- SCCM Software Update PART 1 – Introduction to SCCM and WSUS
- SCCM Software Update PART 2 – Software Update Point configuration
- SCCM Software Update PART 3 – Automatic Deployment Rules
- SCCM Software Update PART 4 – Create deployment packages manually
- SCCM Software Update PART 5 – Best practices
Add Software Update Point in SCCM hierarchy
First, connect to SCCM, open Administration panel and select Site Configuration -> Servers and Sites System Roles. On the below screenshot, VMSMS01.fabrikam.com is my Primary Site with WSUS installed but not configured (I stopped myself just after configuring the WSUS database). This is SCCM that set parameters on WSUS.
Figure 1: Servers and Site System Roles overview
So I right click on the VMSMS01.fabrikam.com server and I select Add Site System Roles. The goal is to add Software Update Point and configure WSUS service.
Figure 2: Choose server on which role will be installed
Figure 3: Set a proxy if necessary
Once you have chosen the server where will be added SUP and after configured proxy, it’s necessary to specify the role to add. I think you have an idea of which role to select … Tadaa: Software Update Point.
Figure 4: Add Software Update Point role
My WSUS installed is set to answer on 443 port because I have a PKI in my lab with auto-enrollment. So I can test the communication between SCCM and WSUS with SSL. If you have not configured WSUS with SSL, don’t select checkbox Require SSL communication to the WSUS server.
Figure 5: Configure how to connect to WSUS service
Next step asks you to configure credentials to connect to WSUS server. This step is needed in a production environment to specify a special account to communicate between WSUS and SCCM.
Figure 6: Set credentials with right on WSUS service
Next, it is the configuration of WSUS. You will retrieve the same step when you are configuring WSUS. First you have to specify the source of synchronizing Microsoft update. My WSUS is the first WSUS on my lab so I select Synchronize from Microsoft Update. If you have an upstream server, please select the other option.
The WSUS report parameter should be configured with the first option in 95% of time because SCCM doesn’t use these reports. These last are created on client computers for Windows Update services and SCCM doesn’t use them.
Figure 7: Set synchronization source settings
Such as classical configuration of WSUS, you have to set how often synchronization occurs. Because I have no requirement on my lab, I leave the default settings.
Figure 8: set how often synchronization occur
To understand next step it is necessary to make a point about superseded update.
Suppose that an update (called U1) fix Internet Explorer 11 on December 2013 and another update (called U2) fix same product released on January 2014. U2 is a cumulative update that contains also U1. In this example, U1 is superseded by U2.
So on supersedence rules, you have to configure the behavior of update that are superseded. Like previous step, I have no requirement on my lab so I leave the default settings.
Figure 9: Configure behavior about superseded update.
For my lab, I download all classifications because I will sort when I will make my updates packages.
Figure 10: Software update classifications
WSUS needs to synchronize once a time to have a more recent product catalog. This is why Windows Server 2012R2 doesn’t appear.
Figure 11: Products to synchronize
Figure 12: language to synchronize
Figure 13: Confirm settings
Figure 14: End of SUP configuration
Verify the good configuration
In this section, I verify that SUP configuration is correct. The first place to be is the monitoring view on Software Update Point Synchronization Status. This status provides information about the last synchronization with WSUS.
Figure 15: WSUS synchronization monitoring
Figure 16: SCCM logs files
To debug an issue, the best way is to open logs files. All these files are in %INSTALLFOLDER%\Microsoft Configuration Manager\Logs
The file WSUSCtrl.log contains information about WSUS synchronization (c.f Figure 17)
Figure 17: WSUSCtrl content
The above screenshot presents a successfully configuration and synchronization with WSUS.
Figure 18: Update catalogs on SCCM
When the synchronization with WSUS is finished, updates appear in the Software update menu.
Hi,
Thank you for your post. I am stuck at the point specify synchronization source settings.
I do already have a WSUS running on a vm and i like to use it with SCCM running on another vm but i am unable to get it work that SCCM will use this WSUS.
Do you have suggestions for me?
From my point of view i can name SCCM the WSUS on the other host but he needs his own WSUS to sync is this correct?
Which configuration is at this step the correct one?
Hi Sebastian,
If you have already configured and used the WSUS server, you can’t sync it with SCCM. You need a WSUS service without configuration.
I hope I have helped you.
Regards,
Romain.
What a pity!
So i am forced to use a “2nd” WSUS on the SCCM itself that afterwards the external WSUS can be destroyed.
Thank you for your fast response.
May I use that image??
Plz let me use!