Solved

Do SCCM 2012 SUP Clients Communicate with WSUS?

Posted on 2015-02-05
4
618 Views
Last Modified: 2016-02-20
Points of My Scenario:
1. I need to deploy SCCM 2012 in a Windows Server 2008 R2 domain.
2. Many clients reside behind the firewall, although most are in the non-firewalled network
3. i am using SCCM to deploy Software Updates, for both firewalled clients and non-firewalled clients
4. My firewall is configured to have only ONE IP address with port 80 (http) traffic allowed
5. I plan to use that IP for the SCCM Site server
6. I plan to put WSUS on a separate server (i.e. different IP)

CONCERN: If clients require http access (port 80) to WSUS, then firewall clients will fail to get updates.
QUESTION: Do SCCM clients need to communicate to WSUS in order to get the software updates?
0
Comment
Question by:waltforbes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 40592998
Yes. they need to connect to wsus.
0
 
LVL 17

Accepted Solution

by:
Mike T earned 500 total points
ID: 40593315
Hi,

#Nagendra - are you sure?

I thought the process was:
clients talk to MP for policy
MP says "I have these updates"
clients pull updates from SUP via the DP


From TechNet
As soon as you enable the Software Update client agent in the SCCM console, the policy is updated for the client containing information that Software Updates should be managed by SCCM.

The next time the client contacts the MP and download the policy it enables the SUP agent on the clients and creates a local policy which points the WSUS agent to the SCCM server with the SUP role.
Ref : Jörgen Nilsson (MVP I think)
https://social.technet.microsoft.com/Forums/systemcenter/en-US/28601136-7e74-4b1f-a5aa-588339463a0b/sccm-client-and-wsus?forum=configmgrgeneral

The key bit is that the SUP syncs the WSUS meta-data and then syncs the patches either from the Windows Update site or locally (MS calls this "download" in the console). WSUS therefore does NOT supply any patches, SUP does it instead.

Refer to TechNet here: https://technet.microsoft.com/en-us/library/bb632618.aspx
for all the port info.

Mike
0
 

Author Closing Comment

by:waltforbes
ID: 40597474
Hi Mike, this was exactly the advice/understanding and reassurance I needed. Wow: my life just became a ton less complex! I am so grateful; thanks a million!
0
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 40597637
I did not say that they download the patches from WSUS. I mean to say that they scan against WSUS.

Updates are downloaded from DP but scanned against WSUS.

BTW I worked in SCCM support for Microsoft Global tech support in my last job. Software updates are a very common support topic there.

=====================================
https://technet.microsoft.com/en-us/library/bb632674.aspx

Having a software update point at a secondary site provides local access to client computers when scanning for software updates compliance. When the secondary site does not have a configured software update point, client computers will connect to the active software update point on the parent site.

http://blogs.technet.com/b/configmgrdogs/archive/2014/06/30/configmgr-2012-windows-update-client-process.aspx

The Windows Update Handler initiates the Windows Update service against the ConfigMgr SUP. (C:\Windows\WindowsUpdate.log)

https://technet.microsoft.com/en-us/library/bb632393.aspx


Software Updates Deployment Evaluation Cycle: Evaluates the state of new and existing deployments and their associated software updates. This includes scanning for software updates compliance, but may not always catch scan results for the latest updates. This is a forced online scan and requires that the WSUS server is available for this action to succeed.

Software Updates Scan Cycle: Scans for software updates compliance for updates that are new since the last scan. This action does not evaluate deployment policies as the Software Updates Deployment Evaluation Cycle does. This is a forced online scan and requires that the WSUS server is available for this action to succeed.

Group Policy Settings

The following Group Policy settings are required for the Windows Update Agent (WUA) on client computers to connect to WSUS on the active software updates point and successfully scan for software update compliance.

New versions of SCCM allow multiple WSUS servers. Are they for syncing of metadata? One server can do this job isn't it?
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macrons on position are not showing correctly in Active Directory 4 43
Applying Computer Settings 12 93
WDS can't PXE boot 3 36
Problem to Citrix 2 18
A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question