Before proceeding with Software Update Point role, first we need to install to install WSUS.
In this guide, I am installing WSUS on same box where SCCM Server is installed. If you are planning to install WSUS on different server then make sure to install the WSUS administration console on the SCCM primary site server.
Installing WSUS (Windows Server Update Services)
Software Update Point role installation role installation is a step to be perform on SCCM Console. However, before proceeding with this step, we need to make sure to have WSUS installed. WSUS can be installed through Server Manager’s Server Roles. Launch Server Manager and click on “Add Roles and Features“
Under “Server Roles“, check the box “Windows Server Update Services” and click Next.
With the selection of WSUS role, this will select all required Features as shown in below image. Click Next to continue.
Under “Roles Services“, uncheck “WID Connectivity” and make sure “WSUS Services” & “SQL Server Connectivity” is selected. We can go with the selection of WID also, however hosting WSUS database on SQL Server has its own advantage.
In Next page, specify the WSUS Content location, here I have created a directory and I am specifying d:\WSUSContent as the location
Under “DB Instance”, we are connecting to an existing SQL server database. SCCM Database has been installed on SCCM01 with Instance Name as InstanceSCCM, I am specifying the database server as SCCM01\InstanceSCCM. Click on check connection to verify the connectivity.
Under “Confirmation” page, click on Install to initiate the installation process of WSUS.
Once installation is completed, Server Manager will show “Configuration required for Windows Server Update Services at SCCM01“
Once you click on the warning, make sure to cancel the WSUS configuration wizard as we are going to configure this using SCCM Server. You just need to make sure that WSUS console is launching. If we are unable to launch WSUS console successfully, then SCCM will not be able to communicate with WSUS.
Launch SCCM Console, navigate to Administration \ Overview \ Site Configuration \ Servers and Site System Roles. Right click SCCM Server and select “Add Site System roles“
Under “System Role Selection“, check the box “Software Update Point“.
Under WSUS Configuration, select WSUS is configured to use ports 8530 and 8531 for client communications
Under “Synchronization Source”, select “Synchronize from Microsoft Update” and click Next.
Under “Synchronization Schedule”, check the box “Enable Synchronization on a schedule”. Lets continue with default Simple Schedule as 7 days.
Under “Classifications”, specify Critical Updates, Definition Updates, Security Updates, Service Packs, Update Rollups, Updates, Upgrades
Under “Products“, select “Windows 7”. You won’t be able to see Windows 10 and other new products. Once first synchronization is completed, it will pull metadata for all available products.
Under Languages, uncheck all other languages except “English”, as selecting multiple languages will download metadata and patches for all different languages as well.
Under “Completion” page, click on Finish to start the SUP role installation.
Installation of SUP role can be monitored through SUPSetup.log
Once Software Update Point Role installation is completed successfully, navigate to Software Library \ Overview \ Software Updates \ All Software Updates. Under ribbon, select “Synchronize Software Updates” and click yes under “Run Synchronization” window.
Verify the logs
Verify WCM.log for checking the successful connectivity between SCCM & WSUS Server. If you can see WSUS_CONFIG_SUCCESS with further update as “Successfully connected to local WSUS Server“.
Launch wsyncmgr.log to verify connectivity status (6701 & 6704 means success) and further synchronization. There are 2 steps of Synchronization: (1) WSUS Synchronization with Microsoft Update with (2) subsequent Synchronization of WSUS Database with SCCM Database.
As you can see now, Synchronization of WSUS with Microsoft is completed. 2nd synchronization has started with SCCM database.
Once completed, you can verify the completion notice.