Jump to content


anyweb

using System Center 2012 Configuration Manager - Part 5. Adding WSUS, Adding the SUP role, deploying the Configuration Manager Client Agent

Recommended Posts

I had an existing WSUS environment and added this to System Center as a Site System Role as part of Step 5. Of course I did this not knowing that it was not compatable. Now when I try to delete this from System Center I get an error "The server \\wdus01.anifti.com" cannot be deleted becasue it contains teh following site system roles: Component Server.

 

I have tried to remove thi srole but it is grey out. What can I do to remove this role so I can then delete teh WSUS server? I guess I will then need to delete the WSUS server and let System Center do this?

Share this post


Link to post
Share on other sites

*You’re reverting to WSUS and policies for updates whereas the goal for SCCM 2012 is to do updates via the client, not use GPO anymore.

*In SCCM 2007 you disable the WSUS policy, now you re-enable it again?

 

you do realise that this is ONLY for delivery of the Configuration Manager Client using Microsoft's own best practice method and that after that point all updates will come via Configmgr...?

 

*In 2007 you created a “blank for staging” collection, you don’t create a here anymore?

 

if you want to do that here you CAN, these are very different products and therefore they are not configured the same way....

 

 

*If you don’t create the “blank for staging”, you could create autodeployment rules “critical updates windows 2008 R2”, “windows 2008 R2” etc, what would mean you download twice (critical updates are already in “windows 2008 r2”); you could then point in “critical updates” to “windows 2008 r2” but then you can’t see the hierarchy/dependency (f.e. if you would delete “windows 2008 r2”, all updates depending on it would be gone

 

not following..

 

 

*in wsus you define what to download (products), then you need to define again in deployment the categories, but if wsus doesn’t download, what sense does it make to select a download that wasn’t done by wsus?

*wsus downloads it and sccm downloads it again? Or sccm gets it from wsus, meaning it is the same content on two locations? What a waste of storage

 

 

 

everything that is delivered via the Software Update Point is downloaded via WSUS, the SUP role is Configuration Managers method of controlling what WSUS does or doesn't do.

 

if you want to do things using Microsoft best practice methods then you can go ahead and follow my guides here, or read what is posted on Technet, I do explain that there are more than one way to do things, If you choose to deliver the Configuration Manager client via Client Push, GPO or another method then use the method that suits you, I am merely offering alternatives and advice (I focus on Microsoft Best Practice)

cheers

niall

Share this post


Link to post
Share on other sites

Thank you for responding but I was finally able to remove the role by disabling the WSUS role. My problem was I had added my existing WSUS server into the configuration manager setup instead of using a new WSUS server. So, i tried to back out of that and delete teh existing WSUS but it would not allow me to remove it from SCCM becasue it help certain roles.

Share this post


Link to post
Share on other sites

Been following this guide and doing fine up until this point. I'm not using a CAS, but only a primary server. For some reason, the SUP role is not listed as a choice. Am I missing something or do I need a CAS to use this role?

 

2rgnqjp.jpg

 

Nevermind, I found out the problem. The role was already set which was why it wasn't listed. I must've installed WSUS and the role from another guide here.

  • Like 1

Share this post


Link to post
Share on other sites

First off I sincerely want to say thank you so much for the work you put in to make these tutorials they're very well put together, very awesome for the "windows noobs" :D

 

I was wondering if someone could give me a hand with this one, ive been up all night and just cant figure it out.

 

Within my Software Center the link for Find additional applications from the Application Catalog is grayed out. I can browse to the site if i type in the URL manually (http://<<SERVER NAME>>/CMApplicationCatalog/). I'm not sure what I'm missing or if it even matters but I was wondering if anyone would know what could cause this.

 

Also I didn't get prompted to install my client on my test computer but when I went into Control Panel the Configuration Manager setting is there. Now when i go and look at devices the test computer states there is No client installed.

 

I'm not really sure whats up with this but any help would be greatly appreciated.

Share this post


Link to post
Share on other sites

if you want the clients connected to that management point (on that primary) to scan against that sup then yes you should also have wsus and sup installed on the other primary.

Share this post


Link to post
Share on other sites

Hi there. First off, I am very new to SCCM. I currently have SCCM SP1 (beta) set up in a lab environment. I have been able to successfully deploy applications to Windows 8 clients. I am currently looking at configuring WIndows Updates for my test clients. I have WSUS installed on my SCCM server. I am at the point where I am adding the site system role for Software Updates. In the Wizard I get to the point where it asks me what updates I want to synchronize. No where do I see Windows 8 mentioned. I see all the other OS's, but not Windows 8. When I look online I am told that SCCM 2012 SP1 will fully support Windows 8. Am I missing something? Does SCCM 2012 SP1 support Windows Updates for windows 8 machines?

Share this post


Link to post
Share on other sites

Can I use this document for implementing WSUS and SUP on a primary site server.

 

yup

 

Have you also this new serie in Word or PDF.

 

nope

 

Many thanks for your work very usefull.

 

you are welcome

Share this post


Link to post
Share on other sites

Running into another issue that I hope someone can help with. With a CAS and two primary sites WSUS and SUP is installed on all 3 machines. I have created the custom client settings and deployed them to the proper collections so they are pulling from the correct primary site. I know my account settings and firewall settings are all ok because I can manually push the client without any problems. Trying to use the Windows update function though keeps failing with an error code 1 at the client machine. Any thoughts on where to start looking for the problem would be most helpful. I will post the ccmsetup.log shortly. Thanks.

Share this post


Link to post
Share on other sites

I am following the guide. Let me explain what my lab layout is all about.

DC - Server 2012

CAS - Server 2012 (running SQL 2012)

PRI - Server 2012 (running SQL 2012)

 

Finished part 1, 2, 3 & 4. All went well without any issue. At part 5, I am STRUCK. Installed WSUS role on CAS Server 2012. When, I add SUP role, I don't have the option ACTIVE SETTINGS to select THIS SERVER AS THE ACTIVE SOFTWARE UPDATE POINT. Am, I doing something wrong. In your screen shot, I can see you have Active Settings and the option to select this server as the active software update point.

 

Appreciate your help.

 

Ram

 

EDIT - GOING TO REVAMP THE LAB WITH SERVER 2008 R2 AND USE CONFIG MGR 2012 RTM TO CONTINUE WITH THE LAB EXERCISE. WILL KEEP YOU UPDATED.[/font]

Share this post


Link to post
Share on other sites

did you do this ? read the end of (step 1)

 

Note: Repeat the above (installation of the WSUS server role) on your Primary server P01.

 

and as a side note, this guide is (so far) specifically for the RTM release of Configuration Manager 2012 and therefore Server 2012 is not supported, you need Configuration Manager 2012 Service Pack 1 for that...

Share this post


Link to post
Share on other sites

are you managing updates using Configuration Manager ? did you previously manage them via WSUS ? did you uninstall WSUS and remove any GPO's prior to enabling the SUP role in ConfigMgr ? are the configmgr clients in a collection targetted with client settings to enable Software Updates ?

Share this post


Link to post
Share on other sites

Updates are now managed through SCCM 2012. That screen shot is from the WSUS install on the SCCM 2012 server. I don't approve any updates through the WSUS interface I use your guide to auto approve based on Patch Tuesday.

 

I used to use a WSUS 3.0 SP2 server that is still up and running. I would configure the clients through a GPO that would point to http://WSUSServer and I changed the GPO to http://SCCM2012:8530.

 

I have configured the Software Update through SCCM - See Image. These settings have been deployed to a Collection Group that I call "All Workstations with Client Installed".

post-18089-0-02973700-1356722863_thumb.jpg

Share this post


Link to post
Share on other sites

I used to use a WSUS 3.0 SP2 server that is still up and running. I would configure the clients through a GPO that would point to http://WSUSServer and I changed the GPO to http://SCCM2012:8530.

 

you shouldn't have to use a gpo as when you enable software updates via client settings your client will get a local policy pointing to the SUP and any domain group policy may cause you issues, what does your windowsupdate.log tell you ? and wuahandler.log ?

 

have you tried removing the GPO's altogether or changing it to point to the FQDN of your SUP on the primary server ? (and not the netbios name)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...