Posted on September 9, 2014 · Posted in Windows Server 2012

Installing & Configuring WSUS on Windows Server 2012

Windows Server Update Services (WSUS) is a server of updates for the operating systems and other Microsoft products that allows administrators to centrally manage patches and updates on corporate network computers. Briefly recall how the WSUS works: the WSUS server is synchronized with Microsoft Update Server on a schedule and downloads the latest updates for selected products. WSUS administrator selects which updates must be installed on the workstations and servers of the company, that download and install the required updates from the corporate WSUS server according to the configured policies. Using your own WSUS update server allows to save Internet traffic and manage the update installation in the company more flexibly.

Microsoft also offers other means of update installation to their products, such as SCCM 2007/2012, however, unlike these products, a WSUS server is absolutely free.

Before the release of Windows Server 2012 latest version of Microsoft Update server has been Windows Server Update Services 3.0 SP2 – WSUS 3.2. Along with the release of the new server platform, Microsoft presented a new version of WSUS 6.0 (which is weird, because logically it should bear the name WSUS 4.0…).

There is nothing principally new in the new WSUS version in Windows Server 2012. Note that now the WSUS installation package cannot be downloaded separately from the Microsoft website, it is integrated into the Windows Server distribution as a separate role. In addition, WSUS 6.0 allows managing the installation of updates via Powershell.

In this article, we will cover the basic issues of the WSUS installation and configuration on Windows Server 2012.

How to Install the WSUS Role on Windows Server 2012

In Windows Server 2008, the WSUS service has already become a separate role that you can install through the Server Management console. In Windows Server 2012, this has not been changed. Open the Server Management console and select the role of Windows Server Update Services (the system will automatically install the necessary components of IIS).

install wsus role on windows 2012 server

Check the option WSUS Services, then you should choose the type of the database that the WSUS will use.

Note. WSUS on Windows Server 2012 supports the following databases

  • Windows Internal Database (WID)
  • Microsoft SQL Server 2008 R2 SP1 Enterprise / Standard / Express Edition
  • Microsoft SQL Server 2012 Enterprise / Standard / Express Edition

Installation options:

  • WID (Windows Internal database) is an integrated Windows database
  • Database – a local or external database in the SQL server will be used for WSUS

The default WID base is called SUSDB.mdf and stored in windir%\wid\data\. This database supports only Windows authentication (but not SQL). The name of the WSUS database instance is server_name\Microsoft##WID.

The internal database (Windows Internal Database) is recommended if:

  1. The company does not have and is not going to buy the SQL Server licenses.
  2. It is not planned to use a WSUS load balancing (NLB WSUS).
  3. If you plan to deploy a number of WSUS (e.g., in branches). In this case it is recommended to use the integrated WSUS database in the secondary servers.

A WID base can not be administered using standard graphics consoles or management tools (only CLI).

Tip. Note that in SQL Server 2008/2012 Express, there is a limitation on the size of the database –10 GB. Most likely, this restriction will not be exceeded (for example, the size of the WSUS database for 2000 clients is about 3 GB). The limitation of Windows Internal Database is 524 GB.

If you install a WSUS role and a database server on different servers, there are some limitations:

  • A WSUS database server cannot be a domain controller
  • A WSUS server cannot be Remote Desktop Services Host at the same time

install wsus service

Then you need to specify the directory to store the updates (it is recommended that the selected disk has at least 10 GB of free space). folder for windows updates store

If you have previously chosen to use a separate SQL database, you have to specify the name of the database server, DB Instance and check the connection.

wsus db instance

Then the WSUS role with all necessary components will be installed. When the installation is over, run the WSUS Management Console in Server Manager.

WSUS Management Console in Server Manager

Basic Configuration of the WSUS Update Server in Windows Server 2012

When you first start the WSUS console, the setup wizard of the update server starts automatically. Let’s consider the main points of the configuration.

Specify whether the WSUS server takes updates from Microsoft Update directly or from the parent WSUS server (usually used in large networks to configure WSUS server of a large regional division, that takes updates from the WSUS in a central office which significantly reduces the load on the communications bandwidth between the central office and its branch).

wsus upstream server

If you access the Internet through a proxy server, specify the parameters and user name/password to log in to it.

proxy server settings for upstream connection

Then it checks the connection with the upstream update server. Click Start Connecting.

Start Connecting upstream wsus server

Then you have to choose the language ​for which the WSUS is going to download updates. We select English (the list of the languages can further be changed from the WSUS console).

select wsus languages

Then specify the list of products for which the WSUS should download updates. You have to select all Microsoft products used in your corporate network. Keep in mind that all updates take up additional disk space, so the extra products should not be checked.

Specify products which you want update

On the Classification Page, specify the types of updates to be distributed via WSUS. It is recommended to select: Critical Updates, Definition Updates, Security Packs, Service Packs, Update Rollups, and Updates.

WSUS  updates classifications

Next, you should specify an update synchronization schedule – it is recommended to use the automatic daily synchronization of the WSUS server with Microsoft Update server.

wsus synchronization schedule

After the wizard is done, the WSUS console is launched.

Update Service console

To improve the performance of the WSUS Server on Windows Server 2012, it is recommended to exclude the following folders from the anti-virus scan:

  • \WSUS\WSUSContent
  • %windir%\wid\data
  • \SoftwareDistribution\Download

In the next article we will consider further configuration of the WSUS server on Windows Server 2012, and configure WSUS client settings using Group Policies.
Stay tuned!

Related Articles