Last week I implemented one of the new features of SCCM 2012 SP1. With SCCM 2012 SP1 it’s possible to use an existing WSUS upstream server for the local Software Update Point(SUP) in your environment. The SUP do not have any connection with the Internet. Based on my research I expected that it would work differently than it did.
Let’s start with explaining that a Microsoft Update consists of 2 parts. The first part is the update Meta data of the software update and the second part is the software update itself. The Meta data of the update contains information like the description, severity, classification, etc. The Metadata is needed to show the update in the WSUS/SCCM Console. The software updates file is needed for the installation on the clients.
Let’s first start with a graphical view of the WSUS upstream server / Local SCCM SUP solution:
What I was expecting from this configuration that the internal SUP would use the WSUS upstream server for both the update metadata and the update file itself. Unfortunately this was not the case. The SCCM SUP would only download the update Meta data from the WSUS upstream server. With this Meta data the update will show up inside the SCCM console and you can create software groups and deploy them to you collections. But there it go’s wrong, during the deployment process you have to choose from where you want to download the update file. I was expecting again that if I choose the Internet the WSUS upstream server would handle the file download for me so the SUP could automatically download this from the WSUS upstream server. But that was not the case. If you want this process to work you need to do some additional configuration on the WSUS upstream server and the WSUS server on you SUP.
The following configuration steps are needed before your SCCM software update point can download updates locally without the need of an internet connection:
- Configure your upstream server to download all the updates from the products and classifications you the selected during the WSUS configuration and cache them locally.
- Configure the above setting also in the WSUS console of your SUP. Normally it’s not recommended to set WSUS configuration settings on a SUP directly in WSUS. But this setting is not managed by SCCM.
- During the deployment of your updates when you arrive in the download location section choose the option “Download Software Update from a network location on the local network”. As network location you have to type in the WSUS content share of you internal WSUS Server installed on your SUP.
With the above configuration the updates will be downloaded and deployed to your client. The downside of the above configuration is that the updates will be saved on 3 servers: The WSUS Upstream Server, the local SUP and the Distribution Point.
Thanks to Peter van der Woude for the support during this case..