PENDING WSUS on DP

[IT-SEC]

hello,

I installed dp role at my branch ofice. I want to distribute windows update to my branch ofice. I enabled peer cache. Must i have install software update point and WSUS role on DP server?

 

[Garth]

hello,

I installed dp role at my branch ofice. I want to distribute windows update to my branch ofice. I enabled peer cache. Must i have install software update point and WSUS role on DP server?

WSUS does NOT provide SU to clients, so why exactly do you want wsus on your DP?

 

[IT-SEC]

I just want to deploy automatically windows update to branch office client via DP with ADR. Do i need SU role or /and WSUS on DP?

 

[Garth]

I just want to deploy automatically windows update to branch office client via DP with ADR. Do i need SU role or /and WSUS on DP?

No you don't need as SUP or WSUS on your remote dp.

 

[IT-SEC]

No you don't need as SUP or WSUS on your remote dp.

Thank you.

 

[IT-SEC]

I installed DP without SUP and WSUS and deployed windows update on DP with pre-stage.
SCCM show unknown status for site's client. "Client check passes/active"
I triggered software update scan cycle on site client. I have error message "GetUpdateInfo - failed to get targeted update, error = 0x87d00215." in UpdateDeployment.log.

 

[vin418]

Can you try to restart the Windows Update Agent on the client machine. On your Primary Server check if WSUS IIS roles is in start state. On client machine check what is the error showing on log WUA Handler.
Is there any GPO set for Client machine to point to particular WSUS.

Make sure to check the antivirus also check i anything is getting locked regarding to Windows update.

 

[IT-SEC]

On boundary group for branch office i am not add primary server for site system server. i want to deploy windows updates from DP.

 

[vin418]

On boundary group for branch office i am not add primary server for site system server. i want to deploy windows updates from DP.

If you have not selected the option for content download through MS Update Cloud and you have the correct boundary configured, content download will always occur from local DP only.
I understand, you don't want to add Site Server in your BG. It will anyway try to download through Local DP only. Here we need to understand what is the error showing in WUA Handler log in client.
On Site Server Open, IIS Manager Console >> Check if WSUS is in Start State or stopped, if stopped start and check if that also resolves the issue or not.
On one of the client machine, try to perform below troubleshooting and check if that helps in resolving the issues:-
>> Stop and Disable Windows update Agent Service
>> Regedit >> HKLM>> Software >> Policies >> Windows >> Windows Update (Delete this Folder key).
>> Start the Windows Update Agent Service
>> Run Machine Policy retrieval and Software update Cycles from Actions tab.

After that monitor the logs and check if you are getting the error or not.

 

[IT-SEC]

Am i correct? Primary server has SUP and WSUS, DP has no SUP and WSUS. I do not add primary server in site boundary group. I distribute windows update to DP . At this topology, clients can get windows update only from DP successfuly. Right?

 

[Garth]

Technically, you can not install SUP on DP, until it has a MP role installed.

Why do you say that? a SUP can exist on a DP without a MP. but the real issue is why would you do that?

 

[Garth]

You need to ensure that the sup is assigned to the Default-site-boundary group. Then you need to make sure that the failback timing is set to 0 or 1 minutes. this will have all client use the SUP within the default group and use the local dp.

 

[vin418]

Why do you say that? a SUP can exist on a DP without a MP. but the real issue is why would you do that?

Sorry. Practically i never got the option to install sup on a dp. Thanks for correcting Garth.