Problems during WSUS Migration

Hi

I’m doing a WSUS Migartion as shown in this Video:
https://youtu.be/xz-XzcH8I9o

and

https://technet.microsoft.com/en-us/library/hh852339.aspx 

According to the Video I have to open an elevated command prompt in Windows Server 2012, and run the following command:

wsusutil.exe postinstall

( 3.4. Change the WSUS server identity; Step 2.

As soon as the server identity is changed, run the following command to generate a new encryption key:

%ProgramFiles%\Update Services\Tools\wsusutil.exe postinstall)

But get this error:

Error.JPG
tmpC9D4.txt

What am I doing wrong? Can somebody please help?

Many thanks in advance & have a nice day
LVL 19
*** Hopeleonie ***IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
look at step 3 of the technet article you cited
3.3 has a sql parameter required if not using WID

Open an elevated command prompt in Windows Server 2012, and run the following command:
%programfiles%\update services\tools\wsusutil postinstall [sql parameter] [content parameter]
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
*** Hopeleonie ***IT ManagerAuthor Commented:
Hi Seth

Hope you are fine? :-)

I did that:
%programfiles%\update services\tools\wsusutil postinstall SQL_INSTANCE_NAME="Servername\INSTANCE" CONTENT_DIR=C:\WSUS

And it was successful. But 3.4 Step 2 fails     :-(
0
arnoldCommented:
Sorry for jumping mid/near the end.  What are you migrating? Are you migrating the whole wsus from server 1 to server 2?
Or based on the last few posts it looks as though you are migrating wsus from storing the DB from one server to another.


First, I would advise against storing the content on wsus as it will likely lead to c: potentially running out of space.
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

*** Hopeleonie ***IT ManagerAuthor Commented:
Hi Arnold

I'm migrating the whole WSUS server (1; old 2008 to server 2;new 2012 R2) according TechNet:

https://technet.microsoft.com/en-us/library/hh852339.aspx

Thanks for your help.
0
arnoldCommented:
IMHO, the straight forward way is to setup the wsus on the new server as a replica of the old.  Allow time for the transfer of the data as well as all prior approvals. Then you can decom the old after changing the new one from replica to master, adjusting the GPO to now consult the new WSUS as well as copying/remarking the classifications on the new one to match.....
One would run the clean up wizard on the current wsus prior to subordinating the new to minimize transfer of unnecessary data.

IMHO, it is much simpler than going through export of the data from one and importing it on the other.  The manual auto approval config is a pain one might tolerate. As well as getting the migration agent......

The transition as outlined can be managed.
0
*** Hopeleonie ***IT ManagerAuthor Commented:
@Arnold

This is a very large customer (15000+ Clients). Is that way supported by MS?
0
arnoldCommented:
Supported, not sure about the context. Master/replica setup is a supported MS setup addressing single approval source while having distributed wsus servers. A failure of the master, provides for a quick transition of changing one replica to now be the new master.

What issues are you envisioning as being an issue?
The only data not available through this process is the client status until the client contacts the new wsus server.

What is your time table?
Does the client have multiple wsus in different locations already subordinated to the existing wsus I.e requiring the new one to use the same servername as the old?

Replica configuration provides for rolling up client information from the replica to the master.

The transition would require update to GPOs about the new server or is the current GPO is using a DNS hostname placeholder I.e. Updates.domain.com which currently points to the current wsus server and a change in DNS to point it to the new server is all that will need to be done?
0
*** Hopeleonie ***IT ManagerAuthor Commented:
What issues are you envisioning as being an issue?

We have to migrate department by department. Because of that I asked this.

What is your time table?


Soon as possible

Does the client have multiple wsus in different locations already subordinated to the existing wsus I.e requiring the new one to use the same servername as the old?

No the new Server has a new name
0
arnoldCommented:
Lets try to clear things up.
Are you using GPOs in OU/departments to assign which client target will be used? or is your WSUS manages the groups to which the client belongs?

Looking at the top of the hierarchy of the document dealing with server role migration, it clearly in the section of Windows server migration tool, states that not all role migratioin require the use of this tool.

IMHO, wsus is one such role.  The use of the server migration tool is not a requirement.


If you are using GPO, I think my way is fairly straight forward such that you can transition while both are running as current as the master with the new as the replica. Approvals will be initiated on the current with the clients communicating with the new/replica.

Is your GPO structure
top of the domain, you have a WSUS GPO that only sets the Intranet WSUS site.
Within Each OU you have another wsus GPO Client settings that sets client parameters while inheriting (not configured) for the intranet site including client target?

The systems and the approvals by group will be set as the master when replicated.

Since the new is not in play, And since you did not mention a time table.  One thing to try is to subordinate the new to the old and see after the sync what the result is.
You could depending on how your WSUS GPO is setup, transition one small department to the new server to see for yourself.

Are you under a constraint that both can not be running at the same time?
0
*** Hopeleonie ***IT ManagerAuthor Commented:
Are you using GPOs in OU/departments to assign which client target will be used?
Yes we do

Is your GPO structure
top of the domain, you have a WSUS GPO that only sets the Intranet WSUS site.
Within Each OU you have another wsus GPO Client settings that sets client parameters while inheriting (not configured) for the intranet site including client target?
Each department has a own IT. They use own GPO's.

Are you under a constraint that both can not be running at the same time?
No. The old and new can run for 1 - 3 months.
0
arnoldCommented:
You can always revert/clean up the WSUS on the new server and ........
Create the new, copy (manually create the auto approval rules if any that you currently have on the old) You may have a several. or you may have one that auto approves/ security/critical updates for all. This might be the significant effort.  Let me try and see if there is a way to export/extract the approval rules only.

As well as configuring update roll-up such that clients connecting to the replica will be reported up to the master.

Then subordinate the new to the OLD.  Advise the test department to update their GPO to reflect the INTRANET server with the new name. and that it is it. If they need to approve updates, they should still use the old one.

After a week most of the systems in that department should have checked in with the new server......

This way you can transition a department at a time, while the approval procedure remains the same (using the old server).

When You are ready to cut the old one off, run a final sync on the replica, reconfigure it to become the master (note if you have to have firewall rules to allow the new WSUS server access to the outside to retrieve data directly from MS, this is when you will need this rule added)
At this time you would also need to notify your the department ITs to reconfigure their update to add the new server into their console, while removing the old one....

If systems are currently with update errors, those will remain, but with the new one, it might not be possible to see why the update failed long ago.  Presumably a system that had a failed update and not resolved, would suggest it is either not checked or not significant.
0
*** Hopeleonie ***IT ManagerAuthor Commented:
Seth you where correct and thanks for both.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.