Solved

WSUS configurations needed to setup downstream server

Posted on 2012-04-10
13
876 Views
Last Modified: 2012-06-08
We have one upstream server and one downstream server configured. We use downstream server to update the patches for all desktop clients. Downstream server is configured to get the updates from upstream server which is configured to use proxy server for updates and we have enabled "Download update files to this server only when updates are approved" on both server. So If we apporve pathces on downstream server, will it look for updates only in the upstream server or if the updates are not available in the upstream server, will it intiate to download from internet in upstream server. How we can do the best configuration on both upstream and downstream server.
0
Comment
Question by:sivark14
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
13 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37827182
The upstream server is the sole-source for downstream servers. If the upstream server did not approve an update, it will not be available at the downstream server. The best flexibility you will get with a downstream is by not configuring it as a replica.
0
 

Author Comment

by:sivark14
ID: 37827483
Thanks for the response. We have not configured the downstream server as replica. So If we approve the patches in downstream server, how it will get download from upstream server since the updates are not available in upstream server or how we can configure downstream server to get updates from upstream server after we approve in downstream server.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37827645
What is your ultimate goal? Are you trying to alleviate bandwidth??


WSUS: How To Throttle BITS
http://blogs.technet.com/b/sus/archive/2008/06/30/wsus-how-to-throttle-bits.aspx

also look over

Best Practices with Windows Server Update Services 3.0
http://technet.microsoft.com/en-us/library/cc720525%28v=ws.10%29.aspx
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 

Author Comment

by:sivark14
ID: 37827960
We are going to reconfigure WSUS and want to confirm whether downstrem server will have the update download after the patches are approved in downstream server

1. Both servers are configured with the option "Download update files to this server only when updates are approved"
2. Downstream server is not configured as replica server.

I guess downstream server won't have download updates since upstream server won't have the updates until patches are approved in upstream server. So we have to uncheck the option "Download update files to this server only when updates are approved" in upstream server.

I just want which option should be enabled on both server.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828029
Again, what is your main purpose of the second WSUS server?  Bandwidth??
0
 

Author Comment

by:sivark14
ID: 37828092
We are going to use downstream server for only desktop patching and hand over to helpdesk team to do.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 37828255
Ok :)



This will be the option you are looking for

Configuring downstream servers to obtain content from Microsoft
In addition to configuring clients to download directly from Microsoft, it is also possible to configure the WSUS Downstream Server to download content files directly from Microsoft.

1. In the left pane of the WSUS Administration Console, click Options.

2. In Update Files and Languages, click the Update Files tab.

3. Under "Store update files locally on this server", enable the option "Download files from MIcrosoft Update; do not download from upstream server". This option will be enabled for selection when the server is configured as a downstream server.


http://technet.microsoft.com/en-us/library/cc708431%28v=ws.10%29.aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828266
^^ it wont matter if the upstream is configured to "Download update files to this server only when updates are approved" or not ^^
0
 

Author Comment

by:sivark14
ID: 37828367
It's correct.

What about unchecking the option "Download update files to this server only when updates are approved" in upstream server and configuring to synchronize the updates with upstream server..

Will it work ?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828374
· Download update files to this server only when updates are approved: If this is not checked then ALL updates which are synchronized are downloaded to the WSUS server. To minimize disk space requirements, this option should be checked. Note: Only use this option when you intend to approve all products and classifications that you have configured under Options – Products and Classifications.


http://blogs.technet.com/b/gborger/archive/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large.aspx
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828392
so yes, it would work...just be sure to have ample space on upstream
0
 

Author Comment

by:sivark14
ID: 37828409
If this is the case, It's not a downstream server we can say and I can configure two seperate WSUS servers for servers and desktops..

Is it correct ?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 37828428
Yes, or you could create "Target groups" <<Client side targeting and then use 2 group policies and 1(one) WSUS server
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question