How to Install & Configure WSUS for Use With SCCM

In this article I am going to show you how to install and configure WSUS for use with SCCM.  I will show you step by step how to install.

SCCM will use WSUS to identify patches and download them from microsoft.

Before starting there are some Prerequisites we need to fur fill

Prerequisites

We need to make sure the follwoing are in place before we install WSUS

• Supported Operating System : Will need a server with Windows 2012, 2016, 2019, 2022
• Static IP : Not required but I recommend to have one
• Server Part Of a Domain : Make sure the server has been added to an active directory domain
• Install On SCCM Server : Ideally where you plan to install the SCCM software update point role

How to Install WSUS

To install wsus follow these steps

1. Log on to the server where you want to install WSUS
2. Click the start menu, search for server manager and click on it
   
3. Click add roles and features
   
4. Click next
5. Select Role-based or feature-based installation
6. Click next
   
7. Highlight select a server from the server pool
8. Make sure your local server is selected in the list
9. Click Next
   
10. Tick the box next to “Windows Server Update Services”
    
11. An Add roles and features wizard window will popup, Click Add Features
    
12. On the select server roles confirm “Windows server update services” is selected and click next
    
13. On the select features page click next
    
14. Click Next
15. Confirm “WID Connectivity” and “WSUS Services” are selected and click next
16. You can tick the “SQL Server Connectivity” and use a SQL database to store the WSUS data but I recommend to use the WID connection as I prefer to keep my WSUS and SCCM databases separate
    
17. Enter a file path that will store the WSUS files. I recommend to enter a path that has a lot of free disk space.
18. When we use WSUS with SCCM we don’t actually download the software updates in WSUS so in my experience WSUS should only use a few 100mb of disk space.
19. Click Next
    
20. Don’t tick the restart box
21. Click install
    
22. Wait for the feature installation progress bar to hit 100%
23. Confirm there are no error messages for the install
24. Click close
    

WSUS has now been successfully installed on to your system.

How To Configure WSUS For Use With SCCM

There are a few things we will need to configure in WSUS for it to work properly with SCCM.

To make the required changes follow these steps

1. Launch “Windows Server Update Services” from the start menu, it will be under “Administrative Tools”
   
2. Confirm the path to store software updates and click Run
   
3. A Post-installation task will now run and will take a few minutes to complete
   
4. When you see “Post-Installation successfully completed” click close
   
5. A wizard will now appear asking us questions
6. Click Next
   
7. On the “Join the Microsoft Update Improvement Program” page leave the defaults and click next
   
8. Select the option “Synchronize from Microsoft Update” as this will get the software update information directly from microsoft
9. Click Next
   
10. If your server needs a proxy server to access the internet enter the details here
11. Click next
    
12. Click start Connecting, This will confirm that WSUS can contact Microsoft servers to get software update information. This will take a few minutes
    
13. Once connection has been confirmed click next
    
14. Select the languages you want the software updates in
15. Click next
    
16. By default about 20 products will be selected, to unselect these products tick the box All products, you will see ticks in all products
    
17. Select the All products box again to unselect all products
    
18. Now select the products you want software updates for, below I have only selected windows 2016
19. Click next
    
20. On the choose classifications page select, Critical Updates, Security Updates, Update rollups
21. Click next
    
22. Select synchronize automatically, and set a time, Personally I start my patching schedule on the second wednesday of the month so I configure the sync to run at 23:30 the day before
23. Click next
    
24. On the finished page tick the box “Begin initial synchronization”
25. Click Next
    
26. On the whats next page we do not need to do any of these steps
27. Click finish
    
28. The windows server update services main page will now popup
    
29. Click on the Synchronizations tab
30. Wait some time (It took 1 hour for me) as the first sync takes a very long time
31. Then confirm sync result was succeeded and updates show under new updates
    

Frequently Asked Questions

What Ports Is My WSUS Using?

The default ports are (HTTP port 8530) and (HTTPS SSL port 8531) To check what ports your WSUS is using open Windows Update Server Services from the start menu, then left click on your server name and see what port is listed next to Connection > Port

Below you can see port 8530 is being used on my server

Conclusion

In the above steps we have installed WSUS and configured it to only get the software updates that we require in the language we require.

The software updates will not be downloaded because we have not approve them.

The next step is to setup SCCM to pull the software update information from WSUS.