Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows Server 2012 R2 / How to Install & Configure WSUS on Windows Server 2012 R2 / 2016?

March 5, 2019 Windows Server 2012 R2Windows Server 2016

How to Install & Configure WSUS on Windows Server 2012 R2 / 2016?

Windows Server Update Services (WSUS) is an update service that allows administrators to manage patches and security updates for Microsoft products centrally (Windows, Office, SQL Server, Exchange, etc.) on computers and servers on the corporate network. Briefly recall how the WSUS works. The WSUS server is scheduled to synchronize with the Microsoft Update servers on the Internet and download the latest updates for selected products. The WSUS administrator selects which updates must be installed on the workstations and servers of the company. WSUS clients download and install the required updates from the corporate update server according to the configured policies. Your own WSUS update server allows you to save Internet traffic and manage the update installation in the company more flexibly.

Microsoft also offers other systems of update installation for their products, such as SCCM (System Center Configuration Manager). However, unlike many other products, the WSUS server is completely free (in fact, the update software in SCCM – SUP, Software Update Point, is also based on WSUS).

Before the release of Windows Server 2012, the latest version of Microsoft Update server was Windows Server Update Services 3.0 SP2 – WSUS 3.2, which doesn’t support modern operating systems (like Windows 10 and Windows Server 2012 R2/ 2016). Along with the release of the new server platform, Microsoft presented a new version of WSUS 6.0 (which is strange, because, logically, this version should be named WSUS 4.0…). 

There is nothing principally new in the new WSUS version in Windows Server 2012 R2/ 2016. Note that now the WSUS installation package cannot be downloaded separately from the Microsoft website, it is integrated into the Windows Server distribution and being installed as a separate server role. In addition, WSUS 6.0 introduced the ability to manage the installation of updates using PowerShell.

In this article, we will cover the basic issues of the WSUS role installation and configuration on Windows Server 2012 R2 / Windows Server 2016.

Contents:
  • How to Install the WSUS Role on Windows Server 2012 R2 / 2016?
  • Basic WSUS Configuration on Windows Server 2012 R2 / 2016

How to Install the WSUS Role on Windows Server 2012 R2 / 2016?

In Windows Server 2008, the WSUS was allocated to a separate role that can be installed through the Server Management console. In Windows Server 2012 R2 / 2016, this has not been changed. Open the Server Management console and select the role of Windows Server Update Services (the system will automatically select and offer to install the necessary components of the IIS web server).

install wsus role on windows 2012 server

Check the option WSUS Services, then you need to select the type of the database that the WSUS will use.

WSUS on Windows Server 2012 supports the following databases:

  • Windows Internal Database (WID);
  • Microsoft SQL Server 2008 R2 SP1, 2012, 2014, 2016 in the Enterprise / Standard / Express Editions.

Accordingly, you can use the Windows Internal Database WID (Windows Internal database), which is free and doesn’t require additional licensing. Or you can use a dedicated local or remote SQL Server database (on a different server) to store WSUS data.

The default WID base is called SUSDB.mdf and is stored in the folder %windir%\wid\data. This database supports only Windows authentication (not SQL). The internal (WID) database instance for WSUS is called server_name\Microsoft##WID. The WSUS database stores the update server settings, update metadata, and the WSUS client information.

The internal database (Windows Internal Database) is recommended if:

  • Your organization doesn’t have and doesn’t plan to purchase licenses for SQL Server;
  • It is not planned to use a WSUS load balancing (NLB WSUS);
  • If you plan to deploy a child WSUS server (for example, in branch offices). In this case it is recommended to use the built-in WSUS database on the secondary servers.

The WSUS WID database can be administered through SQL Server Management Studio (SSMS), if you specify in the following connection string: \\.\pipe\MICROSOFT##WID\tsql\query.

Note that in the free editions of SQL Server 2008/2012 Express there is a limit on the maximum database size – 10 GB. Most likely, this limit will not be reached (for example, the size of the WSUS database for 3000 clients is about 3 GB). The Windows Internal Database is limited to 524 GB.

If you install the WSUS role and the MS SQL database on different servers, there are some limitations:

  • SQL Server with a WSUS database cannot be a domain controller;
  • A WSUS server cannot be Remote Desktop Services Host at the same time.

If you plan to use the WID built-in database (it is quite recommended and workable option even for large infrastructures), check the Database option.

install wsus service

Then you need to specify the directory to store the updates (it is recommended there would be at least 10 GB of free space on the selected disk).

The size of the WSUS database is highly dependent on the number of products and the Windows OS version that you plan to update. In a large organization, the size of update files on a WSUS server can reach hundreds GB. For example, my WSUS directory size is about 400 GB (updates for Windows 7, 8.1, 10, Windows Server 2008 R2, 2012 / R2/ 2016, Exchange 2013, Office 2010 and 2016, SQL Server 2008/2012/2016 are stored). Keep this in mind when planning the storage space for your WSUS files.

folder for windows updates store

If you have previously chosen to use a separate SQL database, you must specify the name of the database server, DB Instance and check the connection.

wsus db instance

Then the WSUS role with all necessary components will be installed. When the installation is over, run the WSUS Management Console in Server Manager.

WSUS Management Console in Server Manager

You can also install a WSUS server with an internal database using the following PowerShell command:

Install-WindowsFeature -Name Updateservices,UpdateServices-WidDB,UpdateServices-services –IncludeManagementTools

Basic WSUS Configuration on Windows Server 2012 R2 / 2016

When you first start the WSUS console, the Update Server Configuration Wizard will automatically start. Let’s consider the basic steps for configuring a WSUS server using a wizard.

Specify whether the WSUS server takes updates from Microsoft Update website directly or it should download it from the upstream WSUS server. The second option is usually used in large networks to configure WSUS server of a large regional division, that receives updates from the WSUS in a central office (this configuration significantly reduces the load on the WAN channels between the HQ and the branch office).

wsus upstream server

If your WSUS server itself must download updates from Windows Update servers, and you access the Internet through a proxy server, you must specify the proxy server address, port, and the credentials to access it.

proxy server settings for upstream connection

Next, the connection with the upstream update server is checked. Click Start Connecting.

Start Connecting upstream wsus server

Then you need to select the languages for which WSUS will download updates. We select English (the list of the languages can further be changed from the WSUS console).

select wsus languages

Then specify the list of products for which the WSUS should download updates. You must select all Microsoft products that are used in your corporate network. Keep in mind that all additional updates take up disk space, so the extra products should not be checked. If you are sure that there are no computers running Windows XP or Windows 7 on your network, don’t select the check boxes for these OS. This will significantly save space on the WSUS server drive.

If necessary, you can manually import any updates from the Microsoft Update Catalog to your WSUS server.

Specify products which you want update

On the Classification Page, specify the types of updates to be distributed via WSUS. It is recommended to select: Critical Updates, Definition Updates, Security Packs, Service Packs, Update Rollups, Updates.

wsus update classifications

The Windows 10 build upgrades (1709, 1803, 1809, etc.) in the WSUS console are included in the Upgrades class.

Next, you should specify an update synchronization schedule – it is recommended to use the automatic daily synchronization of the WSUS server with Microsoft Update server. The WSUS synchronization should be performed at night, in order not to overload the Internet channel during business hours.

wsus synchronization schedule

The initial synchronization of the WSUS server with the upstream update server may take several days, depending on the number of products you chose earlier and your ISP.

After the wizard is done, the WSUS console is launched.

Update Service console

In order to improve the performance of the WSUS Server on Windows Server, it is recommended to exclude the following folders from the anti-virus scan:

  • \WSUS\WSUSContent;
  • %windir%\wid\data;
  • \SoftwareDistribution\Download.

Clients can now receive updates by connecting to the WSUS server on port 8530 (in Windows Server 2003 and 2008, port 80 is used by default). With a large number of computers (over 1000), the performance of the IIS WsusPoll pool, which distributes client updates, can be configured according to the article.

To view different update reports in the WSUS console, you must install the optional Microsoft Report Viewer 2008 SP1 Redistributable (or higher) components on your server.

In other articles, we will take a look on how to further configure the WSUS server on Windows Server 2012 R2 / 2016: configure WSUS client settings using Group Policies, how to approve new updates, and copy approved updates between WSUS target groups.

Stay tuned!

0 comment
0
Facebook Twitter Google + Pinterest
previous post
Windows 10 Upgrade Error: Windows Might be Installed in Unsupported Directory
next post
Using Mandatory (Read-Only) User Profiles in Windows 10

Related Reading

How to Configure and Connect an iSCSI Disk...

January 26, 2021

Preparing Windows for Adobe Flash End of Life...

January 22, 2021

How to Disable/Remove Thumbs.db File on Network Folders...

January 21, 2021

USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

January 15, 2021

Updating the PowerShell Version on Windows

December 24, 2020

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Configure and Connect an iSCSI Disk on Windows Server?

    January 26, 2021
  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    January 22, 2021
  • Checking User Logon History in Active Directory Domain with PowerShell

    January 22, 2021
  • How to Disable/Remove Thumbs.db File on Network Folders in Windows?

    January 21, 2021
  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • Licensing Mode for Remote Desktop Session Host is not Configured
  • Configuring Port Forwarding on Windows
  • Updating List of Trusted Root Certificates in Windows 10/8.1/7
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Installing SFTP (SSH FTP) Server on Windows with OpenSSH
  • How to Install .NET Framework 3.5 on Windows Server 2012 R2
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top