This article references and reprint to: https://wenku.baidu.com/view/825ecc37fe4733687e21aabc.html
Http://www.cnblogs.com/skylumia/p/4942628.html
1 experimental environment
1) WSUS server:
Windows2008 R2 SP1 Enterprise Edition;
Host name: WSUS01;
Host Dual network card:
The IP address of NIC one is 192.168.0.108;
2) Client:
Windows7 Enterprise Edition X86;
Host name: WIN701;
The IP address is 192.168.0.103.
2 Installing WSUS SP2 prepare
1) Login WSUS01 server with local management.
2) Install Microsoft Report Viewer Redistributable 2008, download Link:
http://www.microsoft.com/downloads/zh-cn/details.aspx?displaylang=zh-cn&FamilyID= 6ae0aa19-3e6c-474c-9d57-05b2347456b1
3) Run the report Viewer.exe file, next.
4) Accept the agreement and select "Install".
5) Select "Done".
6) Install the IIS components.
7) Open Server Manager, select role---Add roles, select Web Server (IIS), next.
8) If you are installing Web server IIS, on the Web server (IIS) page, click Next. On the WEB server (IIS) Role Services page, in addition to the default settings that are selected, select ASP. NET, Windows authentication, dynamic content compression, and IIS 6 management compatibility. If the Add Roles Wizard window appears, click Add Required Role services. Click Next.
9) Select "Install".
3 Installing WSUS
1) Download the wsus30-kb972455-x64 patch pack to perform the installation.
Download Link: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=A206AE20-2695-436C-9578-3403A7D46E40
2) Run the Wsus30-kb972455-x64 installation package.
3) Next.
4) Select "Include Management console and full server Installation", next.
5) Accept the agreement and the next step.
6) Select "Local Storage Patch", default store local c:wsus, next.
Note: If more patches are updated, it is recommended that you put them in a separate partition.
7) Select "Install Windows Internal Database on this computer" next.
Note:
① on the Database Options page, select the software that is used to administer the WSUS 3.0 database. By default, this installation wizard installs the Windows internal database.
② If you do not want to use Windows internal databases, you need to select Use an existing database on this computer or use an existing database server on a remote computer to provide WSUS with an instance of SQL Server to use. Type the instance name within the appropriate boxes. The instance name should appear as <servername><instancename>, where ServerName is the name of the server and instancename is the name of the SQL instance. Make your selection, and then click Next. Then, on the Connect to SQL Server Instance page, WSUS tries to connect to the specified SQL Server instance. When it has successfully connected, click Next to continue.
8) Site preferences, select Use existing IIS Default Web site, next.
Description: On the Site Selection page, specify the Web site that WSUS will use. If you want to use the default Web site on port 80, select Use an existing IIS Default Web site. If you already have a Web site on port 80, you can create an alternate site on port 8530 by selecting Create a Windows serverupdate Services 3.0 SP2 Web site. Click Next.
9) Next.
10) Wait for the installation to complete and click Finish.
4 Synchronizing WSUS
1) After the installation is complete, automatically open the Configuration Wizard and click Next.
Attention:
Pre-configuration Network preparation:
① Check that the WSUS server's firewall is configured to allow client access to the server
②wsus Connect to an upstream server (such as Microsoftupdate).
③ If you need to set up a proxy server, name and user credentials are required
④ If you have an enterprise firewall between WSUS and the Internet, to obtain updates from Microsoft Update, the WSUS server uses port 80 for the HTTP protocol, and port 443 for the HTTPS protocol, which you need to ensure that these ports can be accessed and that you can join the following Microsoft To update a website:
http://windowsupdate.microsoft.com
Http://*.windowsupdate.microsoft.com
Https://*.windowsupdate.microsoft.com
Http://*.update.microsoft.com
Https://*.update.microsoft.com
Http://*.windowsupdate.com
Http://download.windowsupdate.com
Http://download.microsoft.com
Http://*.download.windowsupdate.com
Http://wustat.windows.com
Http://ntservicepack.microsoft.com
2) Select "Do not join the client Experience program" and the next step.
3) Leave the default, next.
4) Leave the default, next.
5) Select "Start Connection".
6) After waiting for the connection to complete, select Next.
7) Select the language you want to apply to, select "Chinese (Simplified)" and click "Next".
8) Select the products that need to be updated (for testing purposes, select only Office2010 and Window 7) and then "next".
9) Select the category of updates you want to download (click the default here) and click Next.
10) Select manual Synchronization (real deployment environment can choose automatic synchronization, set the synchronization cycle separately), next.
11) Leave the default, next.
12) Click "Finish".
13) When finished, automatically open the WSUS interface, you can view the synchronization progress (waiting for synchronization 100%), where the synchronization is and Microsoft released products to synchronize, after the synchronization is completed if the approval will be downloaded on the server side, so that the client connected to the server will not be downloaded to the client again, Synchronization is particularly slow here, depending on your speed and the number of products you choose.
5 Client Configuration:
1) Enter Gpedit.msc in the lookup, expand Computer Configuration---policies---Administrative templates---Windows Components, and then click Windows Update.
2) In the details pane, double-click Configure Automatic Updates.
3) Click Enabled, select the date and time of the update, and then OK.
Description
① notify the download and notify the installation. This option notifies the logged-on administrative user before the download and before the update is installed.
② automatically download and notify the installation. This option automatically starts the download of the update, and then notifies the logged-on administrative user before the update is installed.
③ automatically download and schedule the installation. This option automatically starts the download of the update and installs the update at the date and time that you specify.
④ allows local administrators to select settings. This option allows local administrators to use Automatic Updates in Control Panel to select configuration options. For example, they can choose their own scheduled installation time. The local administrator cannot disable Automatic Updates.
4) in the Windows Update details pane, double-click Specify Intranet Microsoft update service location.
5) Click Enabled, and then type the HTTP URL of the WSUS server uniformly in the Set intranet update service for detection updates box and the Set intranet statistics server box, which is http://WSUS01/.
6) Select "Automatically retrieve updated frequency", set "interval" to the default of 22 hours, set to "Enabled".
7) Select "Allow Automatic Updates to install Now".
8) Select "Enable" to determine.
9) Enter "Gpupdate/force" in the run to force the refresh of Group Policy.
10) Open "Windows Update----Change settings" To view the current status. For example, the description Group Policy is already in effect.
6 Manage Update Patches
1) Log on to the WSUS01 server as a local administrator.
2) Open the Administrative Tools---Windows Server Update Services.
6.1 Creating and managing Computer Groups
Note: This step allows clients to be grouped to differentiate between different operating system versions, unused usage, and so on. (optional)
1) Select Updtae Services---WSS01---computer, right-click All computers, and select Add Computer group.
2) Enter the name of the group and click "Add".
3) Select "Updtae Services---WSS01---computer---All computers---unassigned computers", right-select the client host name that needs to be updated, and here win701.fengxja.com, select "Change membership."
4) Select the "WIN7" group to determine.
6.2 Update Patches
1) Select "Updtae Services---WSS01---update---All updates", on the "All Updates" Detail page, select "Unapproved" and "any", then click "Refresh".
2) Select the patches that need to be updated as needed, then select the WIN7 group.
3) Select "Approved for Installation"
4) Click "OK".
5) Click Close.
Note: When the above steps are completed, the client does not install the patches immediately, but instead installs the patches on a per-Group Policy basis, and the rules for automatic approval are usually set on the server.
7 Resolve client not updating behavior:
1-1
1. Checking clients with WSUS Clienttools software
: http://www.microsoft.com/en-us/download/details.aspx?id=30827
There are three software checks:
wuserver=http://10.10.10.5:8530
-------(WSUS server address)
wustatusserver=http://10.10.10.5:8530-----(WSUS server address)
(1) Usewuserver is enable
---------Pass
(2) Onnection to server
----------Pass
(3) SelfUpdate Folfer is present
----------Pass
2-1 If all three items show pass and the client still does not have patch updates
Example: If the first two items pass and the error 80072efd is displayed
Workaround: Use Proxycfg-pproxyservername:port (proxyservername:portwsus server address and port) on the client
2-1
1. Stop automatic Updates service and BITS service, run at the command prompt:
net stop Wuauserv
net stop bits
2. Delete the%windir%\softwaredistribution directory
3. Start Automatic Updates service and Bitsservice, and when these 2 services do not start, they will automatically create softwaredistribution and related sub-files.
Run at the command prompt:
net start wuauserv
net start bits
4. When the%windir%\softwaredistribution directory has been created, let the client immediately connect to the domain WSUS server.
Wuauclt.exe/resetauthorization/detectnow
5. After 15 minutes, check to see if the client is checking for the required updates.
If the problem persists, on the WSUS client, do the following:
1. Confirm Background Intelligent Transfer service starts
2. Run the following command to rename the Catroot2 folder
net stop cryptsvc
ren%systemroot%\system32\catroot2 oldcatroot2
net start cryptsvc
If the above operation is still unresolved, please copy the WindowsUpdate.log log file to the system disk Windows folder for professional analysis. (Note: Make sure that the WSUS server is not a problem and that other PCs can update properly.) )
Windows R2 SP1 Deploying WSUS 3.0 SP2