BzowK Posted July 15, 2016 Report post Posted July 15, 2016 Hey Guys - I have one more issue currently that I need advice on, please. When SCCM was first introduced and clients deployed in our environment, there was a single server local to the primary which had the SUP role & WSUS installed. We soon realized that shortly after client deployments to remote sites that them simply evaluating updates needed against the remote (to them) WSUS server caused havoc with WAN bandwidth. Since then, I have installed & configured the SUP role / WSUS at both secondary sites which many clients are local to and are in the same boundaries with. They were automatically configured to be upsteam to the WSUS local to the primary. I've also verified in the console + log files that synchronization between the primary and secondaries from a software updates perspective is green across the board. When checking WindowsUpdate.log on many clients, though, all remote ones I've checked are still pointing to the SUP local to the primary - not their local one on the secondary. I also checked local policy on these clients and it shows the same is configured and no GPOs currently exist that set WSUS settings. I was under the impression that SUP / WSUS server would be assigned based on the boundary each client is in then default back to the primary's if none existing. Is this not correct? The new SUPs were added 2-3 days ago and I have forced all policies on selected clients with no change. We are running SCCM 2012 R2 SP1 CU3 on Windows Server 2012 R2 What am I missing? Thanks! Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted July 15, 2016 Report post Posted July 15, 2016 The clients won't switch automatically to a different SUP, not even with a secondary site. Only during the initial configuration of the client, the client will pick the local SUP. After that moment the client will only switch after, I thought, 4 scan failures. Quote Share this post Link to post Share on other sites More sharing options...
BzowK Posted July 19, 2016 Report post Posted July 19, 2016 Thanks for the reply - Well, since the clients are basically setting local policy with the address of the WSUS / SUP server; what if I were to just deploy a group policy to overwrite that with the local WSUS / SUP server which they should be using? If not, know of a script which could be deployed to change this client setting? Thanks Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted July 19, 2016 Report post Posted July 19, 2016 A GPO will only introduce more problems in this case, as there will be a difference between the GPO and the local policy. You could look at prevent access to the other SUPs to trigger the switch. Quote Share this post Link to post Share on other sites More sharing options...
BzowK Posted July 19, 2016 Report post Posted July 19, 2016 Thanks - I added the IP Restrictions feature to the original SUP / WSUS and blocked everything except the local subnets then verified it was working by having techs at remote sites go to the SUP server's IP:8530 in IE to see if they got a blank screen or nothing. It seemingly worked. I took 3 remote clients and forced a updates scan on them. They failed to connect to the primary SUP - but - then didn't try to search for / use one of the secondary SUPs. Instead, they threw "Scan failed with error = 0x80244018" I got this same result in all remote systems I tested. Any suggestions? Thanks Quote Share this post Link to post Share on other sites More sharing options...
Alloush Posted October 10, 2016 Report post Posted October 10, 2016 Hi BzowK, Have you managed to force clients in Secondary sites to talk to SUPs in these Secondary sites? I have the same issue, where all clients in secondary sites are still pointed to the SUP in the Primary site. Best Regards, Alloush Quote Share this post Link to post Share on other sites More sharing options...
