You are here:
< Back
  • Install Windows 2016 Server with 6GB Memory, 6 CPUs and a second disk D:\
  • Start Server Manager and install  “Windows Server Update Service” and include all features
    • Install WID Connectivity and WSUS Service only
    • Store updates on D:\WSUS
    • Install
  • Open “Windows Server Update Services” Console to configure WSUS
    • Store updates locally on D:\WSUS, RUN and CLOSE
    • WSUS wizard will open NEXT
    • Uncheck “Yes, I would like to join the Microsoft update improvement program
    • Configure as a replica server from “MasterServerHostName”
    • Use proxy server if needed
    • Start connecting to master server
    • Download updates in all languages
    • Synchronize automatically
      DON’T BEGIN INITIAL SYNCHRONIZATION

    • NEXT and FINISH
  • Open Options in Windows Update Service Console
    • Update Source and Proxy Server (“MasterServerHostName”)
    • Products and Classifications – is disabled because the Server will use the same settings as the Masterserver
    • Update Files and Languages (Download files from Microsoft Update, do not download from upstream server) Firewall Rule to Internet is needed!!!
    • Automatic Approvals – is disabled because the Server will use the same settings as the Masterserver
    • Computers – Use Group Policy
    • Server Cleanup Wizard is not need
    • Report Rollup – is disabled because the Server will use the same Settings as the Masterserver
    • E-Mail Notifications (Configure McAfee to allow SMTP and open Firewall to SMTP Server)
    • Personalization – use standard setup
    • Close Windows Update Service Console
  • Install SQLSysClrTypes.msi – Microsoft Download
  • Install ReportViewer.msi – Microsoft Download
  • Install SSMS-Setup-ENU.exe – Microsoft Download
  • Open Microsoft SQL Management Studio to reconfigure the WSUS Database
    • Connect to Database with the following Servername \\.\pipe\MICROSOFT##WID\tsql\query
    • Change Memory Setup from Database
      REBOOT SERVER
  • Open Windows Update Server Console
    • Check if the download option is set to download directly from Microsoft Updates again
    • Synchronize with Replica Server
    • After a succeeded synchronisation you will see all WSUS Organisation Units
    • If you need a new Organisation Unit add the OU on the Master Server
    • After a succeeded synchronisation and missing updates the download from Microsoft will start if Internet breakout is configured correctly
  • Open Group Policy Management Console and configure a site policy e.g. for servers
    • Configure WSUS Group Policy (Site Policy !!!)
    • Create one Policy for Server Systems and one for Client Systems – split Clients and Server to different WSUS Servers
    • Edit each Policy for the correct WSUS System (Computer Configuration – Policies – Administrative Templates – Windows Components – Windows Update) e.g.:
    • Configure Automatic Updates
    • Specify intranet Microsoft update server location and enter new server name
    • Enable client-side targeting – add the new site name
    • Create a WMI Filter for Servers and Clients – needed to split Clients and Servers
  • Change IIS Settings
  • Queue Length from 1000 to 25000; Limit Interval from 5 to 15
  • “Service Unavailable” Response from HttpLevel to TcpLevel; Private Memory Limit (KB) to 0
  • REBOOT SERVER
Categories: