WSUS Installation Overview

• Installing WSUS on Default Website, with port 80.
• Installing WSUS on Custom Website, with port 8530.

Installing WSUS on Default Website, with port 80: This is very simple and the installation steps are explained on the Installing WUS - BETA 2 page.

Installing WSUS on Custom Website, with port 8530: Installing WSUS on custom Port 8530 is little different from the normal setup. You have to manually configure the client self update feature. But, this kind of setup has many advantages including

• You can shut down port 80 to avoid malicious programs that target port 80.
• If you already have a webiste on port 80 like the Antivirus Applications, this kind of setup will help the functioning of both the sites independantly.

Things to consider if you plan to installing on custom port

• In this case, you have to manually set up up the selfupdate virtual directory on port 80 to enable client self update.
• You can use %\program\Update Services\Setup\InstallSelfupdateOnPort80.vbs script in order to allow those clients to self-update.
• To access the WSUS admin page, you have to include the custom port with the website like http://wsusserver:8350,
• This port in not configurable during WSUSsetup, but can be changed later using IISADMIN.

2. Installing WSUS with Non-Local Database(SQL/MSDE):

You can seperate Patch Content and use a database on seperate Server- the same is of a Front End Server and Back End Server. The Front End Server is the server where you run WSUS and IIS and the Back End Server isthe server running SQL and the WSUS Database. The interesting part is to configure Front End Server to use the Database residing on Back End Server.

Limitations:

• In the RC you cannot use Windows 2000 as Front End Server for Back End Server and vice-versa.
• Also, neither should be a Domain Controller.
• The database for such scenario should be SQL 2000 with Service Pack 3a or later, with nested triggers option turned on.
• You cannot use WMSDE or MSDE for database software on the backend computer.
• Most important - the authentication should always be Windows Authentication and never SQL Authentication. Select authentication carefully at the time of setup too.
• You cannot change the WSUS database name, the database will be named as "SUSDB"

Installation Overview:
As discussed earlier, Front End Server holds the WSUS Software setup with IIS installed. Installation is slightly different from the Normal installation as in this scenario you dont setup database on the same Server, Instead, ths WSUS database is installed on the Back End Server.

Installation is very simple shown in these Steps:

Install WSUS on Front End Server

• You need to setup WUSSETUP.exe with "/f" switch.
• Follow the wizard to specify content Folder & Administration Site.
• Take a note of Content folder which is needed while setting up the back End Server.
• WSUS is installed without the database. The Database will be installed in the second step.

Install WSUS on Back End Server:

• Basically, this server will hold the database. You need to setup WSUSSETUP.exe with "/b" switch.
• This will skip most of the steps in installation with "/f" switch, which we already completed in the first step.
• Here apart from "/b" switch, you need to specify "Content Location" &"Content Directory" from the Command Line Switch.
• "Content Location" if the value is set to 1, it means WSUS Content is stored and retreived from the local system, if if the value is set to 0, it means remote storage on Microsoft Update Server.
• "Content Directory" is to specify "storage location in frontend file system" which you already took a note in previous steps while setting up the Front End Server.

Commands:

• Updates stored locally:
  WSUSSetup.exe /B /V “CONTENT_LOCAL=1 CONTENT_DIR=”storage location in frontend file system”
• Updates stored remotely:
  WSUSSetup.exe /B /V “CONTENT_LOCAL=0”
  Note: In the second command, you don't specify the storage location.

Follow the wizard to specify SQL Instance name and complete the installation wizard.

Back End - Front End Connectivity:

Now, you have to setup some permissions on the Back End Server to allow BE Server to access FE Server & vice-versa. On Back end server, go to Computer Management- Users & Groups - Groups - In WSUS Administrators group Properties add the computer name of Front End Server.

Note: If you are running W2K Server for your BE, be sure to add your FE server name into the WSUS Administrators group from W2K3 or WXP machine via MMC (or else you will not have the option of adding a computer name into the group locally).

Front End - Back End Connectivity:

The remaining step is to configure the Front End Server to use BE Server's Database.

On the Front End Server, open the Registry Editor from Run Menu, then navigate to the following registry key:
HKLM\SOFTWARE\Microsoft\WindowsUpdateServices\Server\Setup\
In the details pane, double-click the SQLServerName key. In Value data, type the name of the Back End Server, and then click OK. Start Windows Update Services from the Front End Computer.

This enables the Communication between FE - BE and BE - FE Servers.