anyweb 478 Posted October 28, 2011 Report post Posted October 28, 2011 In Part 1 of this series we got our AD and SCCM servers ready, and then we installed System Center 2012 Configuration Manager as a standalone Primary site. Now we will configure the SCCM server further by adding some Windows Server roles necessary for the following Configuration Manager 2012 functionality, Software Update Point (SUP) and Operating System Deployment.Recommended Reading:-Planning for Software Updates in Configuration Manager - http://technet.micro...y/gg712696.aspxPrerequisites for Software Updates in Configuration Manager - http://technet.micro...y/hh237372.aspxConfiguring Software Updates in Configuration Manager - http://technet.micro...y/gg712312.aspxStep 1. Add the WSUS Update Services 3.0 SP2 rolePerform the following on the SCCM server as SMSadminBefore starting this step create a folder on D:\ called sources and share it as sources, give Everyone Read access.We'll need the WSUS role installed as part of the Software Update Point role installation in the next step, so start Server Manager and click on Roles, Add Roles. Select Windows Server Update Services and a window will pop up asking to add role services required for Windows Server Update Services (IIS Dynamic Content compression), click Add Required Role Servicesclick next through the wizard, you'll see the Select Role Services window appear, click next again, at the confirmation click Install, the WSUS role will be downloaded (so you'll need a network connection to the Internet)after a while you'll see the Welcome to Windows Server Update Services 3.0 SP2 setup wizard appear click next (which is probably hidden behind the active window, so in your system tray find it and click on it to show the wizard otherwise you'll be twiddling your thumbs for a long time wondering whats going on)Accept the Eula and click nextfor Select Update Source, choose where to store the updates locally, select D:\sources\WSUSfor database options choose Use an existing database server on this computer, click nextit will connect to your SCCM SQL server instance, click nextaccept the web site preference, Use an existing Default websiteat the ready to install WSUS, click nextclick Finish when done.followed by cancelling the WSUS configuration Wizard.and close the Roles WizardStep 2. Add Windows Deployment Services.Perform the following on the SCCM server as SMSadminUpdate:- You no longer need to install the Windows Deployment Services Role because when you enable PXE support on the Distribution Point, the WDS Service will get installed (and configured) by ConfigMgr, so please skip this step unless you specifically want the RemoteInstall folder on a different drive. You can review this via the Distrmgr.log.In Server Manager, click Add roles select Windows Deployment Services and click nextclick Next, Next, and Install and click Close when done. Close Server Manager.Step 3. Add the SUP rolePerform the following on the SCCM server as SMSadminNote: In a Multi Hierarchy setup (CAS+Primaries+...) you must install a Top Level SUP on your CAS, and your Primaries and optionally on your Secondary site servers. In a standalone setup (such as we have here) we need to install the SUP on our Standalone Primary. In a multi Hierarchy the CAS SUP is the only SUP to sync directly with Microsoft Update to get the update catalog, all the SUPs on the Primaries sync with the CAS SUP. The Primary sites SUP is the only SUP which clients use to scan for Updates Compliance.Start up the ConfigMgr console, click on Administration in the Wunderbar, click on Site Configuration, and select Servers and Site System Roles, Right click on your server and choose Add Site System Roleclick next at the Add Site System Roles WizardSelect Software Update Point and click Nextif you need to input proxy information, do it herenext select Use this server as the Active Software Update Point and the wizard screen will expand as a result, leave the ports as they are (we didn't change them from the Default when we installed WSUS)to Specify Synchronization Settings, select Synchronize from Microsoft Updatenext we configure the Schedule and Alert settings, please enable both.leave the supersedence rules as they are, note the note about Service packs and Endpoint Protection updates.As we will be configuring System Center Endpoint Protection (SCEP) later in this series, let's add Definition Updates in the Classifications choiceRemove the checkmarks from Office and Windows in the Products list, we will revisit this list after our first Sync.On the Languages screen, remove all checkmarks in all languages except English (well if you want other languages add them, but for me it's just English)click next at the summary and progress, review the completion message and click Close. 2 Quote Share this post Link to post Share on other sites
Pieter 1 Posted November 2, 2011 Report post Posted November 2, 2011 Where do I get Endpoint Protection 2012 definition updates. I don’t see anything under products in WSUS. And the explanation from TechNet doesn't say anything about it aswell. On the Software Updates page of the wizard, select Date Released or Revised from the Property filters list. In the Search criteria list, click <value to find>, and then, in the Search Criteria dialog box, select Last 1 day from the Specify the value to search for drop-down list. Click OK to close the Search Criteria dialog box and then click Next. On the Evaluation Schedule page of the wizard, select Enable rule to run on a schedule and then configure the schedule at which definition updates will be downloaded. At a minimum, set the rule to run 2 hours after each software update point synchronization. Click Next. 1 Quote Share this post Link to post Share on other sites
anyweb 478 Posted November 7, 2011 Report post Posted November 7, 2011 Endpoint protection is covered in Part 5 of this series - http://www.windows-noob.com/forums/index.php?/topic/4466-using-sccm-2012-rc-in-a-lab-part-5-enable-the-endpoint-protection-role-and-configure-endpoint-protection-settings/ Quote Share this post Link to post Share on other sites
maskov 0 Posted November 9, 2011 Report post Posted November 9, 2011 I did not think you could use the "Use the Existing IIS Default Website" option when you run SCCM and WSUS on the same server? Is this new in SCCM 2012 or has it allways been possible? Quote Share this post Link to post Share on other sites
Thebeats2009 0 Posted December 12, 2011 Report post Posted December 12, 2011 Hallo, Did someone know, Why the WDS service failed to start? Thank you Quote Share this post Link to post Share on other sites
tecxx 0 Posted December 19, 2011 Report post Posted December 19, 2011 Hello, and thanks for your helpful posts about sccm2012. i have two questions: 1) during wsus install, i am unsure about the flag "Store Updates Locally". other guides have this checkmark removed. as far as i understand, wsus only downloads the metadata catalog. sccm downloads the updates itself. would you still recommend to leave this checkmark ticked? are updates then downloaded twice (once for wsus, once for sccm)? 2) cleanup. our wsus and all secondary wsus instances are scripted to run a monthly cleanup task which removes no longer needed updates - this saves a great amount of disc space, especially on smaller secondary site servers. is it possible in a sccm2012 environment, with automatic deployment rules in place, to clean up no longer needed updates from the packages? or will the distribution points just grow as new updates arrive? thanks! Quote Share this post Link to post Share on other sites
anyweb 478 Posted December 19, 2011 Report post Posted December 19, 2011 1. I select this option as license files can be downloaded and stored in the WSUS local store. 2. yes you can run a WSUS cleanup monthly, I haven't tested the exact scenario you are asking about but if you beat me to it then please share your experiences Quote Share this post Link to post Share on other sites
tecxx 0 Posted January 3, 2012 Report post Posted January 3, 2012 about 2), i will share my experiences. what i have done is: create automatic deployment rules, for each "product" one. e.g. an automatic deployment rule for windows7, one for xp, one for server2008, one for office, etc. for each automatic deployment rule i have selected "Add to an existing Software Update Group". this makes sure that all windows 7 updates stay in the same windows 7 update group, and so on. in "software updates", i have selected the following: - product windows 7 - superseded "NO" - title (remove beta updates, or things you don't need, e.g. -"Internet Explorer 8" removes all IE8 updates, as we use IE9 already) - update classification "Critical Updates", "Security Updates", "Update Rollups", "Updates" and here comes the key part: - required >= 1 this last setting makes sure that only updates end up in the group that are actually required by our systems. note that i did not make any limitation to the release date of the updates, so the basic idea is to "include all updates that are required by systems to the software update group". this behaviour is exactly what we had with our old WSUS infrastructure. in my tests so far i can see that initially, the software update group contains a lot of updates. after two or three iterations of updating the clients and having them report back their state to the SCCM server, the number of updates with "required > 0" goes down, until at some point the update group is empty (as no client requires any more updates). i did not yet find out if the actual update files are also removed from the harddisks of our sccm servers. it the moment it doesn't seem so, but i will investigate. any input on this is appreciated. Quote Share this post Link to post Share on other sites
akash1221 0 Posted January 11, 2012 Report post Posted January 11, 2012 Is it possible to install WSUS on a seperate server with RC? Quote Share this post Link to post Share on other sites
Peter van der Woude 143 Posted January 14, 2012 Report post Posted January 14, 2012 That's possible. Quote Share this post Link to post Share on other sites
Widgets 0 Posted January 31, 2012 Report post Posted January 31, 2012 After installing WSUS on my offline server it is telling me I need to install IIS and/or additional IIS requirements. I am unsure what it needs for this as I already installed IIS along with BITS in an earlier installation to get SCCM installed in the first place. Is there a list of which Roles pertaining to IIS need to be installed? Thank you. Edit: I needed "Windows Authentication" installed. You would think that would be a default install for a Microsoft product. Thanks again. Quote Share this post Link to post Share on other sites
iontoria 0 Posted February 16, 2012 Report post Posted February 16, 2012 Hello: We´ve a WSUS and SMS 2003 infraestructure and now we are planning the migration to SCCM 2012. In WSUS case, we have defined our sttings (groups, types of updates to download, classifications...). Is there any way to translate this information to SCCM 2012? Maybe trougth export/import jobs? Programmatically? Thanks in advance. Quote Share this post Link to post Share on other sites
anyweb 478 Posted February 16, 2012 Report post Posted February 16, 2012 you could try programming it but why bother, the supported method of migrating from SMS 2003 to Configuration Manager 2012 is to migrate from SMS 2003 > ConfigMgr 2007 and then do a side-by-side migration to ConfigMgr 2012. Quote Share this post Link to post Share on other sites
iontoria 0 Posted February 16, 2012 Report post Posted February 16, 2012 Hi, again: maybe with wsusutil export filename.cab logfile.xml and wsusutil import filename.cab logfile.xml? Quote Share this post Link to post Share on other sites
anyweb 478 Posted February 16, 2012 Report post Posted February 16, 2012 go ahead and try, and report back your findings here. Quote Share this post Link to post Share on other sites
tarzan 0 Posted February 18, 2012 Report post Posted February 18, 2012 Hi Do i have to share sources with Everyone ? will everything works normal if i give the Administrator and the network share account access to the sources directory ?? Quote Share this post Link to post Share on other sites
bigbeka79 0 Posted February 22, 2012 Report post Posted February 22, 2012 Perform the following on the SCCM server as SMSadmin Update:- You no longer need to install the Windows Deployment Services Role because when you enable PXE support on the Distribution Point, the WDS Service will get installed (and configured) by ConfigMgr, so please skip this step. You can review this via the Distrmgr.log. I fallowed this recommendation, but WDS service isn't installed and SMSboot folder is empty - there is no files in x86 and x64 folders... any ideas? In sccm 2007 I installed only WDS transport server and it works fine… Quote Share this post Link to post Share on other sites
tarzan 0 Posted March 5, 2012 Report post Posted March 5, 2012 Hi Do i have to share sources with Everyone ? will everything works normal if i give the Administrator and the network share account access to the sources directory ?? for god sake anyone answer this question. Is it too hard or too stupid to be answerd ?????. what i have tested is that i deleted everyone from the share the only problem is that SOME application failed to install. these application started installing immidaitely when i shared with everyone again. Quote Share this post Link to post Share on other sites
fseledon 0 Posted March 14, 2012 Report post Posted March 14, 2012 So we have an SCCM RC2 Primary Site (SCCMPS1) with a separate SQL server (SCCMSQL). We would like to install WSUS on a remote server, will the following steps work: 1. Install WSUS on a remote server (SCCMWSUS) and point the database to SCCMSQL 2. Create new Site System Server (SCCMWSUS) with the SUP role and make it the active software point. Will this work or do we have to set SCCMPS01 as the active software update point? Also will the updates be stored on SCCMPS01 or SCCMWSUS if SCCMWSUS is setup as the remote WSUS server? Quote Share this post Link to post Share on other sites
zifou 0 Posted March 20, 2012 Report post Posted March 20, 2012 Hello, I've installed sccm in a vlan test, with no internet connexion. Is it possible to import hotfix updates in the wsus to continue my labtest? If yes, how can I do? Thanks. Quote Share this post Link to post Share on other sites
EddyRaja 0 Posted March 23, 2012 Report post Posted March 23, 2012 Hi, Will WDS installed on seprate server work? how to integrate SCCM 2012 and WDS without installing em on same server. Thanks Quote Share this post Link to post Share on other sites
anyweb 478 Posted March 23, 2012 Report post Posted March 23, 2012 have you tried installing the distribution point (which hosts the PXE stuff) on that server ? Quote Share this post Link to post Share on other sites
csakg6s0 2 Posted April 18, 2012 Report post Posted April 18, 2012 URGENT URGENT!! We have been trying to get the SUP role working for 3 days now and have hit a roadblock. Right now all we have is a CAS and 1 primary site. Both are on same subnet. Both are member servers. Not using ssl, Both have WSUS installed on the site servers themselves, pointing to a sql server instance (default for the CAS and named for the primary). NO updates show up the CAS under the software updates at all...so there is nothing to syncronize. I believe it is something with the WSUS website itself, or the communication between WSUS and SCCM. PLEASE HELP. The WCM.log on our CAS says System.Net.WebException: The request failed with HTTP status 503: Service Unavailable.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber). The wsyncmgr.log on the Primary Site says "Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync AND STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=server.dummydomain.com SITE=HQ1 PID=1916 TID=3884 GMTDATE=Wed Apr 18 10:20:10.666 2012 ISTR0="CWSyncMgr::DoSync" ISTR1="WSUS server not configured. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 Quote Share this post Link to post Share on other sites
anyweb 478 Posted April 18, 2012 Report post Posted April 18, 2012 did you install the SUP role on both the CAS and your Primary ? Quote Share this post Link to post Share on other sites
savage 6 Posted April 18, 2012 Report post Posted April 18, 2012 Setting up cas and primary can be a lil difficult @ first (took me few tries to get it working). In my testlab case i put both cas and primary wsus as active. I set primary to get updates from cas and it started to work. Replication worked. cant remember more details at the moment. Quote Share this post Link to post Share on other sites