The text changes, requesting: Please wait while your server is configured. When the task has finished, the text changes to: Configuration successfully completed. Click Close. In Server Manager , verify if a notification appears to inform you that a restart is required. This can vary according to the installed server role. If it requires a restart make sure to restart the server to complete the installation. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.
Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Local publishing allows you to create and distribute updates that you design yourself, with your own payloads and behaviors.
Enabling and configuring local publishing is beyond the scope of this article. For full details, see Local publishing. Local publishing is a complicated process and is often not needed. Before you decide to enable local publishing, you should carefully review the documentation and consider whether and how you'll use this functionality.
Computer groups are an important part of using WSUS effectively. Computer groups permit you to test and target updates to specific computers. There are two default computer groups: All Computers and Unassigned Computers.
By default, when each client computer first contacts the WSUS server, the server adds that client computer to both of these groups. You can create as many custom computer groups as you need to manage updates in your organization. As a best practice, create at least one computer group to test updates before you deploy them to other computers in your organization. There are two approaches to assigning client computers to computer groups.
The right approach for your organization will depend on how you typically manage your client computers. Server-side targeting : This is the default approach. This approach gives you the flexibility to quickly move client computers from one group to another as circumstances change.
But it means that new client computers must manually be moved from the Unassigned Computers group to the appropriate computer group. Client-side targeting : In this approach, you assign each client computer to computer groups by using policy settings set on the client computer itself.
This approach makes it easier to assign new client computers to the appropriate groups. You do so as part of configuring the client computer to receive updates from the WSUS server. But it means that client computers can't be assigned to computer groups, or moved from one computer group to another, through the WSUS Administration Console. Instead, the client computers' policies must be modified.
You must create computer groups by using the WSUS Administration Console, whether you use server-side targeting or client-side targeting to add client computers to the computer groups. In the Add Computer Group dialog, for Name , specify the name of the new group.
Then select Add. The client computers must trust the certificate that you bind to the WSUS server. Depending on the type of certificate that's used, you might have to set up a service to enable the client computers to trust the certificate that's bound to the WSUS server. If you're using local publishing, you should also configure the client computers to trust the WSUS server's code-signing certificate. For instructions, see Local publishing. By default, your client computers receive updates from Windows Update.
They must be configured to receive updates from the WSUS server instead. This article presents one set of steps for configuring client computers by using Group Policy. These steps are appropriate in many situations.
But many other options are available for configuring update behavior on client computers, including using mobile device management. These options are documented in Manage additional Windows Update settings. If you don't use Active Directory in your network, you'll configure each computer by using the Local Group Policy Editor. These instructions assume that you're using the most recent versions of the policy editing tools.
On older versions of the tools, the policies might be arranged differently. In the object that you expanded in the previous step, expand Administrative Templates , expand Windows components , expand Windows Update , and select Manage end user experience. On the details pane, double-click Configure Automatic Updates.
The Configure Automatic Updates policy opens. Select Enabled , and then select the desired option under the Configure automatic updating setting to manage how Automatic Updates will download and install approved updates. We recommend using the Auto download and schedule the install setting. It ensures that the updates you approve in WSUS will be downloaded and installed in a timely fashion, without the need for user intervention.
If desired, edit other parts of the policy, as documented in Manage additional Windows Update settings. The Install updates from other Microsoft products checkbox has no effect on client computers receiving updates from WSUS.
The client computers will receive all updates approved for them on the WSUS server. On the Manage updates offered from Windows Server Update Service details pane, double-click Specify intranet Microsoft update service location.
The Specify intranet Microsoft update service location policy opens. Make sure to include the correct port in the URL. Select OK to close the Specify intranet Microsoft update service location policy. If you've chosen to use client-side targeting, you should now specify the appropriate computer group for the client computers you're configuring. These steps assume that you've just completed the steps for editing policies to configure the client computers.
On the Manage updates offered from Windows Server Update Service details pane, double-click Enable client-side targeting. The Enable client-side targeting policy opens. Select Enabled , and then enter the name of the WSUS computer group to which you want to add the client computers in the Target group name for this computer box. If you're running a current version of WSUS, you can add the client computers to multiple computer groups by entering the group names, separated by semicolons.
For example, you can enter Accounting;Executive to add the client computers to both the Accounting and Executive computer groups. If you used an Active Directory-based GPO to configure the client computers, it will take some time for the Group Policy Update mechanism to deliver the changes to a client computer. If you used the Local Group Policy Editor to configure an individual client computer, the changes take effect immediately. Restart the client computer. This step makes sure that the Windows Update software on the computer detects the policy changes.
The client computer successfully scans for updates. It might or might not find any applicable updates to download and install. Review the settings and click Install. This is a one time configuration where you will configure some important WSUS options.
Specify Proxy server information if you have got one. If this option is selected, ensure you specify proxy server name and port number. In addition to that specify the credentials to connect to the proxy server. If you want to enable basic authentication for the user connecting to the proxy server, click Allow basic authentication password in clear text. On the Choose Languages page, you have the option to select the languages from updates.
If you choose to download updates in all languages, you would find updates with all languages in the WSUS console. However if you choose to get updates only for specific languages, select Download updates only in these languages.
Select the languages for which you want updates. This is the page where you select the products for which you want the updates. A product is a specific edition of an operating system or application. From the list of products you can select individual products or product families for which you want your server to synchronize updates.
In this case I am going to select Windows Server and Windows 10 as products. In the beginning of the post I have listed the types of updates. On the Choose Classifications page, select the required classifications. You must decide on how do you want to perform WSUS sync. The Set Sync Schedule page lets you select whether to perform synchronization manually or automatically. With this option selected, you have to manually perform the sync every time.
Therefore do not select this option if you are setting up the WSUS in production. You can set the time of First synchronization. Then set the number of synchronizations per day.
From the drop-down you can choose the value between Finally on the last page, click Finish. This completes the steps to configure WSUS. After you install and configure WSUS, the next important task is to configure group policy settings for automatic updates.
Using group policy you can point your client machines to new WSUS server. You can create the group policy and apply it at domain level.
While there are many Windows Update policy settings, I am going to configure few of them. For a list of all windows update policy settings, read this article from Microsoft. Under Configure automatic updating, select the desired option. Under Schedule install day , select the day when you want the updates to be installed. Set the scheduled install time. In case you select Auto download and schedule the updates install, you get some options to limit updating frequency.
If you have configured the settings, click Apply and OK. The next setting that you should configure is specify an intranet Microsoft update service location. The idea behind this is to ensure the client computers contact the specified intranet server instead of downloading updates from internet. To enable the policy, click Enabled.
Specify the intranet update service and intranet statistics server. Click Apply and OK. You can also verify the intranet update service location on client computers using registry. By creating computer groups you can first test and target updates to specific computers.
You can create custom computer groups to manage updates in your organization. Test updates before you deploy them to other computers in your organization. Expand computers, right-click All computers, and then click Add computer Group. In the add computer Group dialog box, specify the name of the new group, and then click Add. Click All Computers and you should see list of computers.
Select the computers, right click and click Change Membership. On the Set Computer Group Membership box, select the new group that you just created. Click OK. Once you have a test computer group created, your next task to deploy the updates to the test group. To do so you must first approve and deploy WSUS updates.
Most of all in the Approve Updates dialog box, select your test group, and then click down arrow. Click Approved for Install. You an also set a deadline to install the updates. The Approval Progress window appears, which shows the progress of the tasks that affect update approval. When the approval process is complete, click Close. Check the box When an update is in a specific classification.
Select the classifications. You can also approve the update for computers groups. I am going to select Windows 10 as that is my test computer group. Finally you can set a deadline for the update approval and specify auto approval rule name. On the Automatic Approvals window, you can find the rule that you just created. If you wish to run this rule, click Run Rule.
WSUS comes with several reports to help you find the updates deployment status, sync reports and computers reports. This completes the steps to install and configure WSUS. I am sure this guide will help you to setup WSUS in your lab setup. If you have any questions related to WSUS, do let me know in comments section. Synchronization Error Details WebException: The underlying connection was closed: An unexpected error occurred on a send.
GetAuthConfig at Microsoft. After installation and first initialization completed. Which GPO option we have to choose. In a domain environment, you must always use Domain group policy to configure and apply policies to domain computers. I went through your WSUS guide, its excellent and help me lot. I have question regarding the port open between upstream server and downstream server.
Here we use default port, Any idea of why? Please help. Thanks in advanced. WSUS was working fine on Server but it was on older hardware that was starting to fail. I when through these steps: 1. Did an wsusutil. Turn off the old server and pulled out the System drive c: and put them aside. Just because. Removed the temporary D: drive and put in the previous used D: drive it was a dedicated set of drives just for WSUS content.
Did a wsusutil.
0コメント