Installing a remote Software Update Point in SCCM 2012 R2


The following blog runs through the procedure that is required to install a remote SUP in your environment. This could be to off-load site roles from the site server or to scale out.

Note that the installation has taken place on a Windows 2008 R2 server and that the site server is not going to be used as a SUP. For remote WSUS configuration on Server 2012 see here.

Install the WSUS Console on the site server

Download WSUS 3.0 SP2 from here.

Click Next in the WSUS install wizard.

remoteWSUS-05

When prompted choose to install the console only. Click Next.

remoteWSUSExtra-01

Accept the licence agreement and click Next.

remoteWSUS-06

One the install is complete click Finish.

remoteWSUS-13

Install MS KB’s 2720211 and 2734608

Go to http://support.microsoft.com/kb/2720211/en-ushttp://support.microsoft.com/kb/2734608/en-us respectively and install the WSUS 3.0 SP2 update patches, in no particular order.

Install IIS role on the remote SUP server

Connect to your remote server allocated for the WSUS role and load Server Manager. Choose Add Role. Select Web Server (IIS) and click Next.

remoteWSUS-17

Click Next.

remoteWSUS-18

Add the following IIS components

Common HTTP Features

Static Content

Default Document

Directory Browsing

HTTP Errors

Application Development

ASP.NET

.NET Extensibility

ISAPI Extensions

ISAPI Filters

Health and Diagnostics

HTTP logging

Request Monitor

Security

Windows Authentication

Request Filtering

Performance

Static Content Compression

Management Tools

IIS Management Console

IIS 6 Management Compatibility

IIS 6 Metabase Compatibility

 Click Install.

remoteWSUS-19

remoteWSUS-20

Once installation of the IIS role is complete click Close.

remoteWSUS-21

Install Report Viewer 2008 on the remote SUP server

Download Report Viewer 2008 from http://www.microsoft.com/en-us/download/details.aspx?id=6576

Run the Reportviewer.exe file. Click Next.

remoteWSUS-22

Accept the licence terms and click Install.

remoteWSUS-23

Once complete click Finish.

remoteWSUS-24

Install WSUS on the remote SUP server

Follow the procedure to install WSUS on the remote SUP server as outlined earlier, however note the difference at the Database Options screen.

Choose ‘Use an existing database server on a remote computer’. Enter the hostname of the site server where the SUSDB was installed previously. Click Next.remoteWSUS-25

Once a connection is made to the remote database choose to use the existing database on the SQL server. Click Next.remoteWSUS-26

Continue the wizard through as per the previous WSUS install until complete. Then patch the SUP server with MS KB’s 2720211 and 2734608.

Add site server as local admin on the remote SUP server

Ensure that the site server has admin rights to the remote SUP server by adding it to the local administrators group.

remoteWSUS-27

Add the remote SUP server as a site system and install SUP role

Before the SUP role can be added in, the remote server must be added into SCCM as a site system. In the SCCM console go to the Administration workspace and choose Site Configuration>Servers and Site System Roles. Select ‘Create Site System Server’

remoteWSUS-28

Type in the FQDN of the remote SUP server and select the site code from the drop down list. Click Next.

remoteWSUS-29

Enter any proxy details if required. Click Next.

remoteWSUS-30

Choose to install a Software Update Point and click Next.

remoteWSUS-31

Select to use WSUS ports 8530 or 8531. If using 8531 (HTTPS) check the ‘Require SSL communications to the WSUS server’ checkbox. Click Next.

remoteWSUS-32

Click Next.

remoteWSUS-33

Select a synchronisation source, in this instance I am using the Microsoft Update site. Click Next.

remoteWSUS-34

Select a synchronisation schedule. I am using the default of every 7 days. Click Next.

remoteWSUS-35

Set the supersedence rules. Click Next.

remoteWSUS-36

Select the classification of updates you wish to install. Click Next.

remoteWSUS-37

Select the products that you wish to install updates for. Click Next.

remoteWSUS-38

Select language settings you want to synchronise. Click Next.

remoteWSUS-39

Click Next at the Summary screen.

remoteWSUS-40

Click Close once complete.

remoteWSUS-41

The SUP will being to install. Check the SMS\Logs folder on the remote server. In particular the SUPSetup.log which will report the success/failure of the SUP.

remoteWSUS-42

Also the WCM.log file on the site server will report connectivity to the new SUP.

remoteWSUS-43

..and the progress of the sync for product and classifications.

remoteWSUS-44

The sync can take a while. Once complete the following will be reported in the WCM.log.

remoteWSUS-48

Also take a look at the wsyncmgr.log file on the site server for information about the latest synchronisation that is taking place.

remoteWSUS-49

Finally, to check the status of the new SUP check the Site Status health in the Monitoring workspace.

remoteWSUS-45

and at the Component Status for the remote server.

remoteWSUS-47

The remote SUP is now successful installed.

30 comments

  1. Can u explain a bit more the advantages between deploying updates via DP Vs via SUP. Can we add sup to boundary and restric acess to updates in client side to that SUP?
    Thanks in advance.

      1. Thanks for the feedback.
        My question was more related to differences between “DP only” vs DP with SUP role.

  2. I’ve missed some tips on the article now i get it! 🙂
    This is “to off-load site roles from the site server or to scale out.” and “the site server is not going to be used as a SUP”.
    Nevermind my question.
    Thanks anyway

    1. It is indeed Bruno. Bear in mind that a SUP on a server with other roles can support 25k clients. On it’s own isolated SUP server it can support 100k clients. So worth thinking about.

  3. Hi I need Help,

    when I download the software update package has the Internet me this error.

    Error: Failed to download content id 16793731. Error: There was an error downloading the software update. (4115)
    Package:
    Success: The software updates were placed in the existing package:
    • July 2015
    Software updates that will be downloaded from the internet
    Error: Update for Windows 8 (KB2976978)
    Errors
    Failed to download content id 16793731. Error: There was an error downloading the software update. (4115)
    Update for Windows 8 for x64-based Systems (KB2976978)
    Update for Windows 7 for x64-based Systems (KB2977759)
    Update for Windows 7 (KB2977759)
    Update for Windows Server 2008 R2 x64 Edition (KB3065987)
    Update for Windows 7 (KB3065987)
    Update for Windows Server 2008 R2 for Itanium-based Systems (KB3065987)
    Update for Windows 7 for x64-based Systems (KB3065987)
    Update for Windows Server 2012 R2 (KB3065988)
    Security Update for Internet Explorer Flash Player for Windows 8 (KB3065823)
    Security Update for Internet Explorer Flash Player for Windows Server 2012 (KB3065823)
    Security Update for Internet Explorer Flash Player for Windows Server 2012 R2 (KB3065823)
    Security Update for Internet Explorer Flash Player for Windows 8 for X64-based Systems (KB3065823)
    Update for Windows 7 (KB2952664)
    Update for Windows 7 for x64-based Systems (KB2952664)
    Language Selection:
    English

  4. Hi

    in patchdownloader.log see this error below

    GetContentFileInfoForDownload() failed for ContentID 16793732. hRes = 0x80041013 .ERROR: DownloadContentFiles() failed with hr=0x80041013

  5. When I go through on two Server 2012 machines, I get the following error followed by Remote configuration failed on WSUS Server.

    System.TypeInitializationException: The type initializer for ‘Microsoft.UpdateServices.Internal.Constants’ threw an exception. —> System.TypeInitializationException: The type initializer for ‘Microsoft.UpdateServices.Internal.UtilConstants’ threw an exception. —> System.ComponentModel.Win32Exception: The system cannot find the file specified~~ at Microsoft.UpdateServices.Internal.UtilClassFactory.CreateInstance(Type type, Object[] args)~~ at Microsoft.UpdateServices.Internal.SetupInfo.GetInstallDirectory()~~ at Microsoft.UpdateServices.Internal.UtilConstants..cctor()~~ — End of inner exception stack trace —~~ at Microsoft.UpdateServices.Log.InitializeFromConfig()~~ at Microsoft.UpdateServices.Log.InitializeIfNeeded()~~ at Microsoft.UpdateServices.Log.SendMessage(LogLevel logLevel, String message, Object[] args)~~ at Microsoft.UpdateServices.Log.Trace(LogLevel logLevel, String message, Object[] args)~~ at Microsoft.UpdateServices.Internal.UtilClassFactory.CreateInstance(Type type, Object[] args)~~ at Microsoft.UpdateServices.Internal.SetupInfo.GetInstallDirectory()~~ at Microsoft.UpdateServices.Internal.Constants..cctor()~~ — End of inner exception stack trace —~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)

  6. What if I want to do patch management of my AWS/Azure cloud infrastructure using On-premise SCCM 2012 servers

  7. Thnx for the reply. But what about AWS cloud. How can we leverage on-premise SCCM server to path AWS cloud machines. Also is there any step-by-step procedure document for the same.

  8. Thanks Paul for quick reply. As we have both AWS and Azure cloud for which we are planning to use our existing on-premise SCCM 2012 server. Is there any step by step configuration document that will help us to leverage existing SCCM 2012 server for cloud as well? also which are the best practices in our scenario which help us to reduce overall patching time and achieve patch compliance?

  9. Question, if you have SUP and WSUS already installed on the site server and wish to off load WSUS to a separate site server how would you go about that?

    1. Depends which release of Configmgr I was running. With the latest releases you can switch clients to a new Sup. So I would build a new Sup, switch clients. Then I would remove Sup from site server and set the new sup as the sync source. Next I would remove wsus and install console only on the site server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s