Jump to content


  • 0
anyweb

Install a SUP on remote server

Question

In this guide I assume that you have installed and configured SCCM and have it all working ok. This guide assumes that you have installed another Server running Windows Server 2008 and that it is joined to the same domain that SCCM is joined to.

 

Note: The Remote SUP can handle connections from up to 25,000 client computers. If there are more client computers you can configure the active SUP to use an NLB cluster which can handle connections up to 100,000 computers.

 

Step 1. install IIS 7.0 on your WSUS server

 

Start the Server Manager (click Start, click Run, and then type CompMgmtLauncher).

In the tree view, select Roles, then in the Roles pane click Add Roles.

 

server_manager.jpg

 

In the Add Roles Wizard, click Select Server Roles, select the Web Service (IIS) check box, click Next, and then click Next again. You may see a message box Add features required for Web Server (IIS)? Click Add Required Features.

 

web_server_iis.jpg

 

In the Select Role Services window, make sure that the following services are selected:

 

* Common HTTP Features (including Static Content)

* ASP.NET, ISAPI Extensions, and ISAPI Features (under Application Development)

* Windows Authentication (under Security)

* IIS Metabase Compatibility (under Management Tools, expand IIS 6 Management Compatibility)

 

role_services.jpg

 

Click Next, and then review your selections. Click Install, and finally click Close when done.

 

close.jpg

 

Note: you can also review Technets Page on configuring IIS for WSUS.

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

Step 3. Install ReportViewer and WSUS on the WSUS server

 

Download and then Install the ReportViewer.

 

report_viewer.jpg

 

Download WSUS and then Double click on the WSUS exe, choose next at the welcome screen

 

wsus_welcome.jpg

 

choose the Full Server installation

 

full_server_installation.jpg

 

accept the license agreement

 

eula.jpg

 

Select your update source and make sure to select 'Store Updates Locally'

 

Select to use an Exisiting Database on this server

 

default_sql_database.jpg

 

click next after it has successfully connected to the database

 

sql_connected.jpg

 

for this LAB we will choose to Use an exisiting IIS website (however read the TIP below)

 

use_an_existing.jpg

 

Tip: The IIS default web site can be used when installing WSUS on the computer that will become the SUP however it is recommended that a WSUS web site be configured for WSUS running on the active software update point so that IIS hosts the WSUS 3 services on a dedicated web site instead of sharing the same web site used by the other configuration manager 2007 site systems or other applications. This recommendation is especially important when you are installing the software update point on the site server. When you are using a custom website for wsus 3.0 the default port numbers are 8530 for http protocol and port 8531 for https protocol (ssl). These port settings need to be specified when creating the active sup for the site.

 

windows_update_server_services.jpg

 

click Finish when done

 

completing.jpg

 

When the Wizard appears, click on Cancel

 

cancel.jpg

Share this post


Link to post
Share on other sites

  • 0

Step 4. Make the SCCM computer account a member of local administrators on your WSUS server

 

On the WSUS server, startup Server Manager and expand Configuration and bring up Local Users and Groups.

 

Click on Groups and then Double click on Administrators and click on Add. For 'Select This Object Type' click on Object Types, enter your administrative credentials if asked.

 

administator_props.jpg

 

For object types, select computers and click ok.

 

computers.jpg

 

click on Advanced and then Find Now

 

Select the SCCM computer object from the list and click ok, this is important as we want to grant our SCCM server access to control the WSUS server, failure to do this will result in ConfigMgr Status Error Messages in the SMS_SITE_COMPONENT_MANAGER log.

 

add_sccm_computer_account_to_local_admin.jpg

 

click ok again twice.

 

 

Note: for troubleshooting purposes here is what the log would say if you fail to do the above.

 

Severity Type Site code Date / Time System Component Message ID Description

Error Milestone WDN 5/15/2008 12:24:09 PM WIN-CILZXI45G1Q SMS_SITE_COMPONENT_MANAGER 1037 SMS Site Component Manager could not access site system "\\WSUS". The operating system reported error 2147942405: Access is denied. Possible cause: The site system is turned off, not connected to the network, or not functioning properly. Solution: Verify that the site system is turned on, connected to the network, and functioning properly. Possible cause: SMS Site Component Manager does not have sufficient access rights to connect to the site system. Solution: Verify that the Site Server's computer$ account has administrator rights on the remote site system. Possible cause: Network problems are preventing SMS Site Component Manager from connecting to the site system. Solution: Investigate and correct any problems on your network. Possible cause: You took the site system out of service and do not intend on using it as a site system any more. Solution: Remove this site system from the list of site systems for this site. The list appears in the Site Systems node of the Administrator console.

 

once you have configured the site systems computer account to be an administrator of the WSUS server, the site_component_manager will reattempt to install the site system after 60 minutes, and when successful you will see the following message in the SMS_SITE_COMPONENT_MANAGER log.

Severity Type Site code Date / Time System Component Message ID Description

Information Milestone WDN 5/15/2008 1:02:32 PM WIN-CILZXI45G1Q SMS_SITE_COMPONENT_MANAGER 1027 SMS Site Component Manager successfully configured site system "\\WSUS" to receive SMS server components. SMS Site Component Manager will now begin installing the components on the site system.

Share this post


Link to post
Share on other sites

  • 0

Step 5. Install the WSUS server as a site system in SCCM

 

Expand the Site Database, Site Management, Site Settings node in ConfigMgr, and then expand Site systems. Right click and choose New, Server.

 

new_site_system.jpg

 

when the new site system server wizard appears enter your details like below paying close attention to the FQDN field

 

Note: When the computer account for the site server has access to the site system server and the site is in mixed mode, the settings on this page are optional. When the computer account does not have access to the site system server or when the site is in native mode, the following settings should be configured:

 

Specify a fully qualified domain name (FQDN) for this site system on the intranet: This setting must be configured for the active software update point site system when the site server is in native mode or when it is in mixed mode and uses Secure Sockets Layer (SSL). By default, this setting must be configured.

 

Specify an Internet-based fully qualified domain name for this site system: This setting must be configured for the active software update point if it accepts Internet-based client connectivity or for the active Internet-based software update point site system.

 

Use another account for installing this site system: This setting must be configured when the computer account for the site server does not have access to the remote site system.

 

Allow only site server initiated data transfers from this site system: This setting must be specified when the remote site system does not have access to the inboxes on the site server. This allows a site system from a different domain or forest to store the files that need to be transferred to the site server. The site server will periodically connect to the remote site system and retrieve the files. The Internet-based software update point might require this setting to be enabled.

 

 

wsus_image.jpg

 

Note: you may mistakenly enter something like wsus.windows-noob.local which would be wrong, it needs the FQDN which would be wsus.sccm2007.windows-noob.local, a simple PING test to the FQDN will resolve any confusion.

 

Select Software Update Point as the site role and click next

 

sup.jpg

 

 

 

enter your proxy settings if you have any then click next

 

proxy_settings.jpg

 

for Active Software Update Point, select the checkbox as below

 

 

active_settings.jpg

 

click next and verify your synchronisation source

 

sync_settings.jpg

 

leave synch schedule on 7 days

 

7_days.jpg

 

leave the classifications as they are *we can change them later if needed*

 

classifications.jpg

 

select your products, be careful to only select what you need or it wil take forever to download everything...

 

all_products.jpg

 

select your desired language (i chose english only)

 

language.jpg

 

review the summary and click next and then close.

 

On the ConfigMgr server, you should now see the newly added site system.

 

site_system_added.jpg

Share this post


Link to post
Share on other sites

  • 0

Expand the Software Updates node in ConfigMgr and right click on Update Repository, choose Run Synchronisation.

 

run_synch.jpg

 

answer Yes when prompted

 

yes.jpg

Share this post


Link to post
Share on other sites

  • 0

Two quick questions :)

 

Is there a reason not to use "Install Windows Internal Database on this computer" (WSUS Database)

Using MS SQL like you did will increase the license cost since we need a SQL license.

 

And is it a best practice to "create a Windows Server Update Services 3.0 Sp1 Web site?" (WSUS IIS Site)

 

Thanks for a great guide!

 

Best regards

Jean André

Share this post


Link to post
Share on other sites

  • 0

good questions

 

using SQL 2008 or SQL 2005 as the database is preferred as you can properly manage the database and it's way more extendable than Windows Database

 

Using the WSUS website is also preffered as this separates the IIS resources

 

The IIS default web site can be used when installing WSUS on the computer that will become the SUP however it is recommended that a WSUS web site be configured for WSUS running on the active software update point so that IIS hosts the WSUS 3 services on a dedicated web site instead of sharing the same web site used by the other configuration manager 2007 site systems or other applications. This recommendation is especially important when you are installing the software update point on the site server. When you are using a custom website for wsus 3.0 the default port numbers are 8530 for http protocol and port 8531 for https protocol (ssl). These port settings need to be specified when creating the active sup for the site.

Share this post


Link to post
Share on other sites

  • 0

Just want to add some notes from this wonderfull guide.

 

For example. I have a server HBM-WSUS and my SMS site name is SMS-MST

 

The Software Update point have to be install on BOTH server, not only on the HBM-WSUS. I lost some time figuring this out and asking me why the synchronisation failed.

 

The WSUS 3.0 SP2 administration console need to be installed on the SMS site.

 

Logs file for this is located in : SMS\LOGS\WSYNCMGR.LOG

 

Thanks again for the guide !

Share this post


Link to post
Share on other sites

  • 0

It only has to be installed on both, when they both have to act as an Software Update Point.

 

Hi guys,

 

 

Dont mean to be bumping up an old post!..but having some problems with this.

 

Ive been trying to setup SCCM for couple days..with only some luck.

 

Trying to get the pre-existing remote WSUS server to work. Im on a LAN which is apart of a larger WAN..and we all have access to a Upstream windows update server within the WAN(Seperate from the microsoft update one.)

 

Our WSUS server obvasiously points @ the Upstream WSUS server...I have added this server as a 'Site system' and added the role..Im getting confused I dont think im looking @ the situation correctly. Do i need to set it to update from microsoft update or remote upstream..as im confused whether its took about the WSUS Server? or the SCCM..Also someone said above to add the SUP to the SCCM Site system..and also the WSUS Site System.

 

Everything im trying isnt wrking anyhow! Any ideas...I can give more info if I need = ) gotta leave work now!

 

Thanks in Advance.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.