I need advice how should I proceed to configure the following environment:
There is existing WSUS-1 server which is pushing updates to around 500 computers.
It's completely controlled by group policy and running without any issues.
We have SCCM 2012 SP1 configured with Software Update Point.
There is a second WSUS-2 installed on SCCM site server which was used only to test deployments to Test OU, this Organizational Unit was not controlled by Group Policy on Domain Controller, same Group Policy which is pushing updates on WSUS-1.
Lately I tried to include more machines in Test OU to continue testing this demo environment, eventually idea is to completely switch from old WSUS-1 ( independent ) to start running deployments with SCCM and Software Update Point configured with WSUS-2.
Somehow machines added to Test OU are not reporting anymore to WSUS-2, I've tried any possible settings:
Specify Microsoft Intranet Location - Local Group Policy on SCCM to point to WSUS-2.
Registry settings to point to WSUS-2.
Run manual client authorization detection in command prompt (on client )
Even disable (unprovision ) WSUS-1
Deploy update group with SCCM
Still we are seeing in log files Group Policy conflict coming from WSUS-1, actually Group Policy on Domain Controller precedes Local Group Policy.
Which settings should I look for... this was working at some instance on 2 computers in Test OU which was not controlled by GP on Domain Controller.
Sys Admin which installed WSUS-1 and linked Group Policies didn't make any changes.
I am aware that having 2 WSUS servers in this kind of environment is not recommended by Microsoft. We are talking about 500 computers, not cross forest domains with thousands or dozens of thousands machines in which case primary and secondary WSUS would make sense.
But I don't want to uninstall WSUS-1 yet until WSUS-2 starts syncing clients and SCCM pushing updates successfully.
Should I disregard WSUS-2 and point to WSUS-1 from SCCM as Group Policy is completely controlling this server (WSUS -1 )?
Or should I uninstall WSUS-1 and point to WSUS-2 on SCCM site server, but still there would be probably hidden Group Policy settings preventing WSUS-2 to start syncing with clients, configured with Software Update Point on SCCM to deploy updates.
What would be the best practices? Which GP settings should I check? What's mostly causing conflicts between local and domain group policy in this kind of setup?
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Hello,
I need advice how should I proceed to configure the following environment:
There is existing WSUS-1 server which is pushing updates to around 500 computers.
It's completely controlled by group policy and running without any issues.
We have SCCM 2012 SP1 configured with Software Update Point.
There is a second WSUS-2 installed on SCCM site server which was used only to test deployments to Test OU, this Organizational Unit was not controlled by Group Policy on Domain Controller, same Group Policy which is pushing updates on WSUS-1.
Lately I tried to include more machines in Test OU to continue testing this demo environment, eventually idea is to completely switch from old WSUS-1 ( independent ) to start running deployments with SCCM and Software Update Point configured with WSUS-2.
Somehow machines added to Test OU are not reporting anymore to WSUS-2, I've tried any possible settings:
Specify Microsoft Intranet Location - Local Group Policy on SCCM to point to WSUS-2.
Registry settings to point to WSUS-2.
Run manual client authorization detection in command prompt (on client )
Even disable (unprovision ) WSUS-1
Deploy update group with SCCM
Still we are seeing in log files Group Policy conflict coming from WSUS-1, actually Group Policy on Domain Controller precedes Local Group Policy.
Which settings should I look for... this was working at some instance on 2 computers in Test OU which was not controlled by GP on Domain Controller.
Sys Admin which installed WSUS-1 and linked Group Policies didn't make any changes.
I am aware that having 2 WSUS servers in this kind of environment is not recommended by Microsoft. We are talking about 500 computers, not cross forest domains with thousands or dozens of thousands machines in which case primary and secondary WSUS would make sense.
But I don't want to uninstall WSUS-1 yet until WSUS-2 starts syncing clients and SCCM pushing updates successfully.
Should I disregard WSUS-2 and point to WSUS-1 from SCCM as Group Policy is completely controlling this server (WSUS -1 )?
Or should I uninstall WSUS-1 and point to WSUS-2 on SCCM site server, but still there would be probably hidden Group Policy settings preventing WSUS-2 to start syncing with clients, configured with Software Update Point on SCCM to deploy updates.
What would be the best practices? Which GP settings should I check? What's mostly causing conflicts between local and domain group policy in this kind of setup?
WSUS 3.0 SP2 version on both servers running.
Thank you
Blaf
Share this post
Link to post
Share on other sites