Windows Software Update Services (WSUS)
Lesson 4
Lesson 4
WSUS CONFIGURATION
By Sai Kurada
August 11, 2023
Before you start to configure WSUS, some important points.
- Ensure the server firewall allows the clients to access the WSUS server. If the clients have issues connecting to WSUS server, updates won’t be downloaded from server.
- The WSUS downloads the updates from upstream server which is Microsoft update in our case. So, ensure the firewall allows the WSUS server to connect to Microsoft Update. Please refer to the WSUS requirements lesson for information about the firewall ports and URLs list.
- In case there is a proxy server in your setup, you must enter the credentials for proxy server while configuring WSUS. Have them handy as they are require
After you install WSUS, you can configure the WSUS server using WSUS Server configuration wizard. This is a one-time configuration where you will configure some important WSUS options.
To configure WSUS:
1. On the left pane of Server Manager, select Dashboard > Tools > Windows Server Update Services.
2. The WSUS Configuration Wizard opens. On the Before you Begin page, review the information, and then select Next.
3. Read the instructions on the Join the Microsoft Update Improvement Program page. Keep the default selection if you want to participate in the program or clear the checkbox if you don't. Then select Next.
4. On the Choose Upstream Server page, select one of the two options: Synchronize the updates with Microsoft Update or Synchronize from another Windows Server Update Services server.
To configure WSUS:
1. On the left pane of Server Manager, select Dashboard > Tools > Windows Server Update Services.
2. The WSUS Configuration Wizard opens. On the Before you Begin page, review the information, and then select Next.
3. Read the instructions on the Join the Microsoft Update Improvement Program page. Keep the default selection if you want to participate in the program or clear the checkbox if you don't. Then select Next.
4. On the Choose Upstream Server page, select one of the two options: Synchronize the updates with Microsoft Update or Synchronize from another Windows Server Update Services server.
If you choose to synchronize from another WSUS server:
a. Specify the server name and the port on which this server will communicate with the upstream server.
b. To use SSL, select the Use SSL when synchronizing update information checkbox. The servers will use port 443 for synchronization. (Make sure that this server and the upstream
server support SSL.)
c. If this is a replica server, select the This is a replica of the upstream server checkbox.
5. After you select the options for your deployment, select Next.
6. On the Specify Proxy Server page, select the Use a proxy server when synchronizing checkbox. Then enter the proxy server name and port number (port 80 by default) in the corresponding boxes. You must complete this step if you identified that WSUS needs a proxy server to have internet access.
7. If you want to connect to the proxy server by using specific user credentials, select the Use user credentials to connect to the proxy server checkbox. Then enter the username, domain, and password of the user in the corresponding boxes.
a. If you want to enable basic authentication for the user who is connecting to the proxy server, select the Allow basic authentication (password is sent in cleartext) checkbox.
a. Specify the server name and the port on which this server will communicate with the upstream server.
b. To use SSL, select the Use SSL when synchronizing update information checkbox. The servers will use port 443 for synchronization. (Make sure that this server and the upstream
server support SSL.)
c. If this is a replica server, select the This is a replica of the upstream server checkbox.
5. After you select the options for your deployment, select Next.
6. On the Specify Proxy Server page, select the Use a proxy server when synchronizing checkbox. Then enter the proxy server name and port number (port 80 by default) in the corresponding boxes. You must complete this step if you identified that WSUS needs a proxy server to have internet access.
7. If you want to connect to the proxy server by using specific user credentials, select the Use user credentials to connect to the proxy server checkbox. Then enter the username, domain, and password of the user in the corresponding boxes.
a. If you want to enable basic authentication for the user who is connecting to the proxy server, select the Allow basic authentication (password is sent in cleartext) checkbox.
8. Select Next.
9. On the Connect to Upstream Server page, select start Connecting.
9. On the Connect to Upstream Server page, select start Connecting.
10. When WSUS connects to the server, select Next.
11. On the Choose Languages page, you have the option to select the languages from which WSUS will receive updates: all languages or a subset of languages. Selecting a subset of languages will save disk space, but it's important to choose all the languages that all the clients of this WSUS server need.
a. If you choose to get updates only for specific languages, select Download updates only in these languages, and then select the languages for which you want updates. Otherwise, leave the default selection.
b. If you select the option Download updates only in these languages, and this server has a downstream WSUS server connected to it, this option will force the downstream server to also use only the selected languages.
11. On the Choose Languages page, you have the option to select the languages from which WSUS will receive updates: all languages or a subset of languages. Selecting a subset of languages will save disk space, but it's important to choose all the languages that all the clients of this WSUS server need.
a. If you choose to get updates only for specific languages, select Download updates only in these languages, and then select the languages for which you want updates. Otherwise, leave the default selection.
b. If you select the option Download updates only in these languages, and this server has a downstream WSUS server connected to it, this option will force the downstream server to also use only the selected languages.
12. After you select the language options for your deployment, select Next.
13. The Choose Products page allows you to specify the products for which you want updates. Select product categories, such as Windows, or specific products, such as Windows Server 2019. Selecting a product category selects all the products in that category.
13. The Choose Products page allows you to specify the products for which you want updates. Select product categories, such as Windows, or specific products, such as Windows Server 2019. Selecting a product category selects all the products in that category.
14. After you select the product options for your deployment, select Next.
15. On the Choose Classifications page, select the update classifications that you want to get. Choose all the classifications or a subset of them, and then select Next.
15. On the Choose Classifications page, select the update classifications that you want to get. Choose all the classifications or a subset of them, and then select Next.
16. The Set Sync Schedule page enables you to select whether to perform synchronization manually or automatically.
a. If you select Synchronize manually, you must start the synchronization process from the WSUS Administration Console.
b. If you select Synchronize automatically, the WSUS server will synchronize at set intervals.
c. Set the time for First synchronization, and then specify the number of synchronizations per day that you want this server to perform. For example, if you specify four synchronizations per day, starting at 3:00 AM, synchronizations will occur at 3:00 AM, 9:00 AM, 3:00 PM, and 9:00 PM.
a. If you select Synchronize manually, you must start the synchronization process from the WSUS Administration Console.
b. If you select Synchronize automatically, the WSUS server will synchronize at set intervals.
c. Set the time for First synchronization, and then specify the number of synchronizations per day that you want this server to perform. For example, if you specify four synchronizations per day, starting at 3:00 AM, synchronizations will occur at 3:00 AM, 9:00 AM, 3:00 PM, and 9:00 PM.
17. After you select the synchronization options for your deployment, select Next.
18. On the Finished page, you have the option to start the synchronization now by selecting the Begin initial synchronization checkbox.
a. If you don't select this option, you need to use the WSUS Management Console to perform the initial synchronization. Select Next if you want to read more about additional settings or select Finish to conclude this wizard and finish the initial WSUS setup.
18. On the Finished page, you have the option to start the synchronization now by selecting the Begin initial synchronization checkbox.
a. If you don't select this option, you need to use the WSUS Management Console to perform the initial synchronization. Select Next if you want to read more about additional settings or select Finish to conclude this wizard and finish the initial WSUS setup.
19. After you select Finish, the WSUS Administration Console appears. You'll use this console to manage your WSUS network.
Previous
WSUS Installation