Hi Prajwal.
I have a bit of complicated scenario.
Primary Site - Site A
Other Sites - Site B, Site C, Site D, Site E
Site A - SCCM, SUP, DP
Site B - SUP, DP
Site C - SUP, DP
Site D - SUP, DP
Site E - SUP, DP
Site B to Site E - Are Working as it supposed to (clients getting updates from local WSUS on sites, and WSUS on sites sync with Site A SCCM)
Site A: Boundary Group BG1
BG1: Local Machines and 750+ Machines over VPN in 250 Sub-Sites (avg 3 in each) - lets call this as "VPN Machines" to refer to in scenario. VPN in Sub-Sites are always ON.
Local Machines on BG1 are getting update from Site A SCCM WSUS.
In addition to above: I have 3rd Party Application Updates on the ADR as well to all Sites.
Looking for Solution on:
VPN Machines: I need to set these machines so they get the approve/reject windows updates metadata/list from Site A, but they download the updates from MS. While still getting 3rd Party Applications Updates from Site A itself over VPN.
I looked into the setting of the ADR Deployment where it says:
1. Select the deployment option to user when a client uses a DP from a neighbour BG or the default Site BG
The above both options says "if DP" is not available, but because VPN is always up, the DP is always reachable. The check option "-if software updates are not available on DP..." may not work because DP is reachable.
How can I achieve the above without breaking 3rd Party Application Updates?
I have a bit of complicated scenario.
Primary Site - Site A
Other Sites - Site B, Site C, Site D, Site E
Site A - SCCM, SUP, DP
Site B - SUP, DP
Site C - SUP, DP
Site D - SUP, DP
Site E - SUP, DP
Site B to Site E - Are Working as it supposed to (clients getting updates from local WSUS on sites, and WSUS on sites sync with Site A SCCM)
Site A: Boundary Group BG1
BG1: Local Machines and 750+ Machines over VPN in 250 Sub-Sites (avg 3 in each) - lets call this as "VPN Machines" to refer to in scenario. VPN in Sub-Sites are always ON.
Local Machines on BG1 are getting update from Site A SCCM WSUS.
In addition to above: I have 3rd Party Application Updates on the ADR as well to all Sites.
Looking for Solution on:
VPN Machines: I need to set these machines so they get the approve/reject windows updates metadata/list from Site A, but they download the updates from MS. While still getting 3rd Party Applications Updates from Site A itself over VPN.
I looked into the setting of the ADR Deployment where it says:
1. Select the deployment option to user when a client uses a DP from a neighbour BG or the default Site BG
-
- Do not install software updates OR
- Download software updates from DP and install
-
- Do not install software updates
- Download and install software updates from the DPs in the Site default BG
-
- If software updates are not available on DP in current, neighbor or Site BG, download content from MS
- Allow clients on a metered Internet connection to download content after the installation deadline, which might incur additional costs
The above both options says "if DP" is not available, but because VPN is always up, the DP is always reachable. The check option "-if software updates are not available on DP..." may not work because DP is reachable.
How can I achieve the above without breaking 3rd Party Application Updates?
