Multiple WSUS servers

Our admin gave our risk dept access to a WSUS server for patch mgmt assurance. A couple of questions:

1) If we run an MBSA report on our PC - it lists WSUS server at the top of the report. The name of the WSUS server is different the one we login to to view WSUS reports. WIll both WSUS servers be reporting the same thing? How can I check?

2) Are the default reports in WSUS reporting machines out of date based on those patches the WSUS admin has approved, or out of date based on those pacthes MS has released? i.e. whats it using as its benchmark to determine out of date machines, the admins approved list, or MS released list?

3) How can we check every workstation and server in the domain is showing up in the WSUS server?
LVL 3
pma111Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
DonConnect With a Mentor Network AdministratorCommented:
You may be looking at a Replica WSUS server

http://technet.microsoft.com/en-us/library/cc708511%28v=ws.10%29.aspx

Both options explained here(Replica and Autonomous)
http://technet.microsoft.com/en-us/library/dd939820%28v=ws.10%29.aspx
0
 
pma111Author Commented:
How can we tell if its a replica server?
0
 
DonNetwork AdministratorCommented:
Within the WSUS console, click on Options>>>Update Source


"Synchronize from another Windows Update Services Server" would be checked
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
pma111Author Commented:
I only have reporter access so I cant see options.
0
 
DonNetwork AdministratorCommented:
Reporting still allows you to view the options selected, just dont allow you make changes.
0
 
pma111Author Commented:
I cant see where you mean, could you provide a screenshot?
0
 
DonNetwork AdministratorCommented:
wsus
0
 
pma111Author Commented:
Ok got to that screen - but what field am I looking for?
0
 
DonNetwork AdministratorCommented:
What is selected ??

"Synchronize from Microsoft"

Or

"Synchronize from another Windows Update Services Server" (Replica/Downstream)
0
 
DonNetwork AdministratorCommented:
Autonomous mode: An upstream WSUS server shares updates with its downstream server or servers during synchronization, but not update approval status or computer group information. Downstream WSUS servers must be administered separately. Autonomous servers can also synchronize updates for a set of languages that is a subset of the set synchronized by their upstream server.

Replica mode: An upstream WSUS server shares updates, approval status, and computer groups with its downstream server or servers. Downstream replica servers inherit update approvals and cannot be administered apart from their upstream WSUS server.

http://technet.microsoft.com/en-us/library/cc720448%28v=ws.10%29.aspx
0
 
pma111Author Commented:
sync from microsoft is selected
0
 
pma111Author Commented:
If of any relevance, the MBSA reports a server in WSUS server that seems to relate to SCCM. Does SCCM "call" a WSUS server to do its thing, as opposed to do the actual patching.
0
 
DonNetwork AdministratorCommented:
Yes SCCM uses WSUS

Things to Know About the Software Update Point (explaining WSUS Integration)

http://blogs.technet.com/b/umeno/archive/2012/01/19/1159715.aspx
0
 
pma111Author Commented:
Thanks. Excuse my ignorance, but what does "sync from microsoft is selected" actually tell me about replica/autonomous?
0
 
David Johnson, CD, MVPOwnerCommented:
sync from microsoft is selected

This means that you are only using WSUS to approve/deny updates but not downloading the files themselves each client will check with wsus to find out what updates it needs and then download that update from microsoft.  In a small environment where bandwidth is not a problem but disk space is a priority then this is the preferred scenario.  In a large organization, downloading only 1 copy over the internet at the expense of disk space may be an overriding criteria.  In a LOW speed/low bandwidth internet scenario it would also be beneficial.
0
 
DonNetwork AdministratorCommented:
"This means that you are only using WSUS to approve/deny updates but not downloading the files themselves each client will check with wsus to find out what updates it needs and then download that update from microsoft."


ABSOLUTELY WRONG!!

An organization can have one or more WSUS servers. Using multiple WSUS servers allows you to scale WSUS in a large organization. If the organization uses multiple WSUS servers, one of the servers will act as the upstream WSUS server (the remaining servers are downstream servers). You use the upstream server to specify the updates that you want to synchronize with Microsoft Update. The upstream WSUS server should have the IUpdateServerConfiguration.SyncFromMicrosoftUpdate configuration setting set to true.

Downstream servers synchronize updates from the upstream WSUS server. There are two forms of downstream servers: autonomous and replica. An autonomous server synchronizes the same updates as the upstream server; however, it can create its own target groups and manage its own approvals.

http://msdn.microsoft.com/en-us/library/windows/desktop/ms744629%28v=vs.85%29.aspx

The "Store updates locally on this server" and "Do not store update files locally; Computers install from microsoft update" setting is in relation to bandwidth/storage...NOT Synchronization

http://technet.microsoft.com/en-us/library/cc708492%28v=ws.10%29.aspx
0
 
David Johnson, CD, MVPOwnerCommented:
mea culpa, I had the 2 items mixed up.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.