[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Windows 2008 R2 Domain Controller - WSUS - install on same server?

Posted on 2011-04-25
Medium Priority
Last Modified: 2012-05-11
Ok. I have used WSUS on Windows 2003 domain controllers in the past. Looking to see what if it is ok....recommended  with Windows 208 R2.

According to the link below MS is saying there are problems using WSUS on a Windows 2008 R2 DC, wanted to ask if anyone is running a DC and WSUS without issues.

WSUS on Domain Controller – Windows 2008 R2,

WSUS is installed on a domain controller.

If WSUS is installed a domain controller, this will cause database access issues due to how the database is configured.
Installing WSUS on a domain controller can also cause problems upgrading or installing WSUS in the future.

Uninstall WSUS from the domain controller, demote the server to a non-domain controller, and reinstall WSUS.

Alternately, you can install WSUS on a different non-domain controller machine.
For detailed instructions about how to remove WSUS 3.0 SP2, see the Removal section in the Microsoft Support Article 972455: Description of Windows Server Update Services 3.0 Service Pack 2 (http://go.microsoft.com/fwlink/?LinkId=162639).

Question by:markpalinux
LVL 57

Expert Comment

by:Mike Kline
ID: 35464110
It also wasn't recommended in 2003, see this blog entry   https://msmvps.com/blogs/athif/archive/2006/05/01/WSUS-on-Domain-Controller.aspx

I've personally never run WSUS on a DC, then you have to have IIS on a DC on top of that.  I just like putting WSUS on its own box.  So it is not officially supported but doesn't mean it won't work but if you have a member server I'd put it there.

Common apps services on a DC are

SCOM agent  
Backup Agents

Those are just common ones...not all


LVL 40

Accepted Solution

Philip Elder earned 668 total points
ID: 35464254
We have been running WSUS on a DC, in this case Windows Small Business Server, since WSUS v2.

We also have done the upgrade from v2 to v3 on that same DC, and are now running WSUS v3 SP2 on both SBS 2008 and SBS 2011.

We also run WSUS on a DC in most of our client's larger remote offices to reduce update traffic across the WAN.

We tend to bend things a bit in the SMB space. ;-)

LVL 13

Assisted Solution

by:Felix Leven
Felix Leven earned 668 total points
ID: 35465578
In times where virtualization is pretty common, i don't think it's still necessary to mix services and DB,s. I would prefer a DC as a core server (no WSUS possible) and WSUS on a second "Full" server.

Assisted Solution

Flipp earned 664 total points
ID: 35465812
I am with MPECSInc, in that I have many SMB as clients running WSUS on SBS 2003/2008 DCs.

I am sure it would be great to have the flexibility to have separate servers for some services, but with $$$ limited, decisions to bunch services onto same hardware is required.

These are all decisions that need to be made based on the individual business.
LVL 15

Author Closing Comment

ID: 35754066
Thanks for the responses

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question