Anyone using MS Software Update Service on their local LAN?

Discussion in 'Windows Desktop Systems' started by gballard, Feb 10, 2003.

  1. gballard

    gballard Moderator

    Messages:
    549
    I was given the OK to download this and try to get it going on our network here at work. We are mainly testing it with our desktop PCs at the moment...but the main reason we wanted it was to speed up the time it takes to get our new servers updated. The problem is...I can't seem to make our servers go to the internal update server manually. We configured a policy to make the Automatic Update Service look to our internal server and that seems to be working fine. Ideally...we want to be able to build a server from scratch and then fire up Windows Update from the Start button and have it hit our interal server instead of taking 20 years to download all the updates from Microsoft. Does anyone have any insight into this?

    Grant
     
  2. Enyo

    Enyo Moderator

    Messages:
    1,338
    Hey, SUS is great you will not regret the time it takes to set it up stick with it.

    To get the clients to use the SUS server correctly:

    You also need the automatic updates client to if your systems use auto update:

    http://www.microsoft.com/windows2000/downloads/recommended/susclient/default.asp

    The deployment whitepaper really helped me get to grips:

    http://www.microsoft.com/windows2000/windowsupdate/sus/susdeployment.asp
     
  3. gballard

    gballard Moderator

    Messages:
    549
    so that registry edit will make the servers go to our local windows update server to get the update instead of the windows site?

    I want the server to go to http://msupdatesrv and not http://www.windowsupdate.com or whatever the site is.
     
  4. Enyo

    Enyo Moderator

    Messages:
    1,338
    Thats correct.
     
  5. gballard

    gballard Moderator

    Messages:
    549
    Let me rehash what we have done to this point. We took 2 PCs and installed windows 2000 server with SP3 on them. One server we called MSUPDATESRV. This is the server that has the Software Update Service running on it. It has internet access and goes out and gets the updates from the windowsupdate site and stores them on its local harddrive. It is set to check for updates every morning at midnight. The other machine is called TESTUPDATE and it has an IP address that does not have internet access. We chose this because we want to make sure it can only get its updates from MSUPDATESRV. On TESTUPDATE we did the registry changes suggested above but the machine will not go out to MSUPDATESRV and get the updates that we know are there. I know there is updates to be installed because the last time we built a server and went to Start --> Windows Update...it fired up Internet Explorer and went to http://v4.windowsupdate.microsoft.com/en/default.asp and found about 18 updates for the OS. Is there a way....on TESTUPDATE...to open up the browser and enter a URL that will make it go to the MSUPDATESRV machine and make it work like http://v4.windowsupdate.micrsoft.com??? That is what we are really looking for here. We need to be able to get the updates down quickly instead of it taking almost 3 hours to build and update a server from scratch.
     
  6. Enyo

    Enyo Moderator

    Messages:
    1,338
    The reg entries couple with the client update for the auto update system should do exactly that.

    Copy this into notepad and save it as a reg file:

    Import it.

    Install this:

    http://download.microsoft.com/download/win2000platform/Update/June2002/NT5/EN-US/WUAU22.msi

    Reboot and it should work.

    Thats all the client updates done, note the reg key is only for XP or Win2K SP3.

    After the reboot run:

    %SystemRoot%\system32\wupdmgr.exe (again limited to SP's)

    Do you have basic web access to the server? If you go to http://MSUPDATESRV does it open up the SUS site?

    Have you used the administrative template file to?

    http://microsoft.com/downloads/deta...EA-D274-42E6-8025-8C667B4C94E9&displaylang=en

    Also is it SUS 1.0 SP1?

    Also you say its a fresh client? Just to check it is Win2K SP2 or above?

    It may not work unless the client is already at atleast SP2.
     
  7. gballard

    gballard Moderator

    Messages:
    549
    Here is the machine information....


    MSUPDATESRV
    IBM Netvista PC
    Windows 2000 Server with SP3
    Windows Software Update Service with No Service Pack
    IP address with internet access

    TESTUPDATE
    IBM Netvista PC
    Windows 2000 Server with SP3
    IP address with no internet access

    So the machines should be have the latest Automatic Update software.

    That registry has already been done and when I run wupdmgr.exe it still tries to go to http://windowsupdate.microsoft.com

    When I open IE from TESTUPDATESRV and type in http://MSUPDATESRV i get a UNDER CONSTRUCTION message.
     
  8. Enyo

    Enyo Moderator

    Messages:
    1,338
    You must have SUS setup in a sub directory. You need to change this, set it up in the root of the website would be the easiest idea. Or maybe you can set the reg settings to point to http://msupdatesrv/sus/ or where ever the site is on the server.

    Obtain the latest SUS package, its been improved by its own service pack.

    Thats right but if all else fails.

    Also i added some new values to the reg file so try doing it again as a import.

    I think its actually a server issue, you wont get anything back from it unless you configure the website in the right place.

    I would as i say set it up in the root.
     
  9. gballard

    gballard Moderator

    Messages:
    549
    ok I installed SUS SP1....but I am not sure about the directory structure of the SUS server itself....I will have to look at that tomorrow when I get back to work. Will advise back..:)
     
  10. gballard

    gballard Moderator

    Messages:
    549
    ok...the directory structure on the SUS server has the following structure on the D:\ drive...

    D:\

    Software Update Services (holds the original setup files for SUS)
    Software Update Services SP1 (holds the updated version of SUS)
    SUS (the folder created by the SUS setup program)
    content
    fastdo
    IIS Lockdown
    wusync


    The Internet Information Services manager has the following data for the Default Web Site:

    Default Web Site
    +_vti_bin
    +content (D:\SUS\content\cabs\)
    +Selfupdate (D:\SUS\content\selfupdate)
    +autoupdate (C:\inetpub\wwwroot\autoupdate)
    +SUSAdmin (C:\inetpub\wwwroot\SUSAdmin)
    etc
    etc
    etc
     
  11. Enyo

    Enyo Moderator

    Messages:
    1,338
    So navigating to http://msupdatesrv/ gives you the default IIS under connstruction message.

    http://msupdatesrv/autoupdate gives you the SUS update page for the client?

    http://msupdatesrv/susadmin gives you the SUS admin page?

    You need to ensure that localstart.htm is the default page and not default.asp or simular. I belive the page is localstart.htm as displayed in this image.

    Another option may be to change the Local Path for Default Website from C:\inetpub\wwwroot\ to C:\inetpub\wwwroot\autoupdate this may work also but i am unsure.

    Restart the service after the changes.

    The clients are not picking up the local server because you have the default page set incorrectly, at leats thats my therory. It should not be going to the under construction page anymore :)
     
  12. gballard

    gballard Moderator

    Messages:
    549
    that is correct...when I enter http://msupdatesrv I get the Under Construction message. When I enter http://msupdatesrv/autoupdate it kicks me to the susadmin page. When I enter http://msupdatesrv/susadmin that also takes me to the susadmin page. There is some encouraging news though. When I got back from lunch just now I checked the testupdate machine and it had downloaded updates at 12:14:41 P.M. on 2/14/2003. The thing is...I had scheduled it to download them at 10:00 A.M. Is there a way to get the updates immediately? We can't be sitting around and waiting 2 hours for it to go out and get the updates.

    **The local path for the default website is C:\inetpub\wwwroot\ and the documents are default.asp, Default.htm, iisstart.asp

    **The local path for the content vdir is D:\SUS\content\cabs\ with the same documents as above

    **The local path for the selfupdate vdir is D:\SUS\content\selfupdate\

    **The local path for the autoupdate vdir is C:\inetpub\wwwroot\autoupdate\

    **The local path for the SUSAdmin is C:\inetpub\wwwroot\SUSAdmin\

    I think we are getting close...still not quite there tho...
     
  13. Enyo

    Enyo Moderator

    Messages:
    1,338
    Remove the listings for default.asp, iisstart.asp do you have a localstart.htm file in the wwwroot folder? If so add that to the list in replace of default.asp

    IF that does not help, see if setting the local path for the website from C:\inetpub\wwwroot\ to C:\inetpub\wwwroot\autoupdate\ changes anything for the client system.

    Interesting the auto updates worked :) Must be making good progress.
     
  14. gballard

    gballard Moderator

    Messages:
    549
  15. Enyo

    Enyo Moderator

    Messages:
    1,338
    Right, localstart.asp is correct my mistake. Make that the defaul page and place at at the top of the list. Change the path back to how it was and try that.

    With the path changed at last its functioning as should except for sending you to the admin menu :huh:

    Try above and get back :)
     
  16. gballard

    gballard Moderator

    Messages:
    549
    ok...will try Monday when I get back to the office.
     
  17. gballard

    gballard Moderator

    Messages:
    549
  18. Enyo

    Enyo Moderator

    Messages:
    1,338
    What error? A SUS error or a HTTP error?
     
  19. gballard

    gballard Moderator

    Messages:
    549
    the error is "The page cannot be found" but the localstart.asp is in the root of wwwroot...i just checked.
     
  20. Enyo

    Enyo Moderator

    Messages:
    1,338
    At least thats a IIS issue rarther than SUS.

    You need to check the paths, make sure wwwroot is the local path (i think we changed it before hand?)

    Are we making progress here? :)