SCCM Software Update PART 2 – Software Update Point configuration

0
425

SCCM Software Update

PART 2 – Software Update Point configuration

Add Software Update Point in SCCM hierarchy

First, connect to SCCM, open Administration panel and select Site Configuration -> Servers and Sites System Roles. On the below screenshot, VMSMS01.fabrikam.com is my Primary Site with WSUS installed but not configured (I stopped myself just after configuring the WSUS database). This is SCCM that set parameters on WSUS.

Figure 1: Servers and Site System Roles overview

So I right click on the VMSMS01.fabrikam.com server and I select Add Site System Roles. The goal is to add Software Update Point and configure WSUS service.

Figure 2: Choose server on which role will be installed

Figure 3: Set a proxy if necessary

Once you have chosen the server where will be added SUP and after configured proxy, it’s necessary to specify the role to add. I think you have an idea of which role to select … Tadaa: Software Update Point.

Figure 4: Add Software Update Point role

My WSUS installed is set to answer on 443 port because I have a PKI in my lab with auto-enrollment. So I can test the communication between SCCM and WSUS with SSL. If you have not configured WSUS with SSL, don’t select checkbox Require SSL communication to the WSUS server.

Figure 5: Configure how to connect to WSUS service

Next step asks you to configure credentials to connect to WSUS server. This step is needed in a production environment to specify a special account to communicate between WSUS and SCCM.

Figure 6: Set credentials with right on WSUS service

Next, it is the configuration of WSUS. You will retrieve the same step when you are configuring WSUS. First you have to specify the source of synchronizing Microsoft update. My WSUS is the first WSUS on my lab so I select Synchronize from Microsoft Update. If you have an upstream server, please select the other option.

The WSUS report parameter should be configured with the first option in 95% of time because SCCM doesn’t use these reports. These last are created on client computers for Windows Update services and SCCM doesn’t use them.

Figure 7: Set synchronization source settings

Such as classical configuration of WSUS, you have to set how often synchronization occurs. Because I have no requirement on my lab, I leave the default settings.

Figure 8: set how often synchronization occur

To understand next step it is necessary to make a point about superseded update.

Suppose that an update (called U1) fix Internet Explorer 11 on December 2013 and another update (called U2) fix same product released on January 2014. U2 is a cumulative update that contains also U1. In this example, U1 is superseded by U2.

So on supersedence rules, you have to configure the behavior of update that are superseded. Like previous step, I have no requirement on my lab so I leave the default settings.

Figure 9: Configure behavior about superseded update.

For my lab, I download all classifications because I will sort when I will make my updates packages.

Figure 10: Software update classifications

WSUS needs to synchronize once a time to have a more recent product catalog. This is why Windows Server 2012R2 doesn’t appear.

Figure 11: Products to synchronize

Figure 12: language to synchronize

Figure 13: Confirm settings

Figure 14: End of SUP configuration

Verify the good configuration

In this section, I verify that SUP configuration is correct. The first place to be is the monitoring view on Software Update Point Synchronization Status. This status provides information about the last synchronization with WSUS.

Figure 15: WSUS synchronization monitoring

Figure 16: SCCM logs files

To debug an issue, the best way is to open logs files. All these files are in %INSTALLFOLDER%\Microsoft Configuration Manager\Logs

The file WSUSCtrl.log contains information about WSUS synchronization (c.f Figure 17)

Figure 17: WSUSCtrl content

The above screenshot presents a successfully configuration and synchronization with WSUS.

Figure 18: Update catalogs on SCCM

When the synchronization with WSUS is finished, updates appear in the Software update menu.