Jump to content


Update Evaluation: Configure Clients to Use Local Secondary SUP / WSUS Server

Recommended Posts

Hey Guys -

I have one more issue currently that I need advice on, please. When SCCM was first introduced and clients deployed in our environment, there was a single server local to the primary which had the SUP role & WSUS installed. We soon realized that shortly after client deployments to remote sites that them simply evaluating updates needed against the remote (to them) WSUS server caused havoc with WAN bandwidth.

Since then, I have installed & configured the SUP role / WSUS at both secondary sites which many clients are local to and are in the same boundaries with. They were automatically configured to be upsteam to the WSUS local to the primary. I've also verified in the console + log files that synchronization between the primary and secondaries from a software updates perspective is green across the board.

When checking WindowsUpdate.log on many clients, though, all remote ones I've checked are still pointing to the SUP local to the primary - not their local one on the secondary. I also checked local policy on these clients and it shows the same is configured and no GPOs currently exist that set WSUS settings.

I was under the impression that SUP / WSUS server would be assigned based on the boundary each client is in then default back to the primary's if none existing. Is this not correct? The new SUPs were added 2-3 days ago and I have forced all policies on selected clients with no change.

We are running SCCM 2012 R2 SP1 CU3 on Windows Server 2012 R2

What am I missing? Thanks!

Share this post

Link to post
Share on other sites

Thanks for the reply -


Well, since the clients are basically setting local policy with the address of the WSUS / SUP server; what if I were to just deploy a group policy to overwrite that with the local WSUS / SUP server which they should be using? If not, know of a script which could be deployed to change this client setting?



Share this post

Link to post
Share on other sites

Thanks -


I added the IP Restrictions feature to the original SUP / WSUS and blocked everything except the local subnets then verified it was working by having techs at remote sites go to the SUP server's IP:8530 in IE to see if they got a blank screen or nothing. It seemingly worked.


I took 3 remote clients and forced a updates scan on them. They failed to connect to the primary SUP - but - then didn't try to search for / use one of the secondary SUPs. Instead, they threw "Scan failed with error = 0x80244018" I got this same result in all remote systems I tested.


Any suggestions? Thanks

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.