This project has moved. For the latest updates, please go here.

[Solved] Support for downstream WSUS Servers?

Topics: Misc.
May 6, 2014 at 5:21 PM
I didn't see any mention of this in the documentation. Sorry if I overlooked it.

Will WPP published packaged synch and be supported on downstream WSUS servers?
May 6, 2014 at 5:36 PM
To clarify my question. If I publish a package with WPP on the Upstream server that has several downstream (replica) servers, will that package and its approvals be synchronized throughout the environment. This is assuming WPP is running as default config out of the box (Never make update visible in WSUS Console).

In addition, I am curious why "Never make update visible in WSUS Console" is the recommended setting. Can you explain why this is?

Are there any issues if an update is visible in the WSUS Console?
Editor
May 6, 2014 at 5:58 PM
Brinky wrote:
I didn't see any mention of this in the documentation. Sorry if I overlooked it.

Will WPP published packaged synch and be supported on downstream WSUS servers?
Yes, if you publish a update on a mainstream the update will come to downstream server. But! You can not 'see' the update on the Downstream WSUS. But all clients pick up the updates from the Downstream WSUS. Try it. ;)
Coordinator
May 6, 2014 at 6:10 PM
Hi Brinky, at work I have 1 upstream server and 4 downstreams replica servers, so yes it works.
The only think you have to do is to import the signing certificate into the "Trusted publisher' store on the replica server
Marked as answer by DCourtel on 5/8/2014 at 2:14 AM
Editor
May 6, 2014 at 6:14 PM
DCourtel wrote:
Hi Brinky, at work I have 1 upstream server and 4 downstreams replica servers, so yes it works.
The only think you have to do is to import the signing certificate into the "Trusted publisher' store on the replica server
If Brinky publish the certificate with Group Policys then he had no problems. ;)
May 6, 2014 at 8:20 PM
Indeed it does work! I stood up a downstream WSUS server, added the cert to the "Trusted Publisher" store, pointed a client to the downstream server and all worked successfully.

It appears paid products (SolarWinds) places the update in the WSUS Console when publishing, so I'm still curious why "Never make update visible in WSUS Console" is the recommended setting. Can you explain why this is? Are there any known issues if an update is visible in the WSUS Console?

Thanks for the help!
Coordinator
May 6, 2014 at 8:53 PM
May be that, " not recommended" is too strong. But when publishing an update via API, by default, this update is not shown in the console. And there is no way to make it appears using API. This is Microsoft's choice. The only way to make this update visible in the console, is to edit the database directly.
So I didn't recommend that option.
Said that, I know many people using this option for years without any problems.
Make your choice :-)
May 6, 2014 at 8:59 PM
@DCourtel - Thanks for the clarification.