WSUS upgrade strategy

Wed May 14, 2014 3:23 pm

Hi all,

So the client that I work for, has a WSUS system servicing about 11000 mixed XP and 7 workstations, funny story, its still on WSUS 3.0 SP1, so Windows 7 not even supported.

Short story, they've known for a long time that this was the case, and there is a project in the works to rebuild the entire WSUS infra with better hardware and such. This project has been going over a year, and still to date in site to start, so I need to upgrade some decrepit old 2003 servers to WSUS SP2.

My question:

Do I need to start with the "master" server, or can I start with the satellites ? 1 satellite is in a lab environment, they want to to try on that before any of the prod boxes.. I've said I am pretty sure we must start at the top.

Any advice?

oh and yes, I've informed them that with 11k+ clients, they really need to be on SCCM, with real SQL and such in the background.. but alas, the use Zenworks for such things, and setting up SCCM would involve a multi-million dollar project.
Thu May 15, 2014 12:26 pm

Yes, you definitely want to start at the top. Migrating WSUS to a new server is actually fairly easy. You can find instructions here. The one difference in the way I usually do it is to backup everything from the old server and shut it down. I then install the new server and name it the same as the old server. It's not necessary (obviously), but it does cut out the step of having to reconfigure your clients. :)

I guess there is another difference...I don't actually export the metadata from the database either. I just copy the .mdf and .ldf reattach them on the new SQL install. Instructions are here. Technically those instructions are for moving the database from one drive to another, but the same steps still apply.

As far as the downstream servers, I'm pretty sure you can just install a new one and point it at the upstream master. They should pull all of the groups and settings automatically.

IF you did a completely new one without migrating settings you'll pretty much have a mess on your hands. None of the clients will ever properly check in without removing some registry keys and running "wuauclt /resetauthorizaion"...on every one of them.
Thu May 15, 2014 1:24 pm

I'm confused. You say it's WSUS 3.0 SP1 which is the shipping version of WSUS in S2008, it very definitely supports Windows 7.
Hell, I suspect that's what I'm running in London still - I'm pretty sure the WSUS role is on a 2008R2 server still and it's handling W8.1 test deployments and S2012 without any drama.
Thu May 15, 2014 2:38 pm

You're likely on SP2 as that was the release that introduced support for Windows 7 and 2008 R2 as clients. You can install WSUS 3.0 SP2 on Windows Server 2003 (and it could be an in-place upgrade in his case), but I would recommend migrating to a newer OS anyway just from a network optimization standpoint with that many clients.

You can update Windows 8 and Server 2012 clients from WSUS 3.0 SP2, but it requires an update. This update MAY be included if you enable the WSUS feature on Server 2012/2012 R2, but I'm not 100% positive on that.

If he leaves it on Server 2003, there are several other patches that are required for it to run correctly for newer Windows versions...another good reason to migrate to a newer host OS on the WSUS server. :)
