Tag Archives: SUP

SCCM 2012 R2 Software Updates (WSUS) Install – Windows Server 2012 R2

Ok, so I get lots of questions internally about this.. and to be quite honest it can be a pain, more so on Windows Server 2012 due to the new version of the WSUS engine.

This recipe is tested and working on Windows Server 2012, and SCCM 2012 R2 – CU4

From Server Manager select “Local Server” and then Manage > Add Roles and Features

Next > Next > Select your server from the pool > Next >

Under roles tick “Windows Server Update Services“:

2

add the required features:1

When configuring the Role Services, Uncheck “WID Database” and check “Database” instead:

4 - check Database

Next you will have to chose the location to store the Content:

5 create sources

For this you will have to create a new directory.. I recommend locally, and then share with “Everyone”:

7 sources share

8 share perms

Once shared enter the directory location like follows:

9 enter folder

When specifying the “DB Instance”, type in the server name and ensure you click “Check connection” – (Do not specify localhost)

10 enter instance hit check

Hit install:

11 hit install but no post config

Once the configuration is complete, DO NOT click “Launch Post-Installation tasks” .. either via this screen:

12 close

Or “Server Manager

13 will configure via cmd

Once you have your WSUS server in this state, it is ready to have the Software Update role added with SCCM, and then the WSUS instance captured and configured by SCCM.

Now normally at this stage I would perform the post configuration of the WSUS instance manually, and then install the Software Update Point role in SCCM after.. however its useful to see what sort of errors you can receive from a non working or poorly functioning implementation.

So lets install the Software Update Point role in SCCM… This is done via the Primary Site server, or your CAS (if applicable)

From the SCCM Console, browse to “Administration”

1

Select the primary site server, and choose “Add Site System Roles”

2

3

Hit Next

4

Again, Next

Choose the “Software update point” role, and hit Next

5

This part is critical.. select the radio button for the Windows Server 2012 option, like so:

6 select 8530

Hit Next

7

Again, Next

8

Again, Next

With little bother, the role should start installing properly

9

It would be wise to check this though, you can view the status of this installation by browsing the SUPSetup.log, within the logs directory:

10 check role setup

Looks fine doesn’t it.. but wait, check WSUSCtrl.log:

11 error loop

These errors will loop forever, so lets perform the post-configuration I mentioned earlier

Open up an administrator Command Prompt and navigate to:

C:\Program Files\Update Services\Tools\

Run the following command:

WsusUtil.exe postinstall SQL_INSTANCE_NAME=servername CONTENT_DIR=driveletter:\directory

Like so:

12 post config

Finally we need to configure the WSUS ports to use 8530 and 8531 to match our SUP role configuration.. otherwise the WSUS role on the server will run via Port 80 (default)

To do this, perform the following command from the same prompt:

WsusUtil.exe usecustomwebsite true

13 usecustom

Voila!

You should now be syncing correctly, but do check the wsusCtrl.log:

14 should now sync

All done.. hope it helps!

*Update*

I have found that the WSUS site in some cases tends to fail and stop working all together.. a fix for this is to implement some changes to the Application Pool.

From Server Manager select “Local Server”

Click “Tools” and then select “Internet Information Services (IIS) Manager

15

Right click on “WsusPool” , and select “Advanced Settings

Now make the following changes:

 

Rapid-Fail Protection – Enabled = False

Recycling – Private Memory Limit (KB) = 8388608        

(Set this to something healthy.. I went with 8GB)

Example:

16

After a reboot this should stabilise the Application Pool and keep SUP syncing nicely!