in the Security Filtering.
0
 
camilorgpAuthor Commented:
I just add the 'Domain Computers" to the Scope of the policy, ran gpupdate /force and rebooted, but gpresult keeps showing only "Default Domain Policy" under "applied GPOs". And of course WSUS Administrator still not showing the computer listed.  

What information do you need in order to verify that my GPO doesn't have any errors, or to find out the reason why is not being applied?
0
 
ngailfusCommented:
The GPO is linked correct?
0
 
camilorgpAuthor Commented:
What do you mean? can you explain?
0
 
camilorgpAuthor Commented:
This is an snapshot of my GPMC. The only difference that I can tell with the other GPOs is that mine "Windows Software Update" has a gray lock in its icon. But I don't know what it means.
GPMC.jpg
0
 
camilorgpAuthor Commented:
It turns out that I just had to wait, the GPO finally was applied sometime last night and I can now see the clients liested on my WSUS.
0
 
camilorgpAuthor Commented:
Thanks for all your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now