Using SCCM & WSUS on a disconnected network

[monsouj]

I have SCCM 2012 SP1 & WSUS 3.0 SP2 installed on a server that is disconnected from the Internet. I have another server with WSUS

3.0 SP2 installed that is connected to the Internet that I want to use to export updates to the disconnected WSUS. I have applied

KB2734608 to both, rebooted, and ensured both are using the same language settings and using express file installation, I followed

technet article: http://technet.microsoft.com/en-us/library/dd939873(WS.10).aspx. I used wsusutil to export metadata from the

connected WSUS, copied the WSUS folder and metadata to a removable drive, copied the WSUS folder and metadata to the disconnected

server, and imported the metadata with wsusutil. I waited the 4 hours the technet article said it would take for the database to

update; however, the disconnected WSUS is not showing the updates.

In WSUS Help/About Microsoft Management Console the version is 3.0 SP1 version 3.2.7600.226, in the WSUS console under Connection

the server version is 3.2.7600.256, and in the Control Panel/Programs and Features it shows WSUS 3.0 SP2 version 3.2.7600.226. This is the same for both servers. How can it be 3 different versions displayed in 3 different places?

 

Furthermore, SCCM is leveraging WSUS to sync with Microsoft Update and producing errors.

 

Is this type of SCCM setup possible? If so, what am I doing wrong or need to do differently to get this to work?

[monsouj]

I found one mistake I had the SUP syncing to Microsoft Update rather than the manual update syncing selection, I fixed that.

 

I was not clear in saying "the disconnected WSUS is not showing the updates". After the import the available updates are

populated, but the updates that were approved and downloaded on the connected WSUS are not showing as approved on the disconnected WSUS, WSUS says "this update cannot be approved for installation because its Microsoft Software License Terms are still downloading. From the Main WSUS console window (disconnected) under Download Status is shows Updates needing files: 1 and Downloaded 3.86 MB of 11.49 MB. These have been stuck at this point and I don't understand, how could it have downloaded 3.86 MB it isn't connected to the Internet? If it's populating from the Database it has been much longer than 4 hours.

[jorlando]

I also have two SCCM enviroments. One that has internet access and a 2nd that is completely offline. Couple of questions. How big is the cab file that is created with the export of the metadata? If its 0k this is a known issue and you need to export less content to resolve or try this: http://support.microsoft.com/kb/2828185 or http://support.microsoft.com/kb/2819484

 

I would also recommend installing kb2720211 on both WSUS servers.

 

One more thing... not only do you need to import/export the metadata but you need to copy all the content too!! Copy over the entire WSUS\WsusContent folder first!!!

[monsouj]

jolando,

 

The cab file is 20 MB. I did copy the whole WSUS folder before importing the metadata. I will try KB2720211 but I was under the impression it was included in KB2734608. I will also checkout the 2 links you provided. I will post an update after trying your suggestions.

 

Thank you

[jorlando]

Those two KB's are if your cab file is coming out at 0k. Does not sound like the problem. Also an FYI you can have the wsutil create a log for you here is what I use:

 

"c:\program files\update services\tools\wsusutil.exe" export d:\WSUSBackups\backup.cab d:\WSUSBackups\backup.log

 

I have honestly not found the log very useful but it may help shed some light on your issue.

 

James

[monsouj]

I uninstalled WSUS on disconnected server, reinstalled WSUS, applied KB2720211, KB2734608, and KB2828185, set the language and express file installation settings, copied WSUS folder, and imported metadata. The database updated in 5 minutes and synced with SCCM, I am now able to deploy the imported updates. Don't know why it worked this time, I didn't do anything different than the last time.....?

[jorlando]

Might have been KB2720211

[arvin]

hi Guys,

 

Please help.

 

I have two server A and B.

A : Standalone Primary Site, Installed with SCCM 2012 SP1 CU1 + SQL 2008 R2 SP2 + WSUS 3.0 SP2 console only and all necessary updates

B: Site system server, installed with WSUS 3.0 SP2 and all necessary updates.

B server is configured with the "Software update Point" role. A isn't.

B server is configured through SCCM to sync with Microsoft Update and store it locally.

B server had synchronized successfully with Microsoft and all updates appeared on Server A under "Software Library"

Step 1 from this guide suggested to also install SUP on the primary server. "Note: Repeat the above on the Primary server P01."

I am planning to manage all Microsoft Updates through SCCM.

Do I need to install SUP on my SCCM server (Server A), in order to deploy Microsoft Updates to all clients?

If not, will they (server A and B sync automatically?

When I try to create software deployment package, it's asking me about the "Package Source", "source location for software updates"

Should I point the source to \\WSUS\WSUSContent instead of downloading it again from the Internet? or?

I will continue to read other posts, perhaps there are answers somewhere out there.

Thanks in advance.

Update: From Microsoft Site: Configuring Software Updates in Configuration Manager

- The software update point is required on the central administration site and on the primary sites in order to enable software updates compliance assessment and to deploy software updates to clients. The software update point is optional on secondary sites. The software update point site system role must be created on a server that has WSUS installed.

- Starting with Configuration Manager SP1, you have the option to synchronize software updates from a WSUS server that is not in your Configuration Manager hierarchy.

- Sarting with Configuration Manager SP1, you have the option to add multiple software update points at a site.

[jorlando]

Sounds like you dont have any products or classifications selected.

 

Launch the SCCM 2012 Console. Check Administration > Site Configuration > Sites and Right Click the Primary Site. Choose Configure Site Componenets > Software Update Point and check settings here.

 

Upload the WCM.log and Wysncmgr.log if this is not the resolution.

[arvin]

Thanks for answering.

 

Answer to my own question. No, there's no need to install SUP on my primary server for updates to populate to SCCM.

 

 

Update:

This question was too stupid to answer. Of course all updates needs to be downloaded by my server B before server A can grab the files and package it.

All good now.