Windows Server Update Services (WSUS) Configuration Manager connects to the WSUS server once every hour and configures the WSUS server with the settings that are defined for the software update point in the Configuration Manager console.
How it works
WSUS Configuration Manager uses the WSUS APIs to connect to the WSUS server. The WSUS Administration console must be installed on the Configuration Manager site server, because the WSUS Administration console installs the APIs that are used to connect to the WSUS server.
The following are logged in WCM.log:
Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608) SMS_WSUS_CONFIGURATION_MANAGER Checking runtime v2.0.50727... SMS_WSUS_CONFIGURATION_MANAGER Did not find supported version of assembly Microsoft.UpdateServices.Administration. SMS_WSUS_CONFIGURATION_MANAGER Checking runtime v4.0.30319... SMS_WSUS_CONFIGURATION_MANAGER Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.2.9200.16384 SMS_WSUS_CONFIGURATION_MANAGER Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.2.9200.16384 SMS_WSUS_CONFIGURATION_MANAGER Supported WSUS version found SMS_WSUS_CONFIGURATION_MANAGER
If the products or classifications defined for the software update point are modified, SMS Provider makes changes in the appropriate CI_* tables in the database. For example, when a product is selected for synchronization, SMS Provider updates rows in the CI_CategoryInstances and CI_UpdateCategorySubscription tables.
SMS Database Monitor monitors these tables for changes. When an update is detected, SMS Database Monitor drops a CSB file in the WSUSMgr.box folder notifying WCM to update the WSUS server configuration. The following are logged in SMSDBMon.log:
RCV: UPDATE on CI_CategoryInstances for CategoryNotify_iud [177][14252] SMS_DATABASE_NOTIFICATION_MONITOR RCV: UPDATE on CI_UpdateCategorySubscription for SubNotify_iu_WCM [177][14253] SMS_DATABASE_NOTIFICATION_MONITOR SND: Dropped E:\ConfigMgr\inboxes\objmgr.box\177.CTN [14252] SMS_DATABASE_NOTIFICATION_MONITOR SND: Dropped E:\ConfigMgr\inboxes\WSUSMgr.box\177.CSB [14253] SMS_DATABASE_NOTIFICATION_MONITOR
WCM then wakes up and connects to the WSUS server to make sure that it is configured with the options defined in the Configuration Manager console. The following are logged in WCM.log:
File notification triggered WCM Inbox. SMS_WSUS_CONFIGURATION_MANAGER Setting new configuration state to 4 (WSUS_CONFIG_SUBSCRIPTION_PENDING) SMS_WSUS_CONFIGURATION_MANAGER Attempting connection to WSUS server: CE1SITE.CONTOSO.COM, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER Successfully connected to server: CE1SITE.CONTOSO.COM, port: 8530, useSSL: False SMS_WSUS_CONFIGURATION_MANAGER Subscribed Update Categories <?xml version="1.0" ?>~~<Categories>~~ <Category Id="Product:a105a108-7c9b-4518-bbbe- 73f0fe30012b"><![CDATA[Windows Server 2012]]></Category>~~ <Category Id="Product:fdfe8200-9d98-44ba-a12a- 772282bf60ef"><![CDATA[Windows Server 2008 R2]]></Category>~~ <Category Id="UpdateClassification:0fa1201d-4330- 4fa8-8ae9-b877473b6441"><![CDATA[Security Updates]]></Category>~~ <Category Id="UpdateClassification:28bc880e-0592- 4cbf-8f95-c79b17911d5f"><![CDATA[Update Rollups]]></Category>~~ <Category Id="UpdateClassification:cd5ffd1e-e932- 4e3a-bf74-18bf0b1bbd83"><![CDATA[Updates]]></Category>~~ <Category Id="UpdateClassification:e6cf1350-c01b-414d- a61f-263d14d133b4"><![CDATA[Critical Updates]]></Category>~~</Categories> SMS_WSUS_CONFIGURATION_MANAGER Configuration successful. Will wait for 1 minute for any subscription or proxy changes SMS_WSUS_CONFIGURATION_MANAGER Setting new configuration state to 2 (WSUS_CONFIG_SUCCESS) SMS_WSUS_CONFIGURATION_MANAGER
Using WSUS APIs to connect to the WSUS server works by connecting to the ApiRemoting30 virtual directory on the WSUS website. Therefore, it's important that you specify the correct port configuration when you install the software update point role.
WSUS Configuration Manager uses the WSUS APIs to connect to the WSUS server. The WSUS Administration console must be installed on the Configuration Manager site server, because the WSUS Administration console installs the APIs that are used to connect to the WSUS server.
SCCM, or System Center Configuration Manager, is a paid patch management solution from Microsoft. SCCM relies on WSUS to check for and apply patches, but offers some more desirable features and gives users more control over how and when patches are deployed.
SCCM (now MECM) adds value to the WSUS product with the addition of features like remote control of devices and active monitoring. It relies on WSUS to run as a foundation and execute necessary patching, and provides extended features for Windows and Mac users.
Open Server Manager > Tools > Windows Server Update Services. Now, we notice that when opening it we have a wizard that is asking us to configure WSUS. If you close the wizard and have WSUS open, you can navigate to Options (1) > WSUS Server Configuration WIzard (2).
Take a look under Computer Configuration > Administrative Templates > Windows Components > Windows Update . You should see the keys WUServer and WUStatusServer which should have the the locations of the specific servers.
After you select the location, choose the server on which you want to install the WSUS server role, and then click Next. On the select server roles page, select Windows Server Update Services. Add features that are required for Windows Server Update Services opens. Click Add Features, and then click Next.
Main functionality: SCCM, a system management software, manages many computers that run various operating systems. WSUS is a software update service to manage updates released for the products developed by Microsoft. Both SCCM and WSUS are products of Microsoft.
Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates. You can use WSUS to fully manage the distribution of updates that are released through Microsoft Update to computers on your network.
For organizations that still utilize a traditional on-prem network, WSUS is still a viable option to ensure the job gets done. For those companies with MDM-managed devices or have computers dispersed across a wide geographical area, Windows Update for Business may be a better option.
While Active Directory isn't required for WSUS to work, it will make configuring these settings easier. If you don't have Active Directory, you need a way to configure each client (computer) to look to the WSUS server for updates.
We have to install the Web Server Role (IIS) and that's a required role for WSUS so we click Next. On the Select Role Services for IIS window, we leave all the default options selected. By default when you want to install WSUS it will add all of the required IIS Roles and Services. Click Next to continue.
Configuration Manager helps you deliver more effective IT services by enabling: Secure and scalable deployment of applications, software updates, and operating systems. Real-time actions on managed devices. Cloud-powered analytics and management for on-premises and internet-based devices.
Main functionality: SCCM, a system management software, manages many computers that run various operating systems. WSUS is a software update service to manage updates released for the products developed by Microsoft. Both SCCM and WSUS are products of Microsoft.
Microsoft Endpoint Configuration Manager, formerly known as System Center Configuration Manager (SCCM), is a Windows-centric endpoint management tool for devices within an Active Directory domain. Historically deployed on prem on a Windows Server, SCCM can now also be deployed as cloud-hosted within Azure.
Introduction: My name is Lakeisha Bayer VM, I am a brainy, kind, enchanting, healthy, lovely, clean, witty person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.