For more information on Patch Manager, visit: http://www.solarwinds.com/patch-manager.aspx
This two-part presentation will cover how to do WSUS Deployment on Windows Server 2008.
Part 1 – General considerations:
• Documentation review
• General considerations for deployment
• Local database vs Remote database
• Installation prerequisites
Part 2 – Installation:
• Installation on connected server
• Installation on disconnected server
• Migrating existing WSUS server
• Upgrade existing WSUS server
Ensuring Technical Readiness For Copilot in Microsoft 365
WSUS Deployment on Windows Server 2008
1. Author
Lawrence Garvin, WSUS MVP
WSUS Deployment on
Windows Server® 2008
2. Agenda
Part 1 – General considerations
» Documentation review
» General considerations for deployment
» Local database vs Remote database
» Installation prerequisites
Part 2 – Installation
» Installation on connected server
» Installation on disconnected server
» Migrating existing WSUS server
» Upgrade existing WSUS server
3. Agenda – Part 1
Part 1 – General considerations
» Documentation review
» Windows® vs SQL Server® Express
» Local vs Remote database
» Installation prerequisites
5. General Considerations
Windows Internal Database vs SQL Server Express Edition
SQL Express limited to 1 CPU
SQL Express limited to 1GB RAM
SQL 2005 Express limited to 4GB database size
SQL 2008 R2 Express limited to 10GB database size
Windows Internal Database not limited at all ! ! !
6. General Considerations
Considerations for using a remote database server
Enterprise database server with DBA already exists
Single-server deployment for more than 3,000 clients
Front-end will run on shared web server
Front-end will run as a Virtual Machine
Requires SQL Server license
Requires SQL Server CALs for every client system
7. General Considerations
Requirements for remote database server
Database Server cannot be Domain Controller
Web server cannot be running Terminal Services
(AppMode)
Database Server must support Windows Authentication
Database Server must have Nested Triggers option
enabled
Database Server and Web Server must be member of
the same domain, or a cross-domain trust must be
established
Account used to install WSUS must have access to
Master database on remote database server to create
SUSDB database
8. General Considerations
Installation prerequisites for Windows Server 2008
.NET Framework is already installed
DO NOT INSTALL .NET Framework v4.0 on a WSUS
Server!!!
Report Viewer 2008 SP1 Redistributable
Internet Information Services v7
9. General Considerations
Internet Information Services v7
Application Server Role is NOT required
Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)
12. General Considerations
Internet Information Services v7
Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)
14. General Considerations
Internet Information Services v7
Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)
18. General Considerations
Internet Information Services v7
Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)
20. General Considerations
Internet Information Services v7
Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)
23. Agenda – Part 2
Part 2 – Installation
» Installation on disconnected server
» Installation on connected server
» Migrating existing WSUS server
» Upgrade existing WSUS server
24. Installation Services
Disconnected – Standalone Installer
Server does not have Internet access
Network does not have Internet connection
Download standalone installer from Microsoft
» WSUS30-KB972455-x64.exe (Win2008R2)
» WSUS30-KB972455-x32.exe (Win2008SP2)
» http://go.microsoft.com/fwlink/?LinkId=161140
Standalone installer will install WSUS as a Role
Web Server role service “Dynamic Content Compression” should be
enabled prior to installing WSUS from standalone installer
26. Installation Scenarios
Connected – Server Manager Role
Available Internet connection or local WSUS Server
If WSUS Server is being used, the WSUS 3 SP2
Dynamic Installer (KB972493) must be Approved for
Installation for the target group in which the Windows
Server 2008 server is a member.
Downloads installer package from WSUS or Microsoft
Update, depending on how Windows Update Agent is
configured.
IIS7 must be pre-installed from Server Manager
45. Migration
Step 1: Install new server as replica of live server.
Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
Step 3: Verify all synchronization activity and file
downloads are completed.
Step 4: Reconfigure new server as upstream.
Step 5: Synchronize with Microsoft.
Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.
48. Migration
Step 1: Install new server as replica of live server.
Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
Step 3: Verify all synchronization activity and file
downloads are completed.
Step 4: Reconfigure new server as upstream.
Step 5: Synchronize with Microsoft.
Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.
50. Migration
Step 1: Install new server as replica of live server.
Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
Step 3: Verify all synchronization activity and file
downloads are completed.
Step 4: Reconfigure new server as upstream.
Step 5: Synchronize with Microsoft.
Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.
54. Migration
Step 1: Install new server as replica of live server.
Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
Step 3: Verify all synchronization activity and file
downloads are completed.
Step 4: Reconfigure new server as upstream.
Step 5: Synchronize with Microsoft.
Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.
56. Migration
Step 1: Install new server as replica of live server.
Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
Step 3: Verify all synchronization activity and file
downloads are completed.
Step 4: Reconfigure new server as upstream.
Step 5: Synchronize with Microsoft.
Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.
58. Migration
Step 1: Install new server as replica of live server.
Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
Step 3: Verify all synchronization activity and file
downloads are completed.
Step 4: Reconfigure new server as upstream.
Step 5: Synchronize with Microsoft.
Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.
59. Migration
Client-side targeting
Reconfigure Group Policy to point to new server.
Clients will automatically register with the new
server in their correct groups
60. Migration
Server-side targeting
Migrate computers from original server to new
server using the free WSUS Computer Migrator
tool
• https://www.eminentware.com/cs2008/media/p/430.aspx
Reconfigure Group Policy to point to new server
61. Upgrade In-Place
The OS upgrade does work!
32-bit upgrade only
» Win2003SP2 to Win2008SP2
Win2008SP2 installs IIS7 with ALL Role Services!
» This may be problematic; whether WSUS has actually been
tested with ALL role services installed is unknown.
» So, while the upgrade is successful, it is indeterminate whether
the WSUS Server will continue to function at full capacity and
functionality.
» TESTING is highly recommended prior to upgrading a
Production server.
Did not test Win2003 x64 to Win2008 R2 upgrade.
62. Helpful Resources
Did you know you can extend WSUS to update
3rd party applications & report on patch
compliance with SolarWinds Patch Manager
Watch Video Test Drive Live Demo
Ask Our Community Download 30-day Free Trial
Click any of the links above
- Slide 62 -
63. Author: Lawrence Garvin, WSUS MVP
Thank You!
Feedback or questions
lawrence.garvin@solarwinds.com