How to Manage and Synchronize WSUS Server with Microsoft Updates?

Computer updates are way more important than they usually are considered to be. Many of us neglect the updates released by Microsoft for their respective Windows which often fix various bugs. Albeit, there are times when a certain update breaks something while also fixing a different issue, but that often is resolved in the next update. For this reason, just to neglect updates is not really the right thing to do.

Windows updates are often packed with, other than your generic bug fixes and stability improvements, security updates and patches that are really essential in this modern world. Security is not only the biggest concern of the network administrators, it concerns every typical consumer as it relates to their privacy directly. That is why, making sure that your computer or group of computers have the required security as well as the other updates installed takes significant importance. Windows Server Update Services or WSUS is a computer program that helps you deploy patches and updates on your systems to ensure that they are always updated. In order to keep your systems up to date, you will have to synchronize the WSUS server with the Microsoft Update site so that you are aware of the latest updates that available for your machines.

Patch Manager

This task has been greatly made easier due to the developments in the digital world. As we dive more into a digital world, the more our daily tasks get easier. Especially for network administrators, it is without a doubt that their jobs have are now considerably easier. All of this is the courtesy of the modern tools that have been developed to meet the requirements of this fast world. Having to install updates manually in a large network is quite a job, especially when you consider the fact how big networks have become.

Downloading and Installing the Solarwinds Patch Manager

There is a variety of different patch management software available on the internet that you can download and use. Patch Managers ease the jobs of system administrators as it helps you download and install patches on the computers that you would have to otherwise manually update which is a nightmare.

Solarwinds Patch Manager (download here) is a patch management software that helps you address any vulnerabilities on your systems. Other than that, it provides a simplified patch management experience along with the reporting of any patches feature that helps you stay updated of the patches that are being deployed. You can also schedule tasks with the help of Patch Manager so that they are run on daily, weekly or any other available basis which saves you the time and worry of doing the same thing every day repeatedly.

We will be using the Solarwinds Patch Manager to synchronize the WSUS server with the update site. Therefore, go ahead and download the tool from the link provided. You can enroll in a 30-day fully functional trial period of the product offered by Solarwinds to evaluate the product for yourself.

Once you have downloaded the tool, extract it to any desired location and then open it up. The installation wizard is pretty simple and does not require much configuration. However, you will have to specify whether you wish to install only the administrator console or the server components on the computer. It is recommended that you install the administrator console on your local system so that you can easily access it and only install the server components on the computers that you wish to deploy the updates to. Other than that, there is nothing special in the installation wizard and can be dealt with in just a few clicks.

Adding the WSUS Server to Patch Manager

Before you are able to synchronize the WSUS server with the Microsoft Update site via Patch Manager, you will first have to add the WSUS server to the Solarwinds Patch Manager. Once done, you will be able to view your server under Update Services. One thing to keep in mind is that the account you provide while launching the Patch Manager Administrator Console for the first time is present in the WSUS Administration group on all the WSUS servers. After that, to add the WSUS server, do the following:

  1. Open up the Patch Manager Administrator Console as an administrator.
  2. Expand the Enterprise category and then click on Update Services.
  3. On the left-hand side, in the Actions menu, click on the Add or Configure WSUS Server option.
    Adding WSUS Server
  4. Enter the IP address or the hostname of the WSUS server in the Server Name field.
  5. After that, click on the Resolve button.
  6. For the port, click on the drop-down menu and select the port depending on the operating system and SSL. If you are running Windows Server 2008 with SSL, choose 443 otherwise go with 80. For the the rest Windows Server versions, choose 8531 if SSL is enabled and 8530 if SSL disabled.
  7. After that, fill out the remaining fields and selections.
  8. To test the details you have provided, click on the Test Connection option. Now, the WSUS API will be contacted by the Patch Manager in order to establish a connection. If the connection fails, you can try using a corresponding port (for example 8531 instead of 8530) to see if it works.
    WSUS Server Details
  9. Finally, click the Save button to add the WSUS server.

Synchronizing WSUS Server with Microsoft Update Site

As it turns out, in order to get the latest available updates, you will have to synchronize the WSUS server with the Microsoft update site. This is important because if you only synchronize the server with the update site once or not do it at all, you will not be able to receive the latest updates. This is because the updates are not pushed to your WSUS server by Microsoft, rather they are linked on the update site. So what happens is the WSUS server goes through the update site to check if there are any new updates available. Thus, if you do not synchronize it, you will never know when new updates are available for your system and as a result, your machines are at a risk of being attacked by malicious attackers or other bugs.

To synchronize the WSUS server, you will have to create a schedule task on the Patch Manager that will have the WSUS server ping the update site to see if there are new updates. Here’s how to do this:

  1. In the Patch Manager window, expand the Enterprise category and then click on Update Services.
    WSUS Server
  2. After that, right-click on your WSUS server and then click on the Synchronize Server option.
  3. After that, in the Task Options wizard, you will have to click on the Browse Computers option.
  4. Choose the WSUS server by expanding Enterprise and Update Services.
  5. After that, click the Add Selected option to add the WSUS server to the list and then click OK.
  6. Then, click Next. Provide the task a description and a name.
  7. Select the frequency of the task. You can choose to have it run daily, weekly or on a monthly basis in the Scheduled Settings box and then click the Edit option.
  8. Then, in the Schedule Time box, you will have to provide a time and day. If you wish to use Greenwich Mean Time, make sure to tick the Universal Time box.
    Schedule Time
  9. After that, in the Recurrence Pattern box, you will have to choose when the WSUS server synchronizes with the Windows Update site.
  10. Set the Recurrence Range to never stop so that the task never stops and then click the OK button.
    Range of Recurrence
  11. The settings are then displayed in the Schedule Settings box.
    Schedule Settings
  12. Click Next to complete the Task Options Wizard. Finally, click Finish to create the schedule task.

Checking the Synchronization Status of the WSUS Server

If you ever wish to check the synchronization status of your WSUS server, you can do so by navigating to the WSUS server. Here’s how to do it:

  1. Expand the Enterprise category and then click on Update Services.
  2. Click on your WSUS Server. You will be able to check the synchronization status in the Details tab.
    WSUS Server Details
ABOUT THE AUTHOR

Kamil Anwar


Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.