Kiltedjedi

Hi, If you manually do this search do you get any updates returned?. When did your SUP last sync successfully?

Your computer account is the default account used by SCCM to install the Roles on your specified site servers, as it needs to be able to write to registry HKLM and write to protected drive areas. The good thing about computer accounts is no-one should be logging in as them. It's been a while but I think I had to use the computer account for Database role. Everything else you can set a new AD account to perform the installs (MP definately, DP, SUP), however that account will need admin access on the server(s) that the role is being installed on.

OK Breakthrough I've found an issue where WSUS was recieving an HTTP 401 error unauthorised. Eventually the fix turned out to be adding the WSUS Connection account into the builtin IIS user group on the gateway server Now the SUP is doing the round robin thing around the available SUPs and I can now deliver patches from the untrusted domain. I still think it would be useful to have the Preferred Intranet Source in the client settings.

Hi, Those are all good with forcing a management point. Unfortunately (for me anyway), the Management point is not an issue as all clients in Domain B are registered with the desired MP., What I have is Domain A CAS Primary Site Server Management Point DP SUP DB Domain B Additional Site Server Management Point DP SUP I have Point to Point firewall rules between the 2 servers and comms is working well. The Clients in Domain B are registered on the site and have picked up the server in Domain B as the management point What I am seeing is that the Software Update source server is coming in as the primary site server in Domain A. I am also seeing that the Software update point is not Synchronising from a source within the SCCM environment, where the Primary site is syncing from the CAS, I have a blue exclamation and the Sync Source is listed as Microsoft (WSUS on server in Domain B is configured as full WSUS prior to SCCM SUP install) What I cannot do is 1. Establish Domain trust between the domains - IE no Secondary site within the domain 2. Open the firewall from all the servers in Domain B to the Primary site server in Domain A - just not even politically viable

Hmm, I would have thought with properly defined boundaries that the Client should talk to the SUP on it's own domain It would be really useful if MS allowed us to determine the Intranet software update point in the Client settings much like the GPO settings. Also we can't use secondary sites in an untrusted domain.

Hi all, SCCM 2012 R2 CU1 I'm currently banging my head against a brick wall here. I have a primary site server in 1 domain, and need to manage clients in a separate untrusted domain. Ther is a point to point firewall rule to allow the necessary ports between MP and Primary site I have successfully configured MP and DP in the domain and all the clients are installed and reporting in to the site correcly and recieving policy I have installed a primary SUP on the primary site server and synced successfully with MS and been able to deploy patches in the same domain. I have installed a SUP on the foreign domain MP which is syncing back to the primary sup and shows as healthy on the primary site console. I have confirmed in WSUS console on the MP that it is set to sync from the Primary site, and have successfully ran synchronisations I can patch from the SCCM client on the MP as the firewall is opened between the 2 servers However, the clients on the foreign domain are registering the Update source as the SUP on the primary site server so are throwing up expected errors as there are no ports opened to the primary site server direct from clients. Is there a way I can force the SUP settings in this domain to look towards the SUP installed on the MP for the domain? There is no internet access so cannot use MS update as a source. Thanks in advance Jassen