Solved

WSUS configurations needed to setup downstream server

Posted on 2012-04-10
13
874 Views
Last Modified: 2012-06-08
We have one upstream server and one downstream server configured. We use downstream server to update the patches for all desktop clients. Downstream server is configured to get the updates from upstream server which is configured to use proxy server for updates and we have enabled "Download update files to this server only when updates are approved" on both server. So If we apporve pathces on downstream server, will it look for updates only in the upstream server or if the updates are not available in the upstream server, will it intiate to download from internet in upstream server. How we can do the best configuration on both upstream and downstream server.
0
Comment
Question by:sivark14
  • 7
  • 5
13 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37827182
The upstream server is the sole-source for downstream servers. If the upstream server did not approve an update, it will not be available at the downstream server. The best flexibility you will get with a downstream is by not configuring it as a replica.
0
 

Author Comment

by:sivark14
ID: 37827483
Thanks for the response. We have not configured the downstream server as replica. So If we approve the patches in downstream server, how it will get download from upstream server since the updates are not available in upstream server or how we can configure downstream server to get updates from upstream server after we approve in downstream server.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37827645
What is your ultimate goal? Are you trying to alleviate bandwidth??


WSUS: How To Throttle BITS
http://blogs.technet.com/b/sus/archive/2008/06/30/wsus-how-to-throttle-bits.aspx

also look over

Best Practices with Windows Server Update Services 3.0
http://technet.microsoft.com/en-us/library/cc720525%28v=ws.10%29.aspx
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:sivark14
ID: 37827960
We are going to reconfigure WSUS and want to confirm whether downstrem server will have the update download after the patches are approved in downstream server

1. Both servers are configured with the option "Download update files to this server only when updates are approved"
2. Downstream server is not configured as replica server.

I guess downstream server won't have download updates since upstream server won't have the updates until patches are approved in upstream server. So we have to uncheck the option "Download update files to this server only when updates are approved" in upstream server.

I just want which option should be enabled on both server.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828029
Again, what is your main purpose of the second WSUS server?  Bandwidth??
0
 

Author Comment

by:sivark14
ID: 37828092
We are going to use downstream server for only desktop patching and hand over to helpdesk team to do.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 37828255
Ok :)



This will be the option you are looking for

Configuring downstream servers to obtain content from Microsoft
In addition to configuring clients to download directly from Microsoft, it is also possible to configure the WSUS Downstream Server to download content files directly from Microsoft.

1. In the left pane of the WSUS Administration Console, click Options.

2. In Update Files and Languages, click the Update Files tab.

3. Under "Store update files locally on this server", enable the option "Download files from MIcrosoft Update; do not download from upstream server". This option will be enabled for selection when the server is configured as a downstream server.


http://technet.microsoft.com/en-us/library/cc708431%28v=ws.10%29.aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828266
^^ it wont matter if the upstream is configured to "Download update files to this server only when updates are approved" or not ^^
0
 

Author Comment

by:sivark14
ID: 37828367
It's correct.

What about unchecking the option "Download update files to this server only when updates are approved" in upstream server and configuring to synchronize the updates with upstream server..

Will it work ?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828374
· Download update files to this server only when updates are approved: If this is not checked then ALL updates which are synchronized are downloaded to the WSUS server. To minimize disk space requirements, this option should be checked. Note: Only use this option when you intend to approve all products and classifications that you have configured under Options – Products and Classifications.


http://blogs.technet.com/b/gborger/archive/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large.aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828392
so yes, it would work...just be sure to have ample space on upstream
0
 

Author Comment

by:sivark14
ID: 37828409
If this is the case, It's not a downstream server we can say and I can configure two seperate WSUS servers for servers and desktops..

Is it correct ?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828428
Yes, or you could create "Target groups" <<Client side targeting and then use 2 group policies and 1(one) WSUS server
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question