Step by Step guide to setup SCCM 1511 standalone Software Update Point

The Software Update Point integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients.

Careful consideration and planning is required before adding a Software Update Point in the hierarchy.

If you have CAS then install and configure the software update point at the central administration site first, and then install and configure the software update points on other sites. Some settings are only available when you configure the software update point on the top-level site, which is the central administration site or the stand-alone primary site.

There are different configuration options that you must consider depending on where the software update point is installed.

Always configure the Software Update Point at CAS or Primary site to Synchronize the updates directly with Microsoft.

Additional software update points at a site, or Child primary site and Secondary site synchronize from an upstream data source location.

Prerequisites for Software Update Point:

Windows Features:	.NET Framework 3.5: Including ◦.Net Framework 3.5 (Includes .NET 2.0 and 3.0) .NET Framework 4.5: Including
Roles:	WSUS
Additional Install:	KB3095113 and KB3159706
Ports	8530 and 8531

Installing WSUS Role:

Prior to the release of Windows Server 2012, WSUS was a separate download.

Starting from Windows Server 2012 and Windows Server 2012 R2, WSUS is included as part of the Windows Server operating system. However, to install WSUS we need use windows feature and roles wizard.

Log on to the server on which you plan to install the WSUS server role (eventually where we will be installing Software Update Point) as Administrator;

On the installation type select Role-based or feature-based installation then click next;

Select the default options then click next on Select destination server;

On select server roles window select Windows Server update Services then click next;

Click Add features on Add features window;

Click next on select features window;

On Windows Server Update Services window, click next;

On Select role services window select only Database and WSUS Services then click next;

If we select WIDDatabse and Database, the setup will provide “The following features cannot be installed on the same server: Database, WID Database:”

Provide a location path to store WSUS content then click next;

Provide a SQL server database instance on Database Instance Selection window then click next;

Click Install once confirming all the roles and features;

The wizard will complete with configuration required message. Close the Wizard.

Configuring WSUS DB instace and Content Path:

Now configure the WSUS to complete the WSUS installation.

Launch WSUS console, which will open Complete WSUS installation window.

Enter the DB instance. Which is your SQL server name where you want to store the WSUS Database and also provide the content directory path.

WSUS DB Instace is: SCCB-SQL

Content Directory path is: C:\WSUSStorage

Close the complete WSUS installation window.

At this stage, if we logon to SQL server, you should be able to see SUSDB created;

Installing hotfix KB3095113:

If you want to support Windows 10 feature upgrade using WSUS then install KB3095113 after installing the WSUS.

Download the KB3095113 from https://support.microsoft.com/en-us/kb/3095113 and it is straightforward process, just follow on screen instructions to complete the installation

Read the instructions carefully https://support.microsoft.com/en-us/kb/3095113 before starting the installation.

Installing hotfix KB3159706:
Update enables ESD decryption provision in WSUS. KB3159706 is an require update for Windows 10 feature updates. Follow the installation and post-installation steps at  https://support.microsoft.com/en-au/kb/3159706

Installing WSUS Admin Console:
As we are using remote server for SUP, we need to install Windows Server update services tools (API and PowerShell cmdlets and USer Interface management Console) on the primary site server.

If we wont install Windows Server update services tools, then we will get  following error msg;

Failed to create assembly name object for Microsfot.Update Services.Administratiron, Error = 0x80131701.

Supported WSUS version not found

Remote Configuration failed on WSUS Server

Setting new configuration state to 3 (WSUS_CONFIG_FAILED)

To install Windows Server update services tools, Launch Add Roles and Features Wizard,

Select Role-based of feature-based installation on Select Installation Type;

Select a server from the server pool on select destination server then click next;

Click next on Select server roles as we do not have to install any roles;

Select Windows Server Update Services Tools under Role Administration Tools.

make sure API and PowerShell cmdlets and User Interface management Console are selected.

Confirm the installation selections then click install. This will install WSUS console on the primary site.

Installing SUP Role: 

Open the Config Manager console, then go to \Administration\Overview\Site Configuration\Servers and Site System Roles, then Right click on Servers and Site System Roles then select Create Site System server;

Select desired server under Select a server to use as site system.

Enter the FQDN of the server name or use the browse option to browse the server name in AD. 

Select Use the site server’s computer account to install this site system then click next;

Specify internet proxy server details if applicable then click next;

Select Software Update Point role under specify roles for this server then click next;

Select WSUS is configured to use ports 8530 and 8531 for client communications (Default settings for WSUS on Windows Server 2012) then click next;

Enter the proxy account details for Software update point then click next;

Specify synchronization source, so the SUP will sync the update catalog from the source;

If this Software Update Point is located on the CAS or Primary Site, then select Synchronize from Microsoft Update.

If this is on the child sites, then select synchronize from an upstream data source location.

Select appropriate synchronization schedule settings then click next;

Select supersedence behaviour then click next; if required select Run WSUS cleanup wizard;

Select the software updates classification which needed and want to synchronize;

 Select the products which required to synchronize based on the requirement;

Select the language for software update file and software update summary details then click next;

Review the summary then click next;

If everything is configured correctly the wizard will complete successfully.

The site installation will start by creating SMS folder under C:\ on the SUP site system.

Under the logs folder review the SUPsetup.log file for installation details. 

The log should display the installation is successful message;

Initially before the WSUS updates Sync the the SUP status will not show much information;

Once the synchronizations starts, we can see sync updates in WCM.log on the primary site server;

Wsyncmr.log will start showing the updates sync;

Click here for complete SCCM 1511 Current Branch setup step by step guide.

Click here for complete SCCM 1511 Current Branch step by step guide, step by step migration guide, step by step monitoring and health check guide and step by step SCCM Current Branch servicing guide.