How To Install & Configure Software Update Point In SCCM

Jason Barrett Jason Barrett | | Software Updates

In this article I will cover everything you need to know about installing and configuring the software update point in SCCM.

The software update point role enables SCCM to be able to download and push out software updates to SCCM clients.

In this article I will show you the best practices in setting up a software update point.

Prerequires

Before you can install the software update point role the following prerequires need to be met.

  • WSUS needs to be installed : Needs to be installed on the SCCM primary site server (I highly recommend this). I wrote a step by step guide on How to Install & Configure WSUS
  • WSUS administrative console : Only needs to be installed if WSUS is not installed on the primary server. You will need to connect to the remove WSUS server before installing the software update point on the primary server
  • Software Update Point Role install on primary site first : Then install on secondary site servers
  • Disk space : I recommend Min 5gb, recommended 10gb for every product you want to push out software updates to

Once the prerequires have been met you can proceed to the next step

Install Software Update Point

If you are installing the software update point for the first time you will need to install the role on the primary site first, then the secondary site servers if you have any.

To install the software update point follow these steps

  1. Open the SCCM console
  2. go to \Administration\Overview\Site Configuration\Servers and Site System Roles
  3. Right click on the server that has the primary site role and click add site system roles
    add site system role
  4. On the add site system roles wizard page click next
    add site system roles wizard
  5. If you use a proxy to access the internet enter the details here
  6. Click next
    specify internet proxy server
  7. At the specify roles for this server page select the “Software Update Point” role and click next
    specify roles for this server
  8. If WSUS is installed on another machine you will need to install the WSUS administrative console on the primary server and have connected to the remote WSUS before you start the add software update point role wizard
  9. Confirm the ports are correct, if you are unsure what port your WSUS is using check out this article I wrote on how to check what port WSUS is using
  10. If you are using a CMG (Cloud Management Gateway) then tick the box “Allow configuration manager cloud management gateway traffic”
  11. If you are using a CMG also select “Allow internet and intranet client connections”
  12. Click next
    specify software update point settings
  13. If you need credentials to connect to a WSUS server enter them here
  14. In my experience I highly recommend that you install WSUS on the SCCM primary site server and not use credentials to connect to WSUS as this reduces the risk of software updating having issues in the future such as account password changed / locked out
  15. Click next
    enter account settings for the software update point
  16. Select “Synchronize from Microsoft Update”
  17. Select “Do not create WSUS reporting events”
  18. Click next
    specify synchronization source settings
  19. We want software updates to automatically appear in the SCCM console when they are available, to do this tick the box “Enable synchronization on a schedule”
  20. Click on customize
    synchronization settings
  21. This is where we need to start thinking about timings of things.  We configured WSUS to check for updates every day at 23:30. The first WSUS sync I did took 1 hour (Further syncs should take 10-30 minutes) So we need to configure this setting for at least 1 hour after the WSUS sync. In my experience it is best to give extra time for the WSUS sync to finish.
  22. Set the time to 01:00
  23. Set recur to every 1 days
  24. Click ok
    custom sync schedule
  25. Click next
  26. On the “Select behavior for software updates that are superseded” I recommend to leave these settings at default values
  27. Click next
    select behavior for software updates that are superseded
  28. Tick the box next to “Decline expired updates in WSUS according to supersedence rules”
  29. Click next
    configure wsus maintenance behavior
  30. I recommend to leave the maximum run time to 120 minutes.

    PRO TIP : When we configure the deployment of the software updates we will get the client to pre-download the update before they install the update, this will eliminate maximum run times issues.

  31. Click nextconfigure maximum run time
  32. On the specify configuration for software update content window leave the default value “Download full files for all approved updates”
  33. Click next
    specify configuration for software update content
  34. Select the same software update classifications you entered in WSUS
  35. Click next
    software update classifications
  36. Same as previous step, only select the products you selected in WSUS

    Pro Tip : If you select a product here in the SCCM console but do not have it selected in WSUS no software updates will get downloaded for that product

  37. Click next
    select software update products
  38. Only select languages here that have been selected in WSUS
  39. Click next
    select language settings to sync
  40. At the summary screen confirm the details and click next
  41. We have now completed adding the software update point roll
  42. Click close
    add site system roles wizard complete

Post Software Update Point Checks

Now we have installed the SCCM software update point role it is very important that everything installed correctly and that everything is healthy before we continue to configure the software update point role.

To do this perform these tasks

Check For Successful Install In Logs

Firs thing we need to do is open the SUPSetup.log log which is usually located at C:\Program Files\Microsoft Configuration Manager\Logs and check for the following lines

  • <Tue Nov 14 15:05:37 2023> Installation was successful.
  • <Tue Nov 14 15:05:37 2023> ~RoleSetup().

If you see these then the install was successful.  If not you should see a few errors which will help you to find the root cause of the why the software update point role failed.

confirm successful software update point role install logs

Check Active Alerts

Check the active alerts section to see if there are any alerts relating to software updates, To do this follow these steps

  1. Open SCCM Console
  2. Go to \Monitoring\Overview\Alerts\All Alerts
  3. Check if any alerts were triggered and still active relating to software updates
  4. In my example below I saw no alerts had been triggered for around 5 months 🙂

check active alerts

Check Site Status

Check the Software update point site status is healthy, to do this follow these steps

  1. Open SCCM Console
  2. Go to \Monitoring\Overview\System Status\Site Status
  3. Confirm there is a green circle and OK on the software update point line

sccm site status

Check Free Disk Space

Make sure you have enough disk space to download the software updates to. I recommend 10gb of disk space per product

check disk space

Run First Synchronize of Software Updates

We now need to run the first synchronize of software updates, To do this follow these steps

  1. Open SCCM Console
  2. Go to \Software Library\Overview\Software Updates\All Software Updates
  3. Notice there are 0 software updates found
  4. Click on “Synchronize software updates”
    run first synchronize software update
  5. A message will pop up, click yes
  6. The sync will now start and in my experience take a few hours to complete
  7. To check the status of the sync take a look in the log wsyncmgr.log which should be located at C:\Program Files\Microsoft Configuration Manager\Logs
  8. Below you can see there are 270 software updates to download
    downloading software updates
  9. When you see the following the sync is complete
  • SMS synchronizing updates, processed 118 out of 118 items (100%)
  • Done synchronizing SMS with WSUS Server
  • Sync succeeded

Post Configuration Changes

All the configuration for the software update point was done in the Install Software Update Point if you need to change anything after the install follow these steps

  1.  Open SCCM Console
  2. Go to \Administration\Overview\Site Configuration\Sites
  3. Right click on the SCCM primary site server
  4. Select Configure Site Components > Software Update Point
    configure site components
  5. You can now edit the relevant settings by clicking on the required tabs
    software update point component properties

Conclusion

Above I have gone through everything you need to know about setting up and configuring the software update point role within SCCM.

I have also added a few pointers for things that I have learned from experience over the years.

I hope this article has helped you.