Solved

WSUS Downstream Computer groups

Posted on 2014-07-30
12
1,867 Views
Last Modified: 2016-02-20
Just need to confirm something. Since I made a replica of my downstream server, I've noticed that I cannot move computers on my downstream server WSUS console to the computer groups I had created on the downstream server before making it a replica. Now, when I try to change the computer group of a machine from Unassigned, I get the listing of computer groups from the upstream server only, and none of the downstream computer groups.

This tells me that I should probably be creating ALL my computer groups on the upstream server, and not create any additional computer groups on the downstream server.

Is that correct? Or, is there a way to add machines into computer groups created on the downstream server?
0
Comment
Question by:nurturer69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40231017
Hi nurturer69,
1st of all I apologies for my answer to your last question.
The answer is not complete, I have given you half answer, I have setup WSUS at my end that way such that it will not replicate groups and it will just share updates from upstream server to downstream server.

However, There are two ways to link WSUS servers together:
Autonomous mode: An upstream WSUS server shares updates with its downstream server or servers during synchronization, but not update approval status or computer group information. Downstream WSUS servers must be administered separately. Autonomous servers can also synchronize updates for a set of languages that is a subset of the set synchronized by their upstream server.

Replica mode: An upstream WSUS server shares updates, approval status, and computer groups with its downstream server or servers. Downstream replica servers inherit update approvals and cannot be administered apart from their upstream WSUS server.
Downstream WSUS servers receive synchronization settings from the upstream WSUS server. The only settings you can change on the downstream server is the synchronization schedule. You can also start and stop the synchronization process on the downstream server.

Check below articles
http://msdn.microsoft.com/en-us/library/ms744629(v=vs.85).aspx
http://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx

Since you have setup WSUS as downstream replica server, the behaviour is expected

Once again I apologies for last question answer

Thanks
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 40231132
You can only move computers into groups when you are connected to the WSUS server they are reporting into.

Although the upstream server can see the computer objects it cannot change their status.
0
 

Author Comment

by:nurturer69
ID: 40231666
Should I create ALL my computer groups on the upstream server, and not create any additional computer groups on the downstream server?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 17

Expert Comment

by:James Haywood
ID: 40231718
Yes.

You will need to create all relevant groups on the upstream server. When the downstream servers sync they will pull down the folder structure. You will then need to connect to each downstream server and move the clients into the relevant folder. Next time the servers sync again the moves will be reflected in the upstream sever console.
0
 

Author Comment

by:nurturer69
ID: 40231837
So, in my downstream groups GPO, in SPECIFY INTRANET MICROSOFT UPDATE SERVICE LOCATION, I should specify the <Upstream_Servername>:8530, and not the downstream servername? Even though this policy segment is for the downstream group targeting?
0
 

Author Comment

by:nurturer69
ID: 40231860
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 40231873
No sorry. The information I gave you was for manually moving the clients. If you are using client-site targeting then the GPO should point to the downstream server.
0
 

Author Comment

by:nurturer69
ID: 40231995
The GPO is configured for targeting if we need it later. For now we are indeed manually assigning clients from the Unassigned folder. Some clients we want to update manually.

Anyway, my biggest confusion right now, is when I am on the downstream I want to manually assign clients to their respective groups, but when I right click to change management group, I get only the listing from my Upstream server, as in the attachment.
Upstream-groups-on-downstream-assignment
0
 
LVL 17

Expert Comment

by:James Haywood
ID: 40232003
Have you resynced after creating the folders on the upstream server? if so then restart the console to the downstream server to reload it.
0
 

Author Comment

by:nurturer69
ID: 40232058
The file structures are now Identical on both the Upstream and the Downstream.

I saw in another example, where I can add the downstream server (along with it's directory structure) to my Upstream WSUS console view. In the example I saw, the directory structure was different on that downstream server from the upstream server it was connected to. I am assuming that that particular downstream was in Autonomous mode?

And if I'm using replica mode, which creates identical file structures on each, then there is no practical reason to have both servers in my WSUS console, since both file structures are the same anyway, correct?

Just manage all machine and update assignments from the Upstream?
0
 

Author Comment

by:nurturer69
ID: 40232067
0
 
LVL 17

Accepted Solution

by:
James Haywood earned 500 total points
ID: 40232198
You are correct on both points.

1. Yes the example was probably running autonomous mode.
2. You can manage both servers from the same console, whatever is easiest for you.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question