Installing WSUS for Configuration Manager 2012 R2

152118

Installing WSUS for Configuration Manager 2012 R2 After installing SQL server for Configuration Manager 2012 R2, we will now see the steps for Installing WSUS for Configuration Manager 2012 R2. WSUS is Microsoft’s separate, stand-alone server-based product for distributing updates to Windows systems. WSUS also uses the WUA to scan for patch applicability and subsequently install updates delivered by WSUS. WSUS 3.0 Service Pack 2 is required for System Center 2012 R2 Configuration Manager. SCCM 2012 R2 supports only 64-bit site systems, you must use the 64-bit version of WSUS on one of the supported 64-bit editions of Windows Server. The WSUS 3.0 SP2 is available here:- http://www.microsoft.com/en-us/download/details.aspx?id=5216

 

Installing WSUS for Configuration Manager 2012 R2

To install WSUS on Windows Server 2012 R2, click on Server Manager, click on Manage, click Add Roles and Features, select Windows Server Update Services and click on Next.

Installing WSUS for Configuration Manager 2012 R2

Click Next.

Installing WSUS for Configuration Manager 2012 R2

Choose WSUS Services and Database as these are the ones that are actually required. We will not select WID Database here. Click on Next.

Installing WSUS for Configuration Manager 2012 R2

Content Location Selection – In this folder the WSUS downloads and stores license terms for specific software updates in the update content folder. During the update synchronization process,  Configuration Manager looks for applicable license terms in the content folder. If it cannot find the license terms, it will not synchronize the update. Provide a folder path and click on Next.

Installing WSUS for Configuration Manager 2012 R2

Database Instance Selection – Specify the database server where you want to store the WSUS database. Click on Check connection and you must see the message Successfully connected to server. Click on Next.

Installing WSUS for Configuration Manager 2012 R2

Click on Install.

Installing WSUS for Configuration Manager 2012 R2

Once the installation is complete DO NOT click on Launch Post-Installation tasks. Click on Close.

Installing WSUS for Configuration Manager 2012 R2

We should not configure the WSUS configuration wizard, going forward Configuration Manager must be used to synchronize updates, download updates and deploy updates. It is okay to go into the WSUS console to review updates or the synchronization status, but you should not perform tasks such as approving or declining updates because it can adversely affect Configuration Manager’s software update management capabilities. Click on Cancel to close the wizard. With this the installation of WSUS for Configuration Manager 2012 R2 is complete.

Installing WSUS for Configuration Manager 2012 R2

 

  • James

    Hi there,

    With the WSUS server, what server does it need to be installed on? I’m currently running up a lab with seperate Management Point, Distribution Point and SQL Database.

    Thanks in advance.

    • You can install WSUS on a separate Server or you can install WSUS and SCCM on the same server. In my post I have installed both WSUS & SCCM on same server – windows server 2012 R2 Datacenter edition.

  • Kym Busby

    Thanks so much for these fantastic guides. I’m following these as I set up a new environment, and they are very helpful.

  • Ram

    Before installing WSUS role – do i need to install WSUS SP2 update on CM2012 server?
    My lab setup
    DC1 – Server 2012 R2
    CM1 – Server 2012 R2 + SQL 2012 SP1 (Planning to install WSUS role as well) after getting your reply to above Q

    Thanks – Excellent material.

    • You can install WSUS from roles and services in Server 2012 R2, I believe no updates are required. Are you using SCCM 2012 R2 or SCCM 2012 SP1 ?

  • Ram

    I am using SCCM 2012 R2.

  • steven.parein@gmail.com

    You cannot see SUSDB prior to installation of SCCM because you did not configure it and your guide says Once the installation is complete DO NOT click on Launch Post-Installation tasks.
    The screenshot you are showing shows the situation after SCCM has been installed because I can see your CM_IND database.
    Correct me if I’m wrong.

    • Hi Steven, you are right, the CM_ Database cannot be seen unless you have installed SCCM 2012. I had actually taken the screenshot after installing the Configuration Manager. Thanks for mentioning that, I will update it with appropriate screenshot.. 🙂

    • The screenshot has been updated.. Thanks Steven..

  • Reza Prawirasatya

    Prajwal, Thanks for your great SCCM 2012 R2 blogs! How did you get pass through the error that myself and others experiencing? I posted here: http://www.windows-noob.com/forums/index.php?/topic/9030-how-to-configure-wsus-on-sccm-2012-win-server-2012/

    Thanks,
    Reza

    • Alright, my only question is from where are you installing WSUS ? From Add Roles and Features wizard or by downloading WSUS setup file from Microsoft ? Please note that in the post I am using server 2012 R2 and I have installed WSUS from Add Roles and Features.

  • Reza Prawirasatya
  • Reza Prawirasatya

    Sorry I forgot to mention, all my test servers are using Windows Server 2012 R2 Standard.

  • Reza Prawirasatya
  • Reza Prawirasatya

    Per Prajwal:
    WSUS 3.0 Service Pack 2 is required for System Center 2012 R2 Configuration Manager

    FYI, someone responding to me directly from other source: *** This is where people get confused! ***

    * If you are installing using Windows Server 2012 then no because WSUS is version 4 in Server 2012.

    * If installing on Server 2008(R2) then yes, but you should always look to update everything to latest versions anyway.

  • Arshad Hussain

    Hi Parjwal,

    As My SCCM 2012 SP1 (Server windows 2008 R2), But WSUS Ver 3.0 & also I am not able go to console tree pane
    My server not able synchronize for windows update.(always failed) event id 6703.

    Event ID: 6703 Source: SMS_WSUS_SYNC_MANAGER
    Source: SMS_WSUS_SYNC_MANAGER
    Type: Error

    Description:
    Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WsusSyncAction.WSyncAction.SyncUpdates

    Failed to sync some of the updates

    4 7:32:48 AM, component SMS_WSUS_SYNC_MANAGER on computer XXXXXXXXXD reported:
    The operating system reported error 2148734208
    then, after taken snapshot , then remove the role of WSUS & Try to add it again, but while try connect for update display with network error, My all ports all open as open & no proxy as well , My browser is working fine. Please guide me why my windows update not working …

    Regards,
    Arshad

    • Hi Arshad, when you install WSUS for SCCM 2012 you should not use WSUS console because SCCM will manage the deployment of software updates. Check the port settings configured for the active software update point and make sure they are the same as the port settings configured for the Web site used by WSUS running on the active software update point.

  • Arshad Hussain

    But when i open WSUS , this error will display

    MMC has detected an error in a snap & will unload it.

    (1)Report this error to Microosft & then shutdown MMC
    (2)UNLOAD THE SNAP-IN & Contniue Running.

    Regards,
    Arshad

  • Arshad Hussain

    After open wsus service… below display….

    MMC could not create the snap-in. The snap-in might not have been installed
    correctly.
    Name: Update Services
    CLSID: FX:{8b6499ed-0241-e032-6508-da4b1c879d7e}

  • arshad hussain

    Hi Prajwal,

    Yes I will do that. Do you want me to remove this update Patches also…? along with WSUS (1)KB2734608: http://support.microsoft.com/kb/2734608•

    (2)KB2720211: http://support.microsoft.com/kb/2720211,

    I would like to know what is main reason of “The SMS Provider reported an error” when we try to create the application. for deploying
    But when I update the patches kb/2734608 & kb/2720211, this SMS Provider error disappear. Earlier also same error then i expand my hard disk space then this error gone.

    I hope after installation of WSUS 3.0 sp2 , I am able to see console, able to create software group, & windows update , synchronization issue & SMS provider error also vanish. Please if any configuration or update need let me know.

    Regards
    Arshad

    • May I know what server OS are you installing SCCM 2012 R2 ? 2008 R2 or Server 2012 ?

  • arshad hussain

    Hi Prajwal,

    My windows server os 2008 R2 with SCCM 2012 SP1,

    then WSUS 3.0 WITH SP2 CORRECT..? as I seen on My program list

    after I taken snapshot of server, I am able to uninstall wsus from remove role, As I told to you earlier that I am unable install from add role it shows some network connectivity issue for update. now I decided to install WSUS Manually & try to update . Please let me know if any…

    Regards,
    Arshad

  • arshad hussain

    ok fine . As I already downloaded WSUS 3.0 SP2 64 BIT FROM MS link ( 84, 737kb) , once I setup wsus 3.0 sp2 then again I need to add the two patches
    Update for Windows Server Update Services 3.0 SP2 (KB2720211)
    Update for Windows Server Update Services 3.0 SP2 (KB2734608
    Please Confirm , Because I added this patches earlier.

    (2) As per your first link I need do all GP Steps. (inbound , file sharing etc.) or WSUS setup do By default.

    Regards,
    Arshad

    • Yes Arshad once you install WSUS 3.0 SP2, you will have to install those 2 updates as they are prerequisite for installing SCCM 2012 SP1.

      Update for Windows Server Update Services 3.0 SP2 (KB2720211)

      Update for Windows Server Update Services 3.0 SP2 (KB2734608)

      My suggestion is remove the patches and WSUS 3.0 SP2 cleanly. Restart the server, install WSUS 3.0 SP2, install the updates and restart the server once.

      2) Rather than turning off the firewall it is recommended to configure the firewall exceptions and open the ports required for sccm 2012 sp1 client push. Configure the group policies first and then start the WSUS installation.

  • arsahad hussain

    ok fine. I will get back to you

    Regards
    Arshad

    • Rob GaatJeNixAn

      I have a problem: installed WSUS role and Update Point on the SCCM 2012R2 server, not liked it and removed it. Clients now not reporting to WSUS. Uninstalled the WSUS role, installed the WSUS role on another server. Clients still not reporting to WSUS (not even trying according to the windowsupdate.log).

      Found the solution 9for SCCM2007/WSUS3): http://blogs.technet.com/b/sus/archive/2008/11/12/wsus-clients-install-updates-properly-but-don-t-send-any-status-reports-back-to-the-server.aspx. the tool is not working on 2012R2….

      BUT how does this work for me? However the Update Point is uninstalled fromm SCCM I can still configure it (also th ereporting settings). But will this have any effect to the clients?? How ‘reads’ the client this setting?
      Rob Mulder

      • Rob GaatJeNixAn

        Do this on the database:

        UPDATE dbo.tbConfiguration SET Value=’2′ where Name=’ClientReportingLevel’

  • Arshad Hussain

    Hi Prajwal,

    . As we Cross check our configuration in domain part firewall exceptions and open the ports required as you told me, no issue both ports are open. Also our wsus last update was 25/11/20013 . But now just waiting for top management to approve for go head with wsus installation & patches ,once job done I will update you exactly what.

    Mean time I would like to know as I am new to SCCM server from couple of weeks I am trying to configure exchange connector same server but some reason it also come up with below error, is it related above issue only…?can you guide me what to do…

    The SMS Provider reported an error.

    with more Below details
    onfigMgr Error Object:
    instance of SMS_ExtendedStatus
    {
    Description = “ERROR ON Property Convert”;
    ErrorCode = 0;
    File = “e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspsitesettingitem.cpp”;
    Line = 1028;
    Operation = “ExecQuery”;
    ParameterInfo = “SELECT * FROM SMS_SCI_SCPropertyList WHERE ItemType = ‘SMS_EXCHANGE_CONNECTOR’ AND PropertyListName like ‘ConnectorConfig_%'”;
    ProviderName = “WinMgmt”;
    StatusCode = 2147749917;
    };

    ——————————-
    Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException
    The SMS Provider reported an error.

    Stack Trace:
    at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.d__0.MoveNext()
    at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.GetExistingExchanges()
    at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.InitializePageControl()
    at Microsoft.ConfigurationManagement.AdminConsole.SmsWizardPage.Initialize()

    System.Management.ManagementException
    Unexpected error

    Stack Trace:
    at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.d__0.MoveNext()
    at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.GetExistingExchanges()
    at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.InitializePageControl()
    at Microsoft.ConfigurationManagement.AdminConsole.SmsWizardPage.Initialize()

    Regards,
    Arshad

  • Arshad Hussain

    Hi Prajwal,

    ok fine. Our Exchange is 2010 with SP1 , if any let me know

    Regards,
    Arshad

  • Arshad Hussain

    Prajwal,

    well, even if you use scomadmin account need permissions of the connector or any account connector permission (Privilege) fine. As earlier also I went to that link & details regarding connector permission etc. even I added my exchange server (dns), but my account might not not having that permission .

    But when you try to add exchange server above error The SMS Provider reported an error & with all details description .., then it will go to add menu .. what is the reason for ? we need to correct issue before adding this exchange DNS , not because of my wsus update & synchronization issue..?

    Regards,
    Arshad

  • Muzammil

    Hi Prajwal,

    These notes are really helpful, thanks for all you support. would you mind telling me, do I really need to extend schema, the reason I am asking is we don’t hold schema, It managed by our head office IT team, can I able to install and set-up sccm 2012R2 without that?
    Please let me know.

    Kind Regards
    Muzammil

    • Thank you Muzammil..Extending the active directory schema is optional. Microsoft recommends to extend the schema because it allows clients to retrieve many types of information related to Configuration Manager from a trusted source. If you don’t extend the schema then you might have to work more on managing the clients in your organization such as collection or listing users, computers in your organization. For example when you push the clients using SCCM the clients can locate the management point using active directory domain services and if you don’t extend the schema then you have configure the server locator point.

  • Muzammil

    Hi,

    Thanks for your replay!
    sorry to bother you again. could you please tell me we have already running SCCM 2007 R3 sp2 in our environment, I couldn’t deploy the FEP 2010 in windows 8.1 through SCCM, bcz win8.1 already have a defender on it. even can’t do it with out SCCM. So is that possible with sccm 2012R2.
    I am installing 2012r2 in test environment before deploy it in our network to make sure that everything goes smoothly. I there any thing I need to concentrate before deploy it.
    I am planing to uninstall 2007 completely later and install the new one after testing.

  • Arshad Hussain

    Hi Prajwal,

    If Available ,can you provide me link for sup (Software update point) Remove /add site role steps on SCCM 2012 SP1 (OS WINDOWS 2008 R2).

    Regards,
    Arshad

  • Arshad Hussain

    Thanks for your link i will check it out.

    My earlier task on sccm 2012 sp1 wsus role installtion done.

    After i taken Two differnet snapshot Beofre &After installtion of wsus.30 with sp1 & two PACTHES.

    NOW WSUS 3.0 WORKING FINE & WINDOWS UPDATE , Synchronization fine

    But thirdy party told me to uinstall sup role as well as wsus 3.0 7 & reinstall it same time

    . after installtion of wsus only i am able to unstall & install the role of SUP for some reason.
    i would like to know , no iusse if i done above steps. or i need to uinstall & install both role same time. .(just installtion not update),

    WSUS take 24 hours to synchrnization with SUP….?

    Install wsus without doing update & install SUP ROLE as well…? then i need to do Later wusu update (synchronization)
    please guide me how to check or update on the configration Console of SCCM 2012 SP1 that SUP synchronizing with WSUS
    .
    otherwise i will try to install again both role same time.

    Best Regards,
    Arshad

  • arshad hussain

    I opened your second link regards to SUP, I DONE ALMOST OPTION for Synchronization sup & wsus…. But still if any tips to my above Mail

    Wsyncmgr.log & WCM.log, & wususctrl. log files for Pre & Post Installtion.

    Best Regards,
    Arshad

  • Arshad Hussain

    Hi Prajwal,

    Thank you very Much for your support & Guide Line for the Installtion of wsus, sup Role etc.

    Now My SCCM 2012 sp1 working fine & Push all the 30 servers (out of 55 servers ) Security updates as well as 300 (out of 423)workstation updates.

    i would like to know My SCCM 2012 SP1, SCOM SP1 , SQL DATABASE 2008 R2 (All three servers with windows 2008 R2), kindly let me know if i need to push any recommended windows updates or security patches for all three server. If any mention to me or give the Link.

    Also My all error is vanish form Event Log except Exchange connector (Event id 1020). Now i Escalate to My Exchange admin to veriify or allow proper connector permission to My sccmadmin Account for configure the connector. If Anything othr than this kindly let me know.

    Thanking you in Advance.

    Best Regards,
    Arshad

    • It is always recommended to install the windows updates on the servers. Since these all are critical servers, you must first create a similar test environment and deploy windows updates on to lab machine /test machine and if the updates do not cause any issues then you can deploy the same updates on the production machines. In some companies the updates are deployed in the second week of every month, before the updates are deployed a full backup of the machine is taken first.

      I would suggest you to have a test environment similar to prod one, test the updates there and then deploy it to prod machines.

  • Arshad Hussain

    Sure. Then i will do best way is Snapshot (no issue data storage we can expand) of each server & try the same .As i done for SCCM 2012 sp1 later deleted the old snapshot of SCCM 2012 SP1.

    one more thing if i am not wrong as i we done before one client site IBM SERVER 360 Series with dual processore ( Raid 5 Config) & loaded os server 2012 Standard Version. Installed 4 VM with one physical host (Servers role: File server, AD 2012, TMG & Symantec Server).

    But i seen one forum of your installtion of windows 2012 standard version supprt only two vm….? kindly let me know where i am wrong…

    Best Regards,
    Arshad

  • Arshad Hussain

    its ok My windows server 2012 Standard version having 2 L/C Key .That means 4 vm. i remember after i post the comment.

    Best Regards,
    Arshad

  • Krishna

    Synchronization failure alert for software update point: sccm.TEST.SCCM.COM (P01)

    • Check the WCM.log and Wsyncmgr.log file for more errors.

  • Fahd Mannaa

    what about if i have already WSUS in the network ? still i should i add the WSUS server ?

    • Its always recommended that you install WSUS and not use the existing one.

  • Vivian

    Hi Prajwal,

    I have decided to retire my existing WSUS server go with the SCCM for updates. I’m followed your guide til the end but don’t see SUSDB in my SQL Management Studio after installing WSUS on the same server as SCCM after multiple reboots. Am I missing something? I know I’m not supposed to run the post install configuration, but when I do, I get an error message saying that access to the remote directory is denied. What account should I be granting to the share for WSUS content?

  • Tom

    Prajwal – First off – great guides. Thanks for posting them. I have a question concerning the WSUS install. In your guide here you advise to cancel the WSUS install before configuring the task. But in your guide on deploying Software Updates, you advise to Create a Windows Server Update Services 3.0 Web site . Can you explain? I didn’t create the Website during the WSUS install, and now the Post Install Task runs in order to open WSUS, but it fails. Here is the error:

    Log file is located at C:\Users\ap-svc-sccm2\AppData\Local\Temp\tmp4F6B.tmp
    Post install is starting
    Fatal Error: The schema version of the database is from a newer version of WSUS
    than currently installed. You must either patch your WSUS server to at least
    that version or drop the database.

    Any thoughts.

    • what is the server edition that you are using and what version of WSUS have you installed ?

  • Tom

    Prajwal,

    I removed WSUS, deleted the database, rebooted. installed WSUS and ran the post install configuration. Now WSUS opens normally. How do I now create the WSUS website?

    Thanks
    Tom

    • How do I now create the WSUS website?
      what website ?

  • Paul

    Hi Prajwal,

    I installed successfully installed WSUS and the SUP on my SCCM 2012 R2 server (OS Windows 2012 R2 Datacenter). However, does the SUP role on SCCM 2012 R2 have to be installed on the same server that house the WSUS database(SUSDB installed on remote db server)? I’m asking because Im not able to synchronize software updates from SCCM. Also primary site and database are on separate servers.

    Thanks,

    Paul

    • hi paul can you post wsyncmgr.log file ? Log file will tell us where the issue is..

  • Paul

    Wsyncmgr.log file states:

    “Sync failed WSUS update source not found on site XYZ. Please refer to WCM.log for configuration error details. Source: getSiteUpdateSource
    STATMSG:ID=6703
    Sync failed. Will retry in 60 minutes

    • Have you reviewed WCM.log? When you installed WSUS, did you also create the DB?
      Can you open the WSUS admin console successfully and does it successfully connect to the WSUS DB?

  • Paul

    I have reviewed the WCM.log and it says” The request failed with HTTP Status 404: Not Found~~at Microsoft.UpdateServices.Administration.AdminProxy. CreateUpdateServer”
    “Remote configuration failed on WSUS Server

    The funny thing is I can successfully open WSUS admin console and see all updates.

    • What WSUS ports are you using ? Can you also check wsyncmgr.log file for sync errors ?

  • Paul

    Im using Port 80 and Port 443

    When i checked wht wsyncmgr.log file it states that the
    Found 1 SUPs
    Found active SUP (servername) from SCF file
    DB Server not detected for SUP (servername) from SCF file.skiipping
    Sync failed. WSUS update source not found on site XYZ

  • khalid

    first of all thanks for your great post I am not sure what is wrong but SCCM 2012 R2 is working fine which installed in windows 2012 R2 and the latest WSUS server version 4 is installed it is synchrization with server is working fine (according to the log ) no error in either WCM log or WSUSCrtl log when you add the update software point the settings button is never appears in the property button only generals and proxy settings appears with common message “for configuration manager to use a software update point that is not installed on the site server on the site server you must install WSUS administration console in the site server”

    the above message in several post it is mention two updates ( KB2720211 & KB2734608) needs to be installed but that for WSUS 3 with SP2 not for WSUS 4 did you have any idea what could be the slotion

    • Where are you installing SUP role ? Is it on the same server where SCCM and WSUS is installed?

  • khalid

    yes one more thing you can open WSUS console but not through SCCM

  • Mohammed

    Hi,

    could you please clarify me.

    * is mandatory to install wsus in Lab environment(Practice)

    Thanks,
    Mohammed

  • khalid

    the Database is SQL 2012 SP1

  • khalid

    can you change primary site to stand alone primary site

  • manish nair

    hi bro,

    i added wsus and it was successful. But i cannot see susdb under database in sql 2012 sp1. Is internet needed before adding wsus ? Pls help.

    • Nope, internet connectivity is not required. Tell me what version of WSUS have you installed ? Is the SQL server installed on same server as SCCM or its a remote server.

      • manish nair

        thx for replyin.
        Its server 2012 standard edition. I have only one build. And i am using the trial versions of everythin. Server 2012, sql 2012 sp1 and sccm 2012 r2. Everything is on same machine. I followed all ur links and did d same and everythin was fine till the susdb appearance in sql. My pc name is SCCMServer and domain is lab.com. Hence the window where u entered sccm.prajwal.local, I entered SCCMServer.lab.com. I guess its correct. I am not able to figure out d issue. Is it may be bec sql is in its trial mode!!!! these trial mode apps never work perfectly wid all their features i guess.

        • @Manish, uninstall the WSUS and reinstall it again.

          • manish nair

            Prajwal, I have taken snapshots in the build after the SQL install stage. I have revereted back to that snapshot few times now and tried installing wsus but to no use. Have tried it many

            times now. What u advice ? Is wsus that an imp thing ? Its just to push the updates , right ? Can i skip it ?

            • remotefix

              There is a bug installing WSUS through server manager. Use poweshell

              • @remotefix – Do you have a link where there is a description about it ?

              • manish nair

                I tried in server 2008 and it was fine..!!! In server 2012, after enabling wsus, there is a reboot and after that, i clicked the wsus notification and went ahead.. and then wsus appeared in sql (altho i kno we shud not configure wsus)…

          • manish nair

            Prajwal, I have taken snapshots in the build after the SQL install stage. I have revereted back to that snapshot few times now and tried installing wsus but to no use. Have tried it many

            times now. What u advice ? Is wsus that an imp thing ? Its just to push the updates , right ? Can i skip it ?

            • WSUS is required if you want SCCM to deploy updates. You can skip it and plan to install it later.

    • Binarylab

      Actually you should run postinstallation but cancel configuration wizard. Databse will not be created if you dont run post installation.

  • manish nair

    The blog is quite good…!!! and the pre-req part is similar to other sites but its not clearly mentioned anywhere in any site or blog, why we need to create a SCCM container, why right has to be given ? why wsus is needed? if sccm will handle updates then for wht purpose wsus is needed!!!! Things like whether a domain has to be created b4 all this ?

  • manish nair

    installing AD on main server , creating a domain , adding client pcs to this domain
    Isnt the above steps imp b4 setting up a SCCM env ??
    SCCM can work across diff domains , agreed but pls take the simple scenario first !!!!
    2 pcs , one win server and another win 7
    I want sccm server on one and another as sccm client..!!! shudnt both the pcs be connected over n/w , and then shudnt i be creating a domain and addin win7 pc as the client to the domain and then do all the SCCM setting up..!!!!!!

    • Yes Manish those steps that you mentioned are really important, one cannot proceed without that. The reason why that was not covered is its too basic for a IT person who is deploying SCCM. If you are deploying SCCM then its assumed that you have initial setup ready, if you want me to document and post even that I will do that .. that should not take much time..

      • manish nair

        Not at all!!! i aint questioning you..!!! I just wanted to be very clear abt the n/w part..!!! I have asked these questions in AD grps too but noone seem to hav an exact answer..!!!! tht whether 2 pcs shud b in same nw before joinin them into a common domain !!!i undrstnd it sounds inane..!!! but at d same time, i have got replies like SCCM can handle clients in other domains( trusted relation) , and also can handle clients which r not even connected to any nw or any domain i.e a workgrp pc !!!! thx fr d reply..!!!

  • Jeremy Densmore

    So following this procedure in step 4, (See Picture) Where does Approval occur now? Or is the need eliminated in sccm 2012 R2 Thanks in advance for any help!

  • Jeremy Densmore

    Perfect thank you!

  • siddhesh

    hi Prajwal cn you tell me sizing for around 300 client running win 7 and 8

  • Flustivus

    Are you aware that this page is hosting a malware pest phishing as a “required” “Flash HD Player”? I’ve provided a screen capture for ya.

    • its just the bidvertiser adds. You can close the ad banner.

  • max

    is there a certain reason why i use this backup method instead of windows backup feature ?!

    • @Max – I didn’t get you, what backup feature are you referring here?

      • max

        i am referring to windows server backup tools feature that let me backup the whole OS and files if u used it to backup my server do i need to back up SCCM separately ? or if i backup using windows sever backup tools i am set?

        btw i have 1 extra question i am having problem with wsus post configuration 1st of all after i installed it and choose db option instead of wid db i got error in post installation wen trying to connect to it befor showing the wizard i checked the log and the main problem was some thing about index boundary error i think its problem with sql i am not sure tho. after i tired to reinstall 4 times with same error i tried deleting iis site as recommended by some 1 same issue i reinstalled to WID db worked just fine

        so i am not sure how to fix this issue if you have any recommendation i would appreciate it .

        also i had 1 more question if there is anyway to delete the WSUS configuration bec. after i installed WID DB it doesnt show the wizard for configuration it just gets me right into the wsus utility .

        thanks in advance

  • qhdevon43

    well once again you’ve helped me connect WSUS to SCCM. It works flawlessly, howevever I did spend about 1 week trying to get it configured properly. Might I suggest that after the very last step where you say to click cancel, thats perfect and all but a very important and crucial step is to open Windows server update services and click on okay, after doing this it syncs up with the SQL server and then after that open up the CMtrace tool and review the wsyncmgr.log and wcm.log to make sure its syncing correctly. Hopes this helps anyone else having the same issue I did.

    • Albert

      so if you miss this step how can you get it working? if I open WSUS app and try to ‘connect’ to the server it says that it’s not connected to an SQL database :/ not sure if this is the reason why I cannot get sccm12 r2 to sync with the windows update server (online) at ALL I keep getting errors and it won’t download any updates or anything.

  • Aibin T Paskal

    Dear Prajwal Desai, i just configured SCCM 2012R2 in my office by following your steps. At the time, when i installed wsus i accidentally configured the wsus configuration wizard. I successfully installed the SCCM but at the time when im trying to deploy updates to systems, it doesn’t install. what can i do next to install updates through wsus? please help me.

  • Aibin T Paskal

    Screenshot

  • Hanson

    Hi Prajwal,

    I forgot to install WSUS before I installed SCCM 2012 R2 SP1. I have install SQL 2014 and SCCM 2012 R2 SP1 on my Virtual Windows Server 2012 R2. When I install SCCM, I named the database name is CM_XYZ. Now I just installed WSUS on the same server (Server 2012R2). It automatically generated database SUSDB in SQL Database. How do I change the database name in SCCM so that I can use SCCM to deploy Windows Updates. I ran synchronization in WSUS and see all the Windows Updates; however, I don’t see anything in SCCM Manager Console. Thank you for your help!

  • Mallikarjun Rao

    Hi Prajwal,

    we have sccm2012 r2 infrastructure, was planning to do a wsus clean up we do have 3 wsus server one upstream and one downstream is workign fine but another downstream wsus15 fails to connect it says please make sure post-installatio taks is completed successfully in that server and event: The WSUS content directory is not accessible.with error ID 12072, 7000

    need your suggestion on this

  • Jeff Scharfenberg

    I have an issue connecting my SCCM 2012 vm (existing) to my WSUS (existing) server. We don’t wish to do any client updates, as the WSUS server works just fine for that. I only want to update the .wim images monthly so when we push out to new computers we don’t have to run updates and have it go through 100+ updates. Could you assist in any way? I’ve gone over so many configurations and would prefer to not move my WSUS and merge it on the SCCM 2012 vm.

  • Alan Burton

    Thank you

  • Ihchavez

    I am having an error connectiong with WSUS. Where should start looking at fixing the issue? I followed all of your steps in installing SCCM and the issue that I am having is syncing

    Thank you

  • Serdar

    Hello Prajwal

    Can you help me?

    I do not see anything on the console, although successful updates

    Thank you

    https://uploads.disquscdn.com/images/965c7eabec0e2ced7e4d3358c43850ae87ff6743674322651b612406bdb3a545.jpg

  • Nick

    Hi Prajwal Desai,

    I have a question. I was searching the system requirements for installing WSUS 3.0 SP2 on Windows Server 2012 R2. The only thing I can find is documents about system requirements for installing WSUS 3.0 SP2 on Windows Server 2008 and Windows Server 2008 R2. Does this automatically mean that it also works on Windows Server 2012 R2? Should I just follow the guide and install WSUS via console manager or install WSUS 3.0 SP2 via the link you provided?

    Thanks a lot.

  • Higgs

    Can wsus 4 works with sccm 2012 r2?

    • I am not sure about this. You may check the R2 documentation and see if WSUS 4 is compatible with R2.

      • Higgs

        Hi,

        i have a wsus server and a sccm server.
        for the SUP,should i add a software update server to the DP or create a new software update point?

  • Gareth Wynne

    Hello,

    Just a quick question with sccm the SQL licence is free for use with SCCM install. If you use apply the wsus element to the db does this then become a chargeable entity?

    Kind Regards

  • BigJoe

    Hi Prajwal,

    I’m running into the following issue:

    For performance reasons I want to move WSUS/SUP to a seperate server, within the primary SCCM site. On that server I installed IIS, WSUS (with necessary hotfixes), SQL2012 express and finally a software update point through the SCCM console. (so SUP is the only additional role for the new server and the existing SUP on the primary site server)

    Installations all went fine, but when firing it up, the WCM log on the primary reports both SUPS but can’t connect to the new SUP ; The request failed with HTTP status 503: Service Unavailable.

    (servers are running Server 2008R2, SCCM 2012 SP1)

    Trigger event array index 0 ended.
    SCF change notification triggered.
    Populating config from SCF
    Setting new configuration state to 1 (WSUS_CONFIG_PENDING)
    Changes in active SUP list detected. New active SUP List is:
    SUP0: first-sup-fqdn group = primary, nlb =
    SUP1: new-sup-fqdn, group = , nlb =
    Updating active SUP groups…
    Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)
    Checking runtime v2.0.50727…
    Found supported assembly Microsoft.UpdateServices.Administration version 3.1.6001.1, file version 3.1.7600.274
    Found supported assembly Microsoft.UpdateServices.BaseApi version 3.1.6001.1, file version 3.1.7600.274
    Supported WSUS version found
    Attempting connection to WSUS server: first-sup-fqdn port: 8530, useSSL: False
    Successfully connected to server: first-sup-fqdn port: 8530, useSSL: False
    Verify Upstream Server settings on the Active WSUS Server
    No changes – WSUS Server settings are correctly configured and Upstream Server is set to Microsoft Update
    Attempting connection to WSUS server: new-sup-fqdn, port: 8530, useSSL: False
    System.Net.WebException: The request failed with HTTP status 503: Service Unavailable.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)
    Attempting connection to WSUS server: first-sup-fqdn port: 8530, useSSL: False
    Successfully connected to server: first-sup-fqdn port: 8530, useSSL: False
    Attempting connection to WSUS server: first-sup-fqdn port: 8530, useSSL: False
    Successfully connected to server: first-sup-fqdn port: 8530, useSSL: False
    Configuration successful. Will wait for 1 minute for any subscription or proxy changes
    Setting new configuration state to 2 (WSUS_CONFIG_SUCCESS)
    Waiting for changes for 28 minutes

    I hope you can shed some light on this.
    Cheers,
    Joe.

  • Higgs

    Hi

    I have a WSUS server and a SCCM server.

    For SCCM do i Add site system role or create site system server for wsus?

    Thnaks

  • AaronSmith86

    is it required to have WSUS local to the SCSM Primary site? We already have a WSUS server, so I’ve pointed the SUP to that URL to synchronize. However, I’m not seeing updates coming in to the console.

    • Seems like issues in Synchronization of updates. Have you checked any wsus log files ?.

  • Hanson

    Hi Prajwal,

    Thank you for your great post on installing SCCM. I’m running into an issue with WSUS service. My environment is Windows Server 2012R2, SQL 2014. SQL, WSUS Service, and SCCM are in the same Windows Server 2012R2. After I installed WSUS Service successful, then close the Windows. When I open the WSUS Console, it forced me to configure: Complete WSUS Installation (Sorry, I can’t insert the screenshot in the post). When I clicked Run, and I got error as follow below. I have also tried to uninstalled both WSUS Service and IIS, and re-installed both of them. I also configured IIS binding on Default Web Site for both http ports 80 & 8530. Now, I configured IIS binding only port 8530, but still got the same error. I’m at the dead end and need your help. Thank you very much.

    The.TMP error file content:

    2016-09-06 12:07:58 Postinstall started
    2016-09-06 12:07:58 Detected role services: Api, Database, UI, Services
    2016-09-06 12:07:58 Start: LoadSettingsFromParameters
    2016-09-06 12:07:58 Content local is: True
    2016-09-06 12:07:58 Content directory is: C:SourceUpdates
    2016-09-06 12:07:58 SQL instname is: NCC-SCCM-2012R2.NCC.GOV
    2016-09-06 12:07:58 End: LoadSettingsFromParameters
    2016-09-06 12:07:58 Start: Run
    2016-09-06 12:07:58 Fetching WsusAdministratorsSid from registry store
    2016-09-06 12:07:58 Value is S-1-5-21-3298164499-4248302938-774495382-1005
    2016-09-06 12:07:58 Fetching WsusReportersSid from registry store
    2016-09-06 12:07:58 Value is S-1-5-21-3298164499-4248302938-774495382-1006
    2016-09-06 12:07:58 Configuring content directory…
    2016-09-06 12:07:58 Configuring groups…
    2016-09-06 12:07:58 Starting group configuration for WSUS Administrators…
    2016-09-06 12:07:58 Found group in regsitry, attempting to use it…
    2016-09-06 12:08:01 Writing group to registry…
    2016-09-06 12:08:01 Finished group creation
    2016-09-06 12:08:01 Starting group configuration for WSUS Reporters…
    2016-09-06 12:08:01 Found group in regsitry, attempting to use it…
    2016-09-06 12:08:01 Writing group to registry…
    2016-09-06 12:08:01 Finished group creation
    2016-09-06 12:08:01 Configuring permissions…
    2016-09-06 12:08:01 Fetching content directory…
    2016-09-06 12:08:01 Fetching ContentDir from registry store
    2016-09-06 12:08:01 Value is C:SourceUpdates
    2016-09-06 12:08:01 Fetching group SIDs…
    2016-09-06 12:08:01 Fetching WsusAdministratorsSid from registry store
    2016-09-06 12:08:01 Value is S-1-5-21-3298164499-4248302938-774495382-1005
    2016-09-06 12:08:01 Fetching WsusReportersSid from registry store
    2016-09-06 12:08:01 Value is S-1-5-21-3298164499-4248302938-774495382-1006
    2016-09-06 12:08:01 Creating group principals…
    2016-09-06 12:08:01 Granting directory permissions…
    2016-09-06 12:08:01 Granting permissions on content directory…
    2016-09-06 12:08:01 Granting registry permissions…
    2016-09-06 12:08:01 Granting registry permissions…
    2016-09-06 12:08:01 Granting registry permissions…
    2016-09-06 12:08:01 Configuring shares…
    2016-09-06 12:08:01 Configuring network shares…
    2016-09-06 12:08:01 Fetching content directory…
    2016-09-06 12:08:01 Fetching ContentDir from registry store
    2016-09-06 12:08:01 Value is C:SourceUpdates
    2016-09-06 12:08:01 Fetching WSUS admin SID…
    2016-09-06 12:08:01 Fetching WsusAdministratorsSid from registry store
    2016-09-06 12:08:01 Value is S-1-5-21-3298164499-4248302938-774495382-1005
    2016-09-06 12:08:01 Content directory is local, creating content shares…
    2016-09-06 12:08:01 Creating share “UpdateServicesPackages” with path “C:SourceUpdatesUpdateServicesPackages” and description “A network share to be used by client systems for collecting all software packages (usually applications) published on this WSUS system.”
    2016-09-06 12:08:01 Deleting existing share…
    2016-09-06 12:08:01 Creating share…
    2016-09-06 12:08:01 Share successfully created
    2016-09-06 12:08:01 Creating share “WsusContent” with path “C:SourceUpdatesWsusContent” and description “A network share to be used by Local Publishing to place published content on this WSUS system.”
    2016-09-06 12:08:01 Deleting existing share…
    2016-09-06 12:08:01 Creating share…
    2016-09-06 12:08:01 Share successfully created
    2016-09-06 12:08:01 Creating share “WSUSTemp” with path “C:Program FilesUpdate ServicesLogFilesWSUSTemp” and description “A network share used by Local Publishing from a Remote WSUS Console Instance.”
    2016-09-06 12:08:01 Deleting existing share…
    2016-09-06 12:08:01 Creating share…
    2016-09-06 12:08:01 Share successfully created
    2016-09-06 12:08:01 Finished creating content shares
    2016-09-06 12:08:01 Stopping service WSUSService
    2016-09-06 12:08:01 Stopping service W3SVC
    2016-09-06 12:08:04 Configuring database…
    2016-09-06 12:08:04 Configuring the database…
    2016-09-06 12:08:04 Establishing DB connection…
    2016-09-06 12:08:04 Checking to see if database exists…
    2016-09-06 12:08:04 Database exists
    2016-09-06 12:08:04 Switching database to single user mode…
    2016-09-06 12:08:07 Loading install type query…
    2016-09-06 12:08:07 DECLARE @currentDBVersion int
    DECLARE @scriptMajorVersion int = (9600)
    DECLARE @scriptMinorVersion int = (18324)
    DECLARE @databaseMajorVersion int
    DECLARE @databaseMinorVersion int
    DECLARE @databaseBuildNumber nvarchar(10)
    IF NOT EXISTS(SELECT * FROM sys.databases WHERE name=’SUSDB’)
    BEGIN
    SELECT 1
    END
    ELSE
    BEGIN
    SET @currentDBVersion = (SELECT SchemaVersion FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = ‘CoreDB’)
    SET @databaseBuildNumber = (SELECT BuildNumber FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = ‘CoreDB’)
    DECLARE @delimiterPosition INT = CHARINDEX(‘.’, @databaseBuildNumber)
    IF (@delimiterPosition = 0)
    BEGIN
    RAISERROR(‘Invalid schema version number’, 16, 1) with nowait
    return
    END
    SET @databaseMajorVersion = SUBSTRING(@databaseBuildNumber, 1, @delimiterPosition – 1)
    SET @databaseMinorVersion = SUBSTRING(@databaseBuildNumber, (@delimiterPosition + 1), (10 – @delimiterPosition))
    IF @currentDBVersion @databaseMajorVersion OR
    (@scriptMajorVersion = @databaseMajorVersion AND @scriptMinorVersion > @databaseMinorVersion))
    BEGIN
    SELECT 2
    END
    ELSE IF (@scriptMajorVersion = @databaseMajorVersion AND
    @scriptMinorVersion = @databaseMinorVersion)
    BEGIN
    SELECT 0
    END
    ELSE
    BEGIN
    SELECT 4
    END
    END
    END

    2016-09-06 12:08:07 Install type is: Reinstall
    2016-09-06 12:08:07 Creating logins…
    2016-09-06 12:08:07 Fetching account info for S-1-5-20
    2016-09-06 12:08:07 Found principal
    2016-09-06 12:08:07 Found account
    2016-09-06 12:08:07 Got binary SID
    2016-09-06 12:08:07 Fetching WsusAdministratorsSid from registry store
    2016-09-06 12:08:07 Value is S-1-5-21-3298164499-4248302938-774495382-1005
    2016-09-06 12:08:07 Fetching account info for S-1-5-21-3298164499-4248302938-774495382-1005
    2016-09-06 12:08:07 Found principal
    2016-09-06 12:08:07 Found account
    2016-09-06 12:08:07 Got binary SID
    2016-09-06 12:08:07 Setting content location…
    2016-09-06 12:08:07 Fetching ContentDir from registry store
    2016-09-06 12:08:07 Value is C:SourceUpdates
    2016-09-06 12:08:07 Swtching DB to multi-user mode……
    2016-09-06 12:08:07 Finished setting multi-user mode
    2016-09-06 12:08:07 Writing DB settings to registry…
    2016-09-06 12:08:07 Marking PostInstall done for UpdateServices-Database in the registry…
    2016-09-06 12:08:07 Starting service W3SVC
    2016-09-06 12:08:07 Configuring IIS…
    2016-09-06 12:08:07 Start: ConfigureWebsite
    2016-09-06 12:08:08 Configuring website on port 8530
    2016-09-06 12:08:09 System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
    at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)
    at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
    at Microsoft.UpdateServices.Administration.UseCustomWebSite.ExecuteIisCustomAction(String arguments)
    at Microsoft.UpdateServices.Administration.UseCustomWebSite.InstallAndConfigure(IisConfiguration& iisConfiguration, Int32 newPortNumber)
    at Microsoft.UpdateServices.Administration.UseCustomWebSite.CreateWebsite(Int32 newPortNumber)
    at Microsoft.UpdateServices.Administration.PostInstall.ConfigureWebsite(Int32 portNumber)
    at Microsoft.UpdateServices.Administration.PostInstall.Run()
    at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)

  • Dan

    What steps (if any ) need to take place if you accidently click on “Launch Post installation tasks” after WSUS installation. I didn’t click next on the wizard, but hit cancel, This notice was showing as flagged in server manager tasks and I ran the task from server manager. Not sure if it was the same thing. I now see a ID:13051 Warning for WSUS. Please advise.

    • Do you see SUSDB in SQL now ?.

      • Dan

        Thanks for getting back to me… Yes SUSDB is in SQL now.