WSUS
.. WSUS FAQ
.. WSUS on SBS
.. WSUS Troubleshooting
.. WSUS News Groups
.. Known WSUS Issues
.. WSUS Links
.. WSUS Wish List
WSUS Documents
.. WSUS Deployment Guide
.. WSUS Installation Guide
.. WSUS Release Notes
.. WSUS Best Practice
SUS
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues
.. SUS FAQ
.. What Is SUS
.. SUS Troubleshooting
.. SUS Links
.. SUS Known Issues
Wiki Community
.. Wiki Contributors
.. I Love WSUS
.. WSUS Wiki Diary
.. Wiki Statistics
.. To Do Page
Miscellaneous Stuff
.. Other Resources
.. Do You Know?
WSUS on SBS |
Best practices
- Don't install WSUS on Companyweb
- Don't install WSUS on the Sharepoint site
SBS Issues
The WSUS server setup process installs two IIS v-roots on the server: SelfUpdate and ClientWebService. Setup also places some files under the home directory of the default Web site (on port 80) that enables client computers to self-update through the default Web site. By default, the default Web site is configured to deny access to any IP address other than localhost or specific subnets attached to the server. This means that client computers that are not on localhost or on those specific subnets cannot self-update. To grant access to these client computers, complete the following steps on the default Web site’s SelfUpdate and ClientWebService virtual directory.
To grant access to the client computers to self-update:
1. In Server Management, expand Advanced Management, expand Internet Information Services, expand Web Sites, expand Default Web Site, right-click the Selfupdate virtual directory, and then select Properties. 2. Click Directory Security. 3. Under IP address and domain name restrictions, click Edit, and then click Granted Access. 4. Click OK, right-click the ClientWebService virtual directory, and then select Properties. 5. Click Directory Security. 6. Under IP address and domain name restrictions, click Edit, and then click Granted Access. |
When installing WSUS on a computer running Small Business Server that also has Microsoft Windows SharePoint Services, WSUS cannot use the dedicated instance of WMSDE or MSDE created by Windows SharePoint Services on the computer running Small Business Server. You must create a new WMSDE, or MSDE instance, to be used by WUS server.
If you have an OEM installation of SBS 2003, you must use a special procedure to install WSUS.
During the SBS OEM mini setup the domain name is entered by the customer and added to the AD. This property is set in the AD as lowercase. During WSUS installation, the instance of WMSDE is set to case sensitive. During the setup process an attempt is made to give access to a security account which fails because it can't find the account in the AD.
The check is doing a case sensitive check (since the instance of WMSDE is set to case sensitive). Since the AD has the domain in lower case and the process is looking for an upper case entry, it fails. Example: Setup process is looking for SJMPC\IWAM_DELL-OFV7446Y6N , but the AD shows sjmpc\IWAM_DELL-OFV7446Y6N , since the instance is case sensitive, the install fails.To download the WSUS installer to your server::
1. On the computer running Windows SBS, create a folder named WSUSFiles on the local hard disk.
2. Read how to register to download the latest version of WSUSSetup.exe from the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=51144.
3. Answer all of the required questions on the Windows Server Update Services Registration Wizard Web page, and then click Continue.
4. When the file download security warning appears, click Save.
5. In the Save As dialog box, browse to the WSUSFiles folder, and then click Save.
1. Extract the WSUS Setup files.
a. Click Start, click Run, and then type C:\WSUSFiles\WSUSSetup.exe /X, where C: is the letter of your local hard disk.
b. When prompted for a location to extract the files, select the WSUSFiles folder.
2. Type the following command, where C: is the letter of your local hard disk, and then press Enter:
CD C:\WSUSFiles\wmsde
3. Type the following command with consideration to the points listed below, and then press Enter:
Sqlrun03.msi InstanceName=WSUS BlankSAPwd=1 Reboot=ReallySuppress DisableNetworkProtocols=1 DisableAgentStartup=1 DisableThrottle=1
- If you want to specify the drive letter where the database instance will be located, you must add the DataDir="Path" argument to the command line, where Path is the path to the target directory in the file system.
- The command line implies that your WSUS database will have a blank password. However, during the actual installation of WSUS, a randomly generated password is set. You do not need to specify a password.
- The command line is not case sensitive.
4. Start the MSSQL$WSUS service. To do this, click Start, click Run, and then type Services.msc. Right-click MSSQL$WSUS, and then click Start. If the service is not listed, rerun the command in Step 4 of this procedure.
1. Click Start, click Run, and then type C:\WSUSFiles\WSUSSetup.exe, where C: is the letter of your local hard disk.
2. On the Welcome page of the wizard, click Next.
3. Read the terms of the license agreement carefully, click I accept the terms of the License Agreement, and then click Next.
4. On the Select Update Source page, you can specify where the client computers get updates. If you select the Store updates locally check box, updates are stored on the server and you can select a location in the file system to store updates. If you do not store updates locally, the client computers connect to Microsoft Update to get approved updates.
Keep the default option to store updates locally, either choose a location to store updates or accept the default location, and then click Next.
5. On the Database Options page, keep the default options, and then click Next. Because you installed WMSDE in the previous procedure, changing the options on this page of the wizard has no effect.
6. On the Web Site Selection page, specify a Web site for WSUS to use. This page also lists two important URLs based on this selection: the URL to which you will point WSUS client computers to get updates, and the URL for the WSUS console where you can configure WSUS.
Keep the default option and click Next.
7. On the Mirror Update Settings page, keep the default option and click Next.
If you want to use multiple WSUS servers in a central management topology, see “Deploying Microsoft Windows Server Update Services.”
8. On the Ready to Install Windows Server Update Services page, review the selections, and then click Next.
9. If the final page of the wizard confirms that WSUS installation was successfully completed, click Finish.
Note: After you install WSUS, you can delete the C:\WSUSFiles folder. However, do not delete the C:\WSUS folder, which is created when WSUS is installed.
Comments:
From JPihl - 7/6/06 6:55 AM
From HandyAndy - 4/5/06 9:19 AM
From HandyAndy - 4/5/06 9:18 AM
Dear @Admin,
I would be willing to ewrite the page, how do I change content that is already here, I was under the impression we could only make comments?
HandyAndy, SBS-MVP
ps you can reach me via Andy@SBS-Rocksdotcom.remove
From wikiwurm - 4/4/06 4:17 PM
now i have installed WSUS on SBS twice successfully. the only thing is, that you have to configure the port 8530 instead of 80 over the grouppolicy (or with your regkey).
i do not change everything on sql-db or whatever you can read in this post.
@admin, i think you can change the content of this page ;-)
From wikiwurm - 3/24/06 5:00 PM
@afsfire. "what fixed my issue was restetting the IUSR password then changing the IUSR password on all sites using that account." i'm not understanding. what's the password from IUSER? should be an account for anonymous login?!? no password?
@admin, it would be nice to correct this page. it seems that there are some mistakes in the description if i read all this comments.
From mick - 12/20/05 12:46 AM
From pnadon - 10/9/05 8:26 AM
This page started out with such promise. The comments take away from the integrity...
Having never installed WSUS I am doing the research before I install on Win 2003 SBS. This page does nothing to help someone in my position.
Is there somone who has successfully installed WSUS on SBS clean, from start to finish? And if so, did they do anything outside the documents provided by Microsoft?
With so little documentation on WSUS on SBS, I am reluctant to do the install. I am getting too close to installation day to put myself in a position to have to rebuild the server.
Any help on "closing" this page would be helpful.
Thanks.
From HandyAndy - 9/16/05 2:36 PM
Moles, as stated above,
Sqlrun03.msi InstanceName=WSUS BlankSAPwd=1 Reboot=ReallySuppress DisableNetworkProtocols=1 DisableAgentStartup=1 DisableThrottle=1
Sorry for the delay, haven't been here in a while :>)
From afsfire - 9/6/05 11:22 AM
I had a long bout with getting WSUS to work on my SBS 2003 Server. I finally got "a" computer to show by adding the self update virtual file to every site in IIS that used port 80..... but the only one showing up was the actual server that WSUS was installed on (SBS2003). I was still receiveing two errors in my Windows Update.log (0x80190191 and 0x80244017) I started an MS ticket and we checked everything. To make a long story short, what fixed my issue was restetting the IUSR password then changing the IUSR password on all sites using that account. After that change the computers started showing almost immediately. Hope this helps someone
From molnes - 8/2/05 4:32 PM
From HandyAndy - 8/1/05 7:18 AM
From HandyAndy - 8/1/05 7:12 AM
OK in answer to my own question, yes you can use the default instance of SQL
Susan is correct about Number 1, it is wrong, just ignore Number 1 alltogether.
But you should not need the reg hacks if you follow wgoldberry's suggestion of using http://ServerName:8530 you will find the machines start showing up, although it may take a few hours for them all to show up. If you don't see any of them showing up make sure you didn't HA them and type in 8350 like I did the fisrt time :>)
From wgoldsberry - 6/17/05 6:00 PM
I've had success w/ SBS implementations of WSUS by adding ":8530" to the string value in the Group Policy setting "Specify intranet Microsoft update service location" (example string: http://MyServer01:8530).
Also you can check the setting in the following registry values:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer
From bitzie - 5/4/05 1:05 AM
These instructions are totally wrong for SBS... if you do this you actually 'deny' access to the WSUS site on the server.
I also found that I had to registry edit a group name to each workstation before it would be picked up by the server.
Are you planning to give better instructions than this ...because these are either backwards or wrong?
From HandyAndy - 12/4/04 5:32 AM
Does it need to be MSDE ot in the case of SBS Premium could it be a SQL instance?
Thankx, New to SQL issues
Last Modified 9/17/05 12:16 PM
Problem installing on a SBS 2003 std.. Sorry my comments got on the wrong page
You find my problems on this page(can somebody succesfully move them?)
http://www.wsuswiki.com/JustRegistered