For more information on Patch Manager, visit: http://www.solarwinds.com/patch-manager.aspx This two-part presentation will cover how to do WSUS Deployment on Windows Server 2008. Part 1 – General considerations: • Documentation review • General considerations for deployment • Local database vs Remote database • Installation prerequisites Part 2 – Installation: • Installation on connected server • Installation on disconnected server • Migrating existing WSUS server • Upgrade existing WSUS server

1. Author
Lawrence Garvin, WSUS MVP
WSUS Deployment on
Windows Server® 2008

2. Agenda
 Part 1 – General considerations
» Documentation review
» General considerations for deployment
» Local database vs Remote database
» Installation prerequisites
 Part 2 – Installation
» Installation on connected server
» Installation on disconnected server
» Migrating existing WSUS server
» Upgrade existing WSUS server

3. Agenda – Part 1
 Part 1 – General considerations
» Documentation review
» Windows® vs SQL Server® Express
» Local vs Remote database
» Installation prerequisites

4. General Considerations
 Documentation review
» http://go.microsoft.com/fwlink/?LinkId=71268
» http://go.microsoft.com/fwlink/?LinkId=139840
» http://go.microsoft.com/fwlink/?LinkId=71266
» http://go.microsoft.com/fwlink/?LinkId=71267
» http://go.microsoft.com/fwlink/?LinkId=79983
» http://go.microsoft.com/fwlink/?LinkId=139828
» http://technet.microsoft.com/en-
us/library/dd939796(WS.10).aspx

5. General Considerations
Windows Internal Database vs SQL Server Express Edition
 SQL Express limited to 1 CPU
 SQL Express limited to 1GB RAM
 SQL 2005 Express limited to 4GB database size
 SQL 2008 R2 Express limited to 10GB database size
 Windows Internal Database not limited at all ! ! !

6. General Considerations
Considerations for using a remote database server
 Enterprise database server with DBA already exists
 Single-server deployment for more than 3,000 clients
 Front-end will run on shared web server
 Front-end will run as a Virtual Machine
 Requires SQL Server license
 Requires SQL Server CALs for every client system

7. General Considerations
Requirements for remote database server
 Database Server cannot be Domain Controller
 Web server cannot be running Terminal Services
(AppMode)
 Database Server must support Windows Authentication
 Database Server must have Nested Triggers option
enabled
 Database Server and Web Server must be member of
the same domain, or a cross-domain trust must be
established
 Account used to install WSUS must have access to
Master database on remote database server to create
SUSDB database

8. General Considerations
Installation prerequisites for Windows Server 2008
 .NET Framework is already installed
 DO NOT INSTALL .NET Framework v4.0 on a WSUS
Server!!!
 Report Viewer 2008 SP1 Redistributable
 Internet Information Services v7

9. General Considerations
Internet Information Services v7
 Application Server Role is NOT required
 Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)

10. General Considerations
 Internet Information Services v7

11. General Considerations
 Internet Information Services v7

12. General Considerations
Internet Information Services v7
 Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)

13. General Considerations
 Internet Information Services v7

14. General Considerations
Internet Information Services v7
 Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)

15. General Considerations
 Internet Information Services v7

16. General Considerations
 Internet Information Services v7

17. General Considerations
 Internet Information Services v7

18. General Considerations
Internet Information Services v7
 Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)

19. General Considerations
 Internet Information Services v7

20. General Considerations
Internet Information Services v7
 Web Server Role with the following role services:
» Common HTTP Features (including Static Content)
» ASP.NET, ISAPI Extensions, and ISAPI Features (under
Application Development)
» Windows Authentication (under Security)
» IIS Metabase Compatibility (under Management Tools, expand
IIS 6 Management Compatibility)

21. General Considerations
 Internet Information Services v7

22. General Considerations
 Internet Information Services v7

23. Agenda – Part 2
 Part 2 – Installation
» Installation on disconnected server
» Installation on connected server
» Migrating existing WSUS server
» Upgrade existing WSUS server

24. Installation Services
Disconnected – Standalone Installer
 Server does not have Internet access
 Network does not have Internet connection
 Download standalone installer from Microsoft
» WSUS30-KB972455-x64.exe (Win2008R2)
» WSUS30-KB972455-x32.exe (Win2008SP2)
» http://go.microsoft.com/fwlink/?LinkId=161140
 Standalone installer will install WSUS as a Role
 Web Server role service “Dynamic Content Compression” should be
enabled prior to installing WSUS from standalone installer

25. Installation
 Disconnected – Standalone Installer

26. Installation Scenarios
Connected – Server Manager Role
 Available Internet connection or local WSUS Server
 If WSUS Server is being used, the WSUS 3 SP2
Dynamic Installer (KB972493) must be Approved for
Installation for the target group in which the Windows
Server 2008 server is a member.
 Downloads installer package from WSUS or Microsoft
Update, depending on how Windows Update Agent is
configured.
 IIS7 must be pre-installed from Server Manager

27. Installation
 Connected – Server Manager Role

28. Installation
 Connected – Server Manager Role

29. Installation
 Connected – Server Manager Role

30. Installation
 Connected – Server Manager Role

31. Installation
 Connected – Server Manager Role

32. Installation
 Connected – Server Manager Role

33. Installation
 Connected – Server Manager Role

34. Installation
 Connected – Server Manager Role

35. Installation
 Connected – Server Manager Role

36. Installation
 Connected – Server Manager Role

37. Installation
 Connected – Server Manager Role

38. Installation
 Connected – Server Manager Role

39. Installation
 Connected – Server Manager Role

40. Installation
 Connected – Server Manager Role

41. Installation
 Connected – Server Manager Role

42. Installation
 Connected – Server Manager Role

43. Installation
 Connected – Server Manager Role

44. Installation
 Connected – Server Manager Role

45. Migration
 Step 1: Install new server as replica of live server.
 Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
 Step 3: Verify all synchronization activity and file
downloads are completed.
 Step 4: Reconfigure new server as upstream.
 Step 5: Synchronize with Microsoft.
 Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.

46. Migration

47. Migration

48. Migration
 Step 1: Install new server as replica of live server.
 Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
 Step 3: Verify all synchronization activity and file
downloads are completed.
 Step 4: Reconfigure new server as upstream.
 Step 5: Synchronize with Microsoft.
 Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.

49. Migration

50. Migration
 Step 1: Install new server as replica of live server.
 Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
 Step 3: Verify all synchronization activity and file
downloads are completed.
 Step 4: Reconfigure new server as upstream.
 Step 5: Synchronize with Microsoft.
 Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.

51. Migration

52. Migration

53. Migration

54. Migration
 Step 1: Install new server as replica of live server.
 Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
 Step 3: Verify all synchronization activity and file
downloads are completed.
 Step 4: Reconfigure new server as upstream.
 Step 5: Synchronize with Microsoft.
 Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.

55. Migration

56. Migration
 Step 1: Install new server as replica of live server.
 Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
 Step 3: Verify all synchronization activity and file
downloads are completed.
 Step 4: Reconfigure new server as upstream.
 Step 5: Synchronize with Microsoft.
 Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.

57. Migration

58. Migration
 Step 1: Install new server as replica of live server.
 Step 2: Perform initial synchronization to replicate
metadata, target groups, approvals, and content.
 Step 3: Verify all synchronization activity and file
downloads are completed.
 Step 4: Reconfigure new server as upstream.
 Step 5: Synchronize with Microsoft.
 Step 6: Verify that the new WSUS server can detect,
download, and install updates from itself.

59. Migration
Client-side targeting
 Reconfigure Group Policy to point to new server.
 Clients will automatically register with the new
server in their correct groups

60. Migration
Server-side targeting
 Migrate computers from original server to new
server using the free WSUS Computer Migrator
tool
• https://www.eminentware.com/cs2008/media/p/430.aspx
 Reconfigure Group Policy to point to new server

61. Upgrade In-Place
 The OS upgrade does work!
 32-bit upgrade only
» Win2003SP2 to Win2008SP2
 Win2008SP2 installs IIS7 with ALL Role Services!
» This may be problematic; whether WSUS has actually been
tested with ALL role services installed is unknown.
» So, while the upgrade is successful, it is indeterminate whether
the WSUS Server will continue to function at full capacity and
functionality.
» TESTING is highly recommended prior to upgrading a
Production server.
 Did not test Win2003 x64 to Win2008 R2 upgrade.

62. Helpful Resources
Did you know you can extend WSUS to update
3rd party applications & report on patch
compliance with SolarWinds Patch Manager
Watch Video Test Drive Live Demo
Ask Our Community Download 30-day Free Trial
Click any of the links above
- Slide 62 -

63. Author: Lawrence Garvin, WSUS MVP
Thank You!
Feedback or questions
lawrence.garvin@solarwinds.com