Ok, so I get lots of questions internally about this.. and to be quite honest it can be a pain, more so on Windows Server 2012 due to the new version of the WSUS engine.
This recipe is tested and working on Windows Server 2012, and SCCM 2012 R2 – CU4
From Server Manager select “Local Server” and then Manage > Add Roles and Features
Next > Next > Select your server from the pool > Next >
Under roles tick “Windows Server Update Services“:
When configuring the Role Services, Uncheck “WID Database” and check “Database” instead:
Next you will have to chose the location to store the Content:
For this you will have to create a new directory.. I recommend locally, and then share with “Everyone”:
Once shared enter the directory location like follows:
When specifying the “DB Instance”, type in the server name and ensure you click “Check connection” – (Do not specify localhost)
Once the configuration is complete, DO NOT click “Launch Post-Installation tasks” .. either via this screen:
Or “Server Manager”
Once you have your WSUS server in this state, it is ready to have the Software Update role added with SCCM, and then the WSUS instance captured and configured by SCCM.
Now normally at this stage I would perform the post configuration of the WSUS instance manually, and then install the Software Update Point role in SCCM after.. however its useful to see what sort of errors you can receive from a non working or poorly functioning implementation.
So lets install the Software Update Point role in SCCM… This is done via the Primary Site server, or your CAS (if applicable)
From the SCCM Console, browse to “Administration”
Select the primary site server, and choose “Add Site System Roles”
Choose the “Software update point” role, and hit Next
This part is critical.. select the radio button for the Windows Server 2012 option, like so:
With little bother, the role should start installing properly
It would be wise to check this though, you can view the status of this installation by browsing the SUPSetup.log, within the logs directory:
Looks fine doesn’t it.. but wait, check WSUSCtrl.log:
These errors will loop forever, so lets perform the post-configuration I mentioned earlier
Open up an administrator Command Prompt and navigate to:
C:\Program Files\Update Services\Tools\
Run the following command:
WsusUtil.exe postinstall SQL_INSTANCE_NAME=servername CONTENT_DIR=driveletter:\directory
Finally we need to configure the WSUS ports to use 8530 and 8531 to match our SUP role configuration.. otherwise the WSUS role on the server will run via Port 80 (default)
To do this, perform the following command from the same prompt:
WsusUtil.exe usecustomwebsite true
You should now be syncing correctly, but do check the wsusCtrl.log:
All done.. hope it helps!
I have found that the WSUS site in some cases tends to fail and stop working all together.. a fix for this is to implement some changes to the Application Pool.
From Server Manager select “Local Server”
Click “Tools” and then select “Internet Information Services (IIS) Manager”
Right click on “WsusPool” , and select “Advanced Settings”
Now make the following changes:
Rapid-Fail Protection – Enabled = False
Recycling – Private Memory Limit (KB) = 8388608
(Set this to something healthy.. I went with 8GB)
After a reboot this should stabilise the Application Pool and keep SUP syncing nicely!