Problems during WSUS Migration
Hi
I’m doing a WSUS Migartion as shown in this Video:
https://youtu.be/xz-XzcH8I9o
and
https://technet.microsoft.com/en-us/library/hh852339.aspx
According to the Video I have to open an elevated command prompt in Windows Server 2012, and run the following command:
wsusutil.exe postinstall
( 3.4. Change the WSUS server identity; Step 2.
As soon as the server identity is changed, run the following command to generate a new encryption key:
%ProgramFiles%\Update Services\Tools\wsusutil.ex
But get this error:
tmpC9D4.txt
What am I doing wrong? Can somebody please help?
Many thanks in advance & have a nice day
I’m doing a WSUS Migartion as shown in this Video:
https://youtu.be/xz-XzcH8I9o
and
https://technet.microsoft.com/en-us/library/hh852339.aspx
According to the Video I have to open an elevated command prompt in Windows Server 2012, and run the following command:
wsusutil.exe postinstall
( 3.4. Change the WSUS server identity; Step 2.
As soon as the server identity is changed, run the following command to generate a new encryption key:
%ProgramFiles%\Update Services\Tools\wsusutil.ex
But get this error:
tmpC9D4.txt
What am I doing wrong? Can somebody please help?
Many thanks in advance & have a nice day
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry for jumping mid/near the end. What are you migrating? Are you migrating the whole wsus from server 1 to server 2?
Or based on the last few posts it looks as though you are migrating wsus from storing the DB from one server to another.
First, I would advise against storing the content on wsus as it will likely lead to c: potentially running out of space.
Or based on the last few posts it looks as though you are migrating wsus from storing the DB from one server to another.
First, I would advise against storing the content on wsus as it will likely lead to c: potentially running out of space.
ASKER
Hi Arnold
I'm migrating the whole WSUS server (1; old 2008 to server 2;new 2012 R2) according TechNet:
https://technet.microsoft.com/en-us/library/hh852339.aspx
Thanks for your help.
I'm migrating the whole WSUS server (1; old 2008 to server 2;new 2012 R2) according TechNet:
https://technet.microsoft.com/en-us/library/hh852339.aspx
Thanks for your help.
IMHO, the straight forward way is to setup the wsus on the new server as a replica of the old. Allow time for the transfer of the data as well as all prior approvals. Then you can decom the old after changing the new one from replica to master, adjusting the GPO to now consult the new WSUS as well as copying/remarking the classifications on the new one to match.....
One would run the clean up wizard on the current wsus prior to subordinating the new to minimize transfer of unnecessary data.
IMHO, it is much simpler than going through export of the data from one and importing it on the other. The manual auto approval config is a pain one might tolerate. As well as getting the migration agent......
The transition as outlined can be managed.
One would run the clean up wizard on the current wsus prior to subordinating the new to minimize transfer of unnecessary data.
IMHO, it is much simpler than going through export of the data from one and importing it on the other. The manual auto approval config is a pain one might tolerate. As well as getting the migration agent......
The transition as outlined can be managed.
ASKER
@Arnold
This is a very large customer (15000+ Clients). Is that way supported by MS?
This is a very large customer (15000+ Clients). Is that way supported by MS?
Supported, not sure about the context. Master/replica setup is a supported MS setup addressing single approval source while having distributed wsus servers. A failure of the master, provides for a quick transition of changing one replica to now be the new master.
What issues are you envisioning as being an issue?
The only data not available through this process is the client status until the client contacts the new wsus server.
What is your time table?
Does the client have multiple wsus in different locations already subordinated to the existing wsus I.e requiring the new one to use the same servername as the old?
Replica configuration provides for rolling up client information from the replica to the master.
The transition would require update to GPOs about the new server or is the current GPO is using a DNS hostname placeholder I.e. Updates.domain.com which currently points to the current wsus server and a change in DNS to point it to the new server is all that will need to be done?
What issues are you envisioning as being an issue?
The only data not available through this process is the client status until the client contacts the new wsus server.
What is your time table?
Does the client have multiple wsus in different locations already subordinated to the existing wsus I.e requiring the new one to use the same servername as the old?
Replica configuration provides for rolling up client information from the replica to the master.
The transition would require update to GPOs about the new server or is the current GPO is using a DNS hostname placeholder I.e. Updates.domain.com which currently points to the current wsus server and a change in DNS to point it to the new server is all that will need to be done?
ASKER
What issues are you envisioning as being an issue?
We have to migrate department by department. Because of that I asked this.
What is your time table?
Soon as possible
Does the client have multiple wsus in different locations already subordinated to the existing wsus I.e requiring the new one to use the same servername as the old?
No the new Server has a new name
Lets try to clear things up.
Are you using GPOs in OU/departments to assign which client target will be used? or is your WSUS manages the groups to which the client belongs?
Looking at the top of the hierarchy of the document dealing with server role migration, it clearly in the section of Windows server migration tool, states that not all role migratioin require the use of this tool.
IMHO, wsus is one such role. The use of the server migration tool is not a requirement.
If you are using GPO, I think my way is fairly straight forward such that you can transition while both are running as current as the master with the new as the replica. Approvals will be initiated on the current with the clients communicating with the new/replica.
Is your GPO structure
top of the domain, you have a WSUS GPO that only sets the Intranet WSUS site.
Within Each OU you have another wsus GPO Client settings that sets client parameters while inheriting (not configured) for the intranet site including client target?
The systems and the approvals by group will be set as the master when replicated.
Since the new is not in play, And since you did not mention a time table. One thing to try is to subordinate the new to the old and see after the sync what the result is.
You could depending on how your WSUS GPO is setup, transition one small department to the new server to see for yourself.
Are you under a constraint that both can not be running at the same time?
Are you using GPOs in OU/departments to assign which client target will be used? or is your WSUS manages the groups to which the client belongs?
Looking at the top of the hierarchy of the document dealing with server role migration, it clearly in the section of Windows server migration tool, states that not all role migratioin require the use of this tool.
IMHO, wsus is one such role. The use of the server migration tool is not a requirement.
If you are using GPO, I think my way is fairly straight forward such that you can transition while both are running as current as the master with the new as the replica. Approvals will be initiated on the current with the clients communicating with the new/replica.
Is your GPO structure
top of the domain, you have a WSUS GPO that only sets the Intranet WSUS site.
Within Each OU you have another wsus GPO Client settings that sets client parameters while inheriting (not configured) for the intranet site including client target?
The systems and the approvals by group will be set as the master when replicated.
Since the new is not in play, And since you did not mention a time table. One thing to try is to subordinate the new to the old and see after the sync what the result is.
You could depending on how your WSUS GPO is setup, transition one small department to the new server to see for yourself.
Are you under a constraint that both can not be running at the same time?
ASKER
Are you using GPOs in OU/departments to assign which client target will be used?Yes we do
Is your GPO structureEach department has a own IT. They use own GPO's.
top of the domain, you have a WSUS GPO that only sets the Intranet WSUS site.
Within Each OU you have another wsus GPO Client settings that sets client parameters while inheriting (not configured) for the intranet site including client target?
Are you under a constraint that both can not be running at the same time?No. The old and new can run for 1 - 3 months.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Seth you where correct and thanks for both.
ASKER
Hope you are fine? :-)
I did that:
%programfiles%\update services\tools\wsusutil postinstall SQL_INSTANCE_NAME="Servern
And it was successful. But 3.4 Step 2 fails :-(