Thursday, April 24, 2014

Configuring WSUS for your clients.

Today I got a call from a friend that was setting up WSUS on Windows Server 2012. He got WSUS setup but the clients were not checking in. After talking on the phone with him for a bit he told me he had not set anything up on the client side yet. 

Here are the steps to setup your clients via GPO taken from http://technet.microsoft.com/en-us/library/cc720539(v=ws.10).aspx


  1. In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  2. In the details pane, click Specify Intranet Microsoft update service location.
  3. Click Enabled and type the HTTP(S) URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. For example, type http(s)://servername in both boxes.
  4. Click OK.
This is great in most cases, but to my knowledge WSUS in Windows Server 2003 - 2008 R2 use port 80 as the default port for WSUS synchronization. WSUS in Windows Server 2012 the default port is 8530 and 8531 for SSL.

<edit>
      http://technet.microsoft.com/en-us/library/hh852346.aspx
  • On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS
  • On WSUS 6.2 and later (at least Windows Server 2012), port 8530 for HTTP and 8531 for HTTPS
</edit>

 So to make the adjustment you must specify the port in the TechNet step 3 to look like this http(s)://servername:port

After this you can perform a wuauclt.exe /detectnow on the client machine to detect the WSUS server and start reporting. The process can take 10 minutes or more. Sometimes a simple reboot on the client will force a detection.

After my friend made the appropriate changes (adding the port number in the GPO) and rebooted the client, the computers started reporting.

No comments:

Post a Comment