If you have followed my previous blog article for installing a remote SUP in SCCM 2012 R2 you may have noticed that I ran the install on Windows Server 2008. So what’s different when you want to install a remote SUP on Server 2012. Read on….
Install the WSUS Console on the site server
The easiest way to install the console is to use a PowerShell command.
Open PowerShell and run the following:
Install-WindowsFeature -Name UpdateServices, UpdateServices-Ui
Install Pre-Requisites on the remote SUP server
Connect to your remote server allocated for the WSUS role and load Server Manager. Choose Manage>Add Roles and Features. Click Next until presented with the Server Roles.
Select Web Server (II) and then click Add Features when prompted. Click Next.
Add in .Net 3.5 SP1 and .Net 4.5 features and click Next.
Accept the default IIS configuration and click Next.
Since the source files for .Net 3.5 SP1 are not installed on Server 2012, you will need to copy the folder SxS from the ‘Sources’ folder on your Windows Server 2012 media or mount the media in a drive. Once this is done click ‘Specify an alternative source path’ on the ‘Confirm Installations Options’ screen
Enter the path to the SxS folder and click Ok.
Once installation is complete click Close.
Install WSUS on the remote SUP server
Return to the Add/Remove Roles wizard and click through to the Server Roles section. Choose Window Server Update Services. Click the checkbox to select.
Click Add Features then click Next.
Click Next through the wizard to the Features Services section. If the Windows Internal Database is not being used by any other Windows components untick the check box to remove.
Choose Remove Features.
Click through to the Role Services section and select Database. Click Next.
Enter a location to store the WSUS downloads, either local or remote. In this instance I am using C:\WSUS. Click Next.
Enter the location to the WSUS DB. I am using the ConfigMgr db and the default instance so I can enter just the hostname in this field. Note that if you use the FQDN here it will fail to connect. Use only the hostname.
Check the connection prior and ensure successful connection. Click Next.
Once installation is complete click Close.
In the Server Manager menu bar click the warning triangle and click ‘Launch Post Installation Tasks’.
Installation will complete.
Now follow the ‘Installing a remote Software Update Point in SCCM 2012 R2‘ blog post from the section ‘Add site server as local admin on the remote SUP server’ onwards.
Check the SUP for successful installation in the SUPsetup.log in the SMS\logs folder on the remote server.
…and the connectivity from the site server in the WCM.log on the site server.
WSyncManager.log shows a successful sync.
Monitoring in the SCCM Console confirms that the remote SUP is online.
Just a quick check, if the remote sup is Windows 2012R2 server but the sccm server is Windows 2008R2. Will it works? Is there a admin console for Windows 2008R2?
Yes that is fine. You just install the WSUS 3.0 SP2 console + hotfixes on the site server.
Use this guide https://sccmentor.com/2014/09/06/installing-a-remote-software-update-point-on-sccm-2012-r2/and perform the sections ‘Install the WSUS Console on the site server’ and ‘Install MS KB’s 2720211 and 2734608’ and then go to ‘Install Pre-Requisites on the remote SUP server’ in this guide and continue on. Hope that helps
So is using wsus 3 admin console on sccm server (Windows 2008r2) with remote sup as wsus 4 (Windows 2013r2)?
Thank you so much….
No problem. Good luck with the install
Thanks a lot for this “How to”
Just one question
I install the WSUS Console on the site server with your powershell command. Do I need to launch post installation on the site server ?
I can’t remember off the top of my head but if you check for the existence of the WSUS folder. If that doesn’t exist then you will need to.
Hi. I have a CAS and Primary servers with win2008R2, and SUP with win2012R2. I have to install WSUS 3 console on CAS only, or both CAS and PRI?
You will need to install WSUS and SUP on both CAS and PRI servers. The CAS will be the synch source with MS and the PRI will become a downstream instance, ConfigMgr will set this all up for you when you install the role.
Thanks for fast reply. I installed full WSUS on my new SUP on 2012 (DB SQL on CM-PRI), full WSUS on CAS (with DB SQL) and full WSUS on PRI (with WID DB). When I try install only WSUS console, i had http503 errors in wcm.log, when CM tried to configure it. It’s now working, but wsusPool (w3wp.exe) is consuming my CPU at 90-95%. Will change WSUS DB from WID DB to ex. named instance on SLQ help me?
Take a look at the following Mike http://iamrusso.com/w3wp-exe-100-cpu-wsus-3-0-and-sccm/
Thanks a lot for this comprehensive guide! Stupid question: Our SCCM v1602 is running on Windows Server 2008R2, so the built-in or integrated WSUS is 3.0SP2. Would it be supported to setup a WSUS 4.0 on a separate Win2012R2 server (as your fabulous guide describes) and connect it to the WSUS 3.0SP2 “backend”? Or need the “integrated” WSUS to be upgraded to WSUS 4.0 first, before adding another stand-alone WSUS 4.0 server?
Yes that is fine you can do this.
why i need to install WSUS Console on the Site Server?
If no SUP role is installed on the site server then the WSUS admin console is needed so the site server can communicate with the WSUS components on the remote SUP.
Because I’m an idiot I missed the initial step “Install the WSUS Console on the site server” and only spotted this after everything else was completed. is that going to screw things up so I need a do-over or will this be OK?
You can install it afterwards that is fine.
I have cas and primary site sccm and i have wsus remote site. How can i install
1 wsus and sup on cas
2 wsus and sup on pri
3 wsus on remote
4 setup sup for remote on pri
I could be wrong here, but install the console only on the CAS and full WSUS/SUP on the remote site server.
When running a Remote SUP, how should the group policy be configured? Should the “Specify Intranet Microsoft Update service location” setting be populated with the hostname of the server running the Remote SUP or the SCCM Server?
No. The only Windows Update song that should be set is Configue Automatic Updates. This should be disabled.
Would it be a good practice in a large environment separate the WSUS Server from the primary SCCM SCCM and create SUP from a WSUS Server on another server?
It really depends on your numbers. A SUP which is separate and has no other roles added to the severe can support up to 25,000 end points. That might be worth considering if
you have big numbers. Cheers Paul