SCCM Software Update PART 2 – Software Update Point configuration

Add Software Update Point in SCCM hierarchy

First, connect to SCCM, open Administration panel and select Site Configuration -> Servers and Sites System Roles. On the below screenshot, VMSMS01.fabrikam.com is my Primary Site with WSUS installed but not configured (I stopped myself just after configuring the WSUS database). This is SCCM that set parameters on WSUS.

Figure 1: Servers and Site System Roles overview

So I right click on the VMSMS01.fabrikam.com server and I select Add Site System Roles. The goal is to add Software Update Point and configure WSUS service.

Figure 2: Choose server on which role will be installed

Figure 3: Set a proxy if necessary

Once you have chosen the server where will be added SUP and after configured proxy, it’s necessary to specify the role to add. I think you have an idea of which role to select … Tadaa: Software Update Point.

Figure 4: Add Software Update Point role

My WSUS installed is set to answer on 443 port because I have a PKI in my lab with auto-enrollment. So I can test the communication between SCCM and WSUS with SSL. If you have not configured WSUS with SSL, don’t select checkbox Require SSL communication to the WSUS server.

Figure 5: Configure how to connect to WSUS service

Next step asks you to configure credentials to connect to WSUS server. This step is needed in a production environment to specify a special account to communicate between WSUS and SCCM.

Figure 6: Set credentials with right on WSUS service

Next, it is the configuration of WSUS. You will retrieve the same step when you are configuring WSUS. First you have to specify the source of synchronizing Microsoft update. My WSUS is the first WSUS on my lab so I select Synchronize from Microsoft Update. If you have an upstream server, please select the other option.

The WSUS report parameter should be configured with the first option in 95% of time because SCCM doesn’t use these reports. These last are created on client computers for Windows Update services and SCCM doesn’t use them.

Figure 7: Set synchronization source settings

Such as classical configuration of WSUS, you have to set how often synchronization occurs. Because I have no requirement on my lab, I leave the default settings.

Figure 8: set how often synchronization occur

To understand next step it is necessary to make a point about superseded update.

Suppose that an update (called U1) fix Internet Explorer 11 on December 2013 and another update (called U2) fix same product released on January 2014. U2 is a cumulative update that contains also U1. In this example, U1 is superseded by U2.

So on supersedence rules, you have to configure the behavior of update that are superseded. Like previous step, I have no requirement on my lab so I leave the default settings.

Figure 9: Configure behavior about superseded update.

For my lab, I download all classifications because I will sort when I will make my updates packages.

Figure 10: Software update classifications

WSUS needs to synchronize once a time to have a more recent product catalog. This is why Windows Server 2012R2 doesn’t appear.

Figure 11: Products to synchronize

Figure 12: language to synchronize

Figure 13: Confirm settings

Figure 14: End of SUP configuration

Verify the good configuration

In this section, I verify that SUP configuration is correct. The first place to be is the monitoring view on Software Update Point Synchronization Status. This status provides information about the last synchronization with WSUS.

Figure 15: WSUS synchronization monitoring

Figure 16: SCCM logs files

To debug an issue, the best way is to open logs files. All these files are in %INSTALLFOLDER%\Microsoft Configuration Manager\Logs

The file WSUSCtrl.log contains information about WSUS synchronization (c.f Figure 17)

Figure 17: WSUSCtrl content

The above screenshot presents a successfully configuration and synchronization with WSUS.

Figure 18: Update catalogs on SCCM

When the synchronization with WSUS is finished, updates appear in the Software update menu.

About Romain Serre

Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).

3 comments

  1. Hi,

    Thank you for your post. I am stuck at the point specify synchronization source settings.
    I do already have a WSUS running on a vm and i like to use it with SCCM running on another vm but i am unable to get it work that SCCM will use this WSUS.
    Do you have suggestions for me?
    From my point of view i can name SCCM the WSUS on the other host but he needs his own WSUS to sync is this correct?
    Which configuration is at this step the correct one?

    • Hi Sebastian,

      If you have already configured and used the WSUS server, you can’t sync it with SCCM. You need a WSUS service without configuration.

      I hope I have helped you.

      Regards,

      Romain.

      • What a pity!
        So i am forced to use a “2nd” WSUS on the SCCM itself that afterwards the external WSUS can be destroyed.
        Thank you for your fast response.

Leave a Reply

x

Check Also

SCCM 2012 R2 Primary Site Installation

This part covers the first SCCM Primary Site installation.   In Part 1, SCCM Prerequisites ...

SCCM 2012 R2 SQL Server Installation-Configuration

This part covers the SQL Server installation and configuration for a SCCM 2012 R2 environment. ...

SCCM 2012 R2 Environment Preparation Requirements

This article covers the installation on a SCCM 2012 R2 environment for Computer management (OS ...