Home
.. About WSUS Wiki

RSS

WSUS
.. WSUS FAQ
.. WSUS on SBS
.. WSUS Troubleshooting
.. WSUS News Groups
.. Known WSUS Issues
.. WSUS Links
.. WSUS Wish List

WSUS Documents
.. WSUS Deployment Guide
.. WSUS Installation Guide
.. WSUS Release Notes
.. WSUS Best Practice

SUS
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues

Wiki Community
.. Wiki Contributors
.. I Love WSUS
.. WSUS Wiki Diary
.. Wiki Statistics
.. To Do Page

Miscellaneous Stuff
.. Other Resources
.. Do You Know?

Site Meter

Terms of Use
Trademarks
Privacy Statement

 

WSUS Installation Overview

Before you install WSUS, take a peek at WSUS Before You Install

This page provides a high level overview of the WSUS installation process and is divided in 2 sections:

  • Installing WSUS with a Local Database(SQL/MSDE)
  • Installing WSUS with Non-Local Database(SQL/MSDE)
1. Installing WSUS with Local Database(SQL/MSDE): Installing WUS with local database is pretty staright forward. Here, you have 2 Scenarios viz:
  • Installing WSUS on Default Website, with port 80.
  • Installing WSUS on Custom Website, with port 8530.

Installing WSUS on Default Website, with port 80: This is very simple and the installation steps are explained on the Installing WUS - BETA 2 page.

Installing WSUS on Custom Website, with port 8530: Installing WSUS on custom Port 8530 is little different from the normal setup. You have to manually configure the client self update feature. But, this kind of setup has many advantages including

  • You can shut down port 80 to avoid malicious programs that target port 80.
  • If you already have a webiste on port 80 like the Antivirus Applications, this kind of setup will help the functioning of both the sites independantly.

Things to consider if you plan to installing on custom port

  • In this case, you have to manually set up up the selfupdate virtual directory on port 80 to enable client self update.
  • You can use %\program\Update Services\Setup\InstallSelfupdateOnPort80.vbs script in order to allow those clients to self-update.
  • To access the WSUS admin page, you have to include the custom port with the website like http://wsusserver:8350,
  • This port in not configurable during WSUSsetup, but can be changed later using IISADMIN.

2. Installing WSUS with Non-Local Database(SQL/MSDE):

You can seperate Patch Content and use a database on seperate Server- the same is of a Front End Server and Back End Server. The Front End Server is the server where you run WSUS and IIS and the Back End Server isthe server running SQL and the WSUS Database. The interesting part is to configure Front End Server to use the Database residing on Back End Server.

Limitations:

  • In the RC you cannot use Windows 2000 as Front End Server for Back End Server and vice-versa.
  • Also, neither should be a Domain Controller.
  • The database for such scenario should be SQL 2000 with Service Pack 3a or later, with nested triggers option turned on.
  • You cannot use WMSDE or MSDE for database software on the backend computer.
  • Most important - the authentication should always be Windows Authentication and never SQL Authentication. Select authentication carefully at the time of setup too.
  • You cannot change the WSUS database name, the database will be named as "SUSDB"

Installation Overview:
As discussed earlier, Front End Server holds the WSUS Software setup with IIS installed. Installation is slightly different from the Normal installation as in this scenario you dont setup database on the same Server, Instead, ths WSUS database is installed on the Back End Server.

Installation is very simple shown in these Steps:

Install WSUS on Front End Server

  • You need to setup WUSSETUP.exe with "/f" switch.
  • Follow the wizard to specify content Folder & Administration Site.
  • Take a note of Content folder which is needed while setting up the back End Server.
  • WSUS is installed without the database. The Database will be installed in the second step.

Install WSUS on Back End Server:

  • Basically, this server will hold the database. You need to setup WSUSSETUP.exe with "/b" switch.
  • This will skip most of the steps in installation with "/f" switch, which we already completed in the first step.
  • Here apart from "/b" switch, you need to specify "Content Location" &"Content Directory" from the Command Line Switch.
  • "Content Location" if the value is set to 1, it means WSUS Content is stored and retreived from the local system, if if the value is set to 0, it means remote storage on Microsoft Update Server.
  • "Content Directory" is to specify "storage location in frontend file system" which you already took a note in previous steps while setting up the Front End Server.

Commands:

  • Updates stored locally:
    WSUSSetup.exe /B /V “CONTENT_LOCAL=1 CONTENT_DIR=”storage location in frontend file system”
  • Updates stored remotely:
    WSUSSetup.exe /B /V “CONTENT_LOCAL=0”
    Note: In the second command, you don't specify the storage location.

Follow the wizard to specify SQL Instance name and complete the installation wizard.

Back End - Front End Connectivity:

Now, you have to setup some permissions on the Back End Server to allow BE Server to access FE Server & vice-versa. On Back end server, go to Computer Management- Users & Groups - Groups - In WSUS Administrators group Properties add the computer name of Front End Server.

Note: If you are running W2K Server for your BE, be sure to add your FE server name into the WSUS Administrators group from W2K3 or WXP machine via MMC (or else you will not have the option of adding a computer name into the group locally).

Front End - Back End Connectivity:

The remaining step is to configure the Front End Server to use BE Server's Database.

On the Front End Server, open the Registry Editor from Run Menu, then navigate to the following registry key:
HKLM\SOFTWARE\Microsoft\WindowsUpdateServices\Server\Setup\
In the details pane, double-click the SQLServerName key. In Value data, type the name of the Back End Server, and then click OK. Start Windows Update Services from the Front End Computer.

This enables the Communication between FE - BE and BE - FE Servers.

    NameVersionSizeDateUser
    VOYAGER.jpg1577669/18/07 5:29 PMGund
    Show performance difference between WSUS3.0 on Windows DB and WSUS 3.0 on SQL2005Exp Adv


    Comments:

    From Gund - 9/18/07 5:34 PM

    Sorry for the crazy edits, I hope somebody cleans this up soon ;-)

    From Gund - 9/18/07 5:33 PM

    Performance difference between WSUS3 on WinDB and WSUS3.0 on SQL2005Exp

    From Gund - 9/18/07 5:31 PM

    http://www.wsuswiki.com/files/WSUSInstallationOverview/VOYAGER.jpg

    From Gund - 9/18/07 5:19 PM

    Oops, sorry, tried to upload performance graph to prove stability with SQL Exp.

    How? 

    From Gund - 9/18/07 5:18 PM

    Difference in performance between WSUS on WinDB and WSUS on SQL2005Exp

     

     

    From Gund - 9/18/07 5:02 PM

    Something not covered here is if you want WSUS 3.0 but don't feel you should be blackmailed into buying 2005 SQL.

    Since WSUS only supports remote SQL 2005, we felt that with our small 200 device site we should not have to pay that money just to get something working properly we already paid for. If you don't have SQL, WSUS 3.0 will install WindowsDB whic is very slow and painful and give you no performance options.

    So the best middle ground is SQL2005Exp and WSUS3.0. We use WebMarshal for application firewall/proxy services, here is how to install in under one hour and get going. If you want a good install with no/low cost and good overheads try this: 

    Installed on Win2003 SP2

     

    Download  WSUS3.0, MS Report Viewer 2005 SP1 and SQL 2005 Express Advanced Pack (specifically, look for Advanced Pack).

    Install SQL Exp 2005 Advanced Pack and select Native Client and Management Console

    Open the Management console and select your server, right click, in properties, set the server maximum memory to 256MB and default DB path to something other than C:\Program files...etc. Be aware the DB may grow to 4GB, so get  it off your C: drive. 

    Install Report Viewer with all defaults.

    Install WSUS, full install.

    Accept License

    Select folder for updates, this can get big, so be aware this is not your C: drive

    Select Local DB and the pull down bar will allow you to select the local SQL 2005 Exp

    Set website to WSUS format on port 8530

    Confirm to start isntall and wait for file copy to complete.

    While that is on, create a user on WebMarshal or AD (if you are syncing WM with AD) that has web rights to http and https. 

    Wizard will start. 

    Skip the MS improvement program (I don't think they read my complaints as much as their share portfolio)

    Check sync from MS Update Server 

    Put in your proxy details and credentials

    Test the credentials - at this point be SURE it is going through by looking at WebMarshal console - you should see about 250kb of traffic

    Select your language (please don't select all languages unless you don't care for bandwidth)

    Select the product groups you use on your site (don't select everythign unless space is never an issue for you)

    Choose the classifications you want (I choose everything here)

    Set sync shedule.

    Start sync.

    After a few hours, syncing will stop and you can modify the server.

    Open cmd.exe and run

            SQLCMD.exe -S <YourServerNameHere>\SQLEXPRESS -E -b -Q "USE SUSDB update tbConfigurationC set BitsDownloadPriorityForeground=1" 

    Then in AD GP Editor, check that the target server for Client Updates is http://<YourServerNameHere>:8530

    After a few hours, computers will start to appear and you can setup groups etc and approve updates etc.

     

    I found SQLExpress to be much more easy on my little processors than WinDB.

    Hope this helps you if you are in a rush, I could not find SQLExpress instructions for WSUS3 anywhere and assumed it came with SQLExpress, which is incorrect. Also, I used this site for help, so this is my return contribution for noobs like me.

    When your server is up and you are on AD, look at GP and find /Computer Config/Admin Template/Windows Component/Windows Update, read all the little helper screens to see what the options mean and go from there, try not to reboot the users PCs during the day or you will get flamed by your users. 


    Last Modified 6/15/05 8:55 PM

Hide Tools

Site
Changes
Index
Search

User
Log In
Register