Hi all,

Im looking for a method to Cache Windows Update on Windows Server 2003, so that windows updates can be done locally, not every user have to download the same thing over the net over n over again.

Thanks in advance.

Simple. Just configure the WSUS, or Windows Server Update Services on your server.

This post has been edited by Dark8870: Dec 30 2008, 10:23 AM

i use autopatcher from autopatcher.com

so problems so far. can burn onto a disc and install from there or do a network update.

Dark8870, ill try that..any tips for the configuration?

thank corad

I'd say it's pretty much straight-forward. Configure on both ends, server and client. The installation will guide you through most of it. Set the server to retrieve whatever updates you want from Microsoft, and on the client side just to retrieve the updates from the server itself.
Which is basically what you wanted.

Here's the link from TechNet
http://technet.microsoft.com/en-us/wsus/default.aspx

There's a step-by-step for you should you need it.

Just be a bit more careful as you need to play around with the policies a bit.

Hope this helps.

This post has been edited by Dark8870: Dec 30 2008, 10:41 AM

in a nutshell it looks quite simple..but after a glance thru the documentation (which can be found here) it looks like the setup is gonna b complicated..

I would agree that Microsoft's documents are always specific and detailed, and it can be very confusing at times. But I believe what basically needs to be done is:
1. Install and configure IIS.
2. Make sure relevant services are running, i.e. BITS.
3. Install and configure WSUS.
4. Configure and apply settings in the Group Policies.

And that's about it.
Don't be deterred, I'm sure there are many other sites that won't be as complicated as Microsoft's.

i think ur right, i try the initial setup 1st then we c how it goes..but referring to the doc, there is a diagram where it shows test pcs, to test out the updates b4 applying to all..do u do this? if yes, do i have to have x32 and x64 ver of win?

How to use Window Server 2003 ???

ok Dark8870, i already installed WSUS on the server..but im having some problems adding the client computers..from MMC help:

"You can configure one or more computers by including them in a Group Policy object (GPO). Microsoft recommends that you create a new GPO that contains only Windows Server Update Services (WSUS) settings. Link this WSUS GPO to an Active Directory container appropriate for your environment. In a simple environment, you link a single WSUS GPO to the domain. In a more complex environment, you might link multiple WSUS GPOs to different organizational units (OUs)."

i started gpedit.msc on d server, but the domain ctlr is on another server..dats y i suppose it says "Link this WSUS GPO to an Active Directory container appropriate for your environment"

Is it?

Your clients would need to be configured as WSUS clients, check this out...http://technet.microsoft.com/en-us/library/cc720520.aspx

IMHO, WSUS is a fairly bloated and complex solution to "cache" WU downloads...

ok thanks sanjayws, i will read it..one q, if clients have been configured to check on updates on a local server, what happens when they go outside..any special config required?

Several options:
1. VPN back into your HQ where the WSUS is at
2. Publish your WSUS through the internet (you must configure split head dns <--google that) so that from inside the network and outside the network the name is the same
3. Tell them to regularly run update.microsoft.com

Cheers

i already have point2point vpn, guess that shud work..i look into it afterwards..

rite now my clients wont appear in d wsus computer list..

d wsus is installed on a separate server than dc, so on the gpo, i used d one on d dc..in d gpo, Specify "intranet Microsoft update service location: i entered wsus ip..

also forced the policy to refresh, then run a force client detection "wuauclt.exe /detectnow"

still not detected on d wsus server..any suggestions?

I've tried WSUS, it's pretty much a complicated procedure. I ended up using ISA as my main router and enable cache for the updates in the built-in proxy in the ISA Server. No configurations need to be done from the client side. That's the beauty of it.

Yes yes yes, ISA Server 2004 and UP has this...cool...you should post screenies of what you've done for the benefit of the question.

Sanjay

---

Added on January 15, 2009, 1:37 amPlease send us your windowsupdate.log in the clients that fails. I suspect your GPO settings are not correct, also post them here.

Also, play around with this tool and see if it helps Its a WSUS client diagnostic tool.: http://download.microsoft.com/download/9/7...stic%20Tool.EXE

This post has been edited by sanjayws: Jan 15 2009, 01:40 AM

ok sanjay, will post it later..

---

Added on January 16, 2009, 10:38 amsanjay, after running the wsus diag on my pc, i got the following error:

**
VerifyWUServerURL() failed with hr=0x80072ee6

The URL does not use a recognized protocol
**
after googled the above, found that i have to include the entire domain name for wsus gpo..

after refreshing the policy and forced detection on my pc, here's d result:


**
UseWuServer is enabled. . . . . . . . . . . . . . . . . PASS
WUServer & WUStatusServer do not Match. . . . . . . . . FAIL
Connection to server. . . . . . . . . . . . . . . . . . PASS
SelfUpdate folder is present. . . . . . . . . . . . . . PASS

**

and now alot of computers showing up in d update services console..

i used ip for intranet update service and server name for intranet update statistics..is this ok?

---

Added on January 16, 2009, 5:45 pmthink i solved it, by giving the same name on WUserver and WUstatusserver..
now i have to do some fine tuning..any advice is appreciated..

and also can you elaborate on the ISA svr 2004?

This post has been edited by vNistelrooy: Jan 16 2009, 05:45 PM

Good to know things are working out. Yes you can use IP but i encourage name as IP becomes difficult to muck around incase you change design/ip or use within VPN etc..

Fine tuning can be accessed here: http://technet.microsoft.com/en-us/library/cc720525.aspx

ISA Server 2004/2006 is microsoft's offering for an application layer firewall and proxy. One of the features includes caching Windows Update (and that's right off ISA 2006). It can replace your firewall today or act as secondary or proxy server within your network, suggest you check out http://www.microsoft.com/forefront/edgesec...us/default.aspx.

IMHO, ISA Server is one of the most secure pieces of codes that came outta Redmond ...ole ISA!...

Good luck
J